Hadrian Logo
Platform

Privacy statement and cookie policy

Last updated: October 6th, 2023

General

Hadrian provides its customers with an agentless proactive security platform that is built by a team of expert hackers. We use new cloud-native technology and machine learning to report vulnerabilities in companies' defence systems before attackers can exploit them (the “Hadrian Platform” or the “Service”).

Hadrian Security B.V. and any other legal entity that comprise the Hadrian group (together: Hadrian) may collect your personal data when you visit our website, use our Hadrian Platform,  order or purchase Hadrian products or services, use our apps, and/or when you are in contact with Hadrian. This Privacy Statement applies to the collection and processing of the personal data of customers and users of Hadrian’s Platform and users of Hadrian websites, social media channels and apps (hereafter: "you").

Hadrian attaches great importance to protecting the privacy and security of your personal data. We will process your personal data in accordance with the EU General Data Protection Regulation, and/or local privacy laws (when applicable).

Hadrian may amend this Privacy Statement from time to time. You may always view the latest version of the Privacy Statement at www.hadrian.io under “Privacy Statement” at the bottom of the website. We advise you to visit this website regularly to determine whether you have the most recent version of the Privacy Statement, and that you do so whenever sharing your personal data to Hadrian.

This Privacy Statement was last changed in October 2023.

The privacy principles of Hadrian

We handle data protection and privacy in accordance with below privacy principles:

  1. Hadrian complies with legal rules. We process and store certain personal data. We are open and clear about this in our privacy statement.
  2. Hadrian applies strict rules for the processing of personal data, and we regularly evaluate how the rules function. We process personal data that is relevant and necessary to give our customers a great experience and to be a good employer for our employees.
  3. Hadrian has taken appropriate organisational and technical and security measures for dealing with personal data of customers and employees. Only people with the correct authorization can access the personal data. If we engage external parties, we will only do so after we have made proper agreements about the safe processing of personal data. We take measures to prevent data leaks, but if this does occur, we inform the parties involved and the regulator where necessary.
  4. Hadrian develops new products according to the principles of 'privacy by design' and 'privacy by default'. This means that privacy aspects will be included in the design process and we always assume the most privacy-friendly level. Hadrian wants to provide transparent, clear information about what personal data we process, why it is needed and how we deal with it. We will assist the customer and employees or other stakeholders who want more insight or information.

Who is responsible for the processing of personal data?

Hadrian Security B.V. is responsible for processing your personal data that we collect on our website. You can find our contact details at the end of this Privacy Statement.

Our customers are responsible for data processed in Hadrian’s Platform because Hadrian processes this on behalf of our customers, who are data controllers. In the second part of this privacy statement, we inform you about processing of data that we perform as data processor, on behalf of our customers, who qualify as data controller.

Why do we collect your data?

Hadrian collects your personal data as required, generally::

  • To offer you Hadrian products and services
  • To provide you with the use of the Hadrian websites, Hadrian Platform and apps
  • To be able to send you our e-mail newsletter
  • To promote an effective security policy in Hadrian offices (e.g. by using access control, conducting camera monitoring or registering incidents)
  • To comply with the legal obligations that Hadrian is subjected to
  • To be able to manage your requests and questions
  • To invite you to participate in research relating to Hadrian provided you have chosen to be contacted by Hadrian

What personal data do we collect from you?

Hadrian may process the following items of your personal data:

  • name, e-mail address, address, telephone number
  • date and place of birth, gender
  • nationality, where applicable
  • Camera footage in our offices to ensure a safe environment for our staff and visitors
  • Customer Service audio recordings for training and quality improvement purposes
  • Usage Data for diagnostics

Newsletters and other commercial communication from Hadrian

Following your consent, we will inform you on new products, specials and other promotional activities by sending you our newsletter. You always have the option to opt-out of receiving further commercial communications from us by using one of the following options:

  • by clicking the ‘unsubscribe’ link at the bottom of the respective Hadrian e-mail;
  • by clicking the ‘unsubscribe from all’ link in the newsletter preferences in your personal Hadrian account;
  • by sending an email to privacy@hadrian.io;
  • by indicating this in writing to Customer Service using the postal address below or by using the contact form on www.hadrian.io.

When you unsubscribe to commercial communications from us, we will remove you from the mailing list as quickly as possible. Clicking the ‘unsubscribe’ link at the bottom of the Hadrian e-mail or via your personal Hadrian account is the fastest and automated way to unsubscribe.

How do we collect your personal data and for which purpose?

Creating an Online Account: If you create an online account on our platform or apps, we collect your personal data on a secure server. You are asked to fill in your name, e-mail, and password to allow you to access our platform. We store this information so you can access the platform the next time you log in.

Contact customer service: If you contact our customer service, we will collect your name, e-mail address (and any additional data you may provide us with), the content of correspondence and conversation notes and call recording in case of telephone contact to be able to respond to your questions or comments or to provide better service and for training purposes.

Usage Data is collected automatically when using the Service. Usage Data may include information such as your device's Internet Protocol address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When you access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of Your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data. We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device.

Apply for a job: If you apply for a job at Hadrian, we will collect your name, e-mail address, phone number, CV/resume, photo, and cover letter.

Camera monitoring in our offices: Hadrian may use security cameras in its offices to ensure your security and the security of its staff and to be able to comply with its legal obligations. You will be informed about the cameras when entering the office and the cameras are clearly visible. These images are automatically erased after 7 days unless an incident has occurred, in which case the period will be extended under strict conditions. Only a limited number of trained staff members have access to surveillance images. The images may be provided to the police and judicial authorities in case of incidents.

Website analytics:  We use technology service providers such as Google to collect and display detailed statistics from our websites. The purpose of this service is to give us a clear overview of visitor flows, traffic sources and pageviews. Based on this information we can improve our websites and improve your shopping experience on our websites and apps.

Hadrian may participate in interest-based advertising. As described above, we may automatically collect data regarding how you browse websites, use applications, and shop in order to enhance your customer experience, improve our customer service, and provide you with communications and promotions from us or others. The objective of interest-based advertising is for Hadrian or its advertising partners to show you ads that are more relevant to your interests. You can limit Hadrian’s and our partners’ ability to collect and use your data for these purposes. To opt out of receiving interest-based advertising, click on either of the following links:  www.networkadvertising.org or www.aboutads.info. To successfully opt out, you must have cookies enabled in your web browser. Please note that if you choose to opt out, you may continue to see ads on our websites and receive communications from us, but such ads and communications will not be based on how you browse and shop. As described above, you can also prevent automatic collection of some data by disabling cookies on your web browser.

Social Media

When you participate in various social media, such as Facebook, Twitter, Pinterest, Instagram, LinkedIn, you should be familiar with and understand the tools provided by those sites that allow you to make choices about how you share the personal data in your social media profiles. We are bound by the privacy practices and policies of these third parties, so we encourage you to read the applicable privacy notices, terms of use and related information about how your personal data is used in these social media environments. Depending on the choices you have made regarding your settings on various social media sites and in combination with your settings on our website and apps, certain personal data may be shared with us about your online activities and social media profiles, for example via Facebook Connect or Google Connect. If you do not want us to share your personal data with a social media site or application, you should not access such social media site or social media application. For example, you should not click a "like'' button on a product detail page.

Legal grounds for processing personal data

The legal grounds for processing this personal data (depending on the person and the circumstances) are:

  • The performance of our agreement with you: processing of personal data related to your purchase, email notifications about your purchase and delivery of the products. Also to provide you with the services and responding to your requests to provide customer service and to provide you with essential information regarding our products and services.
  • Our legitimate interests: We use your personal data both on aggregated and on individual basis for the marketing of our products and services, to contact you via e-mail, social media or otherwise for interest-based advertising or other commercial purposes. We also use your personal data to create a marketing profile for analysing and improving the quality of our products and services, to assess what may interest you, to measure or understand the effectiveness of advertising we serve to you and others and to deliver relevant advertising. We may also use your personal data for our other legitimate commercial interests such as to operate and expand our business activities; to develop, improve or modify our products and services; to generate aggregated statistics about the users of our products and services; to facilitate our business operations; to operate company policies and procedures; to enable us to make corporate transactions, such as any merger, sale, reorganization, transfer of our assets or businesses, acquisition, bankruptcy, or similar event; or for other legitimate business purposes permitted by applicable law. With this, we refer to a legitimate interest as described in article 6, paragraph 1, sub paragraph f of the EU General Data Protection Regulation. We have performed a balancing test to weigh the legitimate interests of Hadrian (as described above) against your interests, rights and freedoms. We deem that the processing is necessary to achieve our interests. It is relevant to state that the breach of your privacy rights and freedoms is minimised because, wherever possible, we use pseudonyms, aggregates and apply other principles of Privacy by Design. Hadrian has a policy to monitor and continuously improve this. Our internal audit will oversee this. Only a limited number of staff have access to your personal details only when required to exercise their duties. Hadrian has carefully safeguarded your personal details (see ‘How do we protect your personal data’ below).  Considering the above, Hadrian believes that there are no interests, rights or freedoms that are more important to you than the legitimate interest of Hadrian to conduct its business to the best of its ability.
  • Use of information based on your consent: If you have not purchased any product or service from us, we will only send you direct marketing communications (such as newsletters, promotions, news on products or service updates) via email, other electronic means, via telephone or via hardcopy mail (such as flyers), after we have received your consent to do so. You can withdraw your consent at any time (see the section Your Privacy Rights below).
  • To comply with our legal obligations: Any personal data we collect may be used to comply with a legal obligation to which we are subject, such as supervisory bodies, fiscal authorities or investigation bodies, for example to provide camera images to the police and judicial authorities in case of incidents.

How do we protect your personal data?

Hadrian has taken appropriate technical and organisational measures to protect your personal data against loss or any form of unlawful processing. We protect your personal data using a range of security measures, including secure storage. Our information security policy is based on the ISO 27002 norms and includes regulations about the organisation of the security of personal data (assigning responsibilities in function profiles), managing company resources, the physical security of the premises, entry control and authorisations for staff members, maintenance and development of systems, calamities, business continuity, monitoring potential threats (external or internal), monitoring information security incidents, and conducting a periodic security audit of the systems.

Hadrian has taken appropriate technical and organisational measures to protect your personal data against loss or any form of unlawful processing. We protect your personal data using a range of security measures, including secure storage. Our information security policy is based on the ISO 27002 norms and includes regulations about the organisation of the security of personal data (assigning responsibilities in function profiles), managing company resources, the physical security of the premises, entry control and authorisations for staff members, maintenance and development of systems, calamities, business continuity, monitoring potential threats (external or internal), monitoring information security incidents, and conducting a periodic security audit of the systems.

Retention periods

Hadrian will only store your personal data for as long as required for the specific purpose of the data. For example, we store marketing related personal details for 2 years after your last contact with us. Invoices are stored for at least 7 years in compliance with local tax laws. We will remove personal data earlier if you request us to remove your personal details, unless another law prevents us from doing so.

Do we share your personal data with third parties?

Our basic principle is that we (a) do not share your personal data with third parties, and (b) only share your personal details with other Hadrian companies (intragroup) if  needed. In some cases, however, we need to share your data with third parties, for example, in the context of performing an agreement, to help us providing our products and services, or to send out marketing messages, including:

  • customers, suppliers (such as IT service providers) and subcontractors;
  • contact centers, to assist us with respect to Customer Service;
  • advertising and media companies that carry out marketing and media activities on our behalf;
  • analytics and search engine providers that assist us in the improvement and optimisation of our websites and apps
  • In the event of a transfer of shares or related transactions for due diligence. We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.

We sign a Data Processing Agreement with these companies. Some of our suppliers or third parties we work with are based in a country outside of the European Economic Region (EER) or store their data outside of the EER. The regulations in these countries do not always offer the same level of protection as within the EER. That is why we have an agreement with these parties to protect privacy in a way that is similar to data protection in the EER, such as the EU Standard Contractual Clauses. We may also supply your personal data to third parties in order to comply with laws and regulations or in the context of legal proceedings, a court order or other writ of execution.

Cookie policy

When you visit the Hadrian websites, Hadrian uses cookies to improve your user experience. We use cookies and similar tracking technologies to track the activity on our Service and store certain information. Tracking technologies used could be beacons, tags, and scripts to collect and track information and to improve and analyse our Service.  The technologies we use may include:

  • Cookies or browser cookies. A cookie is a small file placed on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use certain parts of our Service.
  • Preference Cookies. Certain features of our Service may use local stored objects (or flash cookies) to collect and store information about your preferences or your activity on our Service. Preference cookies are not managed by the same browser settings as those used for browser cookies. For more information on how you can delete preference cookies, please read "Where can I change the settings for disabling, or deleting local shared objects?" available at https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash. html#main_Where_can_I_change_the_settings_for_disabling__or_deleting local_shared_objects
  • Web beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Hadrian, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity). Cookies can be "persistent" or "session" cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

We use both session and persistent cookies for the purposes set out below:

  • Necessary / essential cookies type: session cookies. Administered by: us

Purpose: These cookies are essential to provide you with Services available through our website Hadrian Platform and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these cookies, the Services that you have asked for cannot be provided, and we only use these cookies to provide you with our Services.

  • Acceptance cookies Type: Persistent cookies. Administered by: us

Purpose: These cookies identify if users have accepted the use of cookies on our website and Service.

  • Functionality cookies Type: Persistent cookies. Administered by: us.

Purpose: These cookies allow us to remember choices you make when you use our website or Service, such as remembering your login details or language preference. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use our website or Service.

Your privacy rights

You are entitled at all times to ask Hadrian for access to the personal data that Hadrian has stored about you. You have the right to request:

  • access to your personal data (access)
  • change or correct your personal data (rectification)
  • ask to delete your personal data (erasure/right to be forgotten). Please note that although we will grant a request to delete information if required by law, in many situations we must keep specific personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
  • restrict the processing of your personal data (restriction).
  • transfer your data to another controller or to yourself if we have processed your data based on your consent or based on the agreement you have entered into with us (data portability).
  • object to the (further) processing of your personal data if we have processed your data based on our legitimate interests (objection).

If you would like to know more or would like to invoke your rights, please contact us at privacy@hadrian.io.

Minors providing personal data

The age threshold of minors for obtaining parental consent is established by each EU Member State and can be between 13 and 16 years. Minors may only provide personal data to Hadrian if they have written consent from one of their parents or a legal guardian.

Complaints

  1. If you have a complaint about our products or services, please contact us at: privacy@hadrian.io.
  2. If you are not satisfied with the handling of your complaint about the way Hadrian processes your personal data, please contact us at privacy@hadrian.io with the subject “Privacy Escalation” and we will try to support you better.
  3. If you are still not satisfied with the handling of your privacy request or about how Hadrian processes your personal data, you may contact your local Data Protection Authority. Here you find the link to the overview of your EU National Data Protection Authority.

Contact

  • The e-mail address for Hadrian is privacy@hadrian.io.
  • Hadrian’s postal address is Leidseplein 1, 1017 PR, Amsterdam, the Netherlands.
  • Hadrian Security B.V. is registered in the commercial register under number 83587691, and its office is located at Leidseplein 1, 1017 PR, Amsterdam, the Netherlands.
  • You may also contact Customer Service via the telephone number as communicated on our website.

Part 2: Processing activities as data processor, on behalf of our customers

Background

Under GDPR, it is the role of the data controller to inform you about the processing of your personal data. In the cases described below, our customers are the data controllers. If you wish to use your data subject rights (for example deletion or access to your data), you should contact our customer, in most cases your employer, because they are data controller and should be able to help you. Only in case this is unsuccessful, you can contact us directly via privacy@hadrian.io.

Although our customers are data controller, we want to provide clarity to you about processing activities that we carry out on behalf of our customers.

Our role

In general, our role is limited to the supply of hosted software for the Hadrian Security service for our customers. Because our customers control access and roles, the customer is the party who decides the purpose and the means of the processing on the platform, and therefore qualifies as the data controller with its own obligations to comply with data protection laws such as GDPR. Which personal data we process about you as a data processor on behalf of our customers depends on which customer and which service they use. Please request more information from our customers or your employer.