HAKATEMIA
Start hacking
01 / TIETOSUOJA

Privacy notice

Updated on: 1.9.2025

Controller

Contact details

Contact details

Controller Hakatemia Oy (Y-Tunnus 3334684-1)
Data protection contact Teo Selenius
Email [email protected]

Legal bases

Performance of a contract

Performance of a contract

When the processing of your personal data is necessary for the delivery of the service or one of its functions, the legal basis is the performance of the contract (terms of service). For example, processing your email address is necessary for you to log in to the service with an email link.Read more from tietosuoja.fi
Consent of the data subject

Consent of the data subject

When your personal data is processed with your own, consciously given, clearly identified, and genuinely voluntary consent, the legal basis is consent. In this case, the data subject has the right to withdraw the consent at any time, in which case the controller must stop processing the personal data in question. For example, when you join Hakatemia's mailing list, you give consent to send you email as described in the sign-up form, and when you allow cookies, you give consent to set a cookie in your browser for a specific purpose or purposes.Read more from tietosuoja.fi
Controller's legitimate interest

Controller's legitimate interest

When other legal bases are not appropriate, the controller has a clear interest in the processing, the processing of personal data is necessary to achieve the interest, and the processing does not cause significant harm to the data subject in relation to the benefit received by the controller, the legal basis is the legitimate interest of the controller. For example, Hakatemia's information security monitoring, error reporting, and website analytics process your IP address so that we can ensure the security of the service and provide you with a functional and useful service.Read more from tietosuoja.fi

Personal data processed, legal basis and retention times

Hakatemia basic information

Hakatemia basic information

Basic information related to the use of the service, such as email address for logging in, username, avatar image, active memberships and completed modules.
Legal basis Performance of a contract
Retention time Basic information is stored as long as the service is active and the data subject has not deleted their account.
Security monitoring

Security monitoring

Information related to security monitoring such as IP address, browser type and version, email address, username, logged action and parameters.
Legal basis Controller's legitimate interest
Retention time Security logs are stored for one month.
Error reporting

Error reporting

Information related to error reporting such as IP address, browser type and version, email address, username, logged action and parameters.
Legal basis Controller's legitimate interest
Retention time Personal data is not stored at all.
Application logs

Application logs

Information related to application logs such as IP address, browser type and version, email address, username, logged action and parameters.
Legal basis Controller's legitimate interest
Retention time Application logs are stored for one month.
Analytics

Analytics

Information related to analytics such as page URL, HTTP referrer/UTM information (information about which page you came to Hakatemia from), browser and operating system type and version, device type, country and the event you performed on the Hakatemia page.
Legal basis Controller's legitimate interest
Retention time Analytics data is deleted when it is no longer necessary to improve the quality of the service.
News letter

News letter

Information related to Hakatemia mailing list, i.e. email address, information about opening the message, information about the status of the subscription (active or cancelled), and the form through which the subscription was made.
Legal basis Consent of the data subject
Retention time The newsletter subscription can be cancelled at any time, in which case the personal data will be deleted.
CRM database

CRM database

Information related to the CRM database such as email address, name, phone number, address, company, workplace or job title of Hakatemia corporate customers and/or potential corporate customers.
Legal basis Controller's legitimate interest
Retention time CRM database information is stored as long as the company is a Hakatemia customer or potential customer.

Security

Trained staff

Trained staff

Hakatemia is built, maintained and monitored by experienced and certified information security professionals. Your personal data is in good hands.
Encryption

Encryption

Your personal data is encrypted both in transit and at rest.
Monitoring

Monitoring

Hakatemia logs are monitored to detect threats.

Recipients of personal data

Processors

Processors

The controller may partially outsource the processing of personal data to another service provider. Such service providers are called processors. The processor processes personal data on behalf of the controller (Hakatemia) and acts in accordance with and under the supervision of the controller's instructions. The controller ensures that the processors undertake by contract to ensure an adequate level of data protection. Hakatemia uses the following service providers:
Vercel Inc (340 S Lemon Ave 4133, Walnut, California, 91789, Yhdysvallat)
 Hakatemia page is hosted on EU-regions in Vercel.Read more
Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA)
 We use Cloudflare as a content delivery network (CDN), for DDoS protection and as a web application firewall to improve performance and security.Read more
Hetzner Online GmbH (Industriestr. 25 91710 Gunzenhausen Saksa)
 Hakatemia lab infrastructure and part of the server infrastructure is hosted in Hetzner datacenter in Helsinki.Read more
Supabase (970 Toa Payoh North #07-04, Singapore 318992)
 Hakatemia data assets and cloud storage are located in EU regions in Supabase. In addition, Hakatemia uses Logflare, a service owned by Supabase, for log processing.Read more
Redis EMEA Ltd. (Bridge House, 4 Borough High Street, London, SE1 9QQ, United Kingdom)
 Hakatemia Redis cache is located in Redis cloud.Read more
Slack (500 Howard St, San Francisco, CA 94105, USA)
 Hakatemia uses Slack for internal communication as well as notifications and alerts from different Hakatemia services. Notifications and alerts may contain personal data, for example security alerts contain your IP address.Read more
Brevo (7 Rue de Madrid, 75008 Pariisi, Ranska)
 Hakatemia mailing list (e.g. email communication to News letter subscribers and Hakatemia PRO members) and CRM system is implemented with Brevo.Read more
Vercom S.A. (Roosevelta 22, 60-829 Poznań, Puola)
 Hakatemia SMTP (email sending) is implemented with Polish EmailLabs.Read more
Functional Software, Inc (45 Fremont Street, 8th Floor, San Francisco, CA 94105)
 We use Sentry.io service for error reporting.Read more
Raintank, Inc dba Grafana Labs ( 3411 Silverside Road, Tatnall Building #104, Wilmington, DE 19810 United States of America)
 Hakatemia lab infrastructure logging is partially implemented with Grafana Cloud.Read more
Plausible Insights OÜ (Västriku tn 2, 50403, Tartu, Estonia)
 We use privacy-friendly Plausible.io service for website analytics.Read more
Google Cloud EMEA Limited ( 70 Sir John Rogerson's Quay, Dublin 2, Ireland)
 We use Google Cloud platform for log processing and partially for server infrastructure. We sometimes use Google Forms to collect feedback. In this case, the responses are stored in Hakatemia Google Workspaces storage.Read more
Zapier, Inc (548 Market St. #62411. San Francisco, CA 94104-5401)
 Hakatemia uses Zapier integration services to automatically send Hakatemia PRO members email addresses to Brevo email service.Read more
Stripe, Inc (Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland)
 Hakatemia uses Stripe as a payment channel. Hakatemia sends your email and possibly information about the advertising channel through which you found Hakatemia (Youtube, Google, email, etc.) to Stripe, you provide other information to Stripe yourself, but Hakatemia gets to see your information as far as you are a Hakatemia customer.Read more
Subprocessors

Subprocessors

This section lists the subprocessors used by Hakatemia. The section applies to Hakatemia business customers. A subprocessor means a service provider used by Hakatemia that processes personal data on behalf of Hakatemia business customer (controller).
Vercel Inc (340 S Lemon Ave 4133, Walnut, California, 91789, Yhdysvallat)
 Hakatemia page is hosted on EU-regions in Vercel.Read more
Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA)
 We use Cloudflare as a content delivery network (CDN), for DDoS protection and as a web application firewall to improve performance and security.Read more
Supabase (970 Toa Payoh North #07-04, Singapore 318992)
 Hakatemia data assets and cloud storage are located in EU regions in Supabase. In addition, Hakatemia uses Logflare, a service owned by Supabase, for log processing.Read more
Redis EMEA Ltd. (Bridge House, 4 Borough High Street, London, SE1 9QQ, United Kingdom)
 Hakatemia Redis cache is located in Redis cloud.Read more
International transfers

International transfers

Hakatemia data assets are primarily located in the EU/EEA area. If the service provider transfers personal data outside the EU/EEA to a country for which there is no valid decision by the European Commission on the adequate level of data protection, we ensure the safe and lawful transfer of your personal data by agreeing with the service provider on the use of standard contractual clauses approved by the European Commission.
Public information

Public information

If you set your profile public from your account settings, your profile and its content is visible to anyone who visits your profile page, and your nickname and points may be visible on the leaderboard.
Disclosures to the controller of a team

Disclosures to the controller of a team

If you join a Hakatemia team, the following personal data will be disclosed to the controller of that team: Email address, progress in Hakatemia. Depending on the team settings, team members may see your email address, your profile, and what tasks you have completed in Hakatemia.
Disclosures to the controller of a CTF competition

Disclosures to the controller of a CTF competition

If you participate in a CTF competition, the following personal data may be disclosed to the controller of that competition: Email address, nickname, and tasks completed during the competition.

Cookies

Cookies and similar methods are small text files that the site stores on your computer or mobile device. Hakatemia uses cookies as follows

Session cookies

Session cookies

Cookies such as sb-access-token and sb-refresh-token are Hakatemia session cookies. They keep you logged in to the service once you have entered your login code.

Your rights

Right to be informed

Right to be informed

You have the right to obtain from Hakatemia confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data.Read more from tietosuoja.fi
Right to rectification

Right to rectification

You have the right to obtain from Hakatemia without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.Read more from tietosuoja.fi
Right to erasure

Right to erasure

You have the right to obtain from Hakatemia the erasure of personal data concerning you without undue delay and Hakatemia shall have the obligation to erase personal data without undue delay.Read more from tietosuoja.fi
Right to portability

Right to portability

You have the right to receive the personal data concerning you, which you have provided to Hakatemia, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Hakatemia.Read more from tietosuoja.fi
Right to restriction

Right to restriction

You have the right to obtain from Hakatemia restriction of processing where one of the following applies:Read more from tietosuoja.fi
Right to objection

Right to objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. Hakatemia does not use profiling.Read more from tietosuoja.fi
Right not to be subject to decisions based on automated processing

Right not to be subject to decisions based on automated processing

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Hakatemia does not make such decisions.Read more from tietosuoja.fi
Right to filing complaint

Right to filing complaint

If you consider that your rights have been infringed, you have the right to lodge a complaint with the supervisory authority, which in Finland is the Data Protection Ombudsman.Read more from tietosuoja.fi
Exercising your rights

Exercising your rights

You can unsubscribe from the newsletter by clicking the link at the bottom of any email. You can object to the processing of your personal data for analytics and error reporting purposes using the button below or in your account settings. You can also send an email to [email protected]