Privacy Policy

Date updated: 11 August 2022

Purpose, Scope and Users

  1. BOOKIPI PTY LTD, Australian Private Company, ABN 91 617 668 185, hereinafter referred to as the ”Company”, makes efforts to comply with applicable laws and regulations related to Personal Data protection in countries where the Company operates. This Policy sets forth the basic principles by which the Company processes your personal data, and indicates the responsibilities while processing personal data.
  2. The Company is, a data processor, as it provides services to companies who collects personal data. The Company provides a standard data process agreement to any data controller. In some cases, the Company may be a data controller and in this case the Company acknowledges its direct responsibility before data subjects. Regardless of its status, the Company will treat any personal data as required by any applicable regulation, including but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) available at here.
  3. The Company does not knowingly attempt to solicit or receive information from children under 16 years of age.
  4. The Company understands that you are aware of and care about your own personal privacy interests, and the Company takes that seriously. This Privacy Policy describes the policies and practices regarding the collection and use of your personal data, and sets forth your privacy rights. The Company recognizes that information privacy is an ongoing responsibility, and so the Company will from time to time update this Privacy Policy as the Company undertakes new personal data practices or adopt new privacy policies.

Terms for the legal bases of the processing

  1. Consent – your clear agreement to the processing of your personal data for a specific purpose.
  2. Contract – the reason why the processing is necessary based on a contract you have with the Company, or because the Company has asked you to take specific steps before entering into that contract.
  3. Legitimate Interests – the reason why the processing your data is necessary which is based on the legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. These legitimate interests are:
    1. gaining insights from your behaviour on the website;
    2. delivering, developing and improving the website;
    3. enabling the Company to enhance, customise or modify the website and services;
    4. determining whether marketing campaigns are effective;
    5. enhancing data security 

Consent rule

  1. If you have given consent to the processing of your data you can freely withdraw such consent at any time by emailing the Company to
  2. If you do withdraw your consent, and if the Company does not have another legal basis for the processing of your data, then the Company will stop the processing of the personal data.
  3. If the Company has another legal basis for the processing of your data, then the Company may continue to do so subject to your legal interests and rights.

Company's responsibilities

  1. If you are a registered user or a visitor to the website who is a data subject, the Company acts as the ‘data controller’ of personal data. This means the Company determines how and why your data are processed.

Your responsibilities

  1. Read this Privacy Policy carefully;
  2. Make sure you understand all your rights;
  3. If you provide the Company with personal data about other individuals, the Company will only employ that data for the special reason for which it was provided to the Company. By sending the data, you confirm that you have the right to dispose to process the data on your behalf in accordance with this Privacy Policy;
  4. Treat your personal data confidential and secure.

Collected data

  1. The Company collects data when you interact with its website, especially when:
    1. you browse any page of the website;
    2. the Company calls you;
    3. you choose or order a service or plan;
    4. you make a payment;
    5. you use the website;
    6. you receive emails from the Company;
    7. you chat with the Company for customer support;
    8. you opt-in to marketing emails;
    9. in cases which do not depend on you but the Company has a legal basis to collect such data (see articles 6 and 9 of the GDPR)
  2. The Company collects the following types of data:
    1. contact details such as you’re your first name, last name, email address;
    2. financial information such as your bank account number, sort code, credit/debit card details;
    3. pre-orders and orders information;
    4. data that identifies you such as your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version;
    5. data on how you use the website such as your URL clickstreams (the path you take through the website), goods/services viewed, page response times, download errors, how long you stay on webpages, what you do on those pages, how often, and other actions.
  3. The recipients of the collected data are the Director of the Company, its employees, and other third party service providers mentioned below.

Purposes and legal basis for the processing

  1. If you are a registered user or a visitor to the website who is a data subject, the Company acts as the ‘data controller’ of personal data. This means the Company determines how and why your data are processed.

Company's responsibilities

  1. Providing services:
    1. Details: the Company needs to  provide services accessible via the website.
    2. Legal basis: Consent; Contract; Legitimate Interests.
  2. Delivering services:
    1. Details: to deliver the services the Company needs to collect some data to identify where services have to be delivered.
    2. Legal basis: Contract; Legitimate Interests.
  3. Processing payments:
    1. Details: to deliver the services the Company needs to collect credit card information to process and receive payments of user for the services.
    2. Legal basis: Contract; Legitimate Interests.
  4. Keeping the website running:
    1. Details: managing your requests, login and authentication, remembering your settings, processing payments, hosting and back-end infrastructure.
    2. Legal basis: Contract; legitimate Interests.
  5. Improving the website
    1. Details: testing features, interacting with feedback platforms, managing landing pages, heat mapping the website, traffic optimization and data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third parties to do this.
    2. Legal basis: Contract; legitimate Interests.
  6. Customer support
    1. Details: notifying you of any changes to the service, solving issues, any bug fixing.
    2. Legal basis: Contract; Legitimate Interests.
  7. Marketing purposes (with your consent)
    1. Details: sending you emails and messages about new functions, goods and services, and content.
    2. Legal basis: Consent.

Data subject's rights

  1. You may choose not to provide the Company with personal data. If you choose to do so, you can continue to visit the website and browse its pages, but the Company will not be able to process transactions without personal data.
  2. You may turn off cookies in your browser via settings. You can block cookies on your browser refusing cookies. You may delete cookies. If you turn off cookies, you can continue to use the website and browse its pages, but the website and certain services will not work properly.
  3. You may ask us to refrain from using your data for marketing. You can opt out from marketing by emailing us at 
  4. You can exercise the following rights by sending us an email at 
    1. You have the right to access information about you, especially:
      1. the categories of data;
      2. the purposes of data processing;
      3. third parties to whom the data disclosed;
      4. how long the data will be retained and the criteria used to determine that period;
      5. other rights regarding the use of your data.
    2. You have the right to make the Company correct any inaccurate personal data about you.
    3. You can object to the Company using your personal data for profiling you or making automated decisions about you. The Company may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails to you based on your behaviour).
    4. You have the right to the data portability of your data to another service or website. The Company will give you a copy of your data in readable format so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you.
    5. You have the right to be ”forgotten”. You may ask erasing any personal data about you, if it is no longer necessary for the Company to store the data for purposes of your use of the website.
    6. You have the right to lodge a complaint regarding the use of your data by the Company. You can address any complaint to your national regulator (see the list at
  5. In the context of the right to access information the Company shall provide you with the information within one month of your request unless there is a justified requirement to provide such information faster.


  1. We have security and organizational measures and procedures to secure the data collected and stored.
  2. Connections to the website are encrypted using 256-bit SSL with integrity assured by the SHA2 RSA algorithm.
  3. We use servers that comply with strict international data security standards, including ISO 27001.
  4. You acknowledge that no data transmission is guaranteed to be 100% secure and there may be risks.
  5. You are responsible for your login information and password. You shall keep them confidential.
  6. In case if your privacy has been breached, please contact the Company immediately on 

Location of the processing of personal data and third party service providers

  1. The personal data collected by the Company is processed at the Company’s offices in Sydney, Australia.
  2. Company’s servers are located in the United States and Australia. (Privacy Policy)
  3. The Company uses Mlab to provide the services.(Privacy Policy)
  4. The Company uses Google to authorize you on the website.(Privacy Policy)
  5. The Company uses Facebook analytics (Privacy Policy) and Google analytics (Privacy Policy) to monitor user’s behavior on the website.
  6. The Company uses Intercom which enables customer support via a live chat. (Privacy Policy)
  7. The Company uses Stripe to process online payments. (Privacy Policy)
  8. The Company uses SendGrid to enable email delivery service. (Privacy Policy)
  9. The Company uses Firebase for the development of high-quality apps. (Privacy Policy)

Retention period

  1. The Company stores personal data as long as the Company needs it and the retention practice depends on the type of data the Company collects, regulatory burden, and how the Company use the personal data. The retention period of the Company is based on criteria that include legally mandated retention periods, pending or potential litigation, intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving.

Cookies policy

  1. The Company collects certain types of information when you access or use the website, including cookies and similar tracking technologies, such as pixels.
  2. Cookies are small data files that are placed on your computer or mobile device when you visit this website. Cookies are used by the website in order to make the website work, or to work more efficiently, as well as to provide reporting information.
  3. You may always turn off some of the cookies through your browser. If you turn off the cookies, this may influence the functionality of the website.
  4. The list of cookies the Company uses is listed in your browser and in the list of the third party service providers mentioned above.

Transfer of your personal data

  1. The Company has offices in Australia and the United States and servers in Australia and the United States. Personal data the Company collects from you will be processed in Australia and the United States. Australia and the United States have not sought nor received a finding of ”adequacy” from the European Union under Article 45 of the GDPR. The Company relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, the Company collects and transfers to Australia and the United States personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of the Company in a manner that does not outweigh your rights and freedoms.
  2. The Company endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with the Company and the practices described in this Privacy Policy.