Privacy Policy
Who are we?
We are Yōkai Network, a trading name of Yōkai Research and Development B.V. (Yōkai). Our address is Prinses Margrietplantsoen 33, 2595 AM Den Haag. We are registered with the Chamber of Commerce (Kamer van Koophandel) under number 86910531.
What do we do?
At Yōkai, we are all about connecting software companies and cybersecurity professionals to make the digital world safer. Our security collaboration ecosystem Yōkai provides a space where companies can launch security testing programs, and cybersecurity professionals can help uncover vulnerabilities, all while ensuring fair compensation for their efforts (the Platform).
Please note that the Platform is currently in Beta, so occasional imperfections may occur.
We are dedicated to safeguarding your personal data and respecting your privacy. This policy explains how we handle your data, and you can navigate it using the links below:
Contents
1. About this Policy 2. Applicability 3. Data processing 3.1 Data categories 3.2 Data collection methods 3.3 How we use your personal data 4. Data storage 5. Data protection 6. Data sharing 7. Data transfer 8. Privacy rights 9. Cookies1. About this Policy
This policy explains the data we collect, how we use and protect it, and your privacy rights (the Privacy Policy). The terms used in this Privacy Policy have the meaning as set out in our Terms and Conditions. We may modify this Privacy Policy. If we substantially modify the Privacy Policy, we shall place a notification on our Platform. In addition, we shall notify registered users in case of a substantial modification via email. If you are not a registered user, we advise you to consult the Platform and this Privacy Policy regularly.
2. Applicability
This Privacy Policy covers our Platform and all other services or products we provide (the Services). It applies to you as one of the following Users: a Client, Hacker, or visitor of our Platform.
3. Data processing
In this section, we explain how Yōkai manages your data, including the categories we collect, how we collect it, and why we use it.
3.1 Data categories
We handle various personal data categories:
| Category | Personal data |
|---|---|
| Identity Data | First name, last name, usernames or similar identifiers, other identifiers (such as a corporate or industry known number). |
| Contact Data | Correspondence address, email address, and telephone number(s). |
| Financial Data | Payment details: payment method and financial data, such as credit card and/or bank account information. |
| Technical Data | Internet protocol (IP) address, your login details, web browser type and version, browser plug-in information, Internet Service Provider (ISP), time zone, location, operating system, and device technology when you use Yōkai. |
| Usage Data | Details regarding your account and about how you use our Platform and Services, such as: customer support queries, your preferences, and feedback. |
| Marketing Data | Details about your preferences in receiving marketing from us and our business partners and your communication preferences. |
| Application Data | Contact information, date of birth, gender, e-mail address, telephone number and résumé. |
3.2 Data collection methods
We receive your data through various methods:
- Direct interactions: when you engage with our staff through email, phone, or other means;
- Automated technologies: when you create an account or use web enquiry forms on our Platform;
- Third parties or publicly available sources.
3.3 How we use your personal data
We process personal data based on the following grounds outlined in the General Data Protection Regulation (GDPR).
- Consent: an active act indicating that you accept that your personal data is being processed by Yōkai, which you can revoke at ant time.
- Performance of a contract: when processing personal data is necessary to fulfil a contract with you, such as our Terms and Conditions or Agreement with you.
- Legal obligation: when we must comply with legal obligations.
- Legitimate interest: when our interest to process your personal data outweighs your privacy interest.
| Purpose | Legal ground(s) | Explanation |
|---|---|---|
| Get in touch | Legitimate interest | We use your Identity Data and Contact Data to interact with you, for example when you make an enquiry about our Platform or Services. |
| Account Management | Performance of a contract | We use your Identity Data and Contact Data to register and manage your account. |
| Running Campaigns | Performance of a contract; Legitimate interest. | We use your Identity Data and Contact Data to run Campaigns. |
| Payment | Performance of a contract | We use your Financial Data for the payment of fees relating to the use of our Platform and Services. |
| Business Protection | Legal obligation; Legitimate interest. | To protect our business and Platform, we use your Identity Data, Contact Data, and Technical Data. This helps us prevent fraud, enhance security, and adapt to potential changes in our organisation. |
| Communication | Performance of a contract | We use your Contact Data to send information messages necessary for the use of our Platform and Services, excluding marketing communications. |
| Customer Service | Consent; Legitimate interest. | To enhance customer support, we use your Identity Data, Contact Data, and Technical Data. This helps us improve our services, provide IT support, maintain network security, prevent fraud, and plan for future business needs. |
| Data Analytics | Legitimate interest | To improve our Platform and Services, customer relationships and experiences, we use your Technical Data and Usage Data. |
| Marketing Communication | Consent; Legitimate interest. | We use your Identity Data, Contact Data, Usage Data, Marketing Data for marketing, to the extent permitted by law. This includes: (i) sending you updates on products and services we think you'd like, (ii) ask for your feedback to improve our communication, and (iii) tracking your Platform use to enhance our Services. If you want to stop receiving these messages, just click 'unsubscribe' in our emails. |
| Legal Compliance | Legal obligation | In order to comply with applicable law, Yōkai may be required to process personal data for purposes other than those set out in this Privacy Policy, for example for law enforcement and in case of a court order. |
| Job Application | Consent; Legitimate interest. | If you apply for a job at Yōkai, we may use your Application Data to process your application. |
4. Data storage
We keep your data only as long as needed for the purposes mentioned in Section 3 (Data Processing) and as allowed by applicable law. Specific retention periods are as follows
| Data category | Retention period |
|---|---|
| Financial Data | We will retain your payment data for as long as necessary to fulfil our financial and tax obligations (generally 7 years). |
| Application data | If Yōkai does not hire you, your information will be deleted within 4 (four) weeks after your application unless otherwise agreed between you and Yōkai in writing. |
| Marketing Data | We will retain your data for marketing and promotional purposes for as long as you use our Platform and Services, or until you opt-out. |
| Other data | We will retain the other categories of personal data to achieve the purposes related to the specific Service we provide you with. |
5. Data protection
We do our utmost to protect your personal data, by taking technical and organisational security measures to protect your data against manipulation, loss, destruction and access by unauthorised persons. These security measures are constantly improved in line with technological developments.
- Access to the personal data is strictly limited to employees and third party service providers on a ‘need to know’ basis;
- Access to the personal data is secured with a two-factor authentication (2FA);
- Encryption of personal data;
- The Platform is solely accessible via Hypertext Transfer Protocol Secure (HTTPS) connections, secured with Secure Socket Layer (SSL) or Transport Layer Security (TLS);
- Conclusion of Non-disclosure agreements (NDA’s)
- Backups of personal data to restore it in a timely manner in case of physical or technical incidents;
6. Data sharing
In the cases listed below, Yōkai shares personal data with third parties.
| Third party | Legal ground(s) | Explanation |
|---|---|---|
| Service Provider | Consent; Legitimate interest. | Yōkai may share personal data with the following categories of service providers, who contribute to the Platform and Services: hosting, data analysis and storage, payment processing, information technology and related infrastructure, customer service, product design, product diagnostics, email delivery, credit card processing, auditing, and marketing. |
| Competent Authorities | Legitimate interest | Yōkai discloses personal data to law enforcement authorities and other public authorities to the extent required by law or strictly necessary for the prevention, detection or prosecution of criminal offences and fraud. |
| Auditors and advisors | Legitimate interest | We engage auditors and professional advisors to meet our legal, regulatory, and statutory responsibilities. They have contractual arrangements and security mechanisms in place to protect data and comply with our data protection, confidentiality, and security standards. |
| Other businesses | Legitimate interest | We may transfer personal data to third parties in the event that Yōkai is subject to a merger, acquisition, reorganisation, sale of business units or bankruptcy. In this case Yōkai will ask for your prior consent, if this is required under applicable law. |
| Users | Performance of a contract | We may share your personal data with other Users of the Platform, such as providers participating in Campaigns (“Hackers”) or software companies running Campaigns via the Platform (“Clients”). |
If the above organisations are regarded as processors under the GDPR, Yōkai will enter into a data processing agreement with them. Processing of personal data will only take place on Yōkai’s instruction and under Yōkai’s responsibility.
7. Data transfer
We process personal data within the European Economic Area (EEA) to the extent possible, and will only process personal data outside the EEA if that country offers an appropriate level of protection. If necessary, we use the legally required safeguards for the transfer of personal data, such as the conclusion of an EU model contract.
8. Privacy rights
Under the GDPR, you have the right to:
- request access to your personal data;
- request us to correct, limit or delete your personal data;
- request a copy of your personal data. We can provide this copy to third parties at your request;
- object to the processing of your personal data by contacting us;
- file a complaint directly with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) about the way we process personal data;
- revoke your consent to the processing of your personal data.
9. Cookies
A cookie is a small text file that can be sent via the server of a website to the browser. The browser saves this file to your computer. Your computer is tagged with a unique number, which enables our site to recognize that computer in the future.
We use cookies to improve the user experience on our Platform. Moreover, cookies ensure that our Platform works faster, that you can visit our Platform safely and that we can track and solve errors on our Platform.
You can always delete or disable cookies yourself via the browser settings. No more cookies will be stored when you visit our Platform. However, please note that without cookies, our Platform may not function as well as it should.