Hackazon Privacy Statement

Last updated: August 2025

Introduction

Hackazon is a platform developed by Deloitte which allows students and professionals to refresh and improve their technical cyber skills based on the latest developments in cyber security. The Hackazon Cyber Academy offers cyber training that goes beyond theory. Our platform provides value to individuals worldwide by offering engaging courses, challenges, and competitions. With personalised feedback, expert content, and recognition for achievements, learners can master new skills, deepen understanding, and enhance career prospects.

Deloitte provides global, regional, national and/or practice-specific services; each service is administered by Deloitte Touche Tohmatsu Limited ('DTTL') or by one of the affiliated member firms or entities related thereto (jointly referred to as the 'Deloitte Network').

Deloitte Consultative Services B.V. (hereinafter also referred to as 'we', 'us', or 'our') is a part of Deloitte NSE, the member firm affiliated to DTTL. We are a global organisation that handles privacy consciously. We are the entity within the Deloitte Network responsible for Hackazon and act as 'controller' in the sense of the General Data Protection Regulation ('GDPR'). In this Privacy Statement we explain how we use and protect the data of the individuals that have access to Hackazon (hereinafter referred to as 'the individuals' or 'you').

We point out that this Privacy Statement does not apply to the other services or products provided by other entities within the Deloitte Network.

This Privacy Statement may be revised or updated from time to time. You are advised to consult the Privacy Statement on https://academy.hackazon.org/policies/privacy before using Hackazon.

Data collection

Whilst providing Hackazon Cyber Academy and Hackazon competitions, individuals have given consent to Deloitte for the processing of their personal data. This processing is necessary for purposes including account creation, provision of training content, tracking of learning progress, competition administration, and communication related to these activities. The following categories of personal data processed include:

  • User Account information (e.g. username, (hashed) password and email address)
  • Learning results (e.g. challenges solved, progress in course, exam results and ranking of participants in competition)
  • Login information (e.g. IP address, time and date of login)

We do not intentionally collect special categories of personal data, such as data relating to race or ethnic origin, religious conviction, criminal record, physical and mental health status or sexual orientation. If unforeseen, special categories of personal data are being processed, for example when medical data of individuals are processed, we will ensure that the appropriate measures are in place for compliant processing.

Third parties

For the performance of Hackazon, we use the services of the following processors:

  • Amazon Web Services
  • Microsoft Azure
  • Hetzner

These processors will have access to (a selection of the) categories of personal data, in order to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose than to assist us in providing the service.

Hackazon contains links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us and, therefore, we strongly advise you to review the privacy statements of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Location

Personal data is not processed outside the European Economic Area (EEA).

Access to data

You have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: you have the right to request access to your personal data that we process
  • Right to rectification: you may request that any inaccurate personal data be rectified, and any incomplete personal data be completed by us
  • Right to erasure (right to be forgotten): you have the right to request the erasure of your personal data when the data is no longer necessary for the original purpose of processing, when consent is withdrawn, or when you believe there is no legitimate interest in processing or processing is unlawful
  • Right to restriction of processing: you have the right to request that processing of your personal data be restricted in certain circumstances, such as when accuracy or lawfulness of processing is contested
  • Right to data portability: you have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format. You may also request that the data be transferred to another organisation
  • Right to object: you may object to the processing of your personal data on grounds relating to your particular situation. This includes the right to object to direct marketing and processing for scientific or historical research purposes

Individuals wishing to exercise their rights under the GDPR, such as accessing, rectifying or erasing personal data or withdrawing consent, can contact the Hackazon team via hackazon@deloitte.com.

Retention

For internal colleagues, Deloitte conducts a review of active Hackazon accounts every 3 to 4 months, after which inactive accounts may be deleted in accordance with internal data management policies. For client accounts, personal data will be retained only for the duration of the contractual relationship and will be deleted or anonymised promptly after the contract ends. We will make our best effort to ensure optimal data protection measures are in place to make sure that the personal data is securely processed throughout its entire lifecycle. We may use the personal data to protect our rights or properties and, if necessary, to comply with legal proceedings.

Complaints

We make every effort to process personal data in a lawful manner. If individuals are of the opinion that we violate or harm any of their privacy rights, they have the right to lodge a complaint with the Dutch Data Protection Authority ('Autoriteit Persoonsgegevens'). Before turning to the Data Protection Authority, we kindly request individuals to first inform our Privacy Office through this contact form.

Contact

If there are any questions or concerns about the processing of personal data in respect of Hackazon, please contact the Hackazon team via hackazon@deloitte.com. If you wish to contact the Data Protection Officer of Deloitte, please indicate this in your request and we will forward the message.

© 2025. See Disclaimer & copyright for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. Please see About Deloitte for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

In The Netherlands the services are provided by independent subsidiaries or affiliates of Deloitte Holding B.V., an entity which is registered with the trade register in The Netherlands under number 40346342.