logo

Privacy Notice

Last updated19 May 2023

Intro

Hi, we are Hacken, and we definitely are into security and privacy. In Hacken, we know how to handle data. So this Privacy Notice is here to tell you about how we process your data, when you use our website https://hackenproof.com (“HackenProof”). HackenProof is created and operated by Hacken OÜ (“we”, “Hacken”, or “Controller”). See more details about us as a Controller here. Our Terms and Conditions contain essential information about your legal rights and obligations. You can read it here.

Category of data subjects

In brief: Using HackenProof and its functions you can be for us: Visitor, Company, Hacker.
As a User, in the process of receiving our services or during communication with us, you can become:
Category of data subjectsDescription
VisitorUsers, who only browse HackeProof.
HackerUser, who has created a Hacker’s account to provide cybersecurity services through HackenProof and receive rewards.
CompanyUser, who has created a Company’s account to get the cybersecurity services by Hacken, provided with the involvement of the Hackers from HackenProof.

Contacts and Controller information

ControllerHacken OUAddressHarju maakond, Tallinn, Kesklinna linnaosa, Parda tn 4, 10151, EstoniaContacts [email protected] [email protected]  – for general questions

Personal data we process

In brief: The data we process is divided into categories: automatically collected data, data provided to us by our data subjects and data received from third parties. Verification of Hackers is covered by KYC Privacy Notice. Third parties from whom we receive data are publicly available.
The data we process is divided into categories: automatically collected data, data provided to us by our data subjects and data received from third parties.
The data we process is divided into categories: automatically collected data, data provided to us by our data subjects and data received from third parties. Verification of Hackers is covered by KYC Privacy Notice. Third parties from whom we receive data are publicly available.
Note: The services are not directed to individuals under 18. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information. If you become aware that a child has provided us with personal data, please contact us .
We may process personal data on the following lawful basis:
performance of the contract – the processing of personal data is necessary for the conclusion and performance of a contract. Failure to provide data that is processed on a "performance of the contract" basis will result in the inability to register and provide our services; consent – for additional processing for certain purposes; legitimate interest (only for EU residents) – for processing that is reasonable for the user and necessary for the development of our services.
Your data will not be processed for purposes other than those for which it was collected, as described in the tables below.

Automatically collected data (Visitor`s data)

When you visit HackenProof, some data is automatically collected. Learn more about the purposes and basis for data processing:
ThemePurpose
Lawful basis
EUUSA
Data
Unnecessary cookiesStatistics and analyticsConsentConsentStatistical information that is generated when you use HackenProof.
Necessary cookies (necessarily)Improving your experience of interacting with HackenProofLegitimate interestsPerformance of the contractInformation about your visits and use of this site, including the source of the links, time and duration of the visit, and navigation.
Mandatory technical dataCorrect operation of HackenProofLegitimate interestsConsentIP address, UTM settings, geolocation, device type, browser type and other technical information
Storage limitations
Data that are processed on the basis of a performance of the contractStored for up to 2 years after the last use of HackenProof
Data that are processed on the basis of a legitimate interestStored for up to 2 years after the last use of HackenProof
Data that is processed on the basis of your consentStored for up to 2 years from the last time you used HackenProof or until you withdraw your consent

Data we can get from the Hacker

ThemePurpose
Lawful basis
EUUSA
Data
Registration data (necessarily)Create an accountPerformance of the contractPerformance of the contract
  • Full name;
  • Profile picture;
  • Nickname;
  • Email;
  • Wallet number;
  • Type of Account (Hacker).
Settings dataUsabilityLegitimate interestsPerformance of the contract
  • Language.
Contact data (necessarily)Restoring account accessPerformance of the contractPerformance of the contract
  • Email.
Contact dataMarketingConsentConsent
  • Email.
Verification data (necessarily for private programs)Filling out your accountPerformance of the contractPerformance of the contract
Please, see KYC Privacy Notice
Report dataTo pay and to review the reportsPerformance of the contractPerformance of the contract
  • Company name;
  • Project link;
  • Date of creation.
Payment dataSaving and tracking paymentsPerformance of the contractPerformance of the contract
  • Company name;
  • the amount of money.
Report/payment historyTax ReportingLegal obligationLegal obligation
  • Time and date of payment;
  • Payment amount;
  • additional data that you can specify in the receipt.
Storage limitations
Data that are processed on the basis of a performance of the contractStored for the duration of use of our service + 5 years after the last interaction
Data that are processed on the basis of a legitimate interestStored until the data is updated OR stored for the duration of the service + 5 years afterwards
Data that is processed on the basis of your consentStored for up to 5 years from the last time you used HackenProof OR until you withdraw your consent

Data we can get from the Company

ThemePurpose
Lawful basis
EUUSA
Data
Registration data (necessarily)Create an accountPerformance of the contractPerformance of the contract
  • Full name;
  • Email;
  • Type of Account (Company).
Settings dataUsabilityLegitimate interestsConsent
  • Language.
  • Search requests;
Contact data (necessarily)Restoring account accessPerformance of the contractPerformance of the contract
  • Email.
Contact dataMarketingContentContent
  • Email.
Profile data (necessarily)Filling out your account (General)Legitimate interestsContent
  • Company name;
  • Logo;
  • Company website;
  • Financial data;
  • Company owner email.
Additional dataFilling out your account (Social)Legitimate interestsContent
  • Links to social media (LinkedIn, Twitter, Instagram).
Representative dataFilling out your account (users and roles)Performance of the contractPerformance of the contract
  • Full name of representative;
  • Number of employees;
  • Fole.
Payments historyTax ReportingLegal obligationLegal obligation
  • Time and date of payment;
  • Payment amount;
  • additional data that you can specify in the receipt.
Storage limitations
Data that are processed on the basis of a performance of the contractStored for the duration of use of our service + 5 years after the last interaction
Data that are processed on the basis of a legitimate interestStored until the data is updated OR stored for the duration of the service + 5 years afterwards
Data that is processed on the basis of your consentStored for up to 5 years from the last time you used HackenProof OR until you withdraw your consent

Data received from third parties

Also, we can collect some data from third parties. We share your data with the service providers who, for example, help us:
Third partiesDescriptionLink to privacy documents
FacebookWe use Facebook for communication and supportPrivacy
LinkedInWe use LinkedInPrivacy Policy
TwitterWe use Twitter for communication and supportPrivacy Policy
GoogleWe use Google products to organize our work and communicationPrivacy & Terms
Note: We can get data from third parties, but we won't necessarily get it. It all depends on your settings and the features you use. For example, we can receive data if you communicate with us through these third parties.

Information on data transfer

In brief: We have the ability to transfer and disclose your data legally. We use appropriate safeguards to transfer your data.

General

Consent. We transfer your personal data based on your explicit consent.
We may transfer your data with our employees and partners for contractual purposes. We we transfer your data on the following basis:
Compliance with the law. We will disclose your personal data to third parties to the extent that it is necessary:
to comply with a government request, court order, or applicable law; to prevent unlawful use of our site or violation of the Terms and Conditions of HackenProof and our policies; to protect against claims of third parties; to help prevent or investigate fraud.
Legitimate interest or performance of the contract. We transfer your personal data to third parties on the basis of a contract for processing on our behalf, subject to technical, physical and organizational measures to protect your personal data. We may transfer:
automatically collected data to contractors who provide us with marketing services; data we can get from other data subjects to contractors who provide us with customer relationship building services.
Note: We will ask for your consent if the transfer of data is not part of a contract. If a transfer is necessary, we also undertake to obtain permission from the regulatory body. Read more

Data collection

The personal data that we collect is stored on servers in the KSA. There is not an adequacy decision by the European Commission. If we need a data transfer, we will take necessary steps to protect it. We will transfer your personal data outside the EEA to provide service with all appropriate safeguards to protect your personal data.

Security

In brief: We use technical, physical and organizational measures to protect your data.
Organizational measuresPhysical measuresTechnical measures
Policies and instructionsLimited access to premisesTwo-factor authentication
Contractor trainingStress-testsencryption_technologies
Transfer protectionApplication software securityBackup
Non-disclosure agreementsinventory of Authorized and Unauthorized devicesFirewalls

Cookies

In brief: We use cookies. You can customise cookie tracking in your browsers.
We use cookies and similar tracking technologies (beacons, tags, and scripts) to track the activity on our website. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. You can customize cookie tracking in your browsers. If you want to disable cookies, then you can find instructions for managing your browser settings at these links:
Internet ExplorerMicrosoft EdgeVivaldiFirefoxChromeSafariOpera
However, if you do not accept cookies, you may not be able to use some portions of our Service. Examples of Cookies we use:
necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies; preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in; statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously; marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
We use cookies necessary for the functioning of HackenProof. Using cookies, we receive the technical information specified in the automatically collected data, and our Cookies Policy.

Data subjects rights

In brief: You have rights regarding your data; These rights may vary depending on the region.

EU residents

You, as a data subject, have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them:
The rightDescription
Right to accessYou can request an explanation of the processing of your personal data.
Right to rectificationYou can change the data if it is inaccurate or incomplete.
Right to erasureYou can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law.
Right to restriction the processingYou may partially or completely prohibit us from processing your personal data.
Right to data portabilityYou can request all the data that you provided to us, as well as request to transfer data to another controller.
Right to objectYou may object to the processing of your personal data.
Right to withdraw consentYou can withdraw your consent at any time.
Right to file a complaintIf your request was not satisfied, you can file a complaint to the regulatory body.
Note: To exercise your rights contact us.
If your request was not satisfied, you can file a complaint with the regulatory body — Estonian Data Protection Inspectorate at [email protected].

U.S. residents

You, as data subjects, have some special privacy rights. To use them, please contact us at [email protected].
Note: Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request with the right to postpone it for 30 days more.
If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission. Your rights vary depending on the laws that apply to you, but may include:
The rightDescriptionArea
Right to accessYou can request an explanation of the processing of your personal data.
  • California
  • Virginia
  • Ohio
  • Colorado
  • Nevada
  • Massachusetts
  • Minnesota
  • New York
  • North Carolina
  • Pennsylvania
  • Delaware
  • Utah
Right to rectificationYou can change the data if it is inaccurate or incomplete.
  • California
  • Virginia
  • Colorado
  • Nevada
  • Delaware
  • Massachusetts
  • Minnesota
  • New York
  • North Carolina
Right to deletionYou can send us a request to delete your personal data from our systems.
  • California
  • Virginia
  • Ohio
  • Colorado
  • Massachusetts
  • Minnesota
  • New York
  • North Carolina
  • Pennsylvania
  • Utah
Right to restrictionYou may partially or completely prohibit us from processing your personal data.
  • California
  • Massachusetts
  • New York
Right to data portabilityYou can request all the data that you provided to us, as well as request to transfer data to another controller.
  • California
  • Virginia
  • Ohio
  • Colorado
  • Massachusetts
  • Minnesota
  • New York
  • North Carolina
  • Utah
Right to Opt-OutThe right to prohibit the sharing or selling of your data.
  • California
  • Virginia
  • Ohio
  • Colorado
  • Massachusetts
  • Minnesota
  • New York
  • North Carolina
  • Pennsylvania
  • Delaware
  • Colorado
  • Utah
Right Against Automated Decision MakingYou have the right not to be subject to a decision based solely on automated means, if the decision produces legal effects concerning you or significantly affects you in a similar way.
  • California
  • Virginia
  • Colorado
  • Massachusetts
  • Minnesota
  • North Carolina
  • New York
Right to lodge a complaintIf your request was not satisfied, you can file a complaint to the regulatory body.by default
Note:
Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, contact us [email protected]

Update

This Privacy Notice and the relationships falling under its effect are regulated by the Code of Washington, ССPA, Regulation (EU) 2016/679 (“GDPR”). Existing laws and requirements for the processing of personal data are subject to change. In this case, we will publish a new version of the Privacy Notice on HackenProof. If significant material changes are made that affect your privacy and confidentiality, we will notify you by email or display information on HackenProof and ask for your consent.