This website is operated by Poké Perfect Beheer B.V., with its registered office at Prinsengracht 502H, 1017KH Amsterdam, the Netherlands. We are registered with the Dutch Chamber of Commerce (KvK) under number 70794332 and our VAT number is NL858462242B01. References to "Poké Perfect", "we", "us" or "our" in this policy refer to this entity.
We are the controller of any personal data processed through pokeperfect.nl, our location subdomains, and our rewards programme at rewards.pokeperfect.nl ("the Platforms").
This policy explains what personal data we collect, why we collect it, how long we keep it, who we share it with and what rights you have. It is written to comply with the EU General Data Protection Regulation (Regulation 2016/679, "GDPR") and the Dutch implementing law (UAVG).
Depending on how you interact with us, we may process the following categories of personal data:
We use your data for the following purposes:
Where we rely on consent, you can withdraw it at any time by emailing [email protected], by clicking "unsubscribe" in any newsletter, or by toggling the relevant choice in your account / cookie settings. Withdrawal does not affect anything we already did before you withdrew.
We only share your data with third parties who help us run our business. They are bound by data-processing agreements with us and may only use your data for the purposes we instruct. The main parties are:
| Party | Role | What they process | Location |
|---|---|---|---|
| Rabobank (Rabo OmniKassa) | Payment processing for in-store and online payments | Payment data, transaction status | The Netherlands (EU) |
| Pokett | Poké Perfect Rewards loyalty platform | Account data, points balance, transaction history | EU (hosted on Amazon Web Services Ireland) |
| Mailchimp (Intuit Inc.) | Email newsletter delivery | Email, name, opening / click behaviour | United States, under EU-US Data Privacy Framework |
| Catermonkey | Catering enquiry and order handling | Name, email, phone, event details | Belgium (EU) |
| Cloudflare | Hosting, CDN, security for our website | IP address, request metadata | EU + global edge network, under EU Standard Contractual Clauses |
| Google Ireland Ltd. | Website analytics (Google Analytics 4) - only if you consent | Anonymised IP, page-visit data | EU + United States, under EU-US Data Privacy Framework |
| Thuisbezorgd (Just Eat Takeaway.com) | Delivery orders placed via their platform | Order details forwarded to us by Thuisbezorgd | The Netherlands (EU). Thuisbezorgd acts as an independent controller for orders placed on their platform. |
| Uber Eats (Uber B.V.) | Delivery orders placed via their platform | Order details forwarded to us by Uber Eats | The Netherlands (EU). Uber Eats acts as an independent controller for orders placed on their platform. |
We do not sell your personal data. We may share your data with authorities if we are legally required to do so.
We do not keep your data longer than necessary for the purpose it was collected for, or for the periods required by Dutch law.
Your data is mostly stored within the European Economic Area. Some of our processors (notably Mailchimp and Google) may transfer data to the United States. Where this happens, we rely on the EU-US Data Privacy Framework and / or the European Commission's Standard Contractual Clauses to make sure your data remains protected at the level required by the GDPR.
Our website uses cookies. Some are essential to make the site work; others are optional and only set if you give consent. You can find the full breakdown - what we set, who sets it, what it does and how long it lasts - in our cookie policy. You can change your preferences at any time via the "Cookie settings" link in the footer.
Our stores have CCTV cameras for the safety of our team, our customers and our property. Notices are displayed at the entrance of each store. Recordings are kept for a maximum of 14 days and are only reviewed in the event of an incident (theft, accident, safety concern). After 14 days the footage is automatically overwritten.
Under the GDPR you have the right to:
To exercise any of these rights, email [email protected]. We may ask you to confirm your identity before we act on a request. We will reply within one month.
Our services are aimed at people aged 16 and over. If you are under 16, you need permission from a parent or guardian before sharing personal data with us. If we discover that we have collected data from someone under 16 without that consent, we will delete it.
We protect your data with appropriate technical and organisational measures: encryption in transit, restricted access on a need-to-know basis, regular review of who can see what, and contracts with all of our processors that hold them to GDPR-grade standards.
If you think we are handling your data the wrong way, please tell us first - email [email protected] and we will do our best to resolve it. You also have the right to file a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens.
We may update this policy from time to time, for example if our processors change, the law changes, or we add a new feature. The "Last updated" date at the top of this page tells you when it last changed. For significant changes we will let you know directly - by email if you're on our newsletter, or with a banner on the site.