This Privacy Policy applies to personal data that is collected and processed in the course of providing our Service via the Stokerr platform, operated by Stokerr, Suite 24225, 3/2237 Gold Coast Hwy, Mermaid Beach QLD 4218, Australia (hereinafter “Storkerr”, “we” or “us”).
Stokerr, as a data controller, collects and processes personal data relating to interactions on our Website (stokerr.com) and platform. This Privacy Policy describes how Stokerr uses and protects any information that you give us. Stokerr is based in Australia and complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Because our platform infrastructure stores data on servers located in Germany (EU), we also apply standards consistent with the General Data Protection Regulation (GDPR).
We believe in full transparency, which is why we keep this Privacy Policy simple and easy to understand. We strongly encourage you to read it carefully and make sure you fully understand and agree with it. If you do not agree to this Privacy Policy, please do not access or use Stokerr.
Should you have any questions regarding this Privacy Policy, please contact us at [email protected].
Any capitalised but undefined term in this Privacy Policy has the meaning given to it in the Definitions Section of our Terms of Service.
1. Definitions
Consent means your explicit consent to the processing of your personal data.
Cookies means small pieces of data stored on your device (computer or mobile device). This information is used to track your use of our Website and compile statistical reports on website activity. For further information, please see our Cookie Policy.
Controller means the entity that alone, or jointly with others, determines the purposes and means of the processing of personal data.
Data subject or “you” means any natural person who shares personal data with us via Stokerr.
Employer means the Subscriber who made your personal data available to us and who is using the Service.
Staff member means an individual engaged as an employee, consultant, or contractor of a Subscriber, who is registered on Stokerr by the Subscriber to provide services to Customers.
Personal data or “data” means any information relating to an identified or identifiable natural person. This includes information about natural persons acting in a professional capacity (such as work email addresses). This Privacy Policy does not apply to information from which no individual can reasonably be identified (anonymised information).
Processing means any operation or set of operations performed on personal data, including collection, recording, storage, adaptation, retrieval, use, disclosure, restriction, erasure, or destruction.
Processor means any natural or legal person who processes personal data on behalf of the controller.
Privacy Act means the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
GDPR means the General Data Protection Regulation (EU) 2016/679. Because personal data processed through Stokerr is stored on servers located in Germany (EU), the GDPR may apply to data subjects located in the European Economic Area (EEA).
2. Data controller and data processor
In relation to personal data processed on or via our Website and Service, Stokerr may act as either a Data Controller or a Data Processor, depending on the context.
Stokerr as data controller
When Stokerr acts as a Data Controller, we determine the purposes and means of processing your personal data. Section 3.1 of this Privacy Policy sets out what data we collect, for what purposes, on what legal basis, and for how long, in our capacity as Data Controller.
If you have any enquiries or wish to exercise any of your rights as a data subject (as set out in Section 9), please contact us at: Stokerr, Suite 24225, 3/2237 Gold Coast Hwy, Mermaid Beach QLD 4218, Australia
Email: [email protected]
Stokerr as data processor
When Subscribers use our platform to manage their own customers and staff, Stokerr acts as a Data Processor on behalf of those Subscribers (who are the Data Controllers). In this capacity, Stokerr processes personal data strictly in accordance with the Subscriber’s instructions and our Terms of Service.
If you are a Customer or a staff member of a Subscriber and you have questions about how your personal data is being processed by that Subscriber, please contact the Subscriber directly, as they are the Data Controller for that data.
Section 3.2 of this Privacy Policy provides additional transparency about how personal data is processed via the Service in our capacity as Data Processor.
3. What data do we process about you and when?
We may collect and receive information about you in various ways:
- Information you provide through your use of the Service (for example, by creating a Subscriber Account on Stokerr).
- Information you provide when contacting us via our support channels.
Information we collect automatically through the use of cookies, in accordance with our Cookie Policy (for example, your time zone, device type, and browsing behaviour on our Website).
Each time you use Stokerr, we may automatically collect the following information:
- Details of your usage, including the date, time, location, frequency, and duration of usage.
- Any comments, feedback, or opinions you share with us about the platform.
- Technical information about your computer or mobile device, including your IP address, URL clickstreams, unique device identifiers, operating system, browser type, and network type.
- Information about your use of our platform, including the pages you have viewed, the duration spent on the platform, and any data files you have uploaded.
This information is collected via cookies and similar tracking technologies. For further information, please read our Cookie Policy.
3.1 Stokerr as data controller
The following table sets out the personal data we collect in our capacity as Data Controller, together with the purpose, legal basis, and retention period for each category:
| Data we collect | Purpose | Legal basis | Retention |
| Business URL (which may contain personal data), business email address, name, surname, password, and profile photo (if provided). | Creating and maintaining a Subscriber Account on the platform in accordance with the Terms of Service. | Performance of the Agreement. Without providing email address, name, surname, and password, you cannot create a Subscriber Account. | Until the account is deleted in accordance with the Terms of Service. |
| Financial data such as name, address, and payment card details (collected by our third-party payment processor). | Processing subscription payments for Paid Plans. | Performance of the Agreement. | We retain only the last four digits of the card number for billing reference. Full financial data is retained only for the period required to comply with applicable financial, tax, and accounting obligations. |
| Additional data you choose to share with us, including your email address. | Responding to support enquiries or contact form submissions. | Performance of the Service, or consent (where applicable). | If processing is based on consent: until you withdraw your consent, or one year, whichever is earlier. |
| Email address. | Sending you service updates, product announcements, and relevant company news (if you have opted in). | Consent. You may unsubscribe at any time by following the unsubscribe instructions in each email. | Until you unsubscribe or delete your account. |
| Identity verification information. | To allow data subjects to exercise their rights under this Privacy Policy. | Legal obligation. | One year from the date the request is fulfilled. |
| Other personal data. | Prevention and detection of fraud, money laundering, or other crimes; responding to lawful requests from public authorities or courts. | Legal obligation or legitimate interest. | In accordance with applicable statutory deadlines. |
3.2 Stokerr as data processor
As described in Section 2, when Subscribers use our platform, Stokerr acts as a Data Processor and the Subscriber is the Data Controller. Stokerr processes personal data in this capacity solely in accordance with Subscriber instructions and our Terms of Service. The purposes of such processing include, but are not limited to: scheduling appointments, managing staff and services, accepting payments, and sending reminders to Customers and staff members.
3.2.1 Processing prior to using the service
Staff member data: When a Subscriber adds a staff member to the platform, the Subscriber provides that person’s email address, name, surname, and phone number. The Subscriber may also add a profile photo, brief description, and working schedule. If you have questions about the legal basis for this processing, please contact the Subscriber (your employer or service provider) who added you to Stokerr.
Customer data: When a Subscriber adds a Customer to the platform, the Subscriber provides that Customer’s name, surname, email address, and phone number. The Subscriber may also optionally add gender, date of birth, and an additional description. If you have questions about the legal basis for this processing, please contact the Subscriber who provides you with services through Stokerr.
3.2.2 Processing during use of the service
Staff member data: If you accept an invitation to use Stokerr as a staff member, you will be required to create an account with your email address and password. You may manage your own profile information, including name, photo, and contact details.
If you choose to connect your Stokerr account to Google Calendar, Outlook Calendar, or Apple Calendar, your appointments can be synchronised with those calendars. To provide this integration, we access your calendar to check the duration and free/busy status of events and event titles. We do not access information about who you are meeting with or any other event details. You can disconnect your calendar at any time from your account settings.
Stokerr will send you reminders for scheduled appointments to your registered email address. You may unsubscribe from these emails at any time by following the unsubscribe instructions in the email or via your account settings.
Customer data: If you book an appointment via a Subscriber’s Booking Page, you will be required to provide certain personal data. To book as a guest, you must provide your first name, last name, and email address. You may optionally provide your phone number. To create a Customer account, you must also provide a password. Stokerr will send you appointment reminders and follow-up emails to your registered email address. You may unsubscribe at any time.
Third-party integrations
To allow for greater functionality, Stokerr integrates with a number of third-party apps and platforms, such as Zoom and Zapier. If you use these integrations within Stokerr, you must maintain your own account with those third-party providers, and their separate privacy policies will apply to any data you share with them.
4. What do we not do?
Stokerr will never:
- sell any personal information or data to third parties;
- disclose personal information to marketers or third parties not specified in Section 6 of this Privacy Policy;
- process your data in any way other than as stated in this Privacy Policy.
5. Personal data security
We take appropriate administrative, technical, and organisational measures to ensure the security of personal data we process. When assessing what measures are adequate, we consider the nature of the personal data, the nature of our processing activities, the risks to you, the costs of implementing security measures, and other relevant circumstances.
Our security measures include: access authorisation controls, information classification and handling procedures, data backup, firewalls, data encryption, and other appropriate measures. We ensure our staff understand the importance of protecting personal data.
Access to your personal information within Stokerr is protected by a password that you select. Your password is encrypted in transit and at rest. Please do not share your password with anyone, and notify us immediately at [email protected] if you believe your account has been compromised.
All data submitted through Stokerr is encrypted in transit using Transport Layer Security (TLS) to prevent unauthorised interception. Our servers and data storage facilities are accessible only to authorised Stokerr personnel and contractors.
Please note that email is not a secure communication channel. Do not send sensitive personal information by email to Stokerr. We will never ask you to submit sensitive personal information via email.
6. With whom do we share your personal data?
Stokerr uses carefully selected external processors and sub-processors for certain processing activities. We maintain records of all personal data processed outside Stokerr and conduct due diligence on all processors before engaging them. We review processors’ compliance with applicable data protection requirements prior to and throughout our engagement with them.
The following table lists the processors and sub-processors with whom we share your personal data:
| Processor | Role | Location |
| The Rocket Science Group, LLC (Mailchimp) | Email services | USA |
| Google, Inc. | Analytics | USA |
| Sub-processor | Role | Location |
| Stripe, Inc. | Payment processing | USA |
| PayPal, Inc. | Payment processing | USA |
We may also share your personal data with our external accountants, legal advisers, and auditors.
We may also disclose your personal information to third parties:
- if we are required to do so to comply with a legal obligation;
- to prevent or detect fraud or crime;
- in response to a subpoena, warrant, court order, or as otherwise required by law.
Personal information may also be disclosed or transferred as part of, or during negotiations for, a merger, consolidation, sale of assets, acquisition, or any other situation where personal data may be transferred as a business asset of Stokerr.
If you would like further information about who we have shared your data with, or to receive a list specific to you, you can request this by writing to [email protected].
7. International transfer of your personal data
Stokerr is based in Australia. However, your personal data is stored on our servers in Germany (within the European Union). This means that your data is subject to EU data protection standards, including the General Data Protection Regulation (GDPR).
Some of our processors and sub-processors (listed in Section 6) are also based in the United States or other countries outside the EU/EEA. Where personal data is transferred to countries that do not provide an equivalent level of data protection, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) adopted by the European Commission, or other approved transfer mechanisms.
We comply with both the Privacy Act 1988 (Cth) and the Australian Privacy Principles in relation to our collection and handling of personal data, and we apply EU-equivalent standards to data stored on our EU-based infrastructure.
If you require further information about the safeguards we apply to international transfers of your personal data, please contact us at [email protected].
8. How long do we keep your data?
The period for which we store your personal data depends on the specific purpose for which it was collected, as set out in Section 3.1 above. We retain personal data for as long as we reasonably require it for legal or business purposes.
In determining data retention periods, we take into consideration applicable law, our contractual obligations, and the expectations and requirements of our Subscribers and Customers. When we no longer need personal information, or when you request us to delete your data (where we are legally permitted to do so), we will securely delete or destroy it.
As an exception to the retention periods in Section 3.1, data may be retained for a longer period if necessary to determine, pursue, or defend legal claims.
9. Your rights
Stokerr is committed to transparency and to protecting your rights in relation to your personal data. The following rights may be exercised when Stokerr is acting as a Data Controller.
If your enquiry or the exercise of any of these rights relates to data processed by a Subscriber as Data Controller (as described in Section 3.2), please contact that Subscriber directly (your employer or service provider).
Right of access
You may request a copy of the personal data we hold about you. We will provide this in a clear, plain-language format, free of charge, within 30 days of receiving your request (or up to 60 days in complex cases, with notice to you of the extension).
Right to object to processing
You have the right to object to the processing of your personal data where that processing is based on our legitimate interest. We will cease processing unless we can demonstrate compelling grounds that override your objection.
Right to correction
If the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. We will rectify any errors within 30 days and notify any third parties to whom we have disclosed the data.
Right to erasure
You may request the deletion of your personal data in certain circumstances, including:
- the data is no longer needed for the purpose for which it was collected;
- you withdraw your consent (where processing was based on consent);
- you object to the processing and there are no overriding legitimate grounds;
- the data has been unlawfully processed; or
- deletion is required to comply with a legal obligation.
This right does not apply where processing is necessary to comply with a legal obligation or to establish, exercise, or defend legal claims.
Right to restriction of processing
You may request that we restrict the processing of your personal data where you contest its accuracy, consider the processing to be unlawful but do not want erasure, we no longer need it but you require it for legal claims, or you have objected to processing and verification is pending.
Right to data portability
Where you have provided personal data to us and processing is carried out by automated means on the basis of consent or a contract, you have the right to receive that data in a structured, commonly used, and machine-readable format, and to have it transmitted to another provider.
Right to withdraw consent
Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. Once we receive notification of withdrawal, we will cease processing for the relevant purpose unless another legal basis applies.
How to exercise your rights
To exercise any of the above rights, or if you have any concerns about how we handle your personal data, please contact us at [email protected]. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with a relevant supervisory authority:
- In Australia: the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
- In the EU/EEA: because your personal data is stored on servers in Germany, you may also lodge a complaint with the German supervisory authority, the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) or the supervisory authority in the EU member state where you reside or work.
10. Cookies
We use cookies and similar tracking technologies on our Website and platform. For full details of the cookies we use, their purposes, and how to manage or disable them, please read our Cookie Policy.
By continuing to use our Website and platform, you consent to our use of cookies in accordance with our Cookie Policy.
11. Changes to our privacy policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. Any changes will be posted on this page with an updated effective date. Where the changes are material, we will notify you by email or via a prominent notice on the platform before the changes take effect.
Your continued use of Stokerr after any changes to this Privacy Policy constitutes your acceptance of the updated policy.