Responsible disclosure privacy statement

Our lawful basis for processing your information for the purpose of responsible disclosure is your consent.

Your consent is given freely since you have the option to report anonymously. Your consent is unambiguous because you explicitly agree with this privacy statement if you report non-anonymously, and if you partake in our reward program. Your consent is informed due to that we inform you of the identity of our organization through our website, the purpose of the processing of your information, the reasons we process your information, and due to that we inform you of your right to withdraw your consent. Your consent is specific due to that the purpose of processing is defined.

When reporting non-anonymously, you agree that your personal information will be processed by us. Your personal information will be used to contact you if we need more information about the finding, and optionally for participation in our reward program. For the finding and the optional participation in our reward program, we process your name and email address. We also process any information you include in your report and future communication. For physical rewards in our reward program, we also process your address information and phone number in addition to your name and email address, as well as any requested information for specific rewards (e.g. clothing sizes). To be listed in our Hall of Fame, we process your name and optionally a link to your LinkedIn or Twitter profile.

We will not process your information further, unless we are legally required to do so or if we suspect you do not act in good faith while performing criminal acts. Your information will be removed three months after your report or after your participation in our reward program has finished. If you participate in our Hall of Fame, your name and an optional reference to a LinkedIn or Twitter profile will be on our Hall of Fame for an undetermined amount of time.

You have the right to revoke your consent for processing your personal information, and to file a request for reviewing, correcting and removing your personal information. You can do so with the contact information noted in our security.txt. For this purpose, you can ignore the warning at the top related to the use of our registration form.