1. About this notice
This GDPR Policy supplements our Privacy Policy for individuals protected by the EU GDPR, the UK GDPR, and the UK Data Protection Act 2018. Where this notice and the Privacy Policy differ for GDPR-protected individuals, this notice prevails.
2. Data controller
WarnHack Technologies Private Limited (CIN U62090MP2026PTC082281), located at Bhopal, Madhya Pradesh, India, is the “controller” of the personal data we process about you — meaning we decide why and how it is processed. You can reach our privacy team at [email protected].
3. EU / UK representative
Where required under Article 27 of the GDPR, we will appoint a representative in the EU and/or UK to act as a point of contact for data subjects and supervisory authorities. If a representative has been appointed, their details are published here and available on request from [email protected].
4. When the GDPR applies to you
The GDPR applies to our processing of your personal data where you are in the EEA or UK and we offer services to you or monitor your behaviour (for example, through website analytics that run only with your consent).
5. Legal bases for processing
Under Article 6 of the GDPR, we rely on one or more of the following lawful bases:
- Consent — for analytics cookies and marketing communications. You can withdraw consent at any time.
- Contract — to provide the products and services you request and to manage your account.
- Legitimate interests — to operate, secure, and improve our services, provided your rights do not override those interests.
- Legal obligation — to comply with tax, accounting, and other legal requirements.
We do not process special categories of personal data through this website in the ordinary course of business.
6. Your rights under the GDPR
Subject to the conditions in the GDPR, you have the right to:
- Access — obtain confirmation of and a copy of the personal data we hold about you.
- Rectification — have inaccurate or incomplete data corrected.
- Erasure — request deletion of your data (“right to be forgotten”) where it is no longer needed or consent is withdrawn.
- Restriction — ask us to limit processing in certain circumstances.
- Data portability — receive your data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.
- Object — object to processing based on legitimate interests, and to direct marketing at any time.
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.
- Not be subject to automated decisions — including profiling, that produce legal or similarly significant effects.
7. International data transfers
We are based in India and some of our service providers process data outside the EEA/UK. Where we transfer personal data internationally, we use appropriate safeguards recognised under the GDPR — such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where relevant) — to ensure your data remains protected. You can request a copy of the relevant safeguards from us.
8. Data retention
We keep personal data only for as long as necessary for the purposes it was collected, or as required by law, after which it is deleted or anonymised. The indicative retention periods in our Privacy Policy apply.
9. Automated decision-making
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing, including profiling. If this changes, we will update this notice and, where required, obtain your consent.
10. How to exercise your rights
To exercise any of the rights above, email [email protected]. We will respond within one month as required by the GDPR (extendable by two further months for complex requests, in which case we will tell you). We may need to verify your identity before acting. There is normally no fee, unless a request is manifestly unfounded or excessive.
11. Complaints to a supervisory authority
We would like the chance to resolve your concerns directly, so please contact us first. You also have the right to lodge a complaint with your local data protection supervisory authority — in the UK, the Information Commissioner's Office (ICO); in the EEA, the authority in your country of residence, work, or where the alleged infringement took place.
12. Relationship to our Privacy Policy
This notice focuses on GDPR-specific rights and obligations. For full details of what we collect, how we use it, cookies, processors, and security, please read our Privacy Policy and Cookie Policy.
13. Updates to this notice
We may update this GDPR Policy from time to time. Material changes will be posted here with a new “last updated” date.
14. Contact us
For any GDPR-related question or to exercise your rights, email [email protected] or [email protected].