Sydney Astrology School upholds the same privacy standards as the platform supplier - Oki Doki Digital Inc. (see below). And are compliant with the requirements of the European General Data Protection Regulation (GDPR).

Oki Doki Digital Inc. (“Oki Doki”, “us”, “we”, or “our”) operates Doki, an online course creation platform, through its websites at https://weareokidoki.com, https://doki.io, and any and all of the subdomains of https://doki.io (collectively, the “Services”).

This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Services and the choices you have associated with that data. We collect, use, and disclose (“process”) your data to provide and improve the Services, as further described below. By using the Services, you agree to the processing of information in accordance with this policy.

Note to Residents of the European Union: In order to comply with the requirements of the European General Data Protection Regulation (GDPR) for European users, this Privacy Policy outlines the legal basis on which we process your Personal Data and provides other information required by the GDPR. We process Personal Data when we have a lawful basis to do so in accordance with the GDPR. Generally, this means that we process Personal Data only where we have consent, where necessary to provide the Services, or where necessary to comply with our legal obligations. We may also process Personal Data where otherwise allowed by the GDPR for the purposes outlined in this Privacy Policy (for example, to communicate with you and to respond to your requests).

Definitions

Personal Data

Personal Data means data about an individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession). Personal Data is also referred to as “personal information”.

Usage Data

Usage Data is data collected automatically either generated by the use of the Services or from the Services infrastructure itself (for example, the duration of a page visit). This data is typically anonymous.

Service Providers

Service Provider means any person (other than an employee of ours) who processes the data on behalf of us in running the Services. We may use the services of various Service Providers in order to process your data more effectively.

Cookies

Cookies are small pieces of data stored on a User’s device.

Data Subject

Data Subject is any individual who is the subject of Personal Data.

User

The User is the individual using our Services. The User corresponds to the Data Subject, who is the subject of Personal Data.

Who do we collect Personal Data from?

Doki provides a way for individuals and businesses (our “Tenants”) to distribute content (“Courses”) to students and learners (“Students”).

  • “Tenants” are individuals and/or businesses who have created an account via https://doki.io/sign_up or have a Tenant account created by us upon request.
  • “Students” are individuals that access Courses and similar content distributed by Tenants via our Services. If you taking a Course on a Doki account on our Services, you are probably a Student.

In all cases, by accessing and using the Services you are considered a User.

We obtain information about Users in these primary ways:

  • when you visit or use our websites,
  • when you contact us directly about becoming a Doki Tenant, or to obtain other information such as a support request,
  • when you become a Doki Tenant, and/or
  • when you become a Student through one of our hosted Doki Tenant websites.

Tenants are responsible for any Personal Data obtained from their Students, published or shared through the Services, and confirm that they have the third party’s consent to provide the Personal Data to us. Please see below for further information about our relationship with Students and Tenants.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Services to you.

Types of Data We Collect

Personal Data

While using our Services, we may ask you to provide us with certain Personal Data that can be used to contact or identify you. Personal Data may include, but is not limited to:

  • Basic information about you like your first and last name
  • Contact information such as your email or phone number
  • Other information you choose to provide

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you in accordance with applicable laws. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.

We may also use your Personal Data to send you notifications from the Services such as letting you know when content in a Course unlocks, or you want to change your password.

Payment Information

When you make a purchase on the Services, any credit card information you provide as part of your Payment Information is collected and processed directly by our payment processor Stripe through their Stripe Checkout and Stripe Elements services. We never receive or store your full credit card information. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Stripe may use your Payment Information in accordance with their Privacy Policy.

Usage Data

We may also collect information about how the Services are accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our Services and hold certain information. Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Services.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you will not be able to use some portions of our Services.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Services.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.
  • Web Beacons. When we send emails to Users, we may use web beacons to track who opened the emails and clicked links to measure campaign performance and improve the Services.

Anonymization of Data

Usage Data and Tracking Cookies Data are typically anonymous technical information. We will not attempt to link or match such anonymous technical information with any Personal Data unless we have consent, we (or our Service Providers) have detected or reasonably suspect any unlawful use of our the Services or a security breach, or we have a legal duty or right to do so.

Wherever possible, we anonymize Usage Data and Tracking Cookies Data, such as in our utilization of IP Anonymization in Analytics.

Data collected by our Tenants

Our Relationship with Students

Tenants may import into the Services Personal Data they have collected from their Students or other individuals. We have no direct relationship with Tenant’s Students or any individuals other than our Tenants.

Tenants are responsible for making sure they have the necessary permissions for us to process Personal Data about Students or other individuals. This includes making use of third-party functionality in our Services.

Students should update their Personal Data in the Services where applicable or contact the Tenant directly to change, update, or delete the Student’s data. If a Student contacts us directly, we will refer you to that Tenant and support them in responding to your request if necessary.

We will never sell, rent, or lease our Tenants’ Students’ Personal Data.

Our Relationship with Tenants

For the purposes of the European General Data Protection Regulation (GDPR), we act as “processor” for Tenants and may process the Personal Data of Students on behalf of Tenants in this capacity. Tenants are independent “controllers” of Personal Data — we do not control and are not responsible for the privacy practices of our Tenants. We encourage Students to find out more and ask questions about the privacy practices of Tenants before sharing Personal Data with them.

Use of Data

We use the collected data for various purposes:

  • To provide and maintain our Services.
  • To notify you about changes to our Services.
  • To allow you to participate in interactive features of our Services when you choose to do so.
  • To provide customer support.
  • To gather analysis or valuable information so that we can improve our Services.
  • To monitor the usage of our Services.
  • To detect, prevent, and address technical issues.
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
  • To comply with applicable legal and regulatory requirements or to protect our legal rights and property.

We will never sell, rent, or lease any of our User’s Personal Data.

Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), meet business purposes, resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods.

Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. When your information is processed outside of your jurisdiction, it may be subject to the laws of and be accessible by legal authorities in such other jurisdictions.

Oki Doki Digital, Inc. is located in Canada and all of our hosting services are located in the United States. With that in mind, if you are located outside the United States or Canada and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and/or Canada and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We will take all organizational, technical, and legal steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure of Data

Disclosure for Law Enforcement

Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

We may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation.
  • To protect and defend the rights or property of Oki Doki Digital, Inc.
  • To prevent or investigate possible wrongdoing in connection with the Services.
  • To protect the personal safety of users of the Services or the public.
  • To protect against legal liability.

Security of Data

We’ve taken reasonable step to protect your data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Secure connections

To ensure a high level of security and privacy, secure SSL connections are always used and HTTPS is enforced to encrypt data in transit.

Payment information

Credit card number never hit our servers and are not stored in full in our databases. Credit card numbers are securely submitted to Stripe to achieve PCI compliance. More information can be found on Stripe’s security page.

Physical security

The Services are hosted at Heroku by Salesforce, Inc., who hosts their service on Amazon data centers located in the United States. We also use monitoring tools, so that the service should always have up-to-date infrastructure and patches. More information can be found on Heroku’s security page.

Data Security

  • All data and backups are stored encrypted at rest and access restricted.
  • All passwords and third party API tokens are stored in an encrypted state.
  • Databases that contain any Personal Data can be restored and/or recovered from encrypted snapshots.
  • Regular security monitoring is performed to test for security issues. Security software patches are applied as they become available.
  • In case a breach should happen, an attacker cannot easily use your account or access your Stripe account.

Report an Incident

Please report any security incidents to privacy@doki.io.

The protection of Personal Data is very important to us, and we are prepared to take appropriate and timely steps in the event of any incidents in accordance with applicable privacy laws.

Your Rights Relating to Your Personal Data

If you are asked to provide or have provided us with consent to process your Personal Data, you can deny or withdraw your consent at any time upon reasonable notice, subject to any legal or contractual requirements. However, if consent is denied or withdrawn, we may not be able to provide you with portions of the Services.

In certain circumstances, you have the right:

  • To access and receive a copy of the Personal Data we hold about you and related information (for example, why we process your Personal Data).
  • To rectify any Personal Data held about you that is inaccurate or incomplete.
  • To request the deletion of Personal Data held about you.
  • To limit or stop the processing of your Personal Data.
  • To data portability – that is, to request to obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it to another entity.

We aim to take reasonable steps to allow you to exercise these rights with respect to your Personal Data in accordance with applicable laws.

Whenever made possible, you can access and update your Personal Data directly within the Services.

If you would like to exercise the above rights, please contact one of the two parties listed below based on whether you are a Tenant or an Student:

  • If you are a Tenant, please contact us at privacy@doki.io.
  • If you are a Student, please contact the Tenant of which you are a Student.

Please note that you may be asked to verify your identity we respond to such requests.

Processing of Data

We may employ third-party companies and individuals to facilitate our Services (“Service Providers”, or “Sub-Processors”), to provide the Services on our behalf, to perform related services or to assist us in analyzing how our Services are used.

These Sub-processors have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

You can view a complete and updated list of our trusted Service Providers including their location and the Personal Data we share with them by reviewing the Service Providers section within our GDPR compliance documentation.

Links to Other Sites

Our Services may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

“Do Not Track” Signals

We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Children’s Privacy

Our Services do not address anyone under the age of 18 (“Minors”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Minor has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Minors without verification of parental consent, we take steps to remove that information from our servers.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. Typically, we will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.