Privacy_Policy.md

May 24, 2026 ยท View on GitHub

Hack23 Logo

๐Ÿ” Hack23 AB โ€” Privacy Policy

๐Ÿ›ก๏ธ Privacy Through Transparency and GDPR Compliance
๐ŸŽฏ User-Centric Privacy for Gaming and Transparency Platforms

Owner Version Effective Date Review Cycle

๐Ÿ“‹ Document Owner: CEO | ๐Ÿ“„ Version: 1.1 | ๐Ÿ“… Last Updated: 2026-01-25 (UTC)
๐Ÿ”„ Review Cycle: Annual | โฐ Next Review: 2027-01-25


๐ŸŽฏ Purpose Statement

Hack23 AB's Privacy Policy demonstrates how privacy-by-design principles directly enable both user trust and regulatory compliance. Our comprehensive approach to personal data protection serves as both operational necessity and client demonstration of our cybersecurity consulting expertise.

This policy establishes transparent practices for collecting, using, protecting, and managing personal data across all Hack23 AB products and services, ensuring full compliance with GDPR, Swedish data protection laws, and industry best practices. Our commitment to privacy transparency showcases how methodical data protection creates competitive advantage through user trust and operational excellence via demonstrable compliance.

โ€” James Pether Sรถrling, CEO/Founder


๐Ÿ“‹ Table of Contents


๐Ÿข Data Controller Information

Hack23 AB is the data controller responsible for your personal data.

InformationDetails
Legal NameHack23 AB
Organization Number559534-7807
Registered AddressCarl Grimbergsgatan 25, 413 13 Gรถteborg, Sweden
Data Protection Contactprivacy@hack23.com
CEO/Data Protection OfficerJames Pether Sรถrling
Websitehttps://www.hack23.com

๐ŸŽฏ Scope & Application

This Privacy Policy applies to all products, services, and platforms operated by Hack23 AB:

๐Ÿ›๏ธ Citizen Intelligence Agency (CIA)

Product

Democratic transparency platform providing access to Swedish parliamentary data, politician activities, and political analysis.

Data Scope:

  • User account information
  • Activity tracking for personalized dashboards
  • Analytics on platform usage
  • Public political data (not personal data of users)

๐ŸŽฎ Black Trigram

Product

Educational gaming platform teaching Korean martial arts history and techniques.

Data Scope:

  • Player profiles and progress
  • Game statistics and achievements
  • Device and session information
  • In-app purchases (if applicable)

๐Ÿ“Š CIA Compliance Manager

Product

Security compliance and assessment tool for enterprise customers.

Data Scope:

  • Organization and user accounts
  • Security assessment data
  • Compliance reports and metrics
  • System configuration information

๐Ÿ‡ช๐Ÿ‡บ European Parliament MCP Server

Product

Model Context Protocol server providing AI assistants with structured access to European Parliament open data.

Data Scope:

  • Public European Parliament data only (MEPs, sessions, documents)
  • No personal user data collected
  • No authentication or user accounts

๐Ÿ‡ช๐Ÿ‡บ EU Parliament Monitor

Product

Automated multi-language news platform monitoring EU Parliament activities.

Data Scope:

  • Public European Parliament data only
  • No personal user data collected
  • Automated news generation from public sources

๐Ÿ—ณ๏ธ Riksdagsmonitor

Product

Swedish Parliament intelligence platform monitoring political activity.

Data Scope:

  • Public Swedish Riksdag data only
  • No personal user data collected
  • Statistical analysis from public sources

๐Ÿค Consulting Services

Professional cybersecurity consulting and advisory services.

Data Scope:

  • Client contact information
  • Project and engagement data
  • Communication records
  • Consulting deliverables

๐Ÿ“Š Data We Collect

We implement data minimization principles, collecting only data necessary for legitimate purposes. All data is classified per our ๐Ÿท๏ธ Classification Framework.

๐Ÿ‘ค Personal Identifiers

Privacy Level

Data TypePurposeLegal BasisRetention
NameAccount identification, communicationContract / Legitimate InterestAccount lifetime + 2 years
Email AddressAuthentication, notifications, supportContractAccount lifetime + 2 years
IP AddressSecurity, fraud prevention, analyticsLegitimate Interest90 days (logs)
Device IDSession management, securityLegitimate InterestSession duration

๐ŸŽฎ Activity & Usage Data

Privacy Level

Data TypePurposeLegal BasisRetention
Application EventsFeature usage analytics, UX improvementLegitimate Interest12 months
Session InformationPerformance monitoring, error trackingLegitimate Interest90 days
Game ProgressSave game state, achievementsContractAccount lifetime
PreferencesPersonalization, settingsContractAccount lifetime

๐Ÿ“Š Analytics Data

Privacy Level

Data TypePurposeLegal BasisRetention
Page ViewsTraffic analysis, content optimizationLegitimate Interest14 months
User FlowUX optimization, feature developmentLegitimate Interest12 months
Error ReportsBug fixing, stability improvementLegitimate Interest6 months
Performance MetricsSystem optimizationLegitimate Interest6 months

๐ŸŒ Technical & System Data

Privacy Level

Data TypePurposeLegal BasisRetention
Browser TypeCompatibility testingLegitimate Interest90 days
Operating SystemPlatform optimizationLegitimate Interest90 days
Screen ResolutionUI/UX designLegitimate Interest90 days
Time ZoneTime localizationLegitimate InterestSession duration
Language PreferenceLocalizationContractAccount lifetime

๐Ÿ’ณ Financial Data (If Applicable)

Privacy Level

Data TypePurposeLegal BasisRetention
Payment InformationTransaction processingContractVia payment processor (Stripe) - not stored by Hack23
Transaction HistoryPurchase records, supportContract / Legal Obligation7 years (Swedish accounting law)
Invoice DataBilling, accountingContract / Legal Obligation7 years (Swedish accounting law)

๐Ÿ“ง Communication Data

Privacy Level

Data TypePurposeLegal BasisRetention
Support TicketsCustomer support, issue resolutionContract3 years
Email CorrespondenceCommunication recordsLegitimate Interest3 years
Feedback & SurveysProduct improvementConsentUntil purpose fulfilled or consent withdrawn

We process personal data only for specified, explicit, and legitimate purposes under GDPR Article 6:

๐Ÿ“‹ Processing Purposes Matrix

%%{
  init: {
    'theme': 'base',
    'themeVariables': {
      'primaryColor': '#1565C0',
      'primaryTextColor': '#0D47A1',
      'lineColor': '#1565C0',
      'secondaryColor': '#4CAF50',
      'tertiaryColor': '#FF9800'
    }
  }
}%%
flowchart TD
    PURPOSE["๐Ÿ“Š Data Processing Purpose"]
    
    PURPOSE --> CONTRACT["๐Ÿ“ Contract Performance"]
    PURPOSE --> CONSENT["โœ… User Consent"]
    PURPOSE --> LEGAL["โš–๏ธ Legal Obligation"]
    PURPOSE --> LEGIT["๐ŸŽฏ Legitimate Interest"]
    
    CONTRACT --> C1[Account Management]
    CONTRACT --> C2[Service Delivery]
    CONTRACT --> C3[Payment Processing]
    
    CONSENT --> CO1[Marketing Communications]
    CONSENT --> CO2[Optional Features]
    CONSENT --> CO3[Third-party Integrations]
    
    LEGAL --> L1[Tax & Accounting]
    LEGAL --> L2[Regulatory Compliance]
    LEGAL --> L3[Legal Claims]
    
    LEGIT --> LI1[Security & Fraud Prevention]
    LEGIT --> LI2[Analytics & Improvement]
    LEGIT --> LI3[System Operations]
    
    classDef purposeStyle fill:#1565C0,stroke:#0D47A1,color:#fff
    classDef basisStyle fill:#2E7D32,stroke:#2E7D32,color:#fff
    classDef itemStyle fill:#1565C0,stroke:#1565C0,color:#fff
    
    class PURPOSE purposeStyle
    class CONTRACT,CONSENT,LEGAL,LEGIT basisStyle
    class C1,C2,C3,CO1,CO2,CO3,L1,L2,L3,LI1,LI2,LI3 itemStyle
Legal Basis (GDPR Art. 6)Processing ActivitiesLawfulness Justification
6(1)(b) Contract PerformanceAccount creation, service delivery, support, feature accessNecessary to provide services you've requested
6(1)(a) ConsentMarketing emails, optional analytics, third-party featuresExplicit opt-in with easy withdrawal
6(1)(c) Legal ObligationTax records, compliance reporting, breach notificationsSwedish law, GDPR, financial regulations
6(1)(f) Legitimate InterestSecurity monitoring, fraud prevention, system analytics, error loggingBalanced against user rights with safeguards

๐Ÿ”’ How We Protect Your Data

We implement comprehensive technical and organizational measures aligned with our ๐Ÿ”’ Cryptography Policy and ๐Ÿ” Information Security Policy.

๐Ÿ›ก๏ธ Technical Security Measures

%%{
  init: {
    'theme': 'base',
    'themeVariables': {
      'primaryColor': '#D32F2F',
      'primaryTextColor': '#C62828',
      'lineColor': '#D32F2F',
      'secondaryColor': '#4CAF50',
      'tertiaryColor': '#1565C0'
    }
  }
}%%
flowchart LR
    subgraph DATA["๐Ÿ“Š Data Protection Layers"]
        TRANSIT["๐ŸŒ Data in Transit<br/>TLS 1.3"]
        REST["๐Ÿ’พ Data at Rest<br/>AES-256"]
        PROCESS["โš™๏ธ Data in Processing<br/>Secure Memory"]
    end
    
    subgraph ACCESS["๐Ÿ”‘ Access Controls"]
        MFA["๐Ÿ” Multi-Factor Auth"]
        RBAC["๐Ÿ‘ฅ Role-Based Access"]
        AUDIT["๐Ÿ“‹ Audit Logging"]
    end
    
    subgraph MONITORING["๐Ÿ“Š Security Monitoring"]
        IDS["๐Ÿšจ Intrusion Detection"]
        SIEM["๐Ÿ“ˆ Log Analysis"]
        ALERT["โš ๏ธ Real-time Alerts"]
    end
    
    DATA --> ACCESS
    ACCESS --> MONITORING
    
    classDef dataStyle fill:#D32F2F,stroke:#B71C1C,color:#fff
    classDef accessStyle fill:#FF9800,stroke:#F57C00,color:#fff
    classDef monitorStyle fill:#1565C0,stroke:#1565C0,color:#fff
    
    class DATA dataStyle
    class ACCESS accessStyle
    class MONITORING monitorStyle

๐Ÿ” Security Controls by Data Classification

Privacy LevelEncryptionAccess ControlMonitoringBackup
Special CategoryAES-256-GCM + AWS KMSMFA required, break-glass onlyReal-time alertingEncrypted, immutable, tested monthly
Personal IdentifierAES-256 + TLS 1.3MFA for admin, RBACAudit all accessEncrypted, daily, tested quarterly
PersonalAES-256 + TLS 1.3RBAC, least privilegeAudit changesEncrypted, daily
PseudonymizedAES-256 + TLS 1.2+Standard RBACSampled auditStandard backup
AnonymizedTLS 1.2+Standard accessAggregate monitoringStandard backup

๐Ÿข Organizational Security Measures

  • โœ… Privacy by Design: Privacy considerations in all system design
  • โœ… Data Minimization: Collect only necessary data
  • โœ… Access Limitation: Need-to-know principle enforced
  • โœ… Staff Training: Regular privacy and security training
  • โœ… Vendor Management: GDPR-compliant ๐Ÿค Third Party Management
  • โœ… Incident Response: Documented ๐Ÿšจ Incident Response Plan
  • โœ… Regular Audits: Internal and external security assessments
  • โœ… Continuous Improvement: Ongoing security monitoring per ๐Ÿ“Š Security Metrics

๐Ÿค Data Sharing & Transfers

We do not sell personal data. We share data only when necessary for service delivery or legal compliance.

๐ŸŒ Third-Party Service Providers

All third parties are vetted per our ๐Ÿค Third Party Management policy and bound by GDPR-compliant data processing agreements (DPAs).

Service ProviderPurposeData SharedLocationSafeguards
Amazon Web Services (AWS)Cloud hosting, infrastructureApplication data, logs, backupsEU (Stockholm, Ireland)AWS GDPR DPA, ISO 27001, SOC 2
GitHubCode repository, CI/CDDevelopment data, logsUSA (adequate safeguards)GitHub DPA, Privacy Shield successor
StripePayment processingPayment data, transaction recordsEU & USAPCI DSS, Stripe DPA, GDPR compliance
SEB (Skandinaviska Enskilda Banken)Banking servicesFinancial recordsSwedenSwedish bank regulations, GDPR
BokioAccounting softwareInvoice data, financial recordsSwedenGDPR-compliant, Swedish data protection

๐Ÿ‡ช๐Ÿ‡บ International Data Transfers

We prioritize EU/EEA data residency. When transfers outside EU/EEA are necessary:

%%{
  init: {
    'theme': 'base',
    'themeVariables': {
      'primaryColor': '#1565C0',
      'primaryTextColor': '#0D47A1',
      'lineColor': '#1565C0',
      'secondaryColor': '#4CAF50',
      'tertiaryColor': '#FFC107'
    }
  }
}%%
flowchart TD
    START["๐ŸŒ International Transfer Required?"]
    START --> CHECK{"๐Ÿ” Adequacy Decision?"}
    
    CHECK -->|โœ… Yes| ADEQUATE["๐Ÿ‡ช๐Ÿ‡บ EU Adequacy Decision<br/>No additional safeguards needed"]
    CHECK -->|โŒ No| SAFEGUARDS{"๐Ÿ›ก๏ธ Appropriate Safeguards?"}
    
    SAFEGUARDS --> SCC["๐Ÿ“ Standard Contractual Clauses<br/>EU Commission approved"]
    SAFEGUARDS --> CERT["โœ… Certification Schemes<br/>Privacy Shield successor"]
    SAFEGUARDS --> COC["๐Ÿ“‹ Codes of Conduct<br/>Industry standards"]
    
    SCC --> ASSESS["๐Ÿ” Transfer Impact Assessment"]
    CERT --> ASSESS
    COC --> ASSESS
    
    ASSESS --> APPROVE["โœ… Transfer Approved"]
    ADEQUATE --> APPROVE
    
    classDef startStyle fill:#1565C0,stroke:#0D47A1,color:#fff
    classDef decisionStyle fill:#FF9800,stroke:#F57C00,color:#fff
    classDef safeStyle fill:#2E7D32,stroke:#2E7D32,color:#fff
    classDef approveStyle fill:#4CAF50,stroke:#388E3C,color:#fff
    
    class START startStyle
    class CHECK,SAFEGUARDS decisionStyle
    class SCC,CERT,COC,ADEQUATE safeStyle
    class ASSESS,APPROVE approveStyle

Transfer Safeguards:

  • ๐Ÿ“ Standard Contractual Clauses (SCCs) for non-adequate countries
  • ๐Ÿ” Transfer Impact Assessments (TIAs) for all transfers
  • ๐Ÿ›ก๏ธ Additional technical safeguards (encryption, access controls)
  • ๐Ÿ“Š Regular monitoring and compliance verification

โฑ๏ธ Data Retention

We retain personal data only as long as necessary for the purposes collected or as required by law.

๐Ÿ“… Retention Schedule

%%{
  init: {
    'theme': 'base',
    'themeVariables': {
      'primaryColor': '#FF9800',
      'primaryTextColor': '#F57C00',
      'lineColor': '#FF9800',
      'secondaryColor': '#4CAF50',
      'tertiaryColor': '#1565C0'
    }
  }
}%%
gantt
    title ๐Ÿ“… Data Retention Timeline
    dateFormat YYYY-MM-DD
    axisFormat %Y
    
    section Account Data
    Active Account                 :active, account, 2025-01-01, 365d
    Account Closure + 2 Years      :crit, closure, after account, 730d
    
    section Financial Records
    7 Years (Swedish Law)          :done, financial, 2025-01-01, 2557d
    
    section Logs & Analytics
    Application Logs (90 days)     :logs, 2025-01-01, 90d
    Analytics Data (12-14 months)  :analytics, 2025-01-01, 420d
    
    section Support Records
    Support Tickets (3 years)      :support, 2025-01-01, 1095d
Data CategoryActive RetentionPost-DeletionLegal BasisSecure Deletion Method
Account InformationAccount lifetime2 yearsContract / Legitimate InterestCryptographic erasure
Activity Logs90 daysNoneLegitimate InterestAutomated purge
Analytics Data12-14 monthsNoneLegitimate InterestAutomated anonymization
Financial Records7 yearsNoneLegal Obligation (Swedish Bokfรถringslagen)Secure archival deletion
Support Tickets3 yearsNoneLegitimate InterestSecure deletion
Game ProgressAccount lifetimeNone (deleted with account)ContractFull deletion
Marketing ConsentUntil withdrawnNoneConsentImmediate removal

๐Ÿ—‘๏ธ Data Deletion Process

Per ๐Ÿท๏ธ Data Classification Policy, we implement:

  1. Automated Retention Enforcement: Scheduled deletion jobs
  2. Cryptographic Erasure: Encryption key deletion for encrypted data
  3. Physical Deletion: Secure wipe of storage media
  4. Backup Purge: Deletion from all backup systems
  5. Audit Trail: Documented deletion verification

โœ… Your Rights Under GDPR

As a data subject under GDPR, you have comprehensive rights regarding your personal data.

๐Ÿ‘ค Individual Rights Matrix

Right (GDPR Article)DescriptionHow to ExerciseResponse Time
๐Ÿ” Right to Access (Art. 15)Obtain confirmation of processing and a copy of your dataEmail privacy@hack23.com or use in-app export30 days (max)
โœ๏ธ Right to Rectification (Art. 16)Correct inaccurate or incomplete dataUpdate in account settings or contact support30 days (max)
๐Ÿ—‘๏ธ Right to Erasure (Art. 17)Request deletion of your personal dataAccount deletion or email privacy@hack23.com30 days (max)
โธ๏ธ Right to Restriction (Art. 18)Limit processing of your dataEmail privacy@hack23.com with justification30 days (max)
๐Ÿ“ค Right to Data Portability (Art. 20)Receive your data in machine-readable formatUse in-app export (JSON/CSV) or email request30 days (max)
โŒ Right to Object (Art. 21)Object to processing based on legitimate interestEmail privacy@hack23.com or opt-out mechanismsImmediate for marketing
๐Ÿค– Rights re Automated Decision-Making (Art. 22)Not subject to solely automated decisions with legal effectWe do not perform automated profiling decisionsN/A
๐Ÿ“ž Right to Lodge ComplaintComplain to supervisory authorityContact Swedish IMY (see below)N/A

๐Ÿ“ง How to Exercise Your Rights

Primary Contact Method:

Email: privacy@hack23.com
Subject: GDPR Data Subject Request - [Your Right]

Include in Your Request:

  • Full name and email address associated with account
  • Specific right you wish to exercise
  • Any additional details to help us locate your data
  • Proof of identity (if request involves sensitive data)

Response Process:

  1. โœ… Acknowledgment within 3 business days
  2. ๐Ÿ” Identity verification (if necessary)
  3. ๐Ÿ“‹ Request processing
  4. ๐Ÿ“ค Response delivery within 30 days (extendable to 60 days for complex requests)

๐Ÿช Cookies & Tracking

We use cookies and similar technologies to improve user experience, analyze usage, and ensure security.

%%{
  init: {
    'theme': 'base',
    'themeVariables': {
      'primaryColor': '#1565C0',
      'primaryTextColor': '#0D47A1',
      'lineColor': '#1565C0'
    }
  }
}%%
pie title ๐Ÿช Cookie Usage Distribution
    "Strictly Necessary (No Consent)" : 40
    "Performance & Analytics (Consent)" : 30
    "Functional (Consent)" : 20
    "Targeting/Marketing (Consent)" : 10
Cookie TypePurposeDurationConsent RequiredLegal Basis
๐Ÿ” Strictly NecessarySession management, security, authenticationSession / 1 yearโŒ NoLegitimate Interest (security)
๐Ÿ“Š Performance & AnalyticsUsage statistics, error tracking, performance monitoring12-14 monthsโœ… YesConsent
โš™๏ธ FunctionalUser preferences, language, customization12 monthsโœ… YesConsent
๐ŸŽฏ Targeting/MarketingAdvertising, retargeting (if used)Variesโœ… YesConsent

Strictly Necessary Cookies

  • session_id: Session authentication (HttpOnly, Secure, SameSite=Strict)
  • csrf_token: CSRF protection (HttpOnly, Secure, SameSite=Strict)
  • security_token: Security validation (HttpOnly, Secure, SameSite=Lax)

Analytics Cookies (Opt-in)

  • _ga: Google Analytics visitor ID (14 months)
  • _gid: Google Analytics session ID (24 hours)
  • _gat: Google Analytics throttling (1 minute)

Functional Cookies (Opt-in)

  • user_prefs: User preferences (12 months)
  • lang: Language preference (12 months)
  • theme: UI theme selection (12 months)

User Controls:

  • ๐ŸŽ›๏ธ Cookie consent banner on first visit
  • โš™๏ธ Cookie preferences in account settings
  • ๐Ÿ—‘๏ธ Clear cookies via browser settings
  • โŒ Opt-out anytime without impact on essential services

Browser Controls:

  • Most browsers allow cookie blocking/deletion
  • Private/Incognito mode prevents cookie storage
  • Do Not Track (DNT) signal respected where possible

๐Ÿ‘ถ Children's Privacy

We are committed to protecting children's privacy in accordance with GDPR and Swedish law.

ProductMinimum AgeParental Consent RequiredVerification Method
๐Ÿ›๏ธ CIA (Citizen Intelligence Agency)13 yearsNo (educational, public data)Age declaration
๐ŸŽฎ Black Trigram13 yearsRequired for ages 13-15Parent email verification
๐Ÿ“Š CIA Compliance Manager18 years (B2B)N/AOrganization verification
๐Ÿค Consulting Services18 years (B2B)N/AContract signatory

๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘ง Parental Rights

Parents/guardians have enhanced rights for children under 16:

  • ๐Ÿ‘€ Access: View all data collected about their child
  • โœ๏ธ Rectification: Correct any inaccurate information
  • ๐Ÿ—‘๏ธ Erasure: Request deletion of child's account and data
  • โธ๏ธ Objection: Object to any data processing
  • ๐Ÿšซ Marketing Opt-Out: Prevent marketing communications

Contact for Parental Requests:

Email: privacy@hack23.com
Subject: Parental Data Request - [Child's Name/Account]

๐Ÿ”’ Additional Protections for Children

  • โœ… Enhanced data minimization
  • โœ… No behavioral advertising to children
  • โœ… No sale or sharing of children's data
  • โœ… Limited data retention periods
  • โœ… Age-appropriate privacy notices
  • โœ… Regular privacy reviews for child-facing services

๐Ÿ“ข Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service offerings.

๐Ÿ”„ Notification Process

%%{
  init: {
    'theme': 'base',
    'themeVariables': {
      'primaryColor': '#4CAF50',
      'primaryTextColor': '#2E7D32',
      'lineColor': '#4CAF50'
    }
  }
}%%
flowchart LR
    CHANGE["๐Ÿ“ Policy Update Required"]
    CHANGE --> REVIEW["๐Ÿ‘ฅ Internal Review"]
    REVIEW --> APPROVE["โœ… CEO Approval"]
    APPROVE --> PUBLISH["๐ŸŒ Publish Updated Policy"]
    PUBLISH --> NOTIFY["๐Ÿ“ง User Notification"]
    
    NOTIFY --> EMAIL["๐Ÿ“ง Email to Active Users"]
    NOTIFY --> BANNER["๐Ÿ”” In-App Notification"]
    NOTIFY --> CHANGELOG["๐Ÿ“‹ Version History"]
    
    classDef changeStyle fill:#2E7D32,stroke:#2E7D32,color:#fff
    classDef processStyle fill:#4CAF50,stroke:#388E3C,color:#fff
    classDef notifyStyle fill:#4CAF50,stroke:#43A047,color:#fff
    
    class CHANGE changeStyle
    class REVIEW,APPROVE,PUBLISH processStyle
    class NOTIFY,EMAIL,BANNER,CHANGELOG notifyStyle

Notification Methods:

  • ๐Ÿ“ง Material Changes: Email notification 30 days before effective date
  • ๐Ÿ”” Minor Changes: In-app notification banner
  • ๐Ÿ“‹ All Changes: Documented in version history below
  • ๐Ÿ“… Effective Date: Clearly stated at top of policy

Your Options:

  • โœ… Accept: Continue using services under new policy
  • โธ๏ธ Object: Contact us to discuss concerns
  • ๐Ÿ—‘๏ธ Opt-Out: Close account before effective date if you disagree

๐Ÿ“‹ Version History

VersionDateChangesAuthor
1.02025-11-05Initial Privacy Policy creation aligned with GDPR and ISMS frameworkJames Pether Sรถrling, CEO

๐Ÿ“ž Contact Information

๐Ÿข Data Protection Contact

Primary Contact:

Email: privacy@hack23.com
Response Time: 3 business days

Data Controller:

Hack23 AB
Attn: James Pether Sรถrling, CEO/DPO
Carl Grimbergsgatan 25
413 13 Gรถteborg, Sweden

Phone: [Contact via email for callback]

๐Ÿ‡ธ๐Ÿ‡ช Swedish Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Swedish Data Protection Authority:

Integritetsskyddsmyndigheten (IMY)

Website: https://www.imy.se
Email: imy@imy.se
Phone: +46 8 657 61 00

Postal Address:
Integritetsskyddsmyndigheten
Box 8114
104 20 Stockholm
Sweden

Filing a Complaint:

  • ๐Ÿ“ Submit online via IMY website
  • โœ‰๏ธ Send written complaint by post
  • ๐Ÿ“ž Contact by phone for guidance
  • โฑ๏ธ IMY typically responds within 3 months

๐Ÿ‡ช๐Ÿ‡บ Other EU Supervisory Authorities

If you reside in another EU/EEA country, you may also contact your local data protection authority:


๐ŸŽฏ Strategic & Governance

๐Ÿ” Security Policies & Controls

โš™๏ธ Operational Integration


๐Ÿ“‹ Document Control:
โœ… Approved by: James Pether Sรถrling, CEO
๐Ÿ“ค Distribution: Public
๐Ÿท๏ธ Classification: Confidentiality: Public
๐Ÿ“… Effective Date: 2026-01-25
โฐ Next Review: 2027-01-25
๐ŸŽฏ Framework Compliance: ISO 27001 GDPR NIST CSF 2.0