Privacy Policy

WHO IS THE DATA CONTROLLER?

A “data controller” is a person or organization who alone or jointly determines the purposes for which and the manner in which any personal data is, or is likely to be, processed. In this sense, Stooper LLC of 418 Broadway STE N, Albany, New York 12207, USA  (“Stooper”, “we”, “us”, or “our”) is the data controller. If you have any questions about cookies or about data protection at Stooper in general, please email us using contact@stooper.com.

 

WHAT IS PERSONAL DATA?

Personal Data is information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, e-mail address, your IP address, and other identifying information. Anonymous data exists if no personal reference to the user can be made.

 

WHAT IS SPECIAL CATEGORY DATA?

Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data that, among others, concerns your health. In order to lawfully process Special Category Data, it is necessary to consent to the processing.

 

WHAT IS PROCESSING?

"Processing" means and covers virtually any handling of data.

 

WHAT LAW APPLIES?

We will only use your Personal Data in accordance with the Personal Privacy Protection Law (“PPPL”), the New York Privacy Act (“NYPA”), the EU's General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”), for users accessing the Platform from California; and, of course, only as described in this Privacy Policy.

 

WHAT ARE THE LEGAL BASES FOR PROCESSING YOUR DATA?

We have to have at least one of the following legal bases to process your Personal Data: a) you have given your consent; b) the data is necessary for the fulfillment of a contract/pre-contractual measures; c) the data is necessary for the fulfillment of a legal obligation; or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden. 

 

WHAT PERSONAL DATA DO WE COLLECT FROM YOU?

We may collect and process the following Personal Data about you:

 

a) Personal Data that you give us:

​

This is information about you that you give to us. It may include, for example, your name, email address, gender, and phone number when you contact us. The legal basis is the initiation of a contract with you and your consent. 

 

We also process the Personal Data when you create an account in order to be able to provide you access to our Services and to provide our services to you, including publishing your adverts (listings) on the Platform and creating your public profile, and facilitating introductions with other Users of our Platform. The Data you submit typically includes your name, email address, phone number, password, search preferences, and your user category, such as landlord, tenant or otherwise. However, we will not share your email address or phone number with other Users of our Platform unless you have specifically chosen to disclose it. Where you have not opted out of receiving them, we will also use this information to send you email notifications of other Users’ adverts matching your search preferences and/or newsletters about our own services we think may be of interest to you from time to time. We will not sell or rent any of this information to any third parties nor send you any third party marketing communications unless you have specifically opted in to receiving them. The legal basis is the initiation of a contract with you and your consent. 

 

We may collect and process information about your location (from the listing address you provide) and the time the location information is recorded to provide the services with location-based mapping information and features. Some of these services require your Personal Data for the feature to work, and we may associate location data with your device ID, IP address, and/or other information we hold about you. 

 

As a registered user, you have the opportunity to create a user profile with just a few clicks and details, and the relevant profile data you provide will be posted on your profile. Of course, you can change or remove the information or delete your profile at any time via the settings in your profile. You have choices about the information on your profile. Please do not post or add Personal Data to your profile that you would not want to be available. The legal basis for the processing of your Personal Data is the establishment and implementation of the user contract for the use of our Services.

 

If you wish to use our Platform and its features, we process the Personal Data and Content you voluntarily provide for the purpose of using our Platform. Depending on how you use our Platform (Lister or Renter), you may provide content such as text, images, video, etc. and upload Personal Data. 

 

While we need certain Personal Data to allow you to use our Platform, your Personal Data is never shared without a lawful reason. However, Content uploaded by users will be made available and may be viewed and otherwise accessed by others. In turn, we may process:

 

Content Data including photos, videos, text messages, or other digital content you create, broadcast, perform, or upload on our Platform and information about the content you create, broadcast, perform, or upload, including metadata that is provided with that Content. Please remember that Content Data that you transmit may reveal Personal Data about yourself as well, including identifying information about yourself depicted in any photos or videos.

 

Content Data you provide may also be considered “sensitive”. This includes data that could cause harm to an individual or company if released. By choosing to provide this data, you consent to our processing of that data. You have choices about the data you provide and how you share it. Please do not share information that you would not want to be available. The legal basis for the processing of your Data is the establishment and implementation of the user contract for the use of the service as well as your consent. 

 

We also process both Personal Data and Special Category Data you provide during your use of our Platform (“Service Data”), in order to be able to provide you access to and use of our Platform. For this purpose, all Service Data processed by us will be processed on your behalf, and we become your Data Processor. Doing so we provide you complete control of your Service Data by providing you the ability to (i) access your Service Data, (ii) share your Service Data through supported third-party integrations, and (iii) request export or deletion of your Service Data and take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of your Service Data. 

 

In providing our Platform and publishing your Service Data, including video and images, we may also process images and facial-related information from our users. Images and facial-related information are used and processed solely for the purpose explicitly consented to, and we do not collect, use, or store any images and facial-related information for the purpose of recognizing faces outside of this purpose. The legal basis is your consent.

 

We also process your chats and communications with other users, as well as the content you may provide to others through our Platform as you interact with them. 

 

We also collect information about your activities on our Platform, such as your requirements, notes you attach to properties and their descriptions, etc.; how you use our Platform (e.g., the date and time you logged in; features you used; searches you performed; clicks and pages you were shown; content you clicked on); and how you interact with other users (e.g., users you connect and interact with; the time and date of your exchanges). 

 

If you create a support ticket, we will request Personal Data and, where applicable, Special Category Data in accordance with your request; this may include your name, email address, and other booking-related data you voluntarily provide. If you submit a support ticket, we process the data for the purpose of processing and handling your ticket. Our employees will also have access to data that you knowingly share with us for technical support or to import data into our services. We communicate our privacy and security guidelines to our employees and enforce privacy safeguards strictly. The legal basis of the data processing is our obligation to fulfil the contract and/or our legitimate interest in processing your support ticket. 

 

If you are providing us with Personal Data relating to a third party, you agree a) that you have in place all necessary appropriate consents and b) that such third party has read this Privacy Policy. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.

 

Finally, we use content or service offers of third-party providers on the basis of our legitimate interest to integrate their content and services. We do not control, and accept no liability or responsibility for, these third parties, including third party websites, advertisements, mobile applications and tracking technologies including cookies of such third parties. The following provides an overview of third-party providers together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any:

 

• Authentication Services: Clerk

• Payment and Subscription Services: Stripe (we have no access to any payment information you submit to Stripe).

• Maps and Location services via places: Google

• Conversations API for chat: Twilio

• Data Storage: AWS (Amazon) via UploadThing / Neon

• Backend Hosting: Vercel

• Push notification providers: Firebase/Apple abstracted via Expo

 

The legal basis for providing the above is the fulfillment of the user contract for the use of the Platform as well as your consent. 

 

We also collect, use, and share aggregated data, such as statistical or demographic data, for any purpose, including improving our Platform and services. Aggregated data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy. 

 

We process data in the context of administrative tasks as well as the organisation of our data, business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest. 

 

Lastly, we use your data (name and email) within the legally permissible scope for marketing purposes, e.g., to draw your attention to special promotions and discount offers. In addition, we may draw your attention to comparable offers by email, e.g., we may inform you about exclusive promotions or special events. The legal basis for processing is our legitimate interest.

 

b) Personal Data that our Platform collects about you:

​

The App can be downloaded from the “Google Playstore'' a service offered by Google LLC, or the Apple App service “App Store” a service of Apple Inc., to install our App. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.

 

As far as we are aware, Google collects and processes the following data: license check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which Personal Data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store. 

 

As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, and location information. It cannot be excluded that Apple also transmits the information to a server in a third country. We cannot influence which Personal Data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store. 

 

Google and Apple may collect information from and about the device(s) you use to access our App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, advertising IDs (AAID), information about your wireless and mobile network connection, such as your service provider and signal strength, and information about device sensors such as accelerometer, gyroscope, and compass.

 

We may request permission to store your App data including your Internet Connection and Network, Push Notifications, Gallery, Camera and Location. The legal basis for data processing is our legitimate interest, the provision of contractual or pre-contractual measures, and your consent. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our App may not function as intended.

 

When you use one of our location-enabled services, we may collect and process information about your location (coarse) and the time the location information is recorded to provide the services with location-based information and features. Some of these services require your Personal Data for the feature to work, and we may associate location data with your device ID and other information we hold about you. We keep this data for no longer than is reasonably necessary for providing services to you. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling the GPS or other location-tracking functions on your device, provided your device allows you to do this. See your device manufacturer’s instructions for further details.

 

When you use our App, you will receive so-called push messages from us, even if you are not currently using our App. These are messages that we send you as part of the performance of the contract. You can adjust or stop receiving push messages at any time via a) the device settings of your device or b) by enabling or disabling specific types of notifications within the App. The service used is Firebase Cloud Messaging for push notifications from Google and Apple Push Notification Service from Apple. It cannot be excluded that Google or Apple also transfers the information to a server in a third country. We cannot influence which data Google or Apple collects and processes. Firebase's key security and privacy information can be found here: https://firebase.google.com/support/privacy. Insofar as you consent to the use of push messages, consent is the legal basis for the processing.

 

If you are using our website, it will automatically collect some information about you and your visit, including the Internet Protocol (IP) address used to connect your device to the Internet and some other information, such as the pages on our site that you visit. This is used to monitor the performance of the website and improve the experience of visitors to the Platform. We use the hosting services of Amazon via Neon for hosting and displaying our App. Amazon does this on the basis of processing on our behalf, which also means that all data collected on our website is processed on Amazon's servers. The basis for processing is our legitimate interest and the initiation and/or fulfillment of a contract.

 

COOKIES AND OTHER TRACKING TECHNOLOGIES

• In common with other websites and mobile applications we use cookies and other tracking technologies to ensure that you get the most out of the Platform and to improve the service we offer. A cookie is a text file containing small amounts of information that are downloaded to your device when you access a website. The text file is then sent back to the server each time your browser requests a page from the server. This enables the web server to identify and track the web browser you are using.

• Some cookies we use are necessary for our Platform to function properly and to enable you to move around the Platform and use its features. In addition we also use so-called "functional" cookies, which allow our Platform to remember choices you’ve made in relation to the Platform, so as to provide a more personalized and enhanced user experience. Examples of the functional cookies we use on the site, and the information we collect through the use of those cookies, include those that remember details about your account preferences, including your password and login details, your search history and adverts you have posted to the Platform, the types of alerts and newsletters you have opted to receive and the types of adverts you are interested in hearing about.

• We may also use an analytics service provider, such as Google Analytics, for website and mobile application traffic analysis and reporting. Analytics service providers generate statistical and other information about website and mobile application use by means of tracking technologies including cookies that are stored on users' devices. The information generated relating to the Platform may be used to create reports about the use of the Platform - the analytics service provider will store this information. You can opt-out of having your activity on Our Site or Application made available to Google Analytics by installing the Google Analytics opt-out browser add-on. This add-on prevents Google Analytics from retrieving information about your visits to our Site or Application.

 

TURNING OFF COOKIES OR OTHER TRACKING TECHNOLOGIES

• If you don’t want us to install cookies on your devices for these purposes, you can change the settings on your internet browser to reject cookies. All modern browsers allow you to change your cookie settings. These settings will typically be found in the 'options' or 'preferences' menu of your browser. In order to understand these settings the following links may be helpful, otherwise you should use the 'Help' option in your browser for more details:

  1. Cookie settings in Internet Explorer;

  2. Cookie settings in Firefox;

  3. Cookie settings in Chrome; and

  4. Cookie settings in Safari

• We recommend you don’t turn cookies off when using the Platform as this may prevent you from using many of the services on the Platform. However, please note that if you continue to browse our website or use our mobile application you are consenting to our use of cookies in accordance with this privacy policy.

• How We Respond to Do Not Track Signals: Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, we do not respond to Do Not Track browser settings or signals. In addition, we may use other technology that is standard to the Internet, such as pixel tags, web beacons, and other similar technologies, to track visitors to the Platform. Those tools may be used by us and by third parties to collect information about you and your internet activity, even if you have turned on the Do Not Track signal.

 

OTHER USES OF YOUR PERSONAL DATA

We may also collect, store, and use your Personal Data for the following purposes:

• to operate, manage, develop, and promote our business and, in particular, our relationship with you and related transactions, including, for example:

  • marketing purposes (when we have either gathered prior opt-in consent and/or have a legitimate interest to send you communications which we believe to be relevant and of use to you);

  • to operate, administer, and improve our Platform and other aspects of the way in which we conduct our business;

  • to offer you our Platform and services;

  • to provide you with services or information that you may have requested; and

  • to keep you informed and updated on relevant topics or services you may be interested in.

• to protect our business from fraud, money laundering, breach of confidence, theft of proprietary materials, and other financial or business crimes;

• to comply with our legal and regulatory obligations, bring and defend legal claims and assert legal rights; and

• if the purpose is directly connected with an assigned purpose previously made known to you.

 

We will only process your Personal Data as necessary so that we can pursue the purposes described above and where we have a legal basis for such processing. Where our lawful basis for processing is that such processing is necessary to pursue our legitimate interests, we will only process your Personal Data where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest. In exceptional circumstances, we may also be required by law to disclose or otherwise process your Personal Data. 

​

CHANGE OF PURPOSE

We will only use your Personal Data for the purposes for which we collected it as detailed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you, and we will explain the legal basis which allows us to do so.

 

STORAGE AND RETENTION

Your personal data will remain with us in a designated database hosted on an Amazon AWS EC2 instance until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

 

WHEN DO WE DISCLOSE YOUR PERSONAL DATA?

We may share your information with organizations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy to support our Platform and our services. If you wish to learn more about how the relevant provider processes your personal data, please follow the links embedded in the above-mentioned provider's name. 

 

Typically, and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations. Equally, if you have consented to it, or where we have a legal obligation to do so or on the basis of our legitimate interests (e.g., when using agents, hosting providers, tax, business and legal advisors, accounting, and similar services that allow us to perform our contractual obligations, administrative tasks, and duties efficiently and effectively). If we commission third parties to process data on the basis of a so-called "processing agreement".

 

We may also disclose information in other circumstances, such as when you agree to it or if the law, a court order, a legal obligation, or a regulatory authority asks us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our rights, property, or personal safety of our staff, the Platform and its users.

 

HOW WE SECURE YOUR PERSONAL DATA

Our Platform uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as login data or contact requests that you send to us. We have also implemented numerous security measures (“technical and organizational measures”), for example, encryption or need-to-know access, to ensure the most complete protection of Personal Data processed through our Platform.

 

YOUR RIGHTS AND PRIVILEGES 

Privacy rights 

You can exercise the following rights:

• The right to access;

• The right to rectification;

• The right to erasure;

• The right to restrict processing;

• The right to object to processing;

• The right to data portability;

 

Update your information and withdraw your consent 

If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to legitimate interest processing, please do so by contacting us at contact@stooper.com.

 

What we do not do

• We do not request Personal Data from minors and children;

• We do not process special category data without obtaining prior specific consent;

• We do not use automated decision-making, including profiling; and

• We do not sell your Personal Data.

 

Who is the competent data protection authority?

You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority.

 

Data Breaches and Notification

Databases or records containing Personal Data may be breached accidentally or through unlawful intrusion. As soon as we become aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notification will be accompanied by a description of the measures that will be taken to repair the damage caused by the data breach. Notifications will be sent as soon as possible after the violation is discovered.

 

USA SPECIFIC PROVISIONS

The following applies to users located elsewhere in the United States. While we understand and appreciate that privacy and consumer data protection laws differ as they are subject to each state's legislature and that no data protection framework similar to the GDPR exists on a federal level, we are committed to following and applying the relevant privacy rules and regulations for your state. 

 

As of the day of drafting, the following states had enacted privacy and consumer data protection laws: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. Under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.

​

We may collect the following categories of personal information:

​

Category / Examples / Collected

• Identifiers / Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, internet protocol address, photograph, email address, and account name / YES

•  Personal information as defined in the California Customer Records statute / Name, contact information, and financial information /YES

• Protected classification characteristics under state or federal law / Gender and date of birth / YES

• Commercial information / Transaction information, purchase history, financial details, and payment information / NO

• Biometric information / Fingerprints and voiceprints / NO

• Internet or other similar network activity / Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements / YES

• Geolocation Data / Device Location / NO

• Audio, electronic, visual, thermal, olfactory, or similar information, Images and audio, video or call recordings created in connection with our business activities / YES

• Professional or employment related information / Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us / YES

• Education Information / Student records and directory information / NO

• Inferences drawn from collected personal information / Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual's preferences and characteristics / NO

• Sensitive personal information / Account login information / YES

​

Further, the following also apply

 

i) “Shine the Light”

“Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using the contact details provided.

 

ii) COPPA (Children Online Privacy Protection Act)

When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.

 

iii) CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.

 

iv) Telephone Consumer Protection Act (TCPA)

If we process your Personal Data for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent to personalized direct advertising per SMS.

 

v) Controls For Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our Platform does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.

 

vi) Right to complain

Finally, and in regard to the right to complain to a supervisory authority. You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. Users based in the above-mentioned states may lodge a complaint with the relevant district attorney or attorney general's office. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.

 

CANADA AND MEXICO SPECIFIC PROVISIONS

Both Canada and Mexico have introduced data protection laws that are similar to the GDPR, namely Federal Law for the Protection of Personal Data in the Possession of Private Parties (“LFPDPPP”) supplemented by the Rules of the Federal Law for the Protection of Personal Data in the Possession of Private Parties in Mexico and the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada. Under consideration that the GDPR has played a pivotal role, no conflict should arise pursuing a uniform approach in granting all users in Mexico or Canada the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.

 

In terms of your right to complain, Canada’s national supervisory authority is the Office of the Privacy Commissioner (www.priv.gc.ca) and the National Institute of Transparency, Access to Information and Personal Data Protection (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) (“INAI”) is the national supervisory authority in Mexico (www.ifai.org.mx). 

 

HELP AND COMPLAINTS

If you have any questions about data protection at Stooper, you can contact us by email using contact@stooper.com.

​

CHANGES

This Policy is the current and valid version. Any prior versions are invalid, and if we make changes to this policy, we will revise the effective date listed at the top of this page.