The Services gather certain information automatically, some of which may be considered personal information under applicable law. Access our data processing addendum here.
We may collect, among other things, the following types of information:
We may also collect information, including personal information, in the following situations:
We may use the information, including your personal information, collected in connection with the Services for the purpose of providing the Services to you and our customers, as well as for supporting our business functions, such as fraud prevention, marketing, analytics and legal functions, and other legitimate purposes.
To the extent permitted by applicable law and, for customer data, as permitted by our customer agreements, we may use information collected in connection with our Services:
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order or return a purchase, you are consenting to our collection and use of that personal information for that purpose, and to our disclosure of such personal information to our service providers that help us achieve those purposes.
By signing up for our service, you are consenting to our use of your personal information to communicate with you, provide you services, market our services to you, to improve our services and systems, for legal and security purposes, and for purposes for which we provide specific notice at the time of collection. You are also consenting to our disclosure of your personal information to our service providers that help us achieve the foregoing purposes.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at firstname.lastname@example.org or mailing us at: HackEDU, Inc., d/b/a Security Journey, 40 24th Street, 4th Floor, Pittsburgh, PA 15222, United States of America.
To the extent permitted by applicable law, Provider may share and disclose your information, including personal information, as set forth below:
Our Services are hosted on one or more third-party cloud platforms. They provide us with a platform that allows us to provide our products and services to you.
Your data is stored through third-party data storage, databases and the general cloud application. They store your data on a secure server behind a firewall. Our hosting service providers are included in the list of service providers here [LINK]; their specific security policies and practices may be accessible through their website or other publicly available links.
If you choose a direct payment gateway to complete your purchase of the Services, then a third-party credit card data service provider stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary for us to provide Services to you.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read HackEDU’s Terms of Service.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
Our third-party providers are listed here [LINK]. All of our third-party providers process and store data in the United States of America.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
By using this site, you represent that you are at least the age of majority in your state, province or country of residence and you have given us your consent to allow any of your minor dependents to use this site.
Specifically, we recognize the importance of protecting the privacy and safety of children. The Services are not intended for children under 13 years of age – and for European residents, for children under 16 years of age. We do not knowingly collect personal information from children under 13. Anyone under 13 should not use the Services. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us as set forth in the Contact Information section below.
What Are Cookies?
We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on the Services.
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits the Services; and (2) third party cookies, which are served by service providers on the Services, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.
Cookies We Use
Our Services use the following types of cookies for the purposes set out below:
These cookies are essential to provide you with services available through our Services and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Services and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
These cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of our Services which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.
Analytics and Performance Cookies:
These cookies are used to collect information about traffic to the Services and how users use the Services. The information gathered does not identify any individual visitor. It includes the number of visitors to our Services, the websites that referred them to our Services, the pages they visited on our Services, what time of day they visited our Services, whether they have visited our Services before, and other similar information. We use this information to help operate our Services more efficiently, to gather broad demographic information and to monitor the level of activity on our Services. We may use Google Analytics or similar tools for this purpose. Google Analytics or similar tools uses their own cookies. We only use these tools to improve how our Services works. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies. You can find out more about how Google protects your data here: www.google.com/analytics/learn/privacy.html. You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB .
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.co.uk.
If you do not accept our cookies, you may experience some inconvenience in your use of our Site/Application(s)/Services. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit.
We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Services to track the actions of users on our Services. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the Services, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ Personal Data.
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Your rights regarding your personal information
Our legal bases for the processing of Personal Data are: (i) consent or (ii) any other applicable legal bases, such as our legitimate interest in engaging in commerce, offering products and services of value to you and the customers of the Services, preventing fraud, ensuring information and network security, direct marketing and advertising, and complying with industry practices. For the purposes of this Section, “Personal Data” shall mean any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person.
Additional Rights for European Residents. If you are a resident of the European Union (EU), European Economic Area (EEA) or a country following substantially similar legislation regarding the protection of Personal Data, you may have one or more of the following additional rights:
To exercise any of the above listed rights, please contact us at email@example.com or as set forth in the Contact Information section below and provide sufficient details so that we can respond appropriately. We will process any requests in accordance with applicable law and within a reasonable period of time. We may need to verify the identity of the individual submitting a request before we can address such request. If the request relates to data our customers collect and process through the Services, we will refer the request to that customer and will support them in responding to the request. For customers, certain information may be reviewed, corrected and updated by logging into the Services account and editing the profile information.
*Note that withdrawing your consent to our processing of your information will not affect the lawfulness of any processing carried out before you withdraw your consent. You should also be aware that if you do withdraw your consent, we may not be able to provide certain services to you. Where this is the case, we will let you know at the time you withdraw your consent. Please note that even after you have withdrawn your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
Until the framework agreement reached between the United States and EU is implemented, HackEDU relies on the use of Standard Contractual Clauses (and applicable jurisdiction-specific modules) for transatlantic data flows from the United Kingdom, European Union, European Economic Area, and Switzerland.
Provider will transfer Personal Data (as Personal Data is defined under applicable Data Protection Laws and Regulations) from the European Union and Switzerland in accordance with Module 2 of the Standard Contractual Clauses dated June 4, 2021 (the “SCCs 2021”).
The SCCs (2021) shall apply to the extent: (i) Customer is subject to the Data Protection Laws and Regulations in the European Union or European Economic Area; (ii) Personal Data is transferred, either directly or via onward transfer, from the European Union, or European Economic Area to any country not recognized by the European Commission as providing an adequate level of protection for personal data; and (iii) an alternative legal mechanism of ensuring an adequate level of protection for Personal Data is not available with respect to such transfer(s) as set forth herein.
Provider will transfer Personal Data from the United Kingdom in accordance with the Standard Contractual Clauses dated February 5, 2010 (the “SCCs 2010”).
The SCCs (2010) shall apply to the extent: (i) Customer is subject to the Data Protection Laws and Regulations in the United Kingdom; (ii) Personal Data is transferred, either directly or via onward transfer, from the United Kingdom to any country not recognized by the UK GDPR as providing an adequate level of protection for personal data; and (iii) an alternative legal mechanism of ensuring an adequate level of protection for Personal Data is not available with respect to such transfer(s) as set forth herein.
The Standard Contractual Clauses will not apply to Personal Data that is not transferred, either directly or via onward transfer, outside the European Union, European Economic Area, Switzerland, and the United Kingdom, as applicable.
The California Consumer Privacy Act of 2018 (the “CCPA”) and the California Privacy Rights Act of 2020 (the “CPRA”) provides consumers that are natural persons who are California residents (“Consumers”) (i) the right to know what personal information a business has disclosed about them, along with certain details, (ii) the right to “opt out” of allowing a business to sell personal information (as defined in the CCPA) to third parties, (iii) the right to have a business delete their personal information, with some exceptions, (iv) the right to receive equal service and pricing from a business, and (v) other related rights.
To the extent that the CCPA or CPRA is applicable, then: (i) Provider is a service provider (as defined in the CCPA or CPRA) or a contractor (as defined in the CPRA); (ii) Provider shall not retain, use, or disclose personal information for any purpose other than for the specific purposes of performing the Services or as otherwise permitted by the CCPA or CPRA; (iii) Provider shall not sell personal information provided by Consumer or processed on Consumer’s behalf; (iv) Consumer is responsible for verifying a consumer request with respect to personal information processed by Provider before requesting applicable information from HackEDU; and (v) Consumer is responsible such that its use of the Services will not violate the rights of any identified or identifiable persons to which personal data relates that has opted-out from sales or other disclosures of personal information, to the extent applicable under the CCPA or CPRA.
If the company is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org or by mail at:
HackEDU, Inc. d/b/a Security Journey
Re: Privacy Compliance Officer
40 24th Street, Fourth Floor, Pittsburgh, PA 15222, United States of America.