Privacy Policy

IIntroduction

Hackning Technologies Private Limited (“Hackning”) complies with the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), the UK Data Protection Act, 2018, the California Consumer Privacy Act (“CCPA”) and the (Indian) Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data) Rules, 2011, which set guidelines for the collection and processing of personal information from individuals. This Privacy Notice (“Notice”) informs you about the type of personal information we collect from you, how we use it, and what options you have to limit our use of the personal data related to you (“Personal Data”).

By accessing, visiting, or using our website hackning.com (“Website”) or by otherwise giving us your information, you will be deemed to have the capacity to enter into a legally binding contract as per the jurisdiction from which you are accessing the Website or giving us the information. You will consequently be deemed to have read, understood, and agreed to the practices and policies outlined in this Notice and agree to be bound by its terms.

Hackning Technologies Private Limited is a private limited company duly incorporated under the Companies Act, 2013, with its registered office at 420/10, G.T. Road, Mahesh, Serampore, West Bengal — 712202, India. We operate two consumer-facing platforms: hackning.com, a B2B enterprise software and ERP platform, and actionmicro.in (trading as Action Micro), a consumer electronics e-commerce storefront specialising in genuine, lawfully imported computer hardware, peripherals, and maker/educational electronics. All products sold through Action Micro are mass-market retail goods available through authorised distribution channels. We do not offer, sell, develop, or facilitate any form of cybersecurity exploitation tools, vulnerability research services, or unauthorised access services of any kind. The word “Hackning” in our company name is a stylised rendering used in its original constructive sense — as in hacking together practical solutions — and is a registered trade name of Hackning Technologies Private Limited.

IICollection of personal data

We may collect, store, use and disclose information about individuals which may constitute Personal Data for lawful, explicit, and legitimate purposes based on consent for further processing of personal data consistent with those purposes and as prescribed by applicable laws. When you provide information that enables us to respond to your queries, we will, wherever permissible by relevant laws, collect the information for the purposes described in this Privacy Notice.

Hackning will not collect any Personal Data about you unless you voluntarily provide this information to us. Some of this information that you provide may identify you personally, either alone or in combination with other information available to us.

Personal data that you provide directly through websites or emails

We may collect Personal Data you choose to provide when you fill forms on or raise a query through our Website, or send emails, call us or write to us. If you contact us, we may keep a record of such correspondence. We may also collect Personal Data by asking you to complete surveys that we would use for research purposes, although you have a right not to respond to them.

Personal information automatically collected when you visit the Website

The list of Personal Data collected through the Website is notified to you at the time of granting permission to share the relevant information. Such information may include log data, cookie data, device information, demographic information, behavioral information and sensitive personal data (“SPD”). We may use automated technologies including (where available) web server logs to collect IP addresses, device details, browser types, cookies, and web beacons, which might help us in system administration, to filter traffic, and to improve the effectiveness of the Website and our marketing activities. By using the Website and its associated microsites, you agree to the processing of your personal information as explained in this Privacy Policy.

Personal data collected from third-party sources

You can engage with us through social media websites or through features on the Hackning website that integrate with social media sites. When you engage with us through social media sites, you may allow us to have access to certain information from your social media profile based on the privacy preference settings on such platform.

Personal data collected when you access our Website through mobile devices

If you access our website on your mobile device, we may collect your Personal Data such as your IP address and device details, in addition to the Personal Data you agree to share with us.

When you provide us your mobile phone number, you consent to the use of your mobile phone number for the purposes identified in this Notice. If you choose to refrain from receiving any text notifications from us, we will not use your mobile number for such purposes unless required to meet legal requirements or legitimate business purposes — for example, screening CVs of prospective candidates, or establishing communication with prospective customers and personnel with general or business inquiries.

IIISharing of personal data

We may share your information between our group companies for administrative and legitimate business purposes.

Where required or permitted by law, information may be provided to others, such as statutory authorities, government institutions, regulators, and law enforcement agencies for compliance with legal requirements.

We do not share personal information about you with third parties, except:

• to provide products or services you have requested;
• when we have your permission; or
• under the following circumstances —
  • We may provide the information to trusted entities who work on behalf of or with Hackning under data privacy laws and strict confidentiality agreements. These entities may use your Personal Data to help us communicate with you for legitimate business purposes, but do not have any independent right to further share or disseminate this information.
  • We may use the information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.
  • We may share information where we believe it is necessary to investigate, prevent, or take action against illegal activities, suspected fraud, situations involving potential threats to physical safety, or as otherwise required by law.

We may share information where we believe it is necessary to protect or enforce Hackning’s rights, usage terms, intellectual or physical property, or for the safety of Hackning or associated parties. From time to time, we may consider corporate transactions such as a merger, acquisition, reorganization, asset sale, or similar activities. In these instances, we may transfer or allow access to information to enable the assessment and undertaking of that transaction. If we buy or sell any business or assets, personal data may be transferred to third parties involved in the transaction.

Where we transfer personal data outside the jurisdiction where the personal data originated, we either transfer personal data to countries that provide an adequate level of protection (as determined by the applicable laws of the concerned jurisdiction) or have appropriate safeguards in place. Appropriate safeguards covering these transfers take the form of standard contractual/data protection clauses or binding corporate rules (BCRs) as mandated by applicable laws.

IVData storage and retention

Your personal data is stored in databases that are either owned by us or by our trusted third-party service providers. We contractually require those third parties to keep data secure and confidential, and we do not allow them to disclose your Personal Data to others without our authorization or to use it for their own purposes.

Hackning shall retain your Personal Data pursuant to the business purposes and in line with our retention policies, or as long as necessary to fulfill the purposes we collected it for — including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your Personal Data are available in our retention policy. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, whether we can achieve those purposes through other means, and the applicable legal requirements.

VIndividual rights

You may have certain rights relating to your Personal Data provided for under applicable law. These are the right to:

• Request access to your Personal Data and the processing activities on the personal data.
• Request that your Personal Data be rectified if it is inaccurate or incomplete.
• Request erasure of your Personal Data in certain circumstances.
• Request restriction of the processing of your Personal Data in certain circumstances.
• Object to the processing of your Personal Data in certain circumstances.
• Receive your Personal Data provided to us as a controller in a structured, commonly used and machine-readable format in certain circumstances.
• Lodge a complaint with a relevant authority.
• Withdraw your consent provided at any time by contacting us.

You have the option to subscribe / opt-in to receive our brochures, newsletters, marketing, and research-related materials. We respect your privacy considerations and provide you with the option to exercise your right to unsubscribe/opt-out to prevent marketing communications by writing to [email protected] or by clicking the “unsubscribe” link at the bottom of an email newsletter received by you from us. Hackning shall adhere to your preferences.

Where you have exercised your right to discontinue marketing communications, or have indicated your preference to remove your Personal Data from our customer relationship management (CRM) databases, we will retain minimum Personal Data to note that you opted out, in order to avoid contacting you again.

To exercise the rights outlined above in respect of your Personal Data, please contact the details available in the contact section below. We will endeavor to respond within appropriate timelines as required by the law. Please note that Hackning may need to retain certain Personal Data for record-keeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.

VIProtection of minors’ information

Hackning does not knowingly solicit Personal Data from or market to anyone under eighteen (18) years of age. If you believe that we have received information from a minor, please notify us immediately. We will ensure that reasonable efforts are made to delete such information from our database.

VIIExternal links

Our Website may contain links to other sites including social media links, event sites, etc. whose information practices may be different from ours. You should read such third party’s privacy notices prior to interacting or providing any of your Personal Information. Hackning does not control those sites or their privacy practices. We do not endorse or make any representations about third-party websites.

VIIICookies and other technologies

Our Website uses cookies and similar technologies to facilitate the proper functioning of our websites and to help collect data. A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can remember who you are. Please read our Cookie Policy for more details about the information we collect through cookies when you use this site.

IXReasonable security practices & procedures

We have put in place reasonable security practices and procedures comprising technical, organizational, operational and physical security controls that comply with all applicable laws and regulations to protect your Personal Data from unauthorized or inappropriate access, loss, alteration, disclosure, damage, and destruction.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator/supervisory authority of any suspected breach where we are legally required to do so. Users are responsible for maintaining the secrecy of their own passwords. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you have with us has been compromised) or a Personal Data breach has occurred, please immediately notify us by writing to [email protected].

XChanges to this notice

Please note that this Notice may change from time to time. Changes to the Notice will be approved and updated by our Data Protection Officer. Please visit our website to keep abreast of any changes to the policy.

XIDigital Personal Data Protection Act, 2023

In addition to the frameworks described above, Hackning complies with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) enacted by the Parliament of India. The DPDP Act governs the processing of digital personal data of individuals (“Data Principals”) within India, as well as processing outside India where it involves offering goods or services to Data Principals in India.

11.1 Lawful basis for processing

We process your personal data only where: (a) you have given free, specific, informed, and unambiguous consent (“Consent”) prior to processing; (b) processing is necessary for the performance of a contract to which you are a party; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for legitimate interests pursued by us or a third party, except where such interests are overridden by your fundamental rights.

11.2 Rights of Data Principals

Under the DPDP Act, you have the right to:

• obtain a summary of personal data being processed and the processing activities undertaken by us;
• obtain the identities of all Data Fiduciaries and Data Processors with whom your personal data has been shared;
• correct, complete, update, or erase your personal data where it is inaccurate or no longer necessary for the stated purpose;
• nominate another individual to exercise your rights on your behalf in the event of your death or incapacity; and
• lodge a complaint with the Data Protection Board of India if you believe your rights have been infringed.

To exercise any right listed above, please write to us at [email protected]. We will acknowledge your request within 72 hours and respond substantively within the timelines prescribed by the DPDP Act and applicable rules.

11.3 Consent management

Where we rely on your Consent as the lawful basis, you may withdraw Consent at any time by writing to [email protected] with the subject line “Withdraw DPDP Consent.” Withdrawal of Consent shall not affect the lawfulness of processing carried out prior to withdrawal. We will cease processing within 15 business days of receipt of a valid withdrawal request.

11.4 Data retention under the DPDP Act

We shall not retain your personal data beyond the period necessary to fulfil the purpose for which it was collected, or such period as may be required under applicable law. Upon expiry of the retention period, we will securely delete or anonymise your personal data.

11.5 Grievance Officer

In accordance with the DPDP Act and the Information Technology Act, 2000, we have designated a Grievance Officer whose contact details are set out in the Contact section below. You may reach the Grievance Officer directly at [email protected] for any data protection complaint or query. We will resolve complaints within 30 days of receipt.

XIIWhatsApp Business messaging

Hackning Technologies Private Limited operates WhatsApp Business accounts for both hackning.com and actionmicro.in (Action Micro) to provide transactional notifications, order updates, customer support, and — where you have specifically opted in — promotional communications. This section describes how we collect your consent, what messages we send, and how you may opt out at any time.

12.1 Opt-in

We will only send you WhatsApp messages if you have provided an explicit opt-in through one or more of the following mechanisms:

• checking a clearly labelled WhatsApp opt-in checkbox at checkout on actionmicro.in;
• completing a contact or lead form on hackning.com that includes a WhatsApp consent checkbox;
• replying “START” or an equivalent keyword to an introductory message we send at your request; or
• verbally requesting WhatsApp communication during an inbound call, confirmed by a follow-up opt-in message.

In every case, the opt-in mechanism clearly discloses: (a) the business name (“Hackning Technologies Pvt. Ltd. / Action Micro”), (b) the types of messages you will receive, and (c) how to opt out. We do not add numbers to WhatsApp contact lists without an explicit opt-in record.

12.2 Message categories

We send the following categories of WhatsApp messages:

• Transactional: order confirmations, payment receipts, dispatch notifications, delivery updates, return and refund status updates.
• Service / Support: responses to inbound customer queries, technical support for Action Micro products, platform alerts, and warranty reminders.
• Promotional (opt-in only): product launches, special offers, and event invitations — only to customers who have separately opted in to marketing communications, and no more than four times per calendar month.

We do not send unsolicited bulk messages, spam, phishing communications, or messages containing prohibited content as defined in the WhatsApp Business Policy and the Telecom Commercial Communications Customer Preference Regulations (“TCCCP Regulations”) issued by the Telecom Regulatory Authority of India (“TRAI”).

12.3 Opt-out

You may opt out of WhatsApp messages from us at any time by any of the following methods:

• Reply STOP to any message we send you — we will process the opt-out immediately and confirm within 24 hours.
• Email [email protected] with the subject line “WhatsApp Opt-Out” and your registered phone number.
• Call us at +91 99037 57608 during business hours (Monday–Saturday, 10:00–18:00 IST).

We will honour opt-out requests within 24 hours. You will continue to receive transactional messages strictly necessary to complete a transaction already in progress even after opting out of marketing messages, unless you request a complete cessation of all WhatsApp communication.

12.4 Data used for WhatsApp messaging

To deliver WhatsApp messages, we share your registered mobile phone number and your first name with Meta Platforms Ireland Limited (“Meta”), the operator of WhatsApp, as necessary to transmit messages through the WhatsApp Business API. This sharing is governed by Meta’s own Privacy Policy and the WhatsApp Business Terms of Service. We do not share any financial, health, or sensitive personal data with Meta for messaging purposes.

12.5 Limitation on message content

All WhatsApp communications from us comply with the WhatsApp Business Messaging Policy. We do not send messages that promote or reference: gambling, tobacco, alcohol, weapons, adult content, multi-level marketing schemes, or any product or service that is prohibited under applicable Indian law. Our product catalogue on WhatsApp is limited to the same consumer electronics and enterprise software described on actionmicro.in and hackning.com, all of which are lawfully sold retail goods.

XIIIContact us

If you have any Personal Data-related complaints, data protection concerns, or any communications regarding the enforcement of your privacy rights, or questions regarding our Notice or the practices described herein, you may contact us at: