PRIVACY & DATA PROTECTION POLICY This Privacy Policy governs the data protection standards by which HACK 365 Global (hereinafter "The Platform", "We", or "Us") processes the personal information of our diverse data subjects. These include: individual learners, K-12 students, university researchers, corporate trainees, instructors, and ethical hackers, organisations, website visitors participating in and using our platform, Capture The Flag (CTF) competitions and virtual labs. Given the sensitive nature of cybersecurity training, this policy specifically covers data processing within our Virtual Learning Environments (VLE), Live Hacking Labs, Examination Portals, and Dashboards. This policy comprehensively covers data processing activities across our portals, programs, client projects, and during our industry events, such as Competitions/Conference/Workshop/Training etc. In strict compliance with the Nigeria Data Protection Act (NDPA) 2023, the General Data Protection Regulation (EU) 2016/679 (GDPR), and the Cybercrimes (Prohibition, Prevention, etc) Act 2015, we maintain robust principles to secure your identity while you master the art of cyber defense. ARTICLE 1: DEFINITIONS & INTERPRETATION "Virtual Lab Data": Answers, Command logs, keystrokes, script uploads, and network traffic generated by you within our isolated hacking sandboxes. "Data Subject": The Learner, Student, Instructor, or Corporate Admin. "Sponsor": The entity paying for the training (e.g., Your Employer, School, or Government Agency etc). "Personal Data": Info that identifies you (Name, Email, IP Address etc). "Controller": HACK 365 Global (We determine how the platform is used). ARTICLE 2: GOVERNING PRINCIPLES In line with Section 24 of the NDPA and Article 5 of the GDPR, we ensure your data is: Processed Lawfully: Especially regarding the monitoring of hacking activities. Purpose Limitation: Used strictly for education, certification, and platform security. Data Minimization: We don't ask for your home address if a digital email suffices. Accuracy: Ensuring certification records match your legal identity. Integrity & Confidentiality: Preventing unauthorized leakage of your lab solutions or exam results. ARTICLE 3: LAWFUL BASIS FOR PROCESSING We process your data based on the following grounds (NDPA Sec 25): 3.1. Performance of Contract Scenario: Granting access to lab categories, courses, processing exam fees, and issuing certificates. 3.2. Legitimate Interest (Crucial for Hacking Labs) Scenario: We monitor and log your activity within our virtual labs. Reason: To prevent abuse (e.g., using our infrastructure to attack real-world targets), ensuring academic integrity, and debugging system errors. 3.3. Legal Obligation Scenario: Compliance with Know Your Customer (KYC) laws for payments and cooperation with law enforcement if our platform is used for illegal cybercrimes. 3.4. Consent Scenario: Marketing newsletters, or when a minor (under 18) signs up for a K-12 program. ARTICLE 4: SCOPE OF DATA COLLECTED 4.1. Registration Data Full Name, Email, Username (Handle), and Password etc. 4.2. Activity & Telemetry Data (The "Hack" Data) Lab Logs: Terminal commands, tools used (e.g., Nmap, Metasploit), and flags captured. Connection Data: Logins, VPN IP addresses, device operating system, and connection timestamps. 4.3. Academic Data Lab/Course progress, exam scores, badges earned, and skill assessment reports. 4.4. K-12 Specific Data For school programs: Grade level, School Name, and Parent/Guardian Contact details. ARTICLE 5: SPECIFIC SITUATIONS (ALL POSSIBLE SCENARIOS) 5.1. The Virtual Hacking Labs (Sandbox Monitoring) Notice: To maintain the security of the HACK 365 infrastructure and the internet at large, we employ active monitoring solutions in our labs. What we see: We may review command-line history and network packets originating from your virtual machine to ensure you are adhering to our Terms of Use Policy. Misuse of lab resources for illegal activities will lead to immediate account termination and reporting to authorities. 5.2. Corporate & Sponsored Training Scenario: If your employer or a government agency paid for your subscription. Data Sharing: We are contractually obligated to share your Progress Reports, Attendance, and Assessment Scores with your sponsor (Employer). Privacy Note: Your personal private messages or non-training browsing habits are not shared. 5.3. Public Leaderboards & Profiles Default: Your Username (Handle) and Rank/Score are public on our global leaderboards. Option: You may choose to hide your full name, but your Username and Score are considered public platform data for gamification purposes. Protection: We do not sell student data. Student profiles are hidden from public indexing by default. ARTICLE 6: THIRD-PARTY PROCESSORS We do not sell your data. As an establishment, third parties may wish to provide essential services to you (through our platforms) while relying on the relevant lawful bases for processing your personal data in this regard. The type of data usually processed for this may be your contact details. Where such services depend on consent, you have the right to decline and further restrict the processing of your personal data. You can simply unsubscribe to the notices sent for the purpose of such service To deliver a world-class experience, we might partner with: Cloud Infrastructure: (e.g., Azure, AWS) to host our virtual machines and containers. Payment Gateways: (e.g., Paystack, Stripe) for course purchases. Credentialing Bodies: (e.g., CYSECAcademy, Credly) to issue digital badges that you can display on LinkedIn. Identity Verification: Services to verify test-taker identity during proctored exams. ARTICLE 7: INTERNATIONAL TRANSFERS HACK 365 Global serves a worldwide audience. Safeguards: When transferring data between our Nigerian headquarters and international servers/clients, we rely on Standard Contractual Clauses (SCCs) and Adequacy Decisions as per NDPA Section 41. Your data enjoys the same protection level where ever it is store. ARTICLE 8: DATA SECURITY & LIABILITY We practice what we preach. We use end-to-end encryption (TLS 1.3), Multi-Factor Authentication (MFA) for admin access, and regular penetration testing. You are responsible for keeping your VPN configuration files and access tokens secure. HACK 365 Global is not liable if you share your credentials and a third party uses your account for malicious acts. ARTICLE 9: DATA RETENTION The purposes of data processing determine the length of time within which your personal data is stored. We retain your personal data, including any correspondence you have with us, only for as long as is necessary to fulfill the purposes set out in this policy, or as required by law. Specifically, we retain data for the duration of your active subscription, course enrollment, or account with HACK 365 Global. We collect and store only the personal data reasonably required by law, NDPA and cybersecurity industry best practices to serve you effectively or to respond to legitimate inquiries regarding your transactions and virtual lab activities. ARTICLE 10: CAVEAT ON WEBSITE LINKS This website may contain links to other websites. Save and except as otherwise expressly stated by us, any link to another website is not covered by our privacy policy. We strongly advise that you should satisfy yourself with the details of any privacy policy provided on other websites or links. ARTICLE 11: COOKIES POLICY Customarily, websites are designed to collect certain information from the visitor. This website is also designed to collect your IP address and other information that your web browser typically shares with the websites that you visit. Our websites use cookies to enhance user experience. Essential Cookies: Necessary for the site to function (e.g., logging into the Academy portal). Analytics Cookies: Help us understand how visitors use our site (e.g., Google Analytics). Marketing Cookies: Used to deliver relevant ads (only with your consent). You can manage your cookie preferences via your browser settings. ARTICLE 12: YOUR RIGHTS Under Part VI of the NDPA (Sections 34-38) and GDPR Chapter III, you have the right to: Request Access to your personal data. Request Correction of inaccurate data. Request Deletion ("Right to be Forgotten") where applicable. Object to processing for direct marketing. Data Portability (receive your data in a usable format) ARTICLE 13: CONTACT & COMPLIANCE Reporting Ethical Concerns If you witness a user abusing the platform for illegal hacking, report immediately to: info@hack365global.com Supervisory Authority Nigeria Data Protection Commission: https://ndpc.gov.ng ARTICLE 14: ALTERATION OF PRIVACY POLICY We reserve the right to update or amend the foregoing policy for the purposes of advancing data privacy rights, public interest or complying with lawful directives of the Federal Government - in accordance with changes in the NDPA 2023 or Industry Regulations. By creating an account and initializing a Virtual Lab, you explicitly acknowledge that your activities within the lab environment are logged for security or educational purposes.