This policy explains the what, how, and why of the information we collect when you visit our Website. It also explains the specific ways we use and disclose that information.
For the purposes of the data protection legislation Hack The Box, is the controller of your personal data. Our Contact details are:
Hack The Box LTD
email: [email protected]
postal address: 38, Walton Road, Folkestone, Kent, UK, CT19 5QS
If you have any concerns about the way in which we handle your Personal Data, you can contact [email protected]. You have the right to make a complaint at any time at the Hellenic Data Protection Authority Postal Address: Data Protection Authority Offices: Kifissias 1-3, 115 23 Athens, Greece, Call Centre: +30-2106475600 Fax: +30-2106475628 E-mail: [email protected]
These definitions should help you understand this policy.
“we,” “us,” “our,” “Hackthebox” and “HTB” means Hackthebox Ltd
“Website” means all websites under http://www.hackthebox.com.
“User” means the person that is using our services. In order to make use of the services provided in the Website you must first register an account.
“Controller” means a controller or data controller as such term is defined in Data Protection Legislation;
“Data Protection Legislation” means the following legislation to the extent applicable from time to time: (a) the General Data Protection Regulation 2016/679 (“GDPR”) (b) any applicable national law, regulation and guidelines from the competent data protection authority; and (c) any applicable successor texts or other similar national data protection law;
“Data Subject” means a data person as such term is defined in Data Protection Legislation;
“Personal Data” means any information that identifies or can be used to identify a user, directly or indirectly, including, but not limited to, first and last name, date of birth, email address, occupation or other demographic information.
“Processor” means a Personal Data processor or processor as such term is defined in Data Protection Legislation.
“Process” or “Processing” means processing as such term is defined in the Data Protection Legislation.
“Special Category Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation
3.1. If you have any questions or comments, or if you want to update, delete, or change any Personal Data we hold, or you have a concern about the way in which we have handled any privacy matter you may contact us by email at: [email protected]
3.2. The Personal Data that you will access will be on a personal and confidential basis. Therefore, and in order to process with your request, you may be asked to communicate the information necessary for your identification, i.e. a written testimony evidencing that you are the owner of the said Personal Data.
4.1. HTB does not allow use of our Services and Websites by anyone younger than 18 years old, unless if a written parental or legal guardian consent is provided.
4.2. If you learn that anyone younger than 18 is using our Services, please contact us at [email protected] and we will immediately take the necessary actions to safeguard minor’s rights.
5.1. This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
6.1. We collect:
(a) Data you voluntarily provide to us:
(b) Data we collect automatically:
(c) Data from your use of the Service:
We may receive information about how and when you use the Services, store it in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, browser used, and actions you have taken within the website This type of information helps us to improve our Services for both you and for all of our users.
6.2. Your previous, clear and unconditional consent will be asked where is necessary.
6.3. We do not collect Special Category Data from you on Hackthebox.com. If you are asked to provide Special Category Data to us, you should not comply and immediately contact us at [email protected]
7.1. We will process your personal data according to the law. Most commonly, we will process your personal data in order to perform a contract or for our legitimate interests (or those of a third party); or to comply with a legal or regulatory obligation. Generally, we do not rely on consent as a legal basis for processing your personal data. If we ask for your consent you have the right to withdraw such consent at any time by emailing [email protected].
7.2. We may process your Personal Data for the following purposes:
(a) To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may communicate with you about your account and provide customer support. To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your information to respond. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. In addition, you may receive emails about new product features, promotional communications or other news about HTB.
(b) For billing, account management and other administrative matters. HTB may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments.
(c) To enforce compliance with our Terms of Service and applicable law legal process or regulation. This may include developing tools and algorithms that help us prevent violations.
(d) To protect the rights and safety of our Users and third parties, as well as our own. To investigate and help prevent security issues and abuse.
(e) To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.
(f) To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms. To prosecute and defend a court, arbitration, or similar legal proceeding. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
(g) To perform a contact, to authenticate users, to provide the Services
7.3. Forum. We have a forum on our Website. Any information you include in a comment on our forum may be read, collected, and used by anyone. If your Personal Data appears on our forum and you want it removed, you can contact us in [email protected]. If we are unable to remove your information, we will inform you why.
7.4. Third – Parties. We may disclose Personal Data to third parties for the purposes described in this policy. In such case we enter into a contract that requires them to use your Personal Data only for the provision of services to us and in a manner that is consistent with this policy. Examples of third parties include payment processors, professional advisers, public authorities, hosting services and content delivery services. We do our best to carefully select third-party Personal Data processors and require all third parties to respect the privacy and security of your personal data.
7.5. International Transfers. Our services may be provided using resources and servers located in various countries around the world. Therefore, your Personal Data may be transferred across international borders outside the country where you use our services, including to countries outside the European Economic Area (EEA) that do not have laws providing specific protection for Personal Data or that have different legal rules on data protection, for example, the United States of America. In such cases we ensure that there is a legal basis for such a transfer and that adequate protection for your Personal Data is provided as required by applicable law, for example, by using standard agreements approved by relevant authorities (where necessary) and by requiring the use of other appropriate technical and organizational information security measures.
8.1. We have implemented generally accepted standards of technology and operational security to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. We require all employees and partners to keep Personal Data confidential and only authorized personnel have access to this information.
8.2. All web traffic (file transfer) between this site and your browser is encrypted and transferred via the HTTPS protocol using Secure Sockets Layer (SSL).
9.1. We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do so. If your data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes.
9.2. We will retain your information for as long as your account is active or as long as needed to provide you with our Services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.
10.1. For any of your Personal Data stored in our database, all necessary action will be taken to be secure as possible.
10.2. We will report any unlawful violation of our database or any third-party data processing database to all relevant stakeholders as well as authorities within 72 hours of the violation, if it is obvious that the Personal Data stored in recognizable form, have been stolen.
11.1. You have the right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
11.2. You have the right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
11.3. You have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with law.
11.4. You have the right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you feel such processing impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
11.5. You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
11.6. You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
11.7. You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
In case you notice a misuse of your Personal Data you should immediately inform us at [email protected] so we can immediately take the necessary actions.