The purpose of this short Privacy Notice (“Privacy Notice”) is to provide you basic information about how HACKRATE processes your data when you visit our website and use the services at hackgate.io. The Privacy Notice helps you to better understand how we use your personal data and explains how we collect and use it for and with whom it is shared.
Data Controller
HACKRATE Kft. (seat: 2890 Tata, Baji út 35. 2. lház. 2. em. 12., Hungary; e-mail address support@hckrt.com; “HACKRATE”, “we”, “our” or “us”).
Purposes and Legal Basis for Processing Your Personal Data
HACKRATE process your personal data for the purposes identified below:
1. User registration and user account management: to create and maintain a HackGate account, enforce our Terms and Conditions and give you access to our services based on our legitimate interest.
2. Contact and inquiries: the purpose of processing your personal data is to maintain contact with you and manage your questions and inquiries to us. For this purpose, we rely on our legitimate interest.
3. Service improvement: with your consent we retain, analyze and use the data we collect during your use of the HackGate GateWay services to improve our services.
4. Handling legal requests and inquiries: such as establishing, enforcing or protecting such claims and settling disputes, providing information to authorities, courts, where we must comply with applicable laws, and we rely on our prevailing legitimate interests.
5. Legal compliance: we must process personal data to secure compliance with applicable accounting and tax laws based on our legal obligation.
Who May Have Access to Your Personal Data?
Within HACKRATE our staff with appropriate authorization may have access to your personal data on a “need-to-know” basis. We may engage other persons and third parties as data processors to provide services to us and courts, government bodies or other authorities may require us to disclose your data to them. If we transfer your personal data abroad, we will secure the adequacy of such data transfers.
Your Rights
You have the right to access, rectify or delete your data, as well as, on certain occasions, to object to the use of your data, in addition to other rights, and you have the right to data portability.
If we process your personal data based on your consent, you can withdraw your consent at any time without giving any reason to us. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to object
You have the right to object to the processing of your personal data for any reason relating to your situation, and in this case, we may not be able to process your personal information. If you have the right to object and the exercise of this right is justified, your personal data in concern will not be further processed for the purposes of the objection.
Full Privacy Notice
For more information, please refer to our Full Privacy Notice .
The purpose of this Full Privacy Notice (“Privacy Notice”) is to provide you basic information about how HACKRATE processes your data when you create a HackGate account on our website: hackgate.io (“Platform”) and use our services. The Privacy Notice helps you to better understand how we use your personal data and explains how we collect and use it for and with whom it is shared.
Data Controller
HACKRATE Kft. (seat: 2890 Tata, Baji út 35. 2. lház. 2. em. 12., Hungary; e-mail address: support@hckrt.com; “HACKRATE”, “we”, “our” or “us”).
Purpose of the Data processing
We will use your data for the purposes below:
1. User registration and user account management: to create and maintain a HackGate account, enforce our Terms and Conditions and give you access to our services.
2. Contact and inquiries: You may decide to share information, including personal data, with us when you use the HackGate Admin Center, submit forms on our Platform or otherwise communicate with us. This way we are able to manage your questions and inquiries to us.
3. Service improvement: we will retain and evaluate information on how you use the HackGate GateWay for reporting and analytics purposes and for this purpose we aggregate HackGate’s data to use it for Service improvement.
4. Handling legal requests and inquiries, such as establishing, enforcing or protecting such claims and settling disputes, providing information to authorities, courts, where we rely on our prevailing legitimate interests.
5. Legal compliance: we must process personal data to secure compliance with applicable accounting and tax laws based on our legal obligation.
What Personal Data We Process about you?
For the purposes outlined above we process the data categories indicated below:
A. User information, including your employer details, your account ID, your time zone, e-mail address and your password.
B. Communication data, including the details of your inquiry, your contact details and your communication with us.
C. HackGate Data, including your interactions and use of the HackGate GateWay.
D. Legal requests and inquiries, including the details of the inquiries and official requests from authorities, government and judicial bodies we may receive about you.
E. Tax and accounting data, including payment and billing details, billing email, billing address, usage notifications, invoices and documents and subscription details.
The legal basis for processing your personal data
To process your personal data, we may rely on the legal bases below:
· Your consent provided to us under the EU Regulation 679/2016 ("GDPR") Article 6 (1) a) (“Consent”).
· Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract under the EU Regulation 679/2016 ("GDPR") Article 6 (1) b) (“Contract”);
· The processing of your personal data is possible based on our legitimate interest under the GDPR Article 6 (1) f) (“Legitimate Interest”).
HACKRATE has a legitimate interest in providing you with the services that are necessary for you, as a staff member of our client to register a user account with us and use our services, as you may reasonably expect that we need to process your personal data for such purposes.
HACKRATE has a legitimate interest in processing data to respond to your questions, inquiries, and complaints, because as HACKRATE has a legitimate interest in meeting your needs and concerns. If you directly contacted HACKRATE with a question or complaint, it is reasonable for you to expect that your data will be processed to facilitate a response.
For more information, please contact us at support@hckrt.com
· We may process your personal data based on our legal obligations pursuant to Article 6(1) c) of the GDPR (“Legal Obligation”).
We may process your personal data for the purposes and legal bases indicated below. We may process and store your personal data as long as necessary for the performance of our services and obligations and strictly for the time necessary to achieve the purposes for which the information was obtained. We will delete your personal data when it is no longer needed.
Purpose of data processing
Categories of personal data processed
Legal Basis
Retention Time
User registration and user account management
· User information
Contract (in case of natural person Clients)
Legitimate interest (for all other users)
Statute of limitations under civil laws (i.e., 5 years).
Contact and inquiries
· User information
· Communication Data
Legitimate Interest
Statute of limitations under civil laws (i.e., 5 years).
Service Improvement
· User information
· HackGate Data
Consent
Until your consent is withdrawn, but a maximum of three years
Handling legal requests and inquiries
· User information
Legitimate Interest
Legal Obligation
If a court or disciplinary procedure is initiated, then the personal data will be retained until the termination of the proceedings, including the duration of any possible remedy, which data thereafter, in the case of civil claims, will be deleted after the civil law statute of limitation runs.
Legal compliance
· User information
· Tax and accounting data
Legal Obligation
Personal data required for securing tax law compliance will be retained until the end of the 5th calendar year and in the case of accounting documents, the retention period is 8 years from the closing of the financial year, in accordance with Section 169 of Act C of 2000 on Accounting.
Who may access to your data?
Within HACKRATE, employees with appropriate authorization may have access to your personal data on a “need-to-know” basis. We may engage other persons, third parties as data processors to provide services to us and courts, government bodies or other authorities may require us to disclose your data them.
We may transfer personal data to third parties for the following reason:
· Third parties: we may transfer your data to banks for payment purposes, insurance carriers, as well as to external consultants (e.g., lawyers, auditors) if this is necessary for responding to legal claims.
· Service providers: we use externally provided IT-systems or services provided by third party vendors as a support to internal processes.
Name of the data processor
Seat
Activity
Benefit Consulting Kft.
Hungary- 1064 Budapest, Vörösmarty utca 67.
Accounting and tax management.
Microsoft Ireland Ltd.
1 Microsoft Plc, Leopardstown South County Business Park Dublin 18, D18 P521 Ireland
Microsoft Azure cloud and O365 services.
HubSpot Ireland Limited
HubSpot Ireland Limited, HubSpot House, One Sir John Rogerson's Quay, Dublin 2, Ireland
Online Chat, surveys, newsletters and contact forms.
KBOSS.hu Kft.
Hungary- 1031 Budapest, Záhony utca 7.
Invoicing
Cloudflare, Inc.
101 Townsend St,
San Francisco, CA 94107
USA
CDN services.
· Government authorities and enforcement bodies: government authorities or enforcement bodies such as regulatory authorities, upon their request and only as required by the applicable law or to protect our rights or the safety of our customers, staff and assets.
Personal data may be provided to parties that are located outside the European Economic Area ("EEA"). In such cases, we will ensure that the personal data is subject to measures (such as Standard Contractual Clauses for data transfers) that provide an equivalent level of protection as provided by data privacy laws in the EU (such as the EU General Data Protection Regulation; GDPR).
By way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (according to Commission Implementing Decision (EU) 2021/914 of 4 June 2021) as referred to in Article 46(5) GDPR or other adequate means, we have established that all other recipients located outside the EEA will provide an adequate level of data protection for the personal data and that appropriate technical and organizational security measures are in place to protect Personal Data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.
Please contact us via the e-mail support@hckrt.com if you would like to receive from us the copy of these measures that secure the adequacy of personal data transfers abroad
Your Rights
If we process your personal data based on your consent, you can withdraw your consent at any time without giving any reason to us. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
You are entitled to exercise your rights indicated below:
(i) Right of access: You have a right to ask whether or not we have personal data about you and, if that is the case, request information on what personal data we have.
We may request additional information from you for identification or for further copies requested by you, we may charge a reasonable fee based on administrative costs.
(ii) Right to rectification: We are required to rectify inaccurate personal data, or to complete personal data that is incomplete, upon your request.
(iii) Right to erasure (right to be forgotten): We are in some circumstances required to erase personal data on your request by the data subject.
(iv) Right to restriction of processing: We are in some circumstances required to restrict our use of personal data on request by the person concerned. In such cases, we may only use the data for certain limited purposes set out by the law.
(v) Right to data portability: You may have the right to receive your personal data to which we have access, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another data controller.
(vi) Right to object:
You have the right to object to the processing of your personal data for any reason relating to your situation, and in this case, we may not be able to process your personal information. If you have the right to object and the exercise of this right is justified, your personal data in concern will not be further processed for the purposes of the objection.
You can contact the competent data protection authority, in case of HACKRATE the Hungarian National Data Protection and Freedom of Information Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH; seat: H-1024 Budapest, Falk Miksa str. 9-11.; website: www.naih.hu; phone: +36-1-391-1400; email address: ugyfelszolgalat@nai.hu; fax: +36 1 391 1410).