top of page

Data Handling Agreement

Last Updated: January 2026

This Data Handling Agreement (“Agreement”) forms part of the agreement between Skillstone (“Skillstone”, “we”, “us”) and the client organisation (“Client”) that uses the Skillstone platform (“Services”).


This Agreement governs how personal data is processed in connection with the Services.

1. Roles and Scope

1.1 Relationship of the Parties
For the purposes of applicable data protection laws:

  • The Client acts as the data controller in respect of personal data relating to its users.

  • Skillstone acts as a data processor, processing personal data on behalf of the Client in accordance with this Agreement and the Client’s instructions.


1.2 Scope
This Agreement applies to all personal data processed by Skillstone on behalf of the Client in connection with the Services, including data relating to employees, contractors, learners, or other authorised users.
 

2. Nature and Purpose of Processing

Skillstone processes personal data solely for the purpose of:

  • Providing and operating the Skillstone platform

  • Delivering learning, compliance, and training content

  • Managing user access and authentication

  • Facilitating optional communication features where enabled by the Client

  • Supporting compliance, auditing, reporting, and record-keeping

  • Providing technical support and service improvements


Skillstone does not process personal data for its own independent purposes.
 

3. Categories of Data and Data Subjects

3.1 Data Subjects
Personal data may relate to:

  • Employees

  • Contractors

  • Learners

  • Other individuals authorised by the Client


3.2 Categories of Personal Data

  • Personal data may include:

  • Identification and contact details (e.g. name, email address, role)

  • Account credentials

  • Training activity, completion records, acknowledgements

  • Uploaded content (e.g. forms, images, videos, documents)

  • Electronic signatures

  • Communications via platform features where enabled

  • Technical and usage data

 

4. Client Responsibilities


The Client is responsible for:

  • Ensuring it has a lawful basis to collect and provide personal data to Skillstone

  • Informing users about the processing of their personal data

  • Managing user access, permissions, and role assignments

  • Determining whether optional features (including chat) are enabled

  • Ensuring content uploaded to the platform is lawful and appropriate

  • Responding to requests from data subjects, unless otherwise agreed

 

5. Skillstone Responsibilities


Skillstone shall:

  • Process personal data only in accordance with the Client’s documented instructions

  • Implement appropriate technical and organisational measures to protect personal data

  • Ensure personnel with access to personal data are bound by confidentiality obligations

  • Assist the Client, where reasonably requested, with compliance obligations under applicable data protection laws

  • Notify the Client without undue delay if it becomes aware of a personal data breach affecting Client data

 

6. Optional Communication Features and Third-Party Sub-Processors


6.1 Optional Chat Feature
Skillstone may provide optional communication features, including chat or messaging, which are enabled or disabled at the discretion of the Client.


6.2 Third-Party Sub-Processors
Where enabled, chat functionality may be provided using a third-party service provider (such as CometChat) acting as a sub-processor.


Skillstone remains responsible for ensuring that any sub-processor:

  • Is subject to appropriate contractual data protection obligations

  • Processes personal data solely for the purpose of providing the relevant service

  • Implements appropriate security measures


A list of sub-processors may be made available upon request.

7. Data Storage and Transfers


Personal data may be stored or processed in Australia or other jurisdictions where Skillstone or its service providers operate.


Skillstone will ensure that any international data transfers are conducted in accordance with applicable data protection laws and subject to appropriate safeguards.

8. Security Measures


Skillstone implements reasonable administrative, technical, and physical security measures designed to protect personal data from unauthorised access, loss, misuse, or disclosure.


These measures may include access controls, encryption, audit logging, and infrastructure security provided by reputable cloud service providers.

9. Data Retention and Deletion


Personal data will be retained only for as long as necessary to provide the Services or meet legal or contractual obligations.


Upon termination of the Services, Skillstone will, at the Client’s request and where legally permitted:

  • Delete personal data, or

  • Return personal data to the Client


Subject to applicable retention requirements.

10. Audits and Compliance


Upon reasonable notice, the Client may request information necessary to demonstrate Skillstone’s compliance with this Agreement.


Skillstone is not required to provide information that would compromise security, confidentiality, or the rights of other clients.

11. Liability


Each party’s liability under this Agreement is subject to the limitations set out in the main agreement governing the Services.


Nothing in this Agreement limits liability where such limitation is not permitted by law.

12. Governing Law


This Agreement is governed by the laws of Australia, unless otherwise agreed in writing.

13. Order of Precedence


In the event of a conflict between this Agreement and the main agreement governing the Services, this Agreement shall prevail in respect of data protection matters.

14. Contact


Questions regarding data handling or privacy may be directed to: support@skillstone.com
 

bottom of page