Privacy Notice HackenProof
Last updated: 19 May 2023
Intro
Hi, we are Hacken, and we definitely are into security and privacy. In Hacken, we know how to handle data. So this Privacy Notice is here to tell you about how we process your data, when you use our website https://hackenproof.com (“HackenProof”).
HackenProof is created and operated by Hacken OÜ (“we”, “Hacken”, or “Controller”). See more details about us as a Controller here .
Our Terms and Conditions contain essential information about your legal rights and obligations. You can read it here .
Category of data subjects
In brief:
- Using HackenProof and its functions you can be for us: Visitor, Company, Hacker.
As a User, in the process of receiving our services or during communication with us, you can become:
| Category of data subjects | Description |
| Visitor | Users, who only browse HackeProof. |
| Hacker | User, who has created a Hacker’s account to provide cybersecurity services through HackenProof and receive rewards. |
| Company | User, who has created a Company’s account to get the cybersecurity services by Hacken, provided with the involvement of the Hackers from HackenProof. |
Contacts and Controller information
| Controller | Hacken OU |
| Address | Kai tn 1-5M, Tallinn city, Harju county, 10111, Estonia |
| Contacts |
[email protected] – for general questions |
Personal data we process
In brief:
- The data we process is divided into categories: automatically collected data, data provided to us by our data subjects and data received from third parties.
- Verification of Hackers is covered by KYC Privacy Notice.
- Third parties from whom we receive data are publicly available.
The data we process is divided into categories: automatically collected data, data provided to us by our data subjects and data received from third parties.
- automatically collected data (visitor`s data);
- data we can get from the Hacker;
- data we can get from the Company;
- data received from third parties.
Note:
The services are not directed to individuals under 18. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information. If you become aware that a child has provided us with personal data, please contact us .
We may process personal data on the following lawful basis:
- performance of the contract – the processing of personal data is necessary for the conclusion and performance of a contract. Failure to provide data that is processed on a "performance of the contract" basis will result in the inability to register and provide our services;
- consent – for additional processing for certain purposes;
- legitimate interest (only for EU residents) – for processing that is reasonable for the user and necessary for the development of our services.
Your data will not be processed for purposes other than those for which it was collected, as described in the tables below.
Automatically collected data (Visitor`s data)
When you visit HackenProof, some data is automatically collected. Learn more about the purposes and basis for data processing:
| Theme | Purpose | Lawful basis | Data | ||
| EU | USA | ||||
| Unnecessary cookies | Statistics and analytics | Consent | Consent | Statistical information that is generated when you use HackenProof. | |
| Necessary cookies (necessarily) | Improving your experience of interacting with HackenProof | Legitimate interests | Performance of the contract | Information about your visits and use of this site, including the source of the links, time and duration of the visit, and navigation. | |
| Mandatory technical data | Correct operation of HackenProof | Legitimate interests | Consent | IP address, UTM settings, geolocation, device type, browser type and other technical information | |
| Storage limitation | |||||
| Data that are processed on the basis of a performance of the contract | Stored for up to 2 years after the last use of HackenProof | ||||
| Data that are processed on the basis of a legitimate interest | Stored for up to 2 years after the last use of HackenProof | ||||
| Data that is processed on the basis of your consent | Stored for up to 2 years from the last time you used HackenProof or until you withdraw your consent | ||||
Data we can get from the Hacker
| Theme | Purpose | Lawful basis | Data | ||
| EU | USA | ||||
| Registration data (necessarily) | Create an account | Performance of the contract | Performance of the contract |
|
|
| Settings data | Usability | Legitimate interests | Performance of the contract |
|
|
| Contact data (necessarily) | Restoring account access | Performance of the contract | Performance of the contract |
|
|
| Contact data | Marketing | Consent | Consent |
|
|
| Verification data (necessarily for private programs) | Filling out your account | Performance of the contract | Performance of the contract | Please, see KYC Privacy Notice | |
| Report data | To pay and to review the reports | Performance of the contract | Performance of the contract |
|
|
| Payment data | Saving and tracking payments | Performance of the contract | Performance of the contract |
|
|
| Report/payment history | Tax Reporting | Legal obligation | Legal obligation |
|
|
| Storage limitation | |||||
| Data that are processed on the basis of a performance of the contract | Stored for the duration of use of our service + 5 years after the last interaction | ||||
| Data that are processed on the basis of a legitimate interest | Stored until the data is updated OR stored for the duration of the service + 5 years afterwards | ||||
| Data that is processed on the basis of your consent | Stored for up to 5 years from the last time you used HackenProof OR until you withdraw your consent | ||||
Data we can get from the Company
| Theme | Purpose | Lawful basis | Data | ||
| EU | Other | ||||
| Registration data (necessarily) | Create an account | Performance of the contract | Performance of the contract |
|
|
| Settings data | Usability | Legitimate interests | Consent |
|
|
| Contact data (necessarily) | Restoring account access | Performance of the contract | Performance of the contract |
|
|
| Contact data | Marketing | Content | Content |
|
|
| Profile data (necessarily) | Filling out your account (General) | Performance of the contract | Performance of the contract |
|
|
| Additional data | Filling out your account (Social) | Legitimate interests | Content |
|
|
| Representative data | Filling out your account (users and roles) | Performance of the contract | Performance of the contract |
|
|
| Payments history | Tax Reporting | Legal obligation | Legal obligation |
|
|
| Storage limitation | |||||
| Data that are processed on the basis of a performance of the contract | Stored for the duration of use of our service + 5 years after the last interaction | ||||
| Data that are processed on the basis of a legitimate interest | Stored until the data is updated OR stored for the duration of the service + 5 years afterwards | ||||
| Data that is processed on the basis of your consent | Stored for up to 5 years from the last time you used HackenProof OR until you withdraw your consent | ||||
Data received from third parties
Also, we can collect some data from third parties.
We share your data with the service providers who, for example, help us:
| Third parties | Description | Link to privacy documents |
| We use Facebook for communication and support | Privacy | |
| We use LinkedIn | Privacy Policy | |
| We use Twitter for communication and support | Privacy Policy | |
| We use Google products to organize our work and communication. | Privacy & Terms |
Note:
We can get data from third parties, but we won't necessarily get it. It all depends on your settings and the features you use. For example, we can receive data if you communicate with us through these third parties.
Information on data transfer
In brief:
- We have the ability to transfer and disclose your data legally.
- We use appropriate safeguards to transfer your data.
General
We may transfer your data with our employees and partners for contractual purposes. We we transfer your data on the following basis:
| Consent. We transfer your personal data based on your explicit consent. |
|
Compliance with the law. We will disclose your personal data to third parties to the extent that it is necessary:
|
|
Legitimate interest or performance of the contract. We transfer your personal data to third parties on the basis of a contract for processing on our behalf, subject to technical, physical and organizational measures to protect your personal data. We may transfer:
|
Note:
We will ask for your consent if the transfer of data is not part of a contract. If a transfer is necessary, we also undertake to obtain permission from the regulatory body. Read more
Data collection
The personal data that we collect is stored on servers in the KSA. There is not an adequacy decision by the European Commission. If we need a data transfer, we will take necessary steps to protect it.
We will transfer your personal data outside the EEA to provide service with all appropriate safeguards to protect your personal data.
Security
In brief:
- We use technical, physical and organizational measures to protect your data.
| Organizational measures | Physical measures | Technical measures |
| Policies and instructions | Limited access to premises | Two-factor authentication |
| Contractor training | Stress-tests | encryption_technologies |
| Transfer protection | Application software security | Backup |
| Non-disclosure agreements | inventory of Authorized and Unauthorized devices | Firewalls |
Cookies
In brief:
- We use cookies.
- You can customise cookie tracking in your browsers.
We use cookies and similar tracking technologies (beacons, tags, and scripts) to track the activity on our website.
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.
You can customize cookie tracking in your browsers. If you want to disable cookies, then you can find instructions for managing your browser settings at these links:
However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
- necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies;
- preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in;
- statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously;
- marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
We use cookies necessary for the functioning of HackenProof. Using cookies, we receive the technical information specified in the automatically collected data, and our Cookies Policy.
Data subjects rights
In brief:
- You have rights regarding your data;
- These rights may vary depending on the region.
EU residents
You, as a data subject, have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them:
| The right | Description |
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restriction the processing | You may partially or completely prohibit us from processing your personal data. |
| Right to data portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request was not satisfied, you can file a complaint to the regulatory body. |
Note:
To exercise your rights contact us.
If your request was not satisfied, you can file a complaint with the regulatory body —Estonian Data Protection Inspectorate at [email protected].
U.S. residents
You, as data subjects, have some special privacy rights. To use them, please contact us at [email protected]
Note:
Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request with the right to postpone it for 30 days more.
If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.
Your rights vary depending on the laws that apply to you, but may include:
| Right | Description | Area | |
| Right Access | You can request an explanation of the processing of your personal data. |
California Virginia Ohio Colorado Nevada Massachusetts |
Minnesota New York North Carolina Pennsylvania Delaware Utah |
| Right to rectification | You can change the information if it is inaccurate or incomplete. |
California Virginia Colorado Nevada Delaware |
Massachusetts Minnesota New York North Carolina |
| Right to deletion | You can send us a request to delete your personal data from our systems. |
California Virginia Ohio Colorado Massachusetts |
Minnesota New York North Carolina Pennsylvania Utah |
| Right to restriction | You may partially or completely prohibit us from processing your personal data. |
California Massachusetts |
New York |
| Right to portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. |
California Virginia Ohio Colorado Massachusetts |
Minnesota New York North Carolina Utah |
| Right to Opt-Out | The right to prohibit the sharing or selling of your data. |
California Virginia Ohio Nevada Massachusetts Minnesota |
New York North Carolina Pennsylvania Delaware Colorado Utah |
| RightAgainstAutomatedDecisionMaking | You have the right not to be subject to a decision based solely on automated means, if the decision produces legal effects concerning you or significantly affects you in a similar way. |
California Virginia Colorado Massachusetts |
Minnesota North Carolina New York |
| Right to lodge a complaint | If your request was not satisfied, you can file a complaint to the regulatory body. |
by default |
|
Note:
Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, contact us [email protected] .
Update
This Privacy Notice and the relationships falling under its effect are regulated by the Code of Washington, ССPA, Regulation (EU) 2016/679 (“GDPR”).
Existing laws and requirements for the processing of personal data are subject to change. In this case, we will publish a new version of the Privacy Notice on HackenProof.
If significant material changes are made that affect your privacy and confidentiality, we will notify you by email or display information on HackenProof and ask for your consent.