Vulnerabity Disclosure Policy

1. Receipt of information



For Aug. Winkhaus SE & Co. KG, the security of its systems, its network, the customer data entrusted to it and its products is a top priority.
Despite the greatest possible security precautions, vulnerabilities may exist and be discovered. Aug. Winkhaus SE & Co. KG is grateful for any indication of a vulnerability. These will be eliminated as quickly as possible, thus ensuring that the level of protection for customers, products, systems and the network can always be assured.

Note:

We ask you to report your findings of a vulnerability as soon as possible after discovery exclusively via our whistleblower system. You can access this via the link: https://winkhaus.hintbox.de/

Please select the following options:
1. Submit a report
2. Which company is involved: Aug. Winkhaus SE & Co. KG
3. What is your concern? :
Product safety & -conformity
or
Data protection, privacy and network & information security


2. Specifications for the detector of vulnerable points



Please note the following:
• Report the vulnerability as soon as possible so that it cannot be exploited by malicious parties;

• Please provide sufficient information so that we can trace and rectify the vulnerability as quickly as possible. A description of the vulnerability is usually sufficient. For complex issues, please be as precise as possible.

• Do not disclose the vulnerability before fixing it or pass it on to third parties.

• Do not introduce your own backdoor into the information system for demonstration purposes.

• Do not exploit a security vulnerability beyond what is necessary to identify the vulnerability, i.e. do not cause any damage beyond the reported vulnerability.

• Do not copy, change or delete any data from the system. Alternatively, you can create a system directory list. Any data obtained by the whistleblower should be deleted at the latest after reporting and our confirmation.

• Do not make any changes to the system;

• Do not repeatedly access the system and do not pass it on to third parties;

• Do not use attack methods such as "gross force", "social engineering", "bypassing our physical security", "social engineering", "distributed denial of service", "spam" or third-party applications - which have a significant impact on our day-to-day business and/or the use of our products - to gain access to systems.

• Please refrain from actively scanning our network, systems or products for vulnerabilities.


3. Procedure at Aug. Winkhaus SE & Co. KG



• Aug. Winkhaus SE & Co. KG will respond to your notification within 5 days with an estimated resolution date;

• Aug. Winkhaus will refrain from taking legal action if you have complied with the requirements of this Vulnerability Disclosure Policy;

• Your report will be treated confidentially. You can read the data protection information of our whistleblowing system here;

• You will be informed about progress in removing the vulnerability;

• If you so wish, Aug. Winkhaus SE & Co. KG will name you as the discoverer of the vulnerability in the report.

• Aug. Winkhaus SE & Co. KG will make every effort to close the vulnerability as quickly as possible and is open to publishing the name of the discoverer or whistleblower once the vulnerability has been closed.

Download

Vulnerabity Disclosure Policy

PDFI126 KB