Privacy Notice
hAI app
Last update: September 19, 2023
Hacken OÜ takes care of your personal data and does everything possible to protect it. This
Privacy Notice is written to help you understand what your personal data is collected, stored and
used, and what happens to it when you use our Application (App Store, Google Play Market)
(“App”).
Content
Categories of data subjects
Contacts and Controller information
Personal data that we process
● Automatically collected data
● Data provided by Client
● Data received from third parties
● Information on data transfer
● General
● Data collection
Security
Data subjects rights EEA, Canada, U.S.)
Account deletion guideline
Update
Categories of data subjects
In brief:
●
Using our App and its functions you can be for us: Visitor
When you interact with our App you become the User. As a User or in the process of receiving our
services, you can become:
Category of data subject
Description
Client
Users, who are registered and use our App
Newsletter subscribers
Users, who submitted their emails to receive updates on
Hacken activity
Contacts and Controller information
In brief:
●
We provide you with contact information
Data controller
Hacken OÜ
Address
Harju maakond, Tallinn, Kesklinna linnaosa, Parda
tn 4, 10151, Estonia
Support email
support@hacken.io – for general inquiries.
privacy@hacken.io – for privacy inquiries.
Personal data that we process
In brief:
●
The data we process is divided into categories: automatically collected data, data provided
to us by Client and data received from third parties;
●
Third parties from whom we receive data are publicly available.
The data we process is divided into categories: automatically collected data, data provided to us
by Clients and data received from third parties.
● automatically-collected data;
● data provided by Client;
● data obtained from third parties.
Pay attention! We do not knowingly process the personal data of visitors under the age of 16
without consent from a legal representative(s). If you are such a visitor or the legal
representative of the visitor, please let us know by email: support@hacken.io.
We may process personal data on the following lawful basis:
1. performance of the contract - the processing of personal data is necessary for the
conclusion and performance of a contract. Failure to provide data that is processed on a
"performance of the contract" basis will result in the inability to register and provide our
services;
2. legitimate interest - for processing that is reasonable for the user and necessary for the
development of our services.
3. consent — for additional processing for specific purposes.
Your data will not be processed for purposes other than those for which it was collected, as
described in the tables below.
Please note:
App can use your fingerprint or Face ID to protect the app from unauthorized inputs. However,
we do not receive this biometric data, it remains on your device.
A seed phrase, like your password, is automatically generated when you log in to the app. We
do not have access to your seed phrase.
As you enter the data required by the module and/or test answers, we understand where you
are in your learning curve. We do not save this data.
Automatically-collected data
When you visit our App, some data is automatically collected. Learn more about the purposes and
basis for data processing:
When
Purpose
Lawful basis
Data
You use our App
App operation;
Analytics;
Statistics.
Legitimate
interest
● technical data;
● IP address;
● device type;
● account data;
● mobile operator;
● device operating system;
● session ID;
● phone model;
● serial number;
● APNs token;
● device ID.
The data is
generated or
collected
automatically
while using the
app
Stronger
protection
Legitimate
interest
● app usage data;
● permissions and settings;
● seed phrase;
● flow balance;
● membership level
Data provided by Client
When
Purpose
Lawful basis
Data
You create an
account
Registration
Performance of
the contract
● email;
● data we can get from your
email address;
● password.
You sign up for a
marketing newsletter
with updates
Marketing
Consent
● email
You're in training
Provide a
service
Performance of
the contract
● educational progress
You enter data or
take a test during
training
Provide a
service
Performance of
the contract
● data that you can enter in the
training process;
● test results.
You work with
cryptocurrency
Provide a
service
Performance of
the contract
● your account information
You connect your
Trust Army account
Provide a
service
Performance of
the contract
● Trust Army user ID;
● wallet address.
Data storage limitation
Data processed on the basis of the performance of the
contract.
Stored for up to 3 years after the
deletion of your account.
Data processed on the basis of your legitimate
interest.
Stored for up to 2 years after the
collection of the data.
Data processed on the basis of your consent.
Stored until you withdraw your
consent.
You can exercise your right to delete your data by submitting a corresponding request to our
support. In this case, your data will be deleted from our servers within 30 days of your request.
Data received from third parties
Also, we can collect some data from third parties.
We share your data with the service providers who, for example, help us:
● operate, develop, and improve the features and functionality of our App;
● provide you with their services;
● communicate with you as described elsewhere in this Privacy Notice.
The scope of the data collected, the purposes and the legal basis for the processing are
determined by the respective privacy documents of these parties:
Third parties
Description
Link to privacy documents
App Store
We use it for communication,
support and analytics
Apple Customer Privacy Policy
- Legal
Google Play Market
We use it for communication,
support and analytics
Privacy & Terms – Google
Note: we can get data from third parties, but we won't necessarily get it. It all depends on your
settings and the features you use. For example, we can receive data if you communicate with us
through these third parties.
Data sharing with third parties: information on data transfer.
In brief:
●
We have the ability to transfer and disclose your data legally;
●
We use appropriate safeguards to transfer your data.
General
We can share your personal data with third parties without any harm to you and in full compliance
with applicable law. In addition, we have implemented organizational and technical measures to
ensure the security of personal data during data transfer to third-party.
Third parties
Description
Analytics tools.
We use analytics tools to understand and promote our business.
Messengers.
We use messengers to communicate with you in ways that are
convenient for you.
Contractors and
providers of the
services on the App.
We cooperate with contractors to provide their services on our App,
develop and improve the features and functionality of our App, fulfill
your support requests, etc.
Providers of the
services our team
use.
We use CRM systems, messengers, and other services in our
organization to provide you with our services.
State authorities,
courts, law
enforcement
agencies, etc.
Compliance with the law. We may be obliged to transfer some of your
data to tax authorities, courts, law enforcement agencies, and other
governmental bodies to the extent that it is necessary.
● to comply with a government request, court order, or applicable
law;
● to prevent unlawful use of our App;
● to protect against claims of third parties;
● to help prevent or investigate fraud.
Note: we will ask for your consent if the transfer of data is not part of a contract. If a transfer is
necessary, we also undertake to obtain permission from the regulatory body.
Financial transactions relating to our services are handled by our third party service providers.
We will share your wallet public address (which is publicly visible due to the public nature of
distributed ledger systems) with our payment services providers for the purposes of processing
your payments. We do not share your email address or any other personal data with our third
party service providers.
When you interact with our payment services providers or any other third parties websites and
applications, you are no longer governed by this Policy. We have no control over, do not review
and cannot be responsible for these service providers websites, applications or their content.
Data collection
The personal data that we collect is stored on servers in Estonia. If we need a data transfer, we
will take the necessary steps to protect it.
We will transfer your personal data outside the EEA to provide service with all appropriate
safeguards to protect your personal data.
Security
In brief:
●
In order to protect your data we use technical, physical and organizational measures
appropriate to the risks.
➢ Storing documents in
separate data storage
➢ Encryption
➢ Provision of access to
personal data only to
authorized persons
➢ Password Policy
➢ Licensed antivirus
software
➢ Internet, email policies
➢ Two-factor
authentication
➢ Backuping
➢ Other security
measures
Data subjects rights
European Economic Area residents
You, as a data subject, have the right to interact with your data directly or through a request to us.
This section describes these rights and how you can exercise them:
The right
Description
Right to access
You can request an explanation of the processing of your personal
data.
Right to rectification
You can change the data if it is inaccurate or incomplete.
Right to erasure
You can send us a request to delete your personal data from our
systems. We will remove them unless otherwise provided by law.
Right to restrict the
processing
You may partially or completely prohibit us from processing your
personal data.
Right to data portability
You can request all the data that you provided to us, as well as
request to transfer data to another controller.
Right to object
You may object to the processing of your personal data.
Right to withdraw consent
You can withdraw your consent at any time.
Right to file a complaint
If your request was not satisfied, you can file a complaint to the
regulatory body.
Note: To exercise other rights please contact us. To protect your privacy, we will take steps to
verify your identity before fulfilling your request. We will do our best to respond promptly and in
any event within one month of the email receipt.
If your request was not satisfied, you can file a complaint with the regulatory body — the Data
Protection Inspectorate, at info@aki.ee or write a letter to 39 Tatari St., 10134 Tallinn.
UK residents enjoy the same rights but may lodge a complaint at the other Authority in the UK –
Information Commissioner’s Office.
You can contact them at 0303 123 1113 or go online at www.ico.org.uk/concerns.
United States residents
You, as data subjects, have some special privacy rights. To use them, please contact us.
Please note! Depending on the state and legislative requirements, we have from 30 to 60 days
to exercise your request, with the right to postpone it for 30 days more.
If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.
Your rights vary depending on the laws that apply to you but may include:
Right
Description
Area
Right to access.
You can request an
explanation of the
processing of your personal
data.
● California;
● Virginia;
● Ohio;
● Colorado;
● Nevada;
● Massachusetts;
● Minnesota;
● New York;
● North Carolina;
● Pennsylvania;
● Delaware;
● Utah.
Right to rectification.
You can change the data if it
is inaccurate or incomplete.
● California;
● Virginia;
● Colorado;
● Nevada;
● Delaware;
● Massachusetts;
● Minnesota;
● New York;
● North Carolina.
Right to deletion.
You can send us a request to
delete your personal data
from our systems.
● California;
● Virginia;
● Ohio;
● Colorado;
● Massachusetts;
● Minnesota;
● New York;
● North Carolina;
● Pennsylvania;
● Utah.
Right to restriction.
You may partially or
completely prohibit us from
processing your personal
data.
● California;
● Massachusetts;
● New York.
Right to portability.
You can request all the data
● California;
● Utah;
you provided to us and
request to transfer data to
another controller.
● Virginia;
● Ohio;
● Colorado;
● Massachusetts;
● Minnesota;
● New York;
● North Carolina.
Right to opt out.
The right to prohibit the
sharing or selling of your
data.
● California;
● Virginia;
● Ohio;
● Colorado;
● Nevada;
● Massachusetts;
● Minnesota;
● New York;
● North Carolina;
● Pennsylvania;
● Delaware;
● Colorado;
● Utah.
Right against
automated
decision-making.
You have the right not to be
subject to a decision based
solely on automated means
if the decision produces
legal effects concerning you
or significantly similarly
affects you.
● California;
● Massachusetts;
● Virginia;
● Colorado;
● Minnesota;
● New York;
● North Carolina.
Right to lodge a
complaint.
If your request was not
satisfied, you can file a
complaint with the
regulatory body.
By default.
Please note! Some states do not have privacy laws. The rights of residents of such states are
governed by U.S. federal law. If your state is not on the list, please contact us.
Do not sell my personal information
California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out
of the “sale” of their personal information by a company governed by CCPA.
Hacken does not sell your personal information to anyone nor use your data as a business model.
However, we support CCPA by allowing California residents to opt out of any future sale of their
personal information. If you would like to record your preference that we will not sell your data in
the future, please contact us via privacy@hacken.io.
Do-not-track requests
California residents visiting our App may request that we do not automatically gather and track
information about their online browsing movements across the Internet.
Such requests are typically made through settings that control signals or other mechanisms that
allow consumers to exercise choice regarding collecting personal data about an individual
consumer’s online activities over time and across third-party websites or online services.
We currently do not have the ability to honor these requests. We may modify this Privacy Notice
as our abilities change.
Canada residents
You, as data subjects, have privacy rights prescribed by Canada’s federal and provincial privacy
laws.
If you want additional information, please contact us by filling a request.
If your complaint was not satisfied, you can file a complaint to the Office of the Privacy
Commissioner of Canada.
Account deletion
In order to exercise your right to erasure you can follow these steps in the app:
Settings > Account > Delete account
Once your password is confirmed for the account deletion, the data will be permanently removed,
making it impossible to restore.
Update
This Privacy Notice and the relationships falling under its effect are regulated by the Regulation
EU 2016/679 (“GDPR”).
Existing laws and requirements for the processing of personal data are subject to change. In this
case, we will publish a new version of the Privacy Notice on our App.
If we make any material changes to the Privacy Notice or the App that affect your data privacy
rights, we will notify you by displaying information on the App. If you continue using the App after
the changes come into effect, it shall be deemed that you have agreed to and accepted the
updated Privacy Notice.
