Privacy Notice

Privacy Notice Summary

Last updated 15 February 2021

The purpose of this short Privacy Notice (“Privacy Notice”) is to provide you basic information about how HACKRATE processes your data when you use our website: https://www.hckrt.com/ (“Website”). The Privacy Notice helps you to better understand how we use your personal data and explains how we collect and use it for and with whom it is shared.

Data Controller

HACKRATE Kft. (seat: 2890 Tata, Baji út 35. 2. lház. 2. em. 12., Hungary; e-mail address: [email protected]; “HACKRATE”, “we”, “our” or “us”).

Purposes and Legal Basis for Processing Your Personal Data

HACKRATE processes your personal data for the purposes below:

1. Website Operation: the processing of your data is necessary for the execution and fulfillment of the related Terms of Use, as a contract and for the regular operation of the Website.

2. Website analytics: based on your consent, we will retain and evaluate information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive.

3. Direct marketing and newsletters: the purpose of processing your data is to send you updates about our services and activities; for this purpose, we rely on your consent.

4. ChatBot, communication and contact: the purpose of processing your personal data is to manage your questions and inquiries to us; for this purpose, we rely on our legitimate interest.

5. Handling legal requests and inquiries: such as establishing, enforcing or protecting such claims and settling disputes, providing information to authorities, courts, where we must satisfy legal obligations, or we may rely on our legitimate interests.

Who May Have Access to Your Personal Data?

Within HACKRATE our staff may have access to your personal data on a “need-to-know” basis. We may engage other persons and third parties as data processors to provide services to us and courts, government bodies or other authorities may require us to disclose your data them. If we transfer your personal data outside the EU/EEA, we will secure the adequacy of such data transfer.

Your Rights

You have the right to access, rectify or delete your data, as well as, on certain occasions, to object to the use of your data, in addition to other rights, and you have the right to data portability.

If we process your personal data based on your consent, you can withdraw your consent at any time without giving any reason to us. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

You have the right to object to the processing of your personal data for any reason relating to your situation, and in this case, we may not be able to process your personal information. If you have the right to object and the exercise of this right is justified, your personal data in concern will not be further processed for the purposes of the objection.

Full Website Privacy Notice

The purpose of this Full Privacy Notice (“Privacy Notice”) is to provide you basic information about how HACKRATE processes your data when using our website: https://www.hckrt.com/ (“Website”). The Privacy Notice helps you to better understand how we use your personal data and explains how we collect and use it for and with whom it is shared.

DATA CONTROLLER

HACKRATE Kft. (seat: 2890 Tata, Baji út 35. 2. lház. 2. em. 12., Hungary; e-mail address: [email protected] ; “HACKRATE”, “we”, “our” or “us”).

PURPOSE OF THE DATA PROCESSING

We will use your data for the purposes below:

1. Website Operation: the processing of your data is necessary for the execution and fulfillment of the related Terms of Use, as a contract and for the regular operation of the Website.

2. Website Analytics: we will retain and evaluate information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive.

3. Direct marketing and newsletters: the purpose of processing your data is to send you updates about our services and activities.

4. ChatBot, communication and contact: the purpose of processing your personal data is to manage your questions and inquiries to us.

5. Handling legal requests and inquiries: such as establishing, enforcing or protecting such claims and settling disputes, providing information to authorities and courts.

WHAT PERSONAL DATA WE PROCESS ABOUT YOU?

For the purposes outlined above we process the data categories indicated below:

A. Website data: including your browser’s type and version, the operating system you use, the website from which you are visiting us (referrer URL), webpage(s) you are visiting on our Website, date and time of accessing our Website, and the internet protocol (IP) address you use to visit our Website and cookies, local storage and session storage data.

B. Analytics data: including logins, pages viewed, and documents downloaded.

C. User information: including name and e-mail address.

D. Communication data: including details of your question, inquiry or our communication with you.

THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

To process your personal data, we may rely on the legal bases below:

The processing of your personal data is necessary for the performance of a contract with you under Article 6 (1) b) of the EU Regulation 679/2016 ("GDPR") (“Contract”).

Your consent provided to us under the Article 6 (1) a) of the GDPR (“Consent”).

The processing of your personal data is possible based on our legitimate interest under of the Article 6 (1) f) of the GDPR (“Legitimate Interest”).

HACKRATE has a legitimate interest in processing data to respond to user's questions, inquiries, and complaints, because HACKRATE has a legitimate interest in meeting user needs and concerns. If a user has directly contacted HACKRATE with a question or complaint, it is reasonable for them to expect that their data will be processed to facilitate a response.

HACKRATE has a legitimate interest in processing personal data to facilitate court proceedings or to obtain legal advice or to establish, exercise or defend legal rights. It is also in our legitimate interest to respond to official requests for information from government authorities or other third parties.

For more information, please contact us at [email protected]

We may process your personal data based on our legal obligations pursuant to Article 6(1) c) of the GDPR (“Legal Obligation”).

We may process your personal data for the purposes and legal bases indicated below:

Purpose of data processing	Categories of personal data processed	Legal Basis
Website Operation	Website data	Contract
Website Analytics	Analytics data	Consent
Direct marketing and newsletter	User information Communication data	Consent
ChatBot, communication and contact	Website data User information Communication data	Legitimate interest
Handling legal requests and inquiries	Website data User information Communication data	Legitimate interest Legal Obligation

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We may process and store your personal data as long as necessary for the performance of our services and obligations and strictly for the time necessary to achieve the purposes for which the information was obtained. We will delete your personal data when it is no longer needed.

If we process your personal data based on your consent, we will process and store your personal data until your consent is withdrawn, but in case of marketing communication not longer than two years. We will keep Website data and Analytics data for a maximum of one year. Any personal data relative to any complaint or legal claim will be stored until the statute of limitations under civil laws (i.e., 5 years).

If a court or disciplinary procedure is initiated, then the personal data will be retained until the termination of the proceedings, including the duration of any possible remedy, which data thereafter, in the case of civil claims, will be deleted after the civil law statute of limitation runs.

WHO MAY ACCESS TO YOUR DATA?

Within HACKRATE our staff with appropriate authorization may have access to your personal data on a “need-to-know” basis. We may engage other persons, third parties as data processors to provide services to us and courts, government bodies or other authorities may require us to disclose your data them.

We may transfer personal data to third parties for the following reason:

Third parties: we may transfer your data to external consultants (e.g., lawyers) if this is necessary for responding to legal claims. Google (Google Ireland LLC. - Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) provides analytics services to us. For further information, please visit https://support.google.com/analytics/answer/9012600?hl=en.

Service providers: we use externally provided IT-systems or services provided by third party vendors as a support to internal processes.

Name of the data processor	Seat	Activity
Microsoft Ireland Ltd.	1 Microsoft Plc, Leopardstown South County Business Park Dublin 18, D18 P521 Ireland	Microsoft Azure cloud and O365 services
HubSpot Ireland Limited	HubSpot Ireland Limited, HubSpot House, One Sir John Rogerson's Quay, Dublin 2, Ireland	Online Chat, surveys, newsletters and contact forms
SonarSource SA	CH-1215 Geneva 15 Switzerland; P.O. Box 765	Cloud and project security services
Cloudflare, Inc.	101 Townsend St, San Francisco, CA 94107 USA	CDN services

Government authorities and enforcement bodies: government authorities or enforcement bodies such as regulatory authorities, upon their request and only as required by the applicable law or to protect our rights or the safety of our customers, staff and assets.

Personal data may be provided to parties that are located outside the European Economic Area ("EEA"). In such cases, we will ensure that the personal data is subject to measures (such as Standard Contractual Clauses for data transfers) that provide an equivalent level of protection as provided by data privacy laws in the EU (such as the EU General Data Protection Regulation; GDPR).

By way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Article 46(5) GDPR or other adequate means, we have established that all other recipients located outside the EEA will provide an adequate level of data protection for the personal data and that appropriate technical and organizational security measures are in place to protect Personal Data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.

Please contact us via the e-mail [email protected] if you would like to receive from us the copy of these measures that secure the adequacy of personal data transfers abroad.

YOUR RIGHTS

You are entitled to exercise your rights below:

(i) Right of access: You have a right to ask whether or not we have personal data about you and, if that is the case, request information on what personal data we have.

We may request additional information from you for identification or for further copies requested by you, we may charge a reasonable fee based on administrative costs.

(ii) Right to rectification: We are required to rectify inaccurate personal data, or to complete personal data that is incomplete, upon your request.

(iii) Right to erasure (right to be forgotten): We are in some circumstances required to erase personal data on your request.

(iv) Right to restriction of processing: We are in some circumstances required to restrict our use of personal data on request by the person concerned. In such cases, we may only use the data for certain limited purposes set out by the law.

(v) Right to data portability: You may have the right to receive your personal data to which we have access, in a structured, commonly used and machine-readable format and you have the right transmit those data to another data controller.

(vi) Right to object:

You have the right to object to the processing of your personal data for any reason relating to your situation, and in this case, we may not be able to process your personal information. If you have the right to object and the exercise of this right is justified, your personal data in concern will not be further processed for the purposes of the objection.

You can contact the Hungarian National Data Protection and Freedom of Information Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH; seat: H-1024 Budapest, Falk Miksa str. 9-11.; website: www.naih.hu; phone: +36-1-391-1400; email address: [email protected]; fax: +36 1 391 1410).