Security and Data Protection

Hawk collects personal data only where there is a legitimate purpose for doing so and only to the extent necessary for that purpose. The primary legal bases for collection are: fulfilment of contractual obligations (programme enrolment, commercial licensing agreements); compliance with legal obligations (record-keeping, regulatory requirements); and legitimate interests (website security, fraud prevention, service improvement).

Hawk does not collect sensitive personal information such as health data, biometric data, financial account credentials, or government-issued identification numbers unless specifically required for a defined regulatory or contractual purpose, in which case such collection is disclosed at the time of collection.

Personal data collected by Hawk Trading Education is stored using reputable cloud infrastructure providers that maintain appropriate technical and organisational security measures. Hawk selects infrastructure providers on the basis of their security certifications, data residency practices, and contractual commitment to data protection standards.

Data in transit between your browser and Hawk's web infrastructure is protected using industry-standard encryption protocols (TLS 1.2 or higher). Data at rest is encrypted where technically feasible and appropriate to the sensitivity of the information. Access to stored personal data within Hawk's operational environment is restricted to authorised personnel on a need-to-know basis.

Hawk retains personal data for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Programme participant data is typically retained for the duration of the programme and for a period thereafter sufficient to meet Hawk's contractual, regulatory, and dispute resolution obligations. Where data is no longer required, it is securely deleted or anonymised in accordance with Hawk's data retention schedule.

Where data is transferred to, or processed by, service providers located outside Australia, Hawk takes steps to ensure that such transfers comply with the requirements of the Australian Privacy Act 1988 (Cth), including by obtaining appropriate contractual assurances from overseas recipients. Users accessing this website from the European Economic Area, United Kingdom, or other jurisdictions with specific data transfer requirements should refer to Hawk's Privacy Policy for further information.

Hawk Trading Education uses a range of third-party services to deliver its website, educational programmes, and community environments. These services may collect, process, or store personal data in the course of delivering their functionality. Hawk selects third-party services on the basis of their security standards, data protection commitments, and suitability for use in a professional financial education context.

Categories of third-party services used in Hawk's operations include: cloud hosting and content delivery infrastructure; email and communication platforms; community and learning management platforms; payment processing services; analytics and website performance monitoring tools; and third-party verification services used in connection with performance data.

Each third-party service is subject to its own privacy policy and terms of service, which govern how that service collects and uses data independently of its relationship with Hawk. Hawk encourages users to review the privacy policies of third-party services that they interact with directly. Hawk is not responsible for the data practices of third-party providers beyond the contractual obligations imposed on those providers by Hawk.

Hawk does not sell personal data to third parties and does not share personal data with third parties for their own marketing purposes. Personal data shared with third-party service providers is shared only to the extent necessary for those providers to deliver the services contracted by Hawk, and is subject to appropriate data processing agreements where required by law.

Under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), individuals have the right to: access personal information held about them by Hawk; request correction of inaccurate, incomplete, or out-of-date personal information; make a complaint if they believe Hawk has breached the APPs in relation to their personal information; and, in certain circumstances, request that Hawk refrain from using personal information for direct marketing purposes.

Users accessing this website from the European Economic Area or the United Kingdom may have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation, including the right to erasure, the right to data portability, and the right to object to certain forms of processing. The application of these rights will depend on the specific circumstances of your data and your jurisdiction.

To exercise any of your data rights, or to obtain further information about personal data held by Hawk, please submit a written request to Hawk's data contact address provided in Section 5 below. Hawk will respond to all valid rights requests within 30 calendar days. Complex requests may require additional time, in which case Hawk will provide an interim acknowledgement and an estimated response timeframe.

Hawk will not charge a fee for processing a rights request unless the request is manifestly unfounded or excessive, in which case Hawk may charge a reasonable administrative fee or decline to comply with the request, and will explain the reason for doing so in writing.