Black Friday ⚡ Free Shipping $150+
1 Free Booster! For your first order 🎁

Privacy Policy

Last Updated: January 1, 2025

1. Introduction

POKE UNDERGROUND (hereinafter "we," "us," or "our") operates the website poketurbo.com (hereinafter "the Site"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Site and services.

We are committed to protecting your privacy and ensuring the security of your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Company Information:

  • Company Name: POKE UNDERGROUND
  • Legal Form: SASU (Simplified Joint Stock Company)
  • Registration Number: 914 826 383 RCS Paris
  • Registered Office: 63 RUE BALARD, 75015 PARIS, FRANCE
  • Contact Email: support@poketurbo.com

2. Data Controller

POKE UNDERGROUND is the data controller responsible for the processing of your personal data collected through the Site.

For any questions regarding this Privacy Policy or the processing of your personal data, you may contact us at support@poketurbo.com.

3. Personal Data We Collect

3.1 Information You Provide Directly

When you use our Site, we may collect the following information that you provide directly:

Account Creation:

  • First name and last name
  • Email address
  • Password (encrypted)
  • Date of birth (for age verification)

Order Processing:

  • Delivery address (street, city, postal code, country)
  • Billing address (if different from delivery address)
  • Phone number
  • Order history
  • Communication preferences

Payment Information:

  • Payment information is collected and processed by our secure payment processor (Shopify Payments)
  • We do not store complete credit card information
  • Only the last four digits of your card and expiration date are stored for order management purposes

Customer Service:

  • Information provided in your communications with us
  • Correspondence history
  • Support tickets and inquiries

Newsletter Subscription:

  • Email address
  • Subscription preferences
  • Interaction history with our emails

3.2 Information Collected Automatically

When you visit our Site, we automatically collect certain information:

Technical Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device type (desktop, mobile, tablet)
  • Screen resolution
  • Referring website
  • Pages visited on our Site
  • Time and date of visits
  • Time spent on pages

Cookies and Similar Technologies:

  • We use cookies and similar tracking technologies to enhance your experience
  • For detailed information about cookies, please see our Cookie Policy

3.3 Information from Third Parties

We may receive information about you from third-party services:

Social Media:

  • If you choose to connect your social media accounts, we may receive basic profile information

Payment Processors:

  • Transaction information and payment status from Shopify Payments

Shipping Carriers:

  • Delivery status and tracking information

4. How We Use Your Personal Data

We process your personal data for the following purposes:

4.1 Order Processing and Fulfillment

Legal Basis: Performance of contract

  • Processing and fulfilling your orders
  • Managing payments and invoicing
  • Arranging shipping and delivery
  • Communicating with you about your orders
  • Handling returns, refunds, and exchanges

4.2 Customer Service

Legal Basis: Performance of contract and legitimate interest

  • Responding to your inquiries and support requests
  • Resolving disputes and issues
  • Providing customer support
  • Managing product warranties and guarantees

4.3 Account Management

Legal Basis: Performance of contract

  • Creating and managing your customer account
  • Allowing you to track orders
  • Storing your preferences and order history
  • Authenticating your identity

4.4 Marketing Communications

Legal Basis: Consent (for newsletter) and legitimate interest (for existing customers)

  • Sending newsletters about new products and promotions
  • Informing you about pre-orders and product launches
  • Sending personalized offers based on your purchase history
  • Conducting customer surveys and feedback requests

You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in our emails or contacting us.

4.5 Site Improvement and Analytics

Legal Basis: Legitimate interest

  • Analyzing Site usage and user behavior
  • Improving Site functionality and user experience
  • Identifying and fixing technical issues
  • Conducting market research and analysis
  • Developing new features and services

4.6 Security and Fraud Prevention

Legal Basis: Legitimate interest and legal obligation

  • Detecting and preventing fraud
  • Verifying identity and payment information
  • Protecting against unauthorized access
  • Complying with security requirements
  • Maintaining the integrity of our systems

4.7 Legal Compliance

Legal Basis: Legal obligation

  • Complying with applicable laws and regulations
  • Responding to legal requests and court orders
  • Enforcing our Terms and Conditions
  • Protecting our rights and interests
  • Maintaining accounting and tax records

5. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

Contract Performance: Processing necessary to fulfill our contractual obligations to you (order processing, delivery, customer service)

Legal Obligation: Processing required to comply with legal requirements (tax records, consumer protection laws, anti-fraud regulations)

Legitimate Interest: Processing necessary for our legitimate business interests, provided your rights and interests do not override these interests (site improvement, fraud prevention, marketing to existing customers)

Consent: Processing based on your explicit consent (newsletter subscription, optional cookies)

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6. How We Share Your Personal Data

We may share your personal data with the following categories of recipients:

6.1 Service Providers

We work with trusted third-party service providers who process data on our behalf:

Hosting and Infrastructure:

  • Shopify Inc. (website hosting and e-commerce platform)

Payment Processing:

  • Shopify Payments (payment processing)
  • Your payment card information is transmitted directly to these processors and is not stored on our servers

Shipping and Logistics:

  • USPS, DHL, FedEx, UPS, La Poste (shipping carriers)
  • We share delivery addresses and contact information necessary for shipment

Email Services:

  • Email service providers for transactional emails and newsletters

Analytics and Marketing:

  • Analytics providers (e.g., Google Analytics) to understand Site usage
  • Marketing platforms for email campaigns

Customer Support:

  • Customer service and support platforms

All service providers are required to:

  • Process data only on our instructions
  • Implement appropriate security measures
  • Comply with GDPR and applicable data protection laws
  • Not use data for their own purposes

6.2 Legal Requirements

We may disclose your personal data if required by law or in response to:

  • Court orders or legal processes
  • Requests from law enforcement or government authorities
  • Legal proceedings or investigations
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activities

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your information with third parties when you have given explicit consent for such sharing.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States and Canada, where our service providers (particularly Shopify) are located.

When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses with service providers Adequacy Decisions: We transfer data to countries deemed to provide adequate protection by the European Commission Privacy Shield (where applicable): Some US-based providers may be certified under replacement frameworks

You have the right to obtain information about the safeguards we have in place for international transfers by contacting us.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with legal obligations.

Specific Retention Periods:

Account Data:

  • Active accounts: Retained until you request deletion or close your account
  • Inactive accounts: Retained for 3 years after last activity, then deleted

Order Data:

  • Order history and invoices: 10 years (legal requirement for accounting purposes)
  • Delivery information: 5 years

Marketing Data:

  • Newsletter subscribers: Until you unsubscribe
  • Interaction data: 3 years after last interaction

Technical Data:

  • Server logs: 12 months
  • Analytics data: 26 months (Google Analytics default)

Customer Service:

  • Support tickets and correspondence: 5 years

Legal Claims:

  • Data related to legal claims may be retained until the statute of limitations expires

After the retention period expires, we securely delete or anonymize your personal data.

9. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

9.1 Right of Access

You have the right to obtain:

  • Confirmation that we process your personal data
  • Access to your personal data
  • Information about how we process your data

9.2 Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed.

9.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data when:

  • Data is no longer necessary for the purposes for which it was collected
  • You withdraw consent (where processing is based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • Data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

Limitations: We may retain certain data when required by law or for legitimate purposes (e.g., outstanding orders, legal claims, accounting requirements).

9.4 Right to Restriction of Processing

You have the right to request restriction of processing when:

  • You contest the accuracy of data (during verification)
  • Processing is unlawful but you oppose erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing (pending verification)

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

9.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

9.7 Right to Withdraw Consent

When processing is based on consent, you have the right to withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority:

For France:

  • Commission Nationale de l'Informatique et des Libertés (CNIL)
  • Website: www.cnil.fr
  • Address: 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07

For EU/EEA residents: You may contact the data protection authority in your country of residence.

9.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@poketurbo.com with:

  • Your full name
  • Your email address registered with us
  • Description of your request
  • Proof of identity (for security purposes)

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against:

  • Unauthorized access
  • Unlawful processing
  • Accidental loss, destruction, or damage
  • Unauthorized disclosure

Security Measures Include:

Technical Measures:

  • SSL/TLS encryption for data transmission
  • Secure encrypted storage of passwords
  • Regular security updates and patches
  • Firewall protection
  • Access controls and authentication
  • Regular security audits

Organizational Measures:

  • Staff training on data protection
  • Confidentiality agreements with employees
  • Access restricted on a need-to-know basis
  • Incident response procedures
  • Regular review of security policies

Payment Security:

  • PCI-DSS compliant payment processing
  • No storage of complete credit card information
  • Tokenization of payment data

While we implement strong security measures, no system is completely secure. You are responsible for maintaining the confidentiality of your account password and for all activities under your account.

11. Children's Privacy

Our Site and services are not intended for children under 18 years of age. We do not knowingly collect personal data from children under 18.

If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete such information immediately.

If you believe we have collected data from a child under 18, please contact us at support@poketurbo.com.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Site. For detailed information about:

  • Types of cookies we use
  • Purpose of each cookie
  • How to manage cookie preferences
  • Third-party cookies

Please refer to our separate Cookie Policy available on our Site.

13. Third-Party Links

Our Site may contain links to third-party websites, including:

  • Social media platforms
  • Payment processors
  • Shipping carriers
  • Partner websites

We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies before providing any personal information.

This Privacy Policy applies only to information collected through our Site.

14. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

We may use automated systems for:

  • Fraud detection and prevention
  • Personalized product recommendations
  • Marketing email personalization

These do not result in decisions that significantly affect your rights. You have the right to request human intervention in any automated process.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices
  • Changes in applicable laws
  • New features or services
  • Feedback from users

Notification of Changes:

  • We will post the updated policy on this page
  • The "Last Updated" date will be revised
  • For material changes, we will notify you by email or prominent notice on our Site
  • Continued use of our Site after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

16. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request information about the categories and specific pieces of personal data we have collected about you

Right to Delete: Request deletion of your personal data, subject to certain exceptions

Right to Opt-Out: Opt out of the sale of personal data (Note: We do not sell personal data)

Right to Non-Discrimination: Exercise your privacy rights without discriminatory treatment

To exercise these rights, contact us at support@poketurbo.com.

17. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@poketurbo.com

Mailing Address: POKE UNDERGROUND 63 RUE BALARD 75015 PARIS FRANCE

Response Time: We commit to responding to all inquiries within 48 business hours.

Data Protection Officer: For data protection matters, you may contact our Data Protection Officer at support@poketurbo.com.