For Vendors
LOG IN

Privacy Policy

Micah Group Pty Ltd (“we”, “us”, or “our”) operates the LocalStalls SaaS platform (“Service”). This Privacy Policy explains how we collect, use, store, and protect personal information when you use our Service.

This policy applies to all users of the Service, including event organisers, vendors, sponsors, approved volunteers, and customers purchasing tickets or making bookings through the LocalStalls application.

When an individual or entity (including a business, organisation, or representative acting on its behalf) registers an account, submits a stall application, accepts an invitation, or otherwise accesses the Service, they are onboarded as a LocalStalls user, and any personal information and business-related information provided or generated in connection with that access is handled in accordance with this Privacy Policy, regardless of whether access is initiated by an event organiser or another third party.

We are committed to complying with applicable data protection and privacy laws in the jurisdictions in which we operate.

1. Information We Collect

1.1 Personal Information

We may collect personal information including:

  • Name, email address, phone number, and address
  • Account login credentials (including PINs for volunteers)
  • Payment-related information (processed via third-party providers)
  • Session data, usage data, and activity logs
  • Business or organisational details (e.g. company name, business address, ABN)
  • IP address and device identifiers

1.2 Non-Personal Information

We may collect aggregated or anonymised data for analytics, reporting, and service improvement.

2. How We Use Personal Information

We use personal information to:

  • Provide, operate, and improve the Service
  • Facilitate transactions and payments
  • Manage user accounts and authentication
  • Communicate service-related information
  • Maintain platform security and prevent fraud
  • Comply with legal and regulatory obligations

3. Legal Basis for Processing (EU & UK – GDPR)

For users located in the European Union or United Kingdom, we process personal data under the following lawful bases:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests (such as platform improvement and security)
  • Consent, where required (e.g. marketing communications)

4. Data Storage & International Transfers

LocalStalls operates globally. Personal information may be stored and processed in multiple locations.

  • EU and UK user data is stored in compliance with GDPR requirements
  • Australian user data may be stored in Australia or other regions
  • Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions

5. Data Sharing & Third Parties

We may share personal information with trusted third parties, including:

  • Payment providers (e.g. Stripe) for transaction processing
  • Analytics and infrastructure providers to support platform functionality
  • Regulatory or legal authorities where required by law

We do not sell or rent personal information.

5A. Support & Account Access

To provide technical support, troubleshoot issues, or resolve problems detected within the Service, authorised personnel may access user accounts on a limited and as-needed basis.

Such access:

  • Is restricted to what is reasonably necessary to resolve the issue
  • Is performed in accordance with applicable privacy laws
  • Is subject to internal access controls and confidentiality obligations

We do not routinely monitor user accounts and do not access content unless required for support, security, or legal compliance.

6. Data Retention

Personal information is retained only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.

Upon account termination, data is securely deleted or anonymised where appropriate.

7. Your Privacy Rights (EU & UK)

If you are located in the EU or UK, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Withdraw consent where applicable
  • Request data portability

You may lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority.

8. Your Privacy Rights (Australia)

If you are located in Australia, you have rights under the Privacy Act 1988, including the right to:

  • Access and correct your personal information
  • Make a privacy complaint to the Office of the Australian Information Commissioner (OAIC)

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to:

  • Know what personal information we collect and use
  • Request deletion or correction of your personal information
  • Opt out of the sale or sharing of personal information (we do not sell personal data)

Requests can be made by contacting us using the details below. We may verify your identity before responding.

10. Security Measures

We implement reasonable administrative, technical, and organisational measures to protect personal information, including encryption, secure servers, and restricted access controls.

11. Cookies & Tracking

We use cookies and similar technologies to support functionality, analytics, and performance. Users can control cookie settings through their browser.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via the Service or our website.

13. Contact Us

For privacy-related enquiries or requests:
Email: [email protected]