Dots
Dots
Join the hub

Privacy policy

Introduction

The NEVERHACK group and its subsidiaries, including but not limited to NEVERHACK, EXPERT-LINE, INNOVERY by NEVERHACK (Italy), and NEVERHACK Estonia (hereinafter "NEVERHACK", "we", "our", "us") place the utmost importance on the protection of your personal data and are committed to complying with applicable regulations.

With this privacy notice (“Privacy Notice”), we aim to inform our clients and website visitors about the nature, scope, and purpose of the personal data we collect, use, and process in accordance with Article 13 of the GDPR, and to inform these individuals of their rights.

This Privacy Notice is structured as follows: In the overview (A), we provide an overview of our privacy practices related to our services and platform, as well as your rights. In the second part, we explain in detail the processing operations we perform (B), the respective scope of the data, the purpose, and the associated legal bases. In the third part, you receive information on how and when we share data with third parties (C).

The NEVERHACK group has implemented numerous measures to ensure the protection of personal data. For more information, please visit our online privacy center at the following address: https://neverhack.com/

A) Overview

In this privacy notice, we use terms as defined in Article 4 of the GDPR: personal data, data subject, processing, restriction of processing, pseudonymization, controller, processor, recipient, third party, and consent. NEVERHACK is a company specializing in cybersecurity with a 360 vision. It performs data processing in the Business-to-Business (B2B) and Business-to-Customer (B2C) sectors. We have also defined other terms to help you understand the following explanations:

Publicly accessible data are all data, information, and entries that are accessible or searchable by everyone through public sources directly (e.g., via a link) or indirectly (e.g., through a query). Examples of public sources are: websites, news portals, press or blog articles, publications, and publicly shared profiles from social media, as well as public databases of specialized portals, job sites, forums, commercial registers.

Company-related data are data associated with a company or organization. For example, data related to our customers (name, first name, phone, email, bank details, etc.), depending on the services subscribed on our HUB or other platforms.

A1) Data Controller / Data Protection Officer

For the purposes of this privacy notice, the data controller of personal data collected, processed, and stored through the platform, or through related communication platforms, is the NEVERHACK group, whose head office is located at Immeuble le Follow, 2 rue des Près 78280 GUYANCOURT (hereinafter "data controller").

For any questions regarding data processing carried out in connection with the use of the platform or our services and products, you can contact our group Data Protection Officer (“DPO”) appointed by NEVERHACK, and declared to the CNIL at any time by e-mail at the following address: dpo@neverhack.com.

A2) How and When Do We Obtain Personal Data from You?

NEVERHACK may collect personal data about you in the following circumstances:

  1. Data collected by automated means such as cookies or similar technologies when you visit our website. The data is hosted in Europe. These include:
  2. Name: XSRF-TOKEN - Domain: .neverhack.dev - Purpose: Necessary - Duration: 2 hours
  3. Name: neverhack_session - Domain: .neverhack.dev - Purpose: Necessary - Duration: 2 hours
  4. Name: uid - Domain: .neverhack.dev - Purpose: Necessary - Duration: 2 hours

You can obtain more information on the PLAUSIBLE.IO website accessible at the following address: Plausible: GDPR, CCPA, and cookie law compliant site analytics | Plausible Analytics

  1. Data collected from you when you create an account, fill out a form, contact us directly, or subscribe to our services
  2. Data you provide us about other members of your organization or data provided by others to allow you access to our services and solutions.

A3) Legal Bases for Data Processing?

We process personal data in accordance with the applicable data protection regulations within the European Union, namely the GDPR:

a) for the performance of contractual obligations in accordance with Article 6, paragraph 1, point b of the GDPR

We process your personal data in the context of fulfilling our contracts with our customers, users, and/or candidates or for implementing pre-contractual measures.

The purposes of data processing are primarily based on the solutions we develop in-house or market, but also those necessary for the operation of all NEVERHACK group entities and may include, without limitation, general communication about our services, analysis and consulting to create an offer, support or advice, providing online software, or processing application documents.

b) if we have a legitimate interest within the meaning of Article 6, paragraph 1, point f of the GDPR

If necessary, we may process your personal data before the creation or performance of a contract or beyond if we have a legitimate interest in doing so. Legitimate interests include:

  1. Operation of our website, our hub, and optimization of our online offers
  2. To enable access to our solutions (registration, testing, use)
  3. Analysis and optimization of customer journeys and procedures
  4. Advertising, marketing, and sales, to the extent that you have not objected to the use of your data for this purpose
  5. Market and opinion research, to the extent that you have not objected to the use of your data for this purpose
  6. Ensure IT security and operations; Correction of errors and malfunctions
  7. Crime prevention (ethical alert system, obligation to retain certain data [LCEN, CPCE]).
  8. Measures for activity and risk management and control
  9. Further development of services and products
  10. Security event management

c) based on your consent pursuant to Article 6, paragraph 1, point a) of the GDPR

Certain processing activities (e.g., receiving newsletters, downloading white papers or other documents), the use of our services are based on your consent. Consent given may be revoked at any time.

d) in case we are legally obligated to process your data (Art. 6, par. 1, let. c of the GDPR)

To the extent that NEVERHACK is required by law to process certain data, personal data may also be concerned and retained following the legal requirements in force, and communicated upon request to administrative or judicial authorities.

A4) Deletion and Retention Periods

We process and retain your personal information as long as necessary to fulfill our contractual and legal obligations. It should be noted that our business relationship is an ongoing obligation, which extends over several years, i.e., 3 years from the last contact, 1 year for technical data.

If the data is no longer necessary for fulfilling contractual or legal obligations, it is regularly deleted, unless the consent given extends beyond the end of the contract or an interest balancing allows the conclusion that there is a legitimate interest of NEVERHACK for further storage that outweighs the interests of the data subject.

A5) How Do We Share Data?

We may share data as follows:

  1. within the NEVERHACK group to provide you with the requested services and products
  2. with service providers who perform services or manage transactions on our behalf
  3. with other parties when we are required to do so by law or if necessary to protect our rights, or in the context of business transactions.

A6) Data Subject Rights

You may be entitled to exercise all or some of the following rights:

  1. request (i) information indicating whether your personal data is held and (ii) access and/or duplicates of your personal data held, including the purposes of processing, categories of personal data concerned, data recipients, and potential retention periods;
  2. request correction, deletion, or restriction of your personal data, for example, because (i) they are incomplete or inaccurate, (ii) they are no longer necessary for the purposes for which they were collected, or (iii) the consent on which the processing was based has been withdrawn;
  3. refuse to provide and, without impact on data processing activities that occurred prior to this withdrawal, withdraw your consent to the processing of your personal data at any time;
  4. object, based on your particular situation, to your personal data being processed. In this case, please provide us with information about your particular situation. After evaluating the facts you have presented, we will either cease processing your personal data or present our compelling legitimate grounds for continued processing;
  5. take legal actions concerning any potential violation of your rights regarding the processing of your personal data, as well as file complaints with competent data protection regulators;
  6. require (i) to receive the personal data concerning you, which you provided to us, in a structured, commonly used, and machine-readable format and (ii) to transmit this data to another controller without barriers from our side; Where technically feasible, you have the right to have the personal data directly transferred from us to another controller; and/or
  7. not to be subject to automated decision-making, including profiling (automated decisions based on data processing by automated means, for the purpose of evaluating various personal aspects) that produce legal effects on you or affect you with similar significance.

You can (i) exercise the above-mentioned rights or (ii) ask questions or (iii) make complaints regarding our data processing by contacting us at the following address: dpo@neverhack.com. To ensure your request is properly handled, please send us a copy of your ID, previously secured with the filigrane system. NEVERHACK commits to respond to your requests within a month.

For more information about your rights, visit the National Commission for Informatics and Liberties (CNIL) site: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles. You also have the right to file a complaint with the CNIL at the following address: https://www.cnil.fr/fr/plaintes.

A7) Non-use of "Profiling"

Profiling describes a type of automated processing of personal data that involves evaluating, analyzing, or predicting certain personal aspects such as health or personal preferences, and which produces legal effects on the data subject. NEVERHACK does not use such profiling.

B) Full Privacy Notice

When you visit our platform, use our services, or contact us directly, we obtain various types of data about you and your use of our services. This data may include information that directly identifies you, such as your name or contact details, as well as identifiers (e.g., your IP address) or cookie-level data that may indirectly identify you.

The information we obtain generally consists of (B1) data collected automatically about your interactions with our platform and services, or (B2) data you provide to us about yourself or that we collect directly from you, or (B3) data you provide to us about others in your organization, or (B4) data others have provided to us about you.

B1) Automatically Collected Information

If you visit our websites or access our applications, we collect the following information provided by your browser or mobile device: pages viewed, visit time and last visit time, frequency of recurrent visits, IP address, IP address owner's name, IP address domain or provider, referrer (site/service/queries that led you to our website), browser information, device information.

These data are collected and processed for various purposes such as:

  1. to properly provide the content of our website, hub, and applications,
  2. to optimize the content of our website, improve the user experience, and advertise our services and products,
  3. to ensure the continuous operation of our systems and website technology,
  4. to provide law enforcement authorities with necessary information for prosecution in the event of a cyberattack, and
  5. to facilitate access to and use of our services.

The legal basis for processing data collected in this manner is Article 6, paragraph 1, point f) (legitimate interest for the aforementioned purposes) as well as Article 6, paragraph 1, point b of the GDPR (execution of a contract if this processing is necessary to allow you to access our services and products through the platform).

To collect these data, we use cookies and similar technologies. For more information on cookies and other technologies we use, please consult here: Plausible: GDPR, CCPA, and cookie law compliant site analytics | Plausible Analytics

B2) Information Provided by You

If you contact NEVERHACK or one of its subsidiaries, if you send us an email or request, or if you wish to use certain offers and services from our company, processing your personal data may be necessary. Here are some examples:

  1. You request a white paper, price list, or other document.
  2. You sign up to receive our newsletter.
  3. You contact our service or sales team.
  4. You apply for one of our job openings.
  5. You contact us at a conference, trade fair, or similar event.
  6. You test a software or application and share your data with us.

In this case, the following personal data may be collected directly from you:

  1. name, job title, affiliation
  2. email address, phone number or other contact details
  3. billing and payment information
  4. User information from integrated tools
  5. Messages with our support and sales teams
  6. metadata related to your request or application
  7. Search queries and results of these queries
  8. Other data you upload to our systems

In these cases, we process your personal data for the following purposes:

B2.1) To Provide You with Our Services and Products (Art, 6, paragraph 1, point b of the GDPR)

These services may include:

  1. processing your inquiries and requests regarding our platform,
  2. providing you with the platform/website content
  3. providing customer support and IT support, and/or
  4. providing you with online learning content.

B2.2) To Communicate with You

We may communicate with you in various ways, such as by mail, email, personal contact, messaging or chat systems, or social media. Communication purposes may include:

  1. sending you service-related messages and notifications (Art. 6, par. 1, let. f of the GDPR (our legitimate interest in marketing and selling our products and services));
  2. sending you our newsletter (Art. 6 (1) let. a GDPR);
  3. responding to your questions or requests (Art. 6, par. 1, let. b GDPR);
  4. sending you the documents you requested (Art. 6, par. 1, let. b GDPR);
  5. sending you payment or billing-related information (Art. 6 (1) let. b GDPR) and fulfilling our legal obligations regarding accounting and record-keeping (Art. 6 (1) let. c GDPR in relation to Section 257 (4) of the German Commercial Code)
  6. in relation to applications and the application process (Art. 6, par. 1, let. b of the GDPR and Art. 6, par. 1, let. c of the GDPR).

B2.3) To Protect Our Rights or the Rights of Others

This may involve activities such as:

  1. Detection and prevention of fraud or illegal activities or misuse of our services (Art. 6 (1) lit. f GDPR);
  2. Safeguarding our systems (Art. 6 (1) let. f GDPR (our legitimate interest in IT security and data recovery));
  3. Conducting audits, tests, assessments, or other troubleshooting activities (Art. 6, par. 1, let. f of the GDPR (our legitimate interest in IT security and data recovery));
  4. Complying with and enforcing applicable legal requirements (Art. 6, par. 1, let. c GDPR);
  5. Collecting and recovering amounts owed to us (Art. 6, par. 1, let. b GDPR).

B2.4) For Advertising and Marketing Activities (Art. 6, par. 1, let. f (legitimate interest in marketing our products and services) GDPR

These activities include:

  1. Developing, managing, and executing advertising and marketing campaigns, promotions, and offers related to our services, products, and platform;
  2. Interest-targeted advertising. We use online and offline information obtained from you for interest-based advertising and marketing activities. To learn more about this, please also see our cookie notice.

B3) Information You Provide About Third Parties

You may provide information about other people, such as the name and email address of a contact you wish to invite as a user to our services and products. These third parties may include team members or colleagues from your organization or external agencies with whom you are authorized by our general terms to grant access to our services. This information may include the name, job title, and contact details. Do not provide us with information about other people unless you are authorized or have their permission to do so. We will use their information for the purposes described in this privacy notice.

B4) Information Provided About You by Third Parties

Other people may have provided us with information about you, such as your name and contact details, either because they wanted to invite you as a user to our services or products, or in the context of verifying your information for use or in connection with our services. We inform and request any person sharing information with us not to provide us with such information about others unless authorized or with the authorization and knowledge of the persons concerned. We will use your information for the purposes described in this privacy notice.

C) Data Sharing

C1) Recipients

We may share data with the following recipients:

C1.1) NEVERHACK Group

To provide you with comprehensive support and ensure a high and continuous quality of our services and products, the NEVERHACK group relies on the support of INNOVERY by NEVERHACK and CYBERS by NEVERHACK (each being a "Joint Controller" and together the "Joint Controllers"). The legal basis for such processing is Article 6, paragraph 1, point b, as well as Article 6, paragraph 1, point f (legitimate interest in providing and improving our services).

In accordance with Article 26 of the GDPR, the Joint Controllers have concluded a Joint Controller Agreement transparently stipulating their respective responsibilities regarding GDPR compliance.

In addition, we may share data with other affiliated companies for marketing or customer support purposes. This processing activity is based on Article 28 of the GDPR in conjunction with a data processing agreement concluded with the respective affiliated companies.

C.1.2) Service Providers

NEVERHACK does not sell your data to our service providers. We may share certain data with certain companies that help us provide our services (e.g., accounting or job application tools). The legal basis for this data transfer and processing activity is Article 28 of the GDPR in conjunction with a data processing agreement concluded with the relevant service provider. These service providers are only allowed to use the data shared with them for the specific task for which they were hired.

  1. Web analytics service providers
  2. Advertising service providers
  3. Mapping services / Maps
  4. CDN / Content Delivery Networks
  5. Video player
  6. Screen sharing / Video chats
  7. Communication tools
  8. Contact data management / CRM / ERP tools
  9. Application tools
  10. Accounting tools
  11. Cloud storage and hosting providers
  12. Systems and online learning tools

Since our company operates globally, the above-mentioned service providers may occasionally reside outside the jurisdiction where you are based. Further details on this can be found below (cf. C2).

C.1.3) Legal Disclosure

We may disclose your personal data to comply with legal requirements and obligations, including court orders, or to comply with legitimate requests from law enforcement or regulators.

C.1.4) Change of Ownership

We may disclose your personal data in the event of an acquisition, merger or any other transaction to the new owner

C2) Cross-Border Data Transfers

NEVERHACK operates worldwide, however, the data you provide and that we process as part of providing our services is exclusively stored and processed on servers within the European Union.

We also strive to ensure that all our service providers are based in the EEA/EU. Thus, only in rare cases and as part of our data sharing activities mentioned above (see (C)), we may be required to transfer your personal data to other countries, including those outside the European Economic Area (EEA), which may have data protection standards different from those of your country of residence. We will ensure your personal data is adequately protected when shared with these service providers.

In case of transfer outside the EEA, we use the EU standard contractual clauses or (where applicable) rely on adequacy decisions as a guarantee in accordance with Article 46 of the GDPR. For more information on these safeguards, please visit https://ec.europa.eu/info/law/law-topic/data-protection_en or contact our Group Data Protection Officer at dpo@neverhack.com

D) Changes to Our Privacy Notice

We reserve the right to modify this privacy notice to ensure continued compliance with legal requirements or to reflect changes to our services in the privacy notice.

Browse our use cases

Browse background

Your cyber
performance
partner

NEVERHACK is a cybersecurity group offering a full range of consulting, training, quotation, and artificial intelligence products. The mission of NEVERHACK is to create a safer digital world by providing innovative and ethical solutions. NEVERHACK encourages companies to hold the keys to the success of their projects.

PressNAS24 France
WhistleblowerLegal NoticeGeneral Terms
Press

NEVERHACK is a cybersecurity group offering a full range of consulting, training, quotation, and artificial intelligence products. The mission of NEVERHACK is to create a safer digital world by providing innovative and ethical solutions. NEVERHACK encourages companies to hold the keys to the success of their projects.

WhistleblowerLegal NoticeGeneral Terms

NEVERHACK ©2025 All rights reserved

Tailor-made by Makepill & 60fps