Vulnerabity Disclosure Policy
1. Receipt of information
For Aug. Winkhaus SE & Co. KG, the security of its systems, its network, the customer data entrusted to it and its products is a top priority.
Despite the greatest possible security precautions, vulnerabilities may exist and be discovered. Aug. Winkhaus SE & Co. KG is grateful for any indication of a vulnerability. These will be eliminated as quickly as possible, thus ensuring that the level of protection for customers, products, systems and the network can always be assured.
Note:
We ask you to report your findings of a vulnerability as soon as possible after discovery exclusively via our whistleblower system. You can access this via the link: https://winkhaus.hintbox.de/
Please select the following options:
1. Submit a report
2. Which company is involved: Aug. Winkhaus SE & Co. KG
3. What is your concern? :
Product safety & -conformity
or
Data protection, privacy and network & information security
2. Specifications for the detector of vulnerable points
Please note the following:
• Report the vulnerability as soon as possible so that it cannot be exploited by malicious parties;
• Please provide sufficient information so that we can trace and rectify the vulnerability as quickly as possible. A description of the vulnerability is usually sufficient. For complex issues, please be as precise as possible.
• Do not disclose the vulnerability before fixing it or pass it on to third parties.
• Do not introduce your own backdoor into the information system for demonstration purposes.
• Do not exploit a security vulnerability beyond what is necessary to identify the vulnerability, i.e. do not cause any damage beyond the reported vulnerability.
• Do not copy, change or delete any data from the system. Alternatively, you can create a system directory list. Any data obtained by the whistleblower should be deleted at the latest after reporting and our confirmation.
• Do not make any changes to the system;
• Do not repeatedly access the system and do not pass it on to third parties;
• Do not use attack methods such as "gross force", "social engineering", "bypassing our physical security", "social engineering", "distributed denial of service", "spam" or third-party applications - which have a significant impact on our day-to-day business and/or the use of our products - to gain access to systems.
• Please refrain from actively scanning our network, systems or products for vulnerabilities.
3. Procedure at Aug. Winkhaus SE & Co. KG
• Aug. Winkhaus SE & Co. KG will respond to your notification within 5 days with an estimated resolution date;
• Aug. Winkhaus will refrain from taking legal action if you have complied with the requirements of this Vulnerability Disclosure Policy;
• Your report will be treated confidentially. You can read the data protection information of our whistleblowing system here;
• You will be informed about progress in removing the vulnerability;
• If you so wish, Aug. Winkhaus SE & Co. KG will name you as the discoverer of the vulnerability in the report.
• Aug. Winkhaus SE & Co. KG will make every effort to close the vulnerability as quickly as possible and is open to publishing the name of the discoverer or whistleblower once the vulnerability has been closed.
