Privacy Notice

Privacy Notice HackenProof

Last updated: 19 May 2023

Intro

Hi, we are Hacken, and we definitely are into security and privacy. In Hacken, we know how to handle data. So this Privacy Notice is here to tell you about how we process your data, when you use our website https://hackenproof.com (“HackenProof”).

HackenProof is created and operated by Hacken OÜ (“we”, “Hacken”, or “Controller”). See more details about us as a Controller here .

Our Terms and Conditions contain essential information about your legal rights and obligations. You can read it here .

Category of data subjects

In brief:

  • Using HackenProof and its functions you can be for us: Visitor, Company, Hacker.

As a User, in the process of receiving our services or during communication with us, you can become:

Category of data subjects Description
Visitor Users, who only browse HackeProof.
Hacker User, who has created a Hacker’s account to provide cybersecurity services through HackenProof and receive rewards.
Company User, who has created a Company’s account to get the cybersecurity services by Hacken, provided with the involvement of the Hackers from HackenProof.

Contacts and Controller information

Controller Hacken OU
Address Harju maakond, Tallinn, Kesklinna linnaosa, Parda tn 4, 10151, Estonia
Contacts

[email protected]

[email protected] – for general questions

Personal data we process

In brief:

  • The data we process is divided into categories: automatically collected data, data provided to us by our data subjects and data received from third parties.
  • Verification of Hackers is covered by KYC Privacy Notice.
  • Third parties from whom we receive data are publicly available.

The data we process is divided into categories: automatically collected data, data provided to us by our data subjects and data received from third parties.

Note:

The services are not directed to individuals under 18. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information. If you become aware that a child has provided us with personal data, please contact us .

We may process personal data on the following lawful basis:

  • performance of the contract – the processing of personal data is necessary for the conclusion and performance of a contract. Failure to provide data that is processed on a "performance of the contract" basis will result in the inability to register and provide our services;
  • consent – for additional processing for certain purposes;
  • legitimate interest (only for EU residents) – for processing that is reasonable for the user and necessary for the development of our services.

Your data will not be processed for purposes other than those for which it was collected, as described in the tables below.

Automatically collected data (Visitor`s data)

When you visit HackenProof, some data is automatically collected. Learn more about the purposes and basis for data processing:

Theme Purpose Lawful basis Data
EU USA
Unnecessary cookies Statistics and analytics Consent Consent Statistical information that is generated when you use HackenProof.
Necessary cookies (necessarily) Improving your experience of interacting with HackenProof Legitimate interests Performance of the contract Information about your visits and use of this site, including the source of the links, time and duration of the visit, and navigation.
Mandatory technical data Correct operation of HackenProof Legitimate interests Consent IP address, UTM settings, geolocation, device type, browser type and other technical information
Storage limitation
Data that are processed on the basis of a performance of the contract Stored for up to 2 years after the last use of HackenProof
Data that are processed on the basis of a legitimate interest Stored for up to 2 years after the last use of HackenProof
Data that is processed on the basis of your consent Stored for up to 2 years from the last time you used HackenProof or until you withdraw your consent

Data we can get from the Hacker

Theme Purpose Lawful basis Data
EU USA
Registration data (necessarily) Create an account Performance of the contract Performance of the contract
  • Full name;
  • Profile picture;
  • Nickname;
  • Email;
  • Wallet number;
  • Type of Account (Hacker).
Settings data Usability Legitimate interests Performance of the contract
  • Language.
Contact data (necessarily) Restoring account access Performance of the contract Performance of the contract
  • Email;
Contact data Marketing Consent Consent
  • Email;
Verification data (necessarily for private programs) Filling out your account Performance of the contract Performance of the contract Please, see KYC Privacy Notice
Report data To pay and to review the reports Performance of the contract Performance of the contract
  • Company name;
  • Project link;
  • Date of creation.
Payment data Saving and tracking payments Performance of the contract Performance of the contract
  • Company name;
  • the amount of money.
Report/payment history Tax Reporting Legal obligation Legal obligation
  • Time and date of payment;
  • Payment amount;
  • additional data that you can specify in the receipt.
Storage limitation
Data that are processed on the basis of a performance of the contract Stored for the duration of use of our service + 5 years after the last interaction
Data that are processed on the basis of a legitimate interest Stored until the data is updated OR stored for the duration of the service + 5 years afterwards
Data that is processed on the basis of your consent Stored for up to 5 years from the last time you used HackenProof OR until you withdraw your consent

Data we can get from the Company

Theme Purpose Lawful basis Data
EU Other
Registration data (necessarily) Create an account Performance of the contract Performance of the contract
  • Full name;
  • Email;
  • Type of Account (Company).
Settings data Usability Legitimate interests Consent
  • Language.
  • Search requests;
Contact data (necessarily) Restoring account access Performance of the contract Performance of the contract
  • Email;
Contact data Marketing Content Content
  • Email;
Profile data (necessarily) Filling out your account (General) Performance of the contract Performance of the contract
  • Company name;
  • Logo;
  • Company website;
  • Financial data;
  • Company owner email.
Additional data Filling out your account (Social) Legitimate interests Content
  • Links to social media (LinkedIn, Twitter, Instagram).
Representative data Filling out your account (users and roles) Performance of the contract Performance of the contract
  • Full name of representative;
  • Number of employees;
  • Fole.
Payments history Tax Reporting Legal obligation Legal obligation
  • Time and date of payment;
  • Payment amount;
  • Additional data that may be in the receipt.
Storage limitation
Data that are processed on the basis of a performance of the contract Stored for the duration of use of our service + 5 years after the last interaction
Data that are processed on the basis of a legitimate interest Stored until the data is updated OR stored for the duration of the service + 5 years afterwards
Data that is processed on the basis of your consent Stored for up to 5 years from the last time you used HackenProof OR until you withdraw your consent

Data received from third parties

Also, we can collect some data from third parties.

We share your data with the service providers who, for example, help us:

Third parties Description Link to privacy documents
Facebook We use Facebook for communication and support Privacy
LinkedIn We use LinkedIn Privacy Policy
Twitter We use Twitter for communication and support Privacy Policy
Google We use Google products to organize our work and communication. Privacy & Terms

Note:

We can get data from third parties, but we won't necessarily get it. It all depends on your settings and the features you use. For example, we can receive data if you communicate with us through these third parties.

Information on data transfer

In brief:

  • We have the ability to transfer and disclose your data legally.
  • We use appropriate safeguards to transfer your data.

General

We may transfer your data with our employees and partners for contractual purposes. We we transfer your data on the following basis:

Consent. We transfer your personal data based on your explicit consent.

Compliance with the law. We will disclose your personal data to third parties to the extent that it is necessary:

  • to comply with a government request, court order, or applicable law;
  • to prevent unlawful use of our site or violation of the Terms and Conditions of HackenProof and our policies;
  • to protect against claims of third parties;
  • to help prevent or investigate fraud.

Legitimate interest or performance of the contract. We transfer your personal data to third parties on the basis of a contract for processing on our behalf, subject to technical, physical and organizational measures to protect your personal data.

We may transfer:

  • automatically collected data to contractors who provide us with marketing services;
  • data we can get from other data subjects to contractors who provide us with customer relationship building services.

Note:

We will ask for your consent if the transfer of data is not part of a contract. If a transfer is necessary, we also undertake to obtain permission from the regulatory body. Read more

Data collection

The personal data that we collect is stored on servers in the KSA. There is not an adequacy decision by the European Commission. If we need a data transfer, we will take necessary steps to protect it.

We will transfer your personal data outside the EEA to provide service with all appropriate safeguards to protect your personal data.

Security

In brief:

  • We use technical, physical and organizational measures to protect your data.
Organizational measures Physical measures Technical measures
Policies and instructions Limited access to premises Two-factor authentication
Contractor training Stress-tests encryption_technologies
Transfer protection Application software security Backup
Non-disclosure agreements inventory of Authorized and Unauthorized devices Firewalls

Cookies

In brief:

  • We use cookies.
  • You can customise cookie tracking in your browsers.

We use cookies and similar tracking technologies (beacons, tags, and scripts) to track the activity on our website.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.

You can customize cookie tracking in your browsers. If you want to disable cookies, then you can find instructions for managing your browser settings at these links:

However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies;
  • preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in;
  • statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously;
  • marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

We use cookies necessary for the functioning of HackenProof. Using cookies, we receive the technical information specified in the automatically collected data, and our Cookies Policy.

Data subjects rights

In brief:

  • You have rights regarding your data;
  • These rights may vary depending on the region.

EU residents

You, as a data subject, have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them:

The right Description
Right to access You can request an explanation of the processing of your personal data.
Right to rectification You can change the data if it is inaccurate or incomplete.
Right to erasure You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law.
Right to restriction the processing You may partially or completely prohibit us from processing your personal data.
Right to data portability You can request all the data that you provided to us, as well as request to transfer data to another controller.
Right to object You may object to the processing of your personal data.
Right to withdraw consent You can withdraw your consent at any time.
Right to file a complaint If your request was not satisfied, you can file a complaint to the regulatory body.

Note:

To exercise your rights contact us.

If your request was not satisfied, you can file a complaint with the regulatory body —Estonian Data Protection Inspectorate at [email protected].

U.S. residents

You, as data subjects, have some special privacy rights. To use them, please contact us at [email protected]

Note:

Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request with the right to postpone it for 30 days more.

If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.

Your rights vary depending on the laws that apply to you, but may include:

Right Description Area
Right Access You can request an explanation of the processing of your personal data.

California

Virginia

Ohio

Colorado

Nevada

Massachusetts

Minnesota

New York

North Carolina

Pennsylvania

Delaware

Utah

Right to rectification You can change the information if it is inaccurate or incomplete.

California

Virginia

Colorado

Nevada

Delaware

Massachusetts

Minnesota

New York

North Carolina

Right to deletion You can send us a request to delete your personal data from our systems.

California

Virginia

Ohio

Colorado

Massachusetts

Minnesota

New York

North Carolina

Pennsylvania

Utah

Right to restriction You may partially or completely prohibit us from processing your personal data.

California

Massachusetts

New York

Right to portability You can request all the data that you provided to us, as well as request to transfer data to another controller.

California

Virginia

Ohio

Colorado

Massachusetts

Minnesota

New York

North Carolina

Utah

Right to Opt-Out The right to prohibit the sharing or selling of your data.

California

Virginia

Ohio

Nevada

Massachusetts

Minnesota

New York

North Carolina

Pennsylvania

Delaware

Colorado

Utah

Right
Against
Automated
Decision
Making
You have the right not to be subject to a decision based solely on automated means, if the decision produces legal effects concerning you or significantly affects you in a similar way.

California

Virginia

Colorado

Massachusetts

Minnesota

North Carolina

New York

Right to lodge a complaint If your request was not satisfied, you can file a complaint to the regulatory body.

by default

Note:

Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, contact us [email protected] .

Update

This Privacy Notice and the relationships falling under its effect are regulated by the Code of Washington, ССPA, Regulation (EU) 2016/679 (“GDPR”).

Existing laws and requirements for the processing of personal data are subject to change. In this case, we will publish a new version of the Privacy Notice on HackenProof.

If significant material changes are made that affect your privacy and confidentiality, we will notify you by email or display information on HackenProof and ask for your consent.