User data

What information does Hoxhunt collect

The information we have about you is collected from a few sources. Majority of the information is provided to us by your organization while some information is collected when you use the Hoxhunt button or visit our web applications. We might also ask you for additional information through the application.

Mandatory categories:

  • Full name
  • Email address
  • Geolocation based on IP
  • Last data processing activity (time stamp)
  • Native language
  • Browser language
  • Employee performance statistics in the Services (failure/success rate per employee in the training)

Optional categories:

  • Telephone numbers
  • Picture
  • Spoken languages
  • Time zone
  • Employee department
  • Employee work title
  • Employee generated content (reported emails) and preferences
  • Employee related information from other systems of the Data Controller

 

Want to see what information about you is available on the internet?

https://pipl.com/api/demo

Want to see if your email address has been compromised in a data breach?

https://haveibeenpwned.com/

 

How do we use your information

The only reason we collect information is to make sure you have the best experience with Hoxhunt and to make sure we can provide the best possible service to your organization.

 

We use the collected information to:

  • create and maintain your Hoxhunt user account
  • provide Hoxhunt service to you
  • operate and improve our service for you
  • send you our simulated phishing emails (training emails) and other related training content
  • make simulated phishing emails more convincing (make them look the same way a malicious actor would do)
  • send simulated phishing emails on your behalf (using your name or email adress)*
  • understand you and your preferences to enhance your experience and enjoyment using Hoxhunt
  • provide you with better customer support and technical support
  • analyze user trends and provide reporting for your organization
  • notify about changes to Hoxhunt service

* If permitted by you and your organization, Hoxhunt will occasionally use your name or email address in simulated phishing emails sent to your colleagues (who also participate in Hoxhunt training). You may also receive training emails that are disguised to come from your colleagues. Colleagues are picked completely random (except in cases where training emails deliberately mimic colleagues in a more prominent role like HR personnel and the CEO).

Here's an example of how we might use your user data in Hoxhunt training emails:

User_data.png

 

How long is my user data stored?

The collected information is stored for as long as you have a Hoxhunt user account.

NOTE: Opting out of Hoxhunt training doesn't remove your data. To get your data removed from Hoxhunt service, please contact your Hoxhunt Admin.

 

How often is my user data updated?

Your basic organizational data (name, email address, department, country, etc.) is either updated from your organization automatically, or manually by your dedicated Hoxhunt Admin(s) or per request by Hoxhunt personnel. Your employer controls and defines what organizational data is provided to Hoxhunt.

Behavioral and action-based data (geolocation, IP address, success rate, etc.) is updated in real-time whenever you interact with Hoxhunt service.

 

Does hoxhunt have access to my mailbox or calendar?

No. Hoxhunt doesn't have access to see the contents of your mailbox or calendar. Hoxhunt has access only to the email you are reporting at the time. Any similarities or relevancy of Hoxhunt training emails (simulations) with your mailbox contents are purely coincidental.

 

Data Processing Agreements (DPAs)

Hoxhunt has signed DPAs with all its customers and third parties. This means that we are strongly committed to keeping your information safe and will follow a pre-defined protocol if for some reason your information gets compromised.

If you want to learn more about DPAs, check out the below site:

https://gdpr.eu/data-processing-agreement/

 

 

Participation to Hoxhunt training

Participating in Hoxhunt training is voluntary unless your organization policy states otherwise. If you wish to stop your training, please check this KB article.

 

Want to stay in the training but be anonymous?

That's also possible. Please check this KB article on how to set yourself into Anonymous Mode in Hoxhunt.

 

How to opt-out

Please refer to our Unsubscribe page for information on opting out. 

 

If you have any questions regarding your information or anything else in this text, please get in touch with us through chat or support@hoxhunt.com.

 

 

Was this article helpful?

32 out of 32 found this helpful

Have more questions? Submit a request