1. Data controller
The controller of the personal data described in this privacy statement is:
Dimaros B.V.Sumatrastraat 13 BIS
3531 PA Utrecht
KVK 74959360
Email via: contact form
Privacy statement
Hack the Bank collects and processes personal data for performing our agreement with you and for improving our products and services. This privacy statement further explains data processing and related topics.
Sumatrastraat 13 BIS
3531 PA Utrecht
KVK 74959360
Email via: contact form
2. What data is collected?
This section describes the data Hack the Bank collects including its purposes, legal grounds, retention periods and what happens if you refuse. Data provided by you will be stored securely within Europe.
2.1 Data provided by you
2.1.1 Contact form input
When using the contact form, you are required to provide us personal data. Without this personal data, we cannot process your message and cannot respond. In submitting the data, you give us permission to process the data, specifically for correspondence about and handling your question, comment, or other message and improving our products and services. The retention period for this data is three years.
2.1.2 Registration to participate in Hack the Bank
By signing up for Hack the Bank, you are entering into an agreement with us. We process the data provided as required to fulfill that agreement. Examples include sending practical information prior to the session, granting access to The Rabbit Hole online learning platform, correspondence about billing, preparing a certificate and sending an evaluation form to participants after the session. If you register more than one person, you must have permission from these individuals to provide their personal data. The retention period for this data is three years.
2.2 Data collected during The Rabbit Hole
Hack the Bank stores your submitted answers from the questions in the online learning platform The Rabbit Hole. We process this data for executing our agreement with you, in order to tailor the Hack the Bank session on-site to the level of the participants and for improving our product. The retention period for this data is unlimited.
2.3 Data collected during your Hack the Bank session
During your Hack the Bank session, we monitor the progress of you and your co-player. To this end, we store your input submitted during the session, such as web forms, chat messages or executed shell and network commands. In addition, Hack the Bank has the ability to watch live with the screen of the computer provided. This data is processed for the execution of our agreement with you, to provide you with support such as relevant hints during the session, to facilitate the course of the session, to ensure the technical functioning of our product during the session and to improve our product. The retention period of your input is unlimited. The live feed of the computer screen is not stored.
2.4 Data collected by third parties
2.4.1 Application Insights
For quality purposes, anonymized data is automatically collected and provided to us by Microsoft's Application Insights. Application Insights collects data when using our website, on the online learning platform The Rabbit Hole and when using our computers during the Hack the Bank session.
Data collected by Application Insights is processed by Microsoft on European Servers for the sole purpose of providing it to Hack the Bank. More information can be found in Microsoft's privacy statement. The retention period for this data by Hack the Bank is 120 days.
2.4.2 LinkedIn Insight Tag
On our website we use the LinkedIn Insight Tag. This is an analysis and retargeting tool from LinkedIn Corporation. This tag allows us to gain insight into how visitors interact with our website after seeing our LinkedIn advertisements.
LinkedIn places cookies in the browser of visitors for this purpose. This data is used to measure conversions (for example: someone who logs in after an advertisement) and retargeting on LinkedIn.
More information: LinkedIn Privacy Policy. You can opt out via the settings of your LinkedIn account or via YourAdChoices.
2.4.3 reCAPTCHA V3
To prevent misuse of our website, data is automatically collected and provided to us by Google's reCAPTCHA V3. More information can be found in Google's privacy statement. Hack the Bank does not store this data.
2.5 Special personal data
Hack the Bank does not collect or process any special personal data.
2.6 Data of individuals younger than 16
Hack the Bank does not intend to collect data on website visitors who are under 16 years of age unless they have parental or guardian consent. Hack the Bank cannot, however, verify whether a visitor is older than 16. If you believe that we have collected personal information about a person under the age of 16 without such consent, please contact us through our contact form.
3. Recipients of personal data
Hack the Bank does not share personal data with third parties unless necessary to perform our agreement with you or to comply with legal obligations.
4. Automated decision-making
Hack the Bank does not use automated decision making.
5. Your rights
5.1 Overview of your rights
Below is a list of the rights you have. For each right, we refer you to the relevant page of the Dutch Data Protection Authority, about what the right means and how you can exercise it.
- Right to information
- Right to access
- Right to rectification (correction)
- Right to deletion
- Right to restriction of processing
- Right to data portability
- Right to object
Because Hack the Bank does not use automated decision-making, the right to human review of decisions does not apply.
Finally, you can withdraw previously granted permission to process (part of) your data. To do so, send an email via our contact form.
5.2 Exercising your rights
To exercise the rights in Section 5.1, you may submit a request to us. Filing a request is free of charge. If you make copious requests, we are entitled to charge an administrative fee before we process new requests. The total processing of a request takes up to 1 month, or up to 3 months for complex requests.
We will handle your request as follows:
- You email your request through our contact form.
- We will send you a confirmation of receipt and verify your identity.
- We assess whether we can execute your request and inform you accordingly. To carry out the request, it must be in accordance with your rights. In addition, in exceptional cases we may not execute your request, for example if your request violates our legal obligations or general exceptions described in article 23 of the AVG.
- Accepted requests we carry out. We inform you afterwards.
- We inform other parties if necessary.
5.3 Objection
Do you disagree with how we handle your request or process your data? We would be happy to come to a solution with you: please contact us via our contact form. Is it not possible to find a solution together? Then you have the possibility to file a complaint with the supervisor. That is the Dutch Data Protection Authority.