HackerOne Privacy Shield Notice
HackerOne ("We" or "Our") has certified our compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, cementing our commitment to a safe and transparent environment for our users. As part of this compliance, we adhere to the Privacy Shield Principles of notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement, and liability for personal data submitted by our customers in participating European countries through the Services.
For more information about the Privacy Shield, see the U.S. Department of Commerce's Privacy Shield website. To review our certification on the Privacy Shield list, see the U.S. Department of Commerce's Privacy Shield self-certification list.
Our collection of personal data
HackerOne is responsible and remains liable for the processing of personal data it receives, under the Privacy Shield Frameworks, and subsequently transfers to a third party acting as an agent on its behalf. HackerOne complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred under the Privacy Shield Frameworks, HackerOne is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Purpose of data collection and processing
The type of third parties to which we disclose personal information
- If we employ other companies and people to perform tasks on our behalf, we may share Your Information with them as needed to provide the Services to you. Unless we tell you differently, our agents do not have any right to use any personal information we share with them beyond what is necessary to assist us.
- We may share aggregated information and non-identifying information with third parties for industry research and analysis, demographic profiling, and other similar purposes.
- We will cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose Your Information to government or law enforcement officials in response to lawful requests or to private parties as we, in our sole discretion, believe necessary or appropriate: (i) to comply with law, regulation or valid legal process (including orders and subpoenas); or (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general. If we are going to release Your Information, our policy is to provide you with notice unless we are prohibited from doing so by law or court order.
We are aware and mindful of our responsibility and potential liability in cases of onward transfers to third parties.
Inquiries and complaints
If you are a resident of a European country participating in the Privacy Shield and you believe we maintain your personal data within the scope of this Privacy Shield certification, you may direct any questions or complaints concerning our Privacy Shield compliance to firstname.lastname@example.org.
Dispute Resolution & Arbitration
In compliance with the Privacy Shield Principles, HackerOne commits to resolve complaints about our collection or use of your personal information. EEA and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact HackerOne at email@example.com.
HackerOne has further committed to refer unresolved Privacy Shield complaints to JAMS. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield or to file a complaint visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. The services of JAMS are provided at no cost to you. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means.
U.S. Federal Trade Commission Enforcement
Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Right to access and limit use
You have a legal right to request the personal information about you held by us. On request, we will provide you with a copy of this information. You also have a right to correct, amend, or delete such personal information where it is inaccurate or has been processed in violation of the Privacy Shield Principles.
Requirement to Disclose
HackerOne may be required to share your personal information in response to lawful requests by public authorities, including to meet national security and law enforcement requirements.