Skip to main content

Privacy

Privacy Policy

Last updated: May 21, 2026

This Privacy Policy explains how Pokkera ApS ("We", "Us", "Our") collects, processes, stores, and shares your information when you use https://www.pokkera.com(the "Service"). We are the data controller under the General Data Protection Regulation (GDPR), the Danish Data Protection Act (databeskyttelsesloven), and the Danish Cookie Order (cookiebekendtgørelsen).

1. Contact

Email: info@pokkera.com

Pokkera ApS, Herninggade 17, 2100 Copenhagen, Denmark

CVR no.: 45720365

Supervisory authority: Datatilsynet (www.datatilsynet.dk)

2. What Data We Collect

2.1 Account and Booking Data

Name, email address, phone number (if you provide it), address in connection with a booking, and booking details (Gear, dates, Store, order number, and Rental Period). We collect only the minimum necessary to facilitate your rental.

2.2 Usage Data

IP address, browser type, device type, pages visited, and time of visit, collected automatically when you use the Service.

2.3 Referral Data

If you arrive via an affiliate link, we store the referral code in a secure, HttpOnly cookie for up to 30 days or until a booking is completed. The cookie cannot be accessed by client-side scripts and is used solely to attribute completed bookings to the correct Affiliate.

2.4 User-generated Content

Listings, reviews, messages, and any other content you submit through the Service.

2.5 Third-party Login

If you sign in via a third-party provider (e.g. Google), we receive the profile data you grant access to — typically name and email address.

2.6 We Do Not Collect Payment Data

We do not collect payment card data. All payments are made directly between you and the Store at pickup, and We are not involved in payment processing.

3. How We Use Your Data

Below we state the legal basis we rely on under Article 6(1) of the General Data Protection Regulation (GDPR).

  • To facilitate bookings and operate the Service (Art. 6(1)(b) GDPR — performance of contract).
  • To manage your Account and send booking confirmations, pickup and return reminders, and other transactional communication (Art. 6(1)(b)).
  • To send newsletters, only with your explicit prior consent, withdrawable at any time (Art. 6(1)(a)).
  • To attribute Affiliate referrals and calculate commission (Art. 6(1)(b)).
  • To measure anonymised use of the Service via analytics cookies, only when you have consented to statistics (Art. 6(1)(a) GDPR — consent).
  • To prevent fraud and abuse and to keep the Service secure (Art. 6(1)(f)).
  • To comply with legal obligations, including the Danish Bookkeeping Act and DAC7 (Art. 6(1)(c)).

4. When We Share Your Data

  • With the Store: your name, contact details, and booking information are shared with the Store you book from so that the Store can fulfil the rental.
  • With Affiliates: only aggregated attribution data (whether a booking has completed and the commission-earning amount). No personal data of Renters is shared.
  • With Our processors: Supabase (database and authentication, hosted on AWS in Frankfurt/Ireland within the EU), Resend (transactional email delivery), Vercel (hosting and operational logs), Cloudflare Turnstile (CAPTCHA and abuse prevention), Usercentrics Cookiebot (cookie consent), and Google Ireland Limited (Google Analytics — anonymised usage statistics, only after statistics consent). In addition, We use anti-abuse infrastructure such as request rate-limiting services.
  • With authorities: where required by law (e.g. SKAT in connection with DAC7 reporting or for fraud investigations).
  • On business transfer: in connection with a merger, acquisition, or sale of the business.

5. Data Storage and Retention

User and booking data is stored on processor infrastructure within the EU. We retain personal data for as long as necessary to provide the Service or to meet legal obligations. Booking and invoice-related records may be retained for up to 5 years after the end of the financial year, in accordance with the Danish Bookkeeping Act. Accounts that have been inactive for 3 years are deleted.

You may request deletion at any time by contacting info@pokkera.com, unless We are legally required to retain the data. Anonymised statistical data may be retained without time limit.

6. Data Transfers Outside the EEA

Personal data is processed primarily in Denmark and the rest of the EEA. Where individual processors or their sub-processors may access data from countries outside the EEA, We ensure GDPR compliance through the EU Standard Contractual Clauses or a valid adequacy decision.

7. Security

We use encryption in transit, access control under the principle of least privilege, Row Level Security in the database, and operational logging to protect your data against accidental or unlawful loss, degradation, or unauthorised access. No method is 100% secure. In the event of a security breach posing a high risk to your rights, We will notify you without undue delay in accordance with Our GDPR obligations.

8. Cookies

The Service uses the following cookies:

  • Necessary cookies: authentication session and security (HttpOnly). These cannot be disabled because the Service cannot function without them.
  • Affiliate referral cookie: HttpOnly, stores only a referral code for up to 30 days. Contains no personal data.
  • Cloudflare Turnstile security cookies: used solely during the security challenge on public forms to prevent abuse.
  • Consent cookie: stores your cookie choices via Our consent solution.
  • Analytics cookies (Google Analytics): if you consent to statistics, Google Ireland Limited processes anonymised usage data (e.g. page views, navigation, device type, and approximate location) to help Us improve the Service. IP addresses are anonymised. Activated only after consent via the consent solution. Processing is based on your consent (Art. 6(1)(a) GDPR).

We do not use marketing cookies. You can manage your cookie consent at any time via the consent solution at the bottom of the Service.

9. Your Rights

Under the GDPR and the Danish Data Protection Act, you have the right to:

  • Access the personal data We process about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure ("the right to be forgotten").
  • Restriction of processing in certain circumstances.
  • Data portability — receive your data in a machine-readable format.
  • Object to processing based on legitimate interest, including direct marketing.
  • Withdraw consent at any time for processing based on consent.

You can exercise your rights by contacting us at info@pokkera.com. We will respond within 30 days and may verify your identity in connection with the request.

You may also lodge a complaint with Datatilsynet or via the EU online dispute resolution platform.

10. Children

The Service is not intended for persons under 18. If We become aware that a minor has registered, We will delete the data without undue delay. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@pokkera.com.

11. Third-party Links

The Service may contain links to third-party websites (e.g. Stores' own websites). We are not responsible for third parties' privacy practices and recommend that you review their policies.

12. Changes

We may update this Privacy Policy. We will give at least 30 days' notice of material changes by email or on the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.