Privacy Statement - EEA

Version July 2023

1. General information

Poki is committed to protecting the privacy of everyone who uses our websites and applications. This privacy statement the "Privacy Statement EEA", or just in short "Privacy Statement" is designed to provide transparency into Poki's privacy practices and principles. It provides information on the data that we collect from our website visitors from the European Economic Area (EEA)* through our Poki.com web platform, our Poki for Developers platform, and other general-audience sites and applications (hereinafter referred to together as the "Poki Website"). Please click this link for an overview of the domains referred to as the "Poki Website".

The Poki Website is dedicated to website visitors of 16 years and older ("Website Visitors"). If you are under the age of 16, this website is not intended for you. For our younger players Poki has launched a separate website: the Poki Kids Website. This website is a safe environment for children under the age of 16. To view our privacy practices specific for the Poki Kids Website, please refer to the Poki Kids Website. If you have any questions concerning this Privacy Statement, please contact us at [email protected].

The Poki Website is owned and operated by Poki B.V. (referred to in this Privacy Statement as "Poki", "we", "our", or "us"). Poki is an entity incorporated under the laws of the Netherlands.

* Please note that we determine from which region you visit our website based on your IP-address, thus if you use a VPN-connection, you may not be shown the Privacy Statement applicable to you.

2. Which data is used and for what purposes?

All features on the Poki Website are available without the need for registration by Website Visitors. No personal data (such as email addresses and phone numbers) are requested from or processed about Website Visitors, unless they actively contact us. Furthermore, our game developers are in principle required to remove all outgoing links and branding/advertisements (e.g. splash-screens, social links and app-store links) from their games.

Nonetheless, Poki does collect certain electronic data. We can process this data in various ways. Please find directly below some information about our processing of your data in general. Beneath, you will find an overview of various topics on which you can click for more detailed information about the processing of your data in that context.

General processing purposes

In general, we may always process your data for the following purposes:

For maintenance, administration and network and security purposes;
For internal control and business operations;
For analyzing and improving our products;
For handling any requests, complaints and disputes;
For determining, exercising and defending our rights; and
For complying with legal obligations (incl. fraud prevention) and requests of authorized governmental institutions.

General processing grounds

In general, we may process your data based on a legal obligation. This means that we will process your data for as far as we are legally obliged to do so, for instance to comply with statutory minimum retention periods.

Legitimate interest

Sometimes we indicate that we process your data based on the legal ground "legitimate interest". This means that a balance of interests is performed between the interests that are served by the processing on the one hand and your privacy interests on the other hand, and that the interests in favor of the processing prevail. The related legitimate interests are included below per topic. If you want more information about this, you can contact us directly via our contact details stated below.

Minors and other persons with a legal representative

The Poki Website is not meant for persons younger than 16 years. We also do not focus on persons who are placed under a legal relationship, such as guardianship or persons who are supervised or administered by someone else. If, in exceptional cases, we do focus on such persons, Poki will take into account the vulnerable position of these persons and take extra precautions, such as is the case for our Poki Kids Website.

i. The General Poki Website

We process your data for providing, maintaining and improving the Poki Website, our apps and for our social media activities. For more specific information on the cookies and similar technologies used in this respect, please refer to our Cookie Statement.

The persons involved. Our Website Visitors: people who visit the Poki Website.

The purpose of the processing. When you visit the Poki Website, we will process your data for the following purposes:

Functioning of the Poki Website (incl. remembering your settings and consent choices);
Advertising and marketing to you, targeted advertising, and presenting you with relevant ads;
Showing you the privacy information relevant to your region (which data we process exactly will depend on from which region you access the Poki Website).

The data that is processed. When you visit the Poki Website, we may process the following information about you which is collected automatically:

IP address;
Device ID;
Browser type ;
Global geographic location (e.g. location on national or city level);
Advertisements displayed to you and your interaction with these (e.g. whether you clicked on an ad or not);
Other technical information (e.g. regarding the interaction between your device and the Poki Website, the web pages that were visited, the links clicked and the log data).

Sensitive information:

In the context of the Poki Website we do not, in principle, process sensitive information such as information about your health. If we in certain cases will decide to process sensitive information, you will be separately informed about this processing and where necessary, we will request explicit consent.

Legal grounds for the processing. We base the use of your data in the context of the Poki Website on one of the following legal grounds:

Consent. Sometimes we base the processing of your data on the (explicit) consent of the relevant person. This is for example applicable for the cookies and similar technologies we only use if you have provided consent for this via a cookie pop-up. For further information on this, please refer to our Cookie Statement .
Legitimate interest. Our legitimate interest in offering and using the Poki Website, apps and social media; and pursuing the other processing purposes listed above.

Social media platforms. Poki uses different social media platforms, for example in the context of recruitment and selection and for marketing purposes. Poki is not responsible for the management of the social media platforms, but is responsible for example for content of the Poki Website that is shared via a social media platform. For more information about how your data will be used by such social media platforms, we refer to the information already available on the websites of the suppliers of these platforms. Below we have included links to the privacy policies of various suppliers of social media platforms, which we could use:

ii. Poki for Developers (secondary domain: developers.poki.com)

The persons involved. Game developers that offer their game(s) for the Poki Website via the Poki for Developers platform with who we have a partnership contract in place.

The purpose of the processing. When you access our Poki for Developers platform, we will process your data for the following purposes:

To provide you with information on the conditions that apply if you wish to provide a game for the Poki Website;
To provide you with a financial overview and related invoices for your account;
To provide you with information about our SDK (Software Development Kit), such as that you are in principle required to remove all outgoing links and branding/advertisements (e.g. splash-screens, social links and app-store links) from the game.

The data that is processed. On our Poki for Developers platform, we may process the following information about you:

Full name;
E-mail address;
Phone number;
Skype and/or Discord name;
Name company/studio;
Contract details;
Financial details;
Game(s) and related details such as game title and description, No. of app installs, App Store URL, web build URL;
Communication details incl. how you heard about us.

Legal grounds for the processing. We base the use of your personal data in the context of developers.poki.com on one of the following legal grounds:

Contract. If you’ve concluded a contract with us, we will process your data in the context thereof.For instance, to make sure you receive the payment due.
Legitimate interest. Our legitimate interest in providing you with the developers platform and pursuing the other processing purposes mentioned above.

iii. About Poki (secondary domain: about.poki.com)

On our “about Poki” webpage you can find additional information about our company. On this webpage we do not process any additional data about you. On this webpage we do link to some of the above-mentioned webpages, such as developer.poki.com or jobs.poki.com.

iv. Poki’s job application platform (secondary domain: jobs.poki.com)

The persons involved. People who apply for a job via our designated website.

The purpose of the processing. When you apply for a job at Poki via jobs.poki.com, we will process your data for the following purposes:

To assess whether you are a viable candidate for our company;
To contact you for the further process regarding your application;
To further process your application.

The data that is processed. When you apply for a job via jobs.poki.com, we may process the following information about you:

Full name;
Email address;
LinkedIn profile;
Answers to motivation & portfolio questions;
Resume*;
Phone number*;
Current company/employer*;
How you heard about the job*;
Additional information such as a cover letter*.

* This information is not mandatory.

Legal grounds for the processing. We base the use of your data in the context of jobs.poki.com on one of the following legal grounds:

Consent. Sometimes we base the processing of your data on your (explicit) consent. This is for example applicable when you opt-in to the option that Poki may contact you during one year after finalization of the application procedure for other future job opportunities that may interest you.
Legitimate interest. Our legitimate interest in assessing your application and other processing purposes listed above.

v. Poki web shop (secondary domain: shop.poki.com)

The persons involved. People who order products via our web shop.

The purpose of the processing. When you shop in our web shop, we will process your data for the following purposes:

To process your order and payment;
To provide you with your order.

The data that is processed. When you shop via shop.poki.com, we may process the following information about you:

Full name;
Email address;
Address;
Phone number*;
Payment information (amount, payment method).

* This information is not mandatory.

Legal grounds for the processing. We base the use of your data in the context of shop.poki.com on one of the following legal grounds:

Contract. We process your data to execute the purchase contract with you: to make sure you receive your order.
Legitimate interest. We may also process your data in this context based on our legitimate interest involved with the processing purposes mentioned above, such as to determine which of our products are most popular.

vi. Poki support

The persons involved. People who send an email to customer support, e.g. via [email protected].

The purpose of the processing. When you contact Poki customer support or contact Poki otherwise, we will process your data for the following purposes:

To provide you with support;
To answer any questions you have for us.

The data that is processed. When you contact Poki customer support or contact Poki otherwise, we will process the following information about you:

Email address;
Name (if you provide one);
The message you sent us and related metadata.

Legal grounds for the processing. We base the use of your data in the context of the Poki customer service on the legitimate interest ground. It concerns our legitimate interest to provide you with support and answer any questions you have for us.

3. How do we obtain your data?

We obtain your data in various ways:

Provided by you. Some data about you, we receive straight from you. Examples include information in your messages to us and information you enter in our application form.
Obtained internally. It is possible that we obtain your data via other Poki systems. An example for game developers is the data which is included into our CRM system.
Obtained from third parties. We could also obtain data about you from other persons or external parties. Specifically, we make use of this possibility in two scenarios:

Website Visitors: We may receive information about you from privately held third parties, such as for the advertisements that are shown on the Poki Website. Further information on this is included in our Cookie Statement.
Applicants: We may obtain information from a referral included by you in your application.

Automatically obtained. Some data we obtain automatically, for example by using cookies and similar techniques. When your computer or mobile device contacts our web servers (e.g. when you visit the Poki Website), our web servers automatically collect usage information. Such usage information includes information about how our Website Visitors use and navigate the Poki Website. It can include the number and frequency of Website Visitors to each web page and the length of their stays, browser type, and referrer data that identifies the web page visited prior and subsequent to visiting the Poki Website. Further information on this is included in our Cookie Statement.
Derived. Certain data we do not receive directly, but can be derived from the information already in our possession. For example, information about your language preferences.

In principle you are under no obligation to provide any information about yourself to us. However, refusal to supply certain information could have a negative influence on, for example, your experiences on or functionality of the Poki Website. If the provision of certain personal data is a legal or contractual obligation or an essential requirement for concluding an agreement with us, we will separately provide additional information about this for as far as this is not clear in advance. In this case we will also inform you about the possible consequences if this information is not provided.

4. Who do we share your data with?

We only share your data with third parties if:

This is necessary for the provision of a service or the involvement of the third party. Sub-contractors, for example, will in principle only get access to the data that they require for their part of the service provision.
The persons within the third party that have access to the data are under an obligation to treat your data confidentially. Where necessary this is also contractually agreed on.
The third party is obliged to comply with the applicable regulations for the protection of personal data, for instance because we have concluded an agreement with this party or because our Terms of Use apply. This includes that the party is obliged to ensure appropriate technical and organizational security measures.

We could share your data on a need-to-know basis with the parties mentioned below. In this context, "need-to-know" means that a party only gets access to your data if and insofar as this is required for the professional services provided by this party.

Authorized persons, employed by Poki, who are involved with the processing activity concerned. Such as, the members of the support team you are in contact with.
Authorized persons, employed by service providers / sub-contractors engaged by Poki, who are involved with the processing activity concerned. Such as, the service provider for the Poki web shop.
Authorized persons, employed by parties in the private sector with whom we may share certain data, such as our game developers and advertising partners. Traffic information may be shared with game developers and advertisers on an aggregate and anonymous basis. In addition, advertisers on the Poki Website may receive information gathered by cookies for targeted advertising purposes. Further information regarding the use of cookies can be found in our Cookie Statement.
Authorized government institutions. Such as, courts, police, and law enforcement agencies. We may release information about our Website Visitors, when legally required to do so, at the request of governmental institutions conducting an investigation or to verify or enforce compliance with the policies governing the Poki Website and applicable laws. We may also disclose such user information whenever we believe disclosure is necessary to protect the rights, property or safety of Poki, or any of our respective business partners, customers or others.
Aggregate Information. We may also disclose non-identifying, aggregated user statistics to third parties for a variety of purposes, including describing our services to prospective partners and other third parties. Examples of such non-personal information include the number of users who visited this Poki Website during a specific time period or played a specific game.

5. How do we secure your data?

Protecting your privacy and data is very important to us. Therefore, Poki has implemented appropriate technical and organizational measures to protect and secure personal data, in order to prevent violations of the confidentiality, integrity and availability of the data. All Poki employees and other persons engaged by Poki for the processing of data are obliged to respect the confidentiality of personal data.

Poki has internal documentation in which it is described how we safeguard an appropriate level of technical and organizational security. In addition, a data breach procedure is applicable within Poki, in which it is explained how (potential) data breaches need to be handled. We will, for example, inform the competent supervisory authority and involved data subjects when this is required by the applicable law.

6. To which countries will we transfer your data?

Parties involved with the processing of your data originating from the EEA, may be located in a different country. In case the data is processed outside the EEA, the transfer is legitimized in the manner described below. See this link for an overview of the EEA countries.

Transfers outside the EEA. The transfer of your data to a third party outside the EEA can in the first place be legitimized based on an adequacy decision of the European Commission, in which it is decided that the (part within the) third country in question ensures an adequate level of data protection. See this link for a summary of the applicable adequacy decisions.

If your personal data is transferred to a country outside the EEA for which there is no adequacy decision in place, we agree on the applicability of the relevant version of the Standard Contractual Clauses with the relevant party. This is a standard contract to safeguard the protection of your data, which is approved by the European Commission in which the parties fill out the appendices. See this link for the various versions of the Standard Contractual Clauses. Where appropriate, additional safeguards should be taken.

In specific situations we can also rely on the derogations from article 49 GDPR to legitimize the data transfer. This means that we may transfer your data: (i) with your explicit consent, (ii) if this is necessary for the performance of a contract that has been concluded with you or has been concluded in your interest, or (iii) if this is necessary for the establishment, exercise or defense of legal claims. Lastly, in exceptional cases we may also transfer your data if the data transfer is necessary for our compelling legitimate interests and is not overridden by your interests or rights and freedoms.

You can contact us if you want additional information about the way in which we legitimize the transfer of your data to countries outside the EEA. Our contact details are stated at the bottom of this Privacy Statement.

Google Analytics Blockage Please note that we do not use Google Analytics on any of our websites for the EEA. However, it is possible that one of the game developers we work with tries to use Google Analytics for tracking in-game activities. We actively try to find these implementations and overwrite them. Thus, if you visit our website, your data will not be shared with Google for Google Analytics.

7. How do we determine how long we retain your data?

In general, we do not keep your data for longer than what is necessary in relation to the purposes for which we process the data. There could however be exceptions applicable to the general retention terms.

Exception: shorter retention period. If you exercise certain privacy rights, it is possible that Poki will remove your data earlier than the general applicable retention period or – oppositely – retain it for a longer period of time. For more information about this, please refer to the header "What are your privacy rights (incl. the right to object)?"

Exception: longer retention period. In certain situations, we process your data for a longer period of time than what is necessary for the purpose of the processing. This is for instance the case when we have to process your data for a longer period of time:

Retention obligation. To comply with a minimum retention period or other legal obligation to which we are subject based on the applicable law;
Procedure. Your personal data is necessary in relation to a legal procedure;
Freedom of expression. When further processing of your personal data is necessary in order to exercise the right to freedom of expression and information.

8. What are your privacy rights (incl. right to object)?

Based on the General Data Protection Regulation ("GDPR"; (EU) 2016/679) you have various privacy rights. To what extent you can exercise these rights may depend on the circumstances of the processing, such as the manner in which Poki processes the personal data and the legal basis for the processing. Below, we included a summary of your privacy rights under the GDPR. For more information about your privacy rights, go to this webpage or this webpage of the European Commission.

We will respond to all requests without undue delay. If our full response will ever take more than a month due to complexity or number of requests, we will notify you of this and keep you updated. Furthermore, please note that we may request more information to confirm your identity before acting on any request.

8.1 Your privacy rights.

In relation to our processing of your personal data, you have the below privacy rights.

Right to withdraw consent. In so far as our processing of your data is based on your consent, you have the right to withdraw your consent at any time via our contact details stated below. Withdrawal of consent does not influence the legitimacy of the processing before you withdrew your consent. If you withdraw your consent, Poki will no longer process your data for the purpose that you consented to. It can however be possible that we still process the personal data for another purpose, such as to comply with a minimum retention period. In that case you will be informed about this.
Right of access. You have the right to request access to your data. This enables you to receive a copy of the data we hold about you (but not necessarily the documents themselves). We will then also provide you with further specifics of our processing of your personal data. For example, the purposes for which we process your data, where we got it from, and with whom we share it.
Right to rectification. You have the right to request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected. You have this right in case we process personal data about you that: (i) is factually incorrect; (ii) is incomplete or not related to the purpose it was collected for; or (iii) is in any other way used in a manner that is in conflict with an applicable law.
The right of rectification is not intended for the correction of professional opinions, findings or conclusions that you do not agree with. However, Poki could in such case consider adding your opinion about this to your data.
Right to erasure. You have the right to request erasure of your personal data. This enables you to ask us to delete or remove your data where: (i) the data is no longer necessary, (ii) you have withdrawn your consent, (iii) you have objected to the processing activities, (iv) the data has been unlawfully processed, (v) the data has to be erased on the basis of a legal requirement, or (vi) where the data has been collected in relation to the offer of information society services.
However, we do not have to honor your request to the extent that the processing is necessary: (i) for exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation which requires processing, (iii) for reasons of public interest in the area of public health, (iv) for archiving purposes, or (v) for the establishment, exercise or defense of legal claims.
Right to object. You have the right to object to the processing of your data where we are relying on legitimate interest as processing ground (see above). Insofar as the processing of your data takes place for direct marketing purposes, we will always honor your request. For processing for other purposes, we will also cease and desist processing, unless we have compelling legitimate grounds which override your interests, rights and freedoms or that are related to the institution, exercise or substantiation of a legal claim. If such is the case, we will inform you on our compelling grounds and the balance of interests made.
Right to restriction. The right to restriction of processing means that Poki will continue to store personal data at your request but may in principle not do anything further with it. In short, you have this right when Poki does not have (or no longer has) any legal grounds for the processing of your data or if this is under discussion. This right is specifically applicable in the following situations:
Unlawful processing. We may not (or no longer) process certain personal data, but you do not want us to erase the data. For example, because you still want to request the data at a later stage.
Data no longer required. Poki no longer needs your data for our processing purposes, but you still require the personal data for a legal claim. For example, in case of a dispute.
Pending an appeal. You objected against the processing of your data by Poki (see the right to object above). Pending the verification of your appeal we shall no longer process this personal data at your request.
Contesting the accuracy of data. You contest the accuracy of certain data that we process about you (e.g. via your right to rectification; see above). During the period in which we assess your contest we shall no longer process this personal data at your request.
Right to data portability. You have the right to request the transfer of your data to you or to a third party of your choice (right to data portability). We will provide you, or such third party, with your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies if it concerns processing that is carried out by us by automated means, and only if our processing ground for such processing is your consent or the performance of a contract to which you are a party (see above).
Automated decision-making. You have the right not to be subject to a decision based solely on automated processing, which significantly impacts you (“which produces legal effects concerning you or similarly significantly affects you”). In this respect, please be informed that when processing your personal data, we do not make use of automated decision-making which significantly impacts you.
Right to complaint. In addition to the above-mentioned rights, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or where an alleged infringement took place. Please refer to this webpage for an overview of the supervisory authorities in the EU and their contact details. However, we would appreciate the chance to deal with your concerns before you approach them, so please contact us beforehand.

8.2 How to exercise your rights.

You can exercise your privacy rights free of charge, by phone or by e-mail via the contact details displayed below. If requests are manifestly unfounded or excessive, in particular because of the repetitive character, we will either charge you a reasonable fee or refuse to comply with the request.

8.3 Verification of your identity.

We may request specific information from you to help us confirm your identity before we further respond to your privacy request.

8.4 Follow-up of your requests.

We will provide you with information about the follow-up of the request without undue delay and in principle within one month of receipt of the request. Depending on the complexity of the request and on the number of requests, this period can be extended by another two months. We will notify you of such an extension within one month of receipt of the request. The applicable (privacy) legislation may allow or require us to refuse your request. If we cannot comply with your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

9. Who is responsible for the processing of your data?

Poki is in principle responsible for the processing of your data in the context of the Poki Website.

9.1 Developers.
The developers of the games on the Poki Website are in principle required to remove all outgoing links and branding/advertisements (e.g. splash-screens, social links and app-store links) from their game(s). If developers do gather personal data for their own purposes, Poki is not responsible for this processing: only the developer decides what (personal) data is processed and for what purpose. However, because Poki feels it is important that your data is also safe when you play a game, we took two measures. In the first place, we included contractual safeguards with the developers. They are only allowed to include cookies and similar technologies in their game if no consent for this is required under the applicable law. In the second place, we’ve prepared this list of the cookies used by our game developers, categorized per game, to inform you on behalf of the developers.* For further information on this, please refer to our Cookie Statement.

9.2 Advertisement partners.
Poki uses the services of several advertising parties. These parties provide us with advertisements for the Poki Website and are responsible for their part of the processing of your data in this context. To nevertheless safeguard your privacy in this respect as much as possible, Poki has, amongst other things, ensured that suitable contractual measures are in place. Further information regarding the use of cookies, also in the context of advertising partners, can be found in our Cookie Statement.

9.3 Externally hosted games, third party games and other websites.
This Privacy Statement does not apply to the processing of your data by data controllers other than Poki, such as providers of third-party games available on the Poki Website. The relevant provider of such third-party game is responsible for ensuring that any processing of your data by them in the context of a game complies with the applicable data protection laws. In principle, Poki does not permit third party content providers to collect personal data about Website Visitors. However, if any personal data will be collected by a third-party content provider, Poki will require that the processing of such data by them complies with the applicable law.

* Please note that this list may not be complete, since randomized cookies that are placed with less than 100 Website Visitors are not included in the list. Furthermore, the cookies used by developers may change over time. Therefore, we automatically update this list daily.

10. How can you contact us?

If you have any questions concerning this Privacy Statement, or data collection in particular, please contact us at [email protected] or via:

Poki B.V.
Spui 10
1012 WZ Amsterdam
The Netherlands
+31 20 2800 870 (for communication in Dutch or English)

Please let us know by e-mail in advance if you prefer to have further contact over the phone via another preferred language. We will then provide you with the relevant phone number.

11. Changes

We may change this Privacy Statement from time to time to accommodate new technologies, industry practices, regulatory requirements or for other purposes. The latest version can always be consulted via the Poki Website. Important changes will also be communicated to you.