Privacy Policy HackHunch Platform

1. Introduction

Cyber Cynomys AS (hereinafter “we” or “us”) offers access to and use of the Hack Hunch platform (collectively the “Site”). This Privacy Policy describes how we collect your information whenever you, whether personally or on behalf of an entity (“you”) use our services, what information we collect, how it is used and with whom the information is shared. “Services” include all the ways you may interact with us; through our Site, or any other interaction that includes use of our tools and products. We are responsible for all the processing and handling of personal data collected through your use of the Site or through your contact with us. This means that we are responsible for complying with the Personal Data Act in the applicable jurisdiction, The General Data Protection Regulation (GDPR) and other applicable privacy regulations. The information that we collect, use and share includes, among others, your registration information, metadata, location data, and data about your device. Your information is stored and processed in accordance with the requirements set out in The General Data Protection Regulation (GDPR), as further explained below. We will only keep your information as long as this is necessary in accordance with the purposes described in this Policy. This Privacy Policy sets out the terms and conditions for processing and use of the personal information provided by you (or collected from you) when you use our Services. By using our Services, you are accepting our Terms of Use and the terms and practices described in this Privacy Policy. This Policy applies to any users of our Site or other services related thereto.

2. Collection and Use of Your Information and Data

When you use our Services, there will be certain information and data (collectively called “Data”) that you will send to us, or that we will collect from you. In the following sections below, we will set out important details regarding the collection and use of your Data.

3. Data that we collect and why

Data we collect when you register an account on our Site

During registration of a user account on our Site, we collect your email address and password. This is used to allow you to get a unique user ID and to let you access your account with your registered account details. Your email can also be used to reset a forgotten password, and as a method for us to contact you. This data is processed on the basis of your consent in accordance with GDPR article 6 no 1 letter a).

Data we collect when you use and interact with our Site

We receive and store all data you upload to our Site such user identity, user contact information, user behavior, training performance, or similar. We do this to make our Services fully functional and to provide the Services you request, and this data is only kept for as long as required. For further information, please see the clause on “Data Deletion” below. This data is processed on the basis of your consent in accordance with GDPR article 6 no 1 letter a). We collect and aggregate identifying information regarding your use of our Service, including your interaction with our Services. We collect timestamps for when certain events occur, including, but not limited to, when an account is created. In addition, we may also collect information about the device on which you are using these Services, including the type of device, the operating system you are running, certain settings on your device such as browser, language and time zone, unique device identifiers, and crash data. We collect this information in order to provide the best possible user experience, and to improve our production tools and services. The basis for this processing is a legitimate interest for us to improve our services based on activities in the Service. The legal ground is GDPR article 6 no. 1 letter f).

Additional data that we collect from android and iOS app users

We automatically collect certain information that does not personally identify you, including device state information, unique device identifiers (including Android Advertising ID and Advertising Identifier for iOS), device hardware and OS information, information relating to how an application functions, and the physical location of a device at the time of a crash. This also includes the gender and age of our users and interests they express through their online travel activities and interactions, in an aggregated, non-personally identifiable way. This is collected so that we can improve our Site and Services, and to know our audience and users better. The basis for this processing is a legitimate interest for us to improve our services based on activities in the Service. The legal ground is GDPR article 6 no. 1 letter f).

Data we collect when you browse some of our web pages

When browsing any of our webpages we will collect your Internet Protocol (IP) address used to connect your access device to the Internet and connection information such as browser type, version, preferred languages and time zone settings. To know our audience and users better we also use Google Analytics Demographics and Interest Reporting. It collects and provides us data about our visitors in an aggregated, non-personally identifiable way. The basis for this processing is a legitimate interest for us to improve our services based on activities in the Service. The legal ground is GDPR article 6 no. 1 letter f).

Cookie Policy

We use cookies to better understand those who visit our Site and/or use our Services so we may offer them a more tailored service. Cookies do things like prefill form fields and let you remain logged in.

Cookies are small files saved to your computer’s hard drive that track information about how you use and interact with a website. Some cookies are “session” cookies, which delete automatically when you leave our Site. Others are “persistent” cookies which do not delete themselves and track your use of our Site over time.

Most cookies can be disabled in your browser settings.

The legal basis for this processing is your consent, cf. GDPR art. 6 no 1 letter a).

Third party collection

In order to make our Services work for the purposes intended, it is often necessary to share some of your data with our third-party service providers. We may share your data with our affiliates or affiliated entities that provide services or perform data processing on our behalf or for data centralization and / or logistics; with suppliers, consultants, and other service providers who need access to such information to perform work on our behalf and/or to enable them to provide the Services you requested; and with third parties you allow us to share information with, for example, other apps or sites that integrate with our API or our Services, or those with an API or service that we integrate with

We may also allow other entities and third party’s to use cookies and similar tracking services on our Site or other services related thereto.

4.General information regarding your Data

Data - Data uploaded to our Site, will be available to our personnel with the right and lawful permissions to access such Data. Personnel on our behalf, will be able to access and process the data you upload for the purposes mentioned in this Policy. Your data is not publicly available to other users and people outside of your organization, unless you or anyone in your organization shares access to your user account to other users or people. By sharing data with other users and people, you acknowledge that it is possible for other users and people that have access to your account, to reproduce and store content externally, and without your consent. In such a case, you are aware that your data may be exploited by such users and people that have access to your user account, subject to their sole direction and responsibility. Such exploitation may include: to copy, modify, create derivative works of, distribute, publicly display, publicly perform, and otherwise exploit in any manner such data in all formats and distribution channels now known or hereafter devised. We reserve the right to immediately remove, with no prior warning, any data or user generated content that violates our Terms of Use.

Compliance - We can share your data in response to an information request from a competent authority if we believe disclosure is required by applicable law, regulation or legal process; With police officers, government agencies or other third parties if we believe your actions are not in accordance with our license agreement with any applicable Customer, Terms of Use, Privacy Policy, code of conduct or to protect the rights, property, or security of Cyber Cynomys AS or others. We will notify the users of any such disclosure as mentioned herein, if such notice (to the best of our knowledge) is not prohibited by law.

5.How we process your data

5.1. Data processor and data controllerWe have strict data processing agreements with all our providers/data processors with regard to all Processing of Personal Data on behalf of us, in order to ensure that all Processing of Personal Data is conducted in compliance with applicable data protection legislation. With regards to your Data and our processing of your Data, we are considered the Data Controller. The Processors we engage shall only Process Personal Data on the instructions from us and strictly in accordance with such instructions. We may at any time have agreements with data processors in other parts of the world, including in America, Asia or Europe, who will process your data on our behalf and in accordance with the applicable data privacy law. We will only transfer data out of the EU in accordance with the Decision C-311/18 (Schrems II), or any replacement or alternative clauses approved by the European Commission. By registering a user account on our Site or by using any of our Services you acknowledge that your data may be transferred, stored, processed and used in the EU, and other countries where any third party service providers are operating on our behalf. You also confirm that you are aware that the privacy and data protection laws in some of these countries may vary from the laws in the country where you live. Where this is the case, we will take appropriate precautions to protect your personal information pursuant to this Policy.5.2. Purpose for processing your DataWe may not use your Data for any purposes other than those stated in this Privacy Policy. We will only store your Data for as long as necessary in order to fulfill the specific purpose for the processing.5.3. Securing your DataA description of the information security measures implemented for the protection of your personal data follows below:5.3.1. Personnel and access control- Only authorized staff with signed confidential agreements can grant, modify or revoke access to an information system that uses or houses Personal Information about our customers and users. Authorized personnel will only have access to data needed to provide and improve our service.5.3.2. Data protection:- We always consider suitable security measures to keep your data protected. Like hashing of passwords and encryption of data during transit and rest.5.3.3. Contractual Control:- We enter into data processing agreements with third parties that are processing data on our behalf.5.3.4. Logical access Control- Your data is logically separated from other data. - Our database is protected from unauthorized access using passwords and IP-address whitelisting.5.3.5. Business Continuity- We ensure that Personal Information is protected against accidental destruction or loss (availability control); by performing backups either ourselves or through some of our sub-processors like Google Cloud and AWS.

6. Communications between you and us

Email - We may send you emails regarding your account, Site and Service updates, and changes to the Terms of Use and Privacy Policy.

7.Data Deletion

If you want to delete your account created on our Site, please contact us at [email protected] . Note that your account data may still be present in database backups for up to 30 days, until those backups are deleted. With regards to analytical data, such as crash reporting, we will only retain these on our third-party servers for as long as they are required to fulfill the purposes set out above.

8. Correcting and Receiving information about your Data

If you discover that any information about you on our Site or in the Services we offer is incorrect or missing, please use the applicable functions to change the incorrect information on our Site, if this is not possible, or you are unable to do so, please contact us at [email protected] Subject to any laws requiring confidentiality, you have a right to receive general information about how we use your personal data. If you wish to receive such information, please contact us at [email protected] Furthermore, to exert your “right to erasure” (EU GDPR, Article 17) or “right to data portability” (EU GDPR, Article 20), please contact us at the email address mentioned above.

9. Children

We do not knowingly collect or store personally identifiable information from anyone under the age of 16 years. Anyone that provides personally identifiable information through the Site affirms that they are over 16 years of age. If you become aware of users under the age of 16 we advise that you contact us, and we will use reasonable efforts to remove that information from our records.

10. Notices and Updates

We reserve the right to change or modify the Privacy Policy and Terms of Use at any time without prior notice. Your continued use of our Site and Services related thereto will constitute your acceptance of any revised agreements. If we make significant changes to this Privacy Policy we will notify you. We recommend that you periodically check these agreements for changes. If you choose to use our Services, then any dispute regarding privacy matters will be subject to this Privacy Policy and our Terms of Use. Unless stated otherwise, our current Privacy Policy applies to all information that we collect about you and your account, including other data and information that we collect when you interact with our Services. If you have any concerns about your privacy, please contact us at [email protected], and we will try to resolve it.

11. Choice of Law and Jurisdiction

The laws of Norway shall govern the Terms of Use and this Privacy Policy. Should you have a dispute with us, you will first contact us by sending an email to [email protected] Any disputes arising under the Terms of Use and this Privacy Policy shall be sought settled amicably. Unless an amicable solution can be obtained, the dispute shall be subject to ordinary court proceedings. The legal venue for disputes shall be Oslo District Court. Last updated: 26.11.2021