When the processing of your personal data is necessary for the delivery of the service or one of its functions, the legal basis is the performance of the contract (terms of service). For example, processing your email address is necessary for you to log in to the service with an email link.Read more from tietosuoja.fi

When your personal data is processed with your own, consciously given, clearly identified, and genuinely voluntary consent, the legal basis is consent. In this case, the data subject has the right to withdraw the consent at any time, in which case the controller must stop processing the personal data in question. For example, when you join Hakatemia's mailing list, you give consent to send you email as described in the sign-up form, and when you allow cookies, you give consent to set a cookie in your browser for a specific purpose or purposes.Read more from tietosuoja.fi

When other legal bases are not appropriate, the controller has a clear interest in the processing, the processing of personal data is necessary to achieve the interest, and the processing does not cause significant harm to the data subject in relation to the benefit received by the controller, the legal basis is the legitimate interest of the controller. For example, Hakatemia's information security monitoring, error reporting, and website analytics process your IP address so that we can ensure the security of the service and provide you with a functional and useful service.Read more from tietosuoja.fi

Basic information related to the use of the service, such as email address for logging in, username, avatar image, active memberships and completed modules.

Information related to security monitoring such as IP address, browser type and version, email address, username, logged action and parameters.

Information related to error reporting such as IP address, browser type and version, email address, username, logged action and parameters.

Information related to application logs such as IP address, browser type and version, email address, username, logged action and parameters.

Information related to analytics such as page URL, HTTP referrer/UTM information (information about which page you came to Hakatemia from), browser and operating system type and version, device type, country and the event you performed on the Hakatemia page.

Information related to Hakatemia mailing list, i.e. email address, information about opening the message, information about the status of the subscription (active or cancelled), and the form through which the subscription was made.

Information related to the CRM database such as email address, name, phone number, address, company, workplace or job title of Hakatemia corporate customers and/or potential corporate customers.

Hakatemia is built, maintained and monitored by experienced and certified information security professionals. Your personal data is in good hands.

Your personal data is encrypted both in transit and at rest.

Hakatemia logs are monitored to detect threats.

The controller may partially outsource the processing of personal data to another service provider. Such service providers are called processors. The processor processes personal data on behalf of the controller (Hakatemia) and acts in accordance with and under the supervision of the controller's instructions. The controller ensures that the processors undertake by contract to ensure an adequate level of data protection. Hakatemia uses the following service providers:

This section lists the subprocessors used by Hakatemia. The section applies to Hakatemia business customers. A subprocessor means a service provider used by Hakatemia that processes personal data on behalf of Hakatemia business customer (controller).

Hakatemia data assets are primarily located in the EU/EEA area. If the service provider transfers personal data outside the EU/EEA to a country for which there is no valid decision by the European Commission on the adequate level of data protection, we ensure the safe and lawful transfer of your personal data by agreeing with the service provider on the use of standard contractual clauses approved by the European Commission.

If you set your profile public from your account settings, your profile and its content is visible to anyone who visits your profile page, and your nickname and points may be visible on the leaderboard.

If you join a Hakatemia team, the following personal data will be disclosed to the controller of that team: Email address, progress in Hakatemia. Depending on the team settings, team members may see your email address, your profile, and what tasks you have completed in Hakatemia.

If you participate in a CTF competition, the following personal data may be disclosed to the controller of that competition: Email address, nickname, and tasks completed during the competition.

Cookies such as sb-access-token and sb-refresh-token are Hakatemia session cookies. They keep you logged in to the service once you have entered your login code.

You have the right to obtain from Hakatemia confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data.Read more from tietosuoja.fi

You have the right to obtain from Hakatemia without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.Read more from tietosuoja.fi

You have the right to obtain from Hakatemia the erasure of personal data concerning you without undue delay and Hakatemia shall have the obligation to erase personal data without undue delay.Read more from tietosuoja.fi

You have the right to receive the personal data concerning you, which you have provided to Hakatemia, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Hakatemia.Read more from tietosuoja.fi

You have the right to obtain from Hakatemia restriction of processing where one of the following applies:Read more from tietosuoja.fi

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. Hakatemia does not use profiling.Read more from tietosuoja.fi

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Hakatemia does not make such decisions.Read more from tietosuoja.fi

If you consider that your rights have been infringed, you have the right to lodge a complaint with the supervisory authority, which in Finland is the Data Protection Ombudsman.Read more from tietosuoja.fi

You can unsubscribe from the newsletter by clicking the link at the bottom of any email. You can object to the processing of your personal data for analytics and error reporting purposes using the button below or in your account settings. You can also send an email to teo.selenius@hakatemia.fi