Bug-Bounty Ltd is committed to safeguarding your privacy. Please read the following privacy statement to understand how your personal information will be treated when you use or register on the website, speak to a member of our team or otherwise interact with us.
What personal information does Bug-Bounty collect?
We collect personal information from you when you provide it to us directly, or through your use of our website, for example:
Information about yourself when you register for an account with us. This may include your name and contact details, your company name and company details and/or your website.
Transaction and billing information, if you make a purchase with us or contract for one of our solutions or services.
Records of your interactions with us, e.g. if you send email feedback to our website, ask a technical question, report a problem or otherwise contact us.
We may also record certain details of how you use our website, such as the website you came from or are going to, your device’s unique ID, your IP addresses and operating system and information you download. Marketing emails we send you may also automatically detect whether you have received or opened the email or clicked on a link in our marketing materials. We use this information for our own performance measurement.
What does Bug-Bounty do to protect my personal information?
We aim to deliver the highest level of service and security to our customers and our website has been specifically designed with security in mind.
In order to ensure the security and protection of your personal details whenever you submit any sensitive information such as your account details, we use the latest available security methods.
Your Online Account Information Personal Profile are password-protected so that you and only you have access to this personal information. We recommend that you do not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited email.
How can I access, update, correct or delete my personal information?
You can view and edit your Personal Profile information at any time by clicking on the ‘Dashboard – Edit Profile’ section, which you can access anytime through the link in the navigation bar.
If you have forgotten your password, please use the links online to send reminders or if have any other problems accessing our website, please contact firstname.lastname@example.org.
If you have a query regarding your personal information which you cannot resolve via your Personal Profile, please contact us using the details above. Under EU data protection law (GDPR), you have the right to access (including in a machine-readable format), correct, and request the erasure of your personal data, and Bug-Bounty will comply with any requests to exercise these rights in accordance with applicable law. Please be aware, however, that there are a number of limitations to these rights, and there may be circumstances where we are not able to comply with your request.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
We also store a copy of all submitted reports and PoC data for future review and processing.
Updates to this Privacy Statement
We may change this privacy statement from time to time in order to reflect changes in the law, regulatory guidance or our data privacy practices in compliance with the law. When this happens and where required by law, we will provide you with a new or an updated notice detailing how the use of your personal information is changing and, if necessary, obtain your consent for the further processing.
Bug-Bounty will comply with law enforcement in circumstances where a valid legal order is received. This Agreement is governed by the laws of the Republic of Ireland.
Accountability: We are committed to the principles of the GDPR by adopting the concept of ‘data privacy by design’ within our operational model. We remain accountable by having detailed policies and systems in place as well as a Data Protection Officer to oversee our overall compliance to data protection regulations including the management of access rights requests. Our policies are regularly reviewed and updated, and our staff are periodically trained on data protection and security throughout the year.
Transparency, Fairness and Lawfulness: We process data with data subjects’ interests in mind and ensure that we approach processing activities with transparency to maintain fairness in what we do. This way we can be sure that we are processing data lawfully. We have a robust process in place to allow us to deal efficient with any access requests we may receive.
Data Integrity and Confidentiality: We hold data on secure systems. Information security and integrity is key to our smooth operation and we have dedicated cyber security team who protect our systems. We also have an Incident Response Team on hand to support us in the event data may become compromised.
Data Minimisation and Data Storage: We will not keep data for longer than is necessary and only keep data if there is a lawful basis which allows fair retention. When we do need to remove data from our possession, we do so by using industry approved standards so the disposal or anonymisation is thoroughly compliant.
Data Accuracy: Keeping data accurate is very important to us and we train our staff to ensure they are maintaining data to a high quality and with all the facts available.
Purpose Limitation: We use the data we attain for a specific purpose. This means that data is not processed for any alternative reasons other than what the data was originally collected for.
The tables below explain our stance on different operational areas of our business, so that you can easily see the standards we work by.
If you have any further queries about any topics raised in this document please contact our Data Protection Officer on email@example.com for further assistance and clarity.