We therefore ask you to:

• Email your findings exclusively to privacy@inter.nl
• Not exploit the vulnerability you have found by, for example, downloading data or viewing, deleting, or modifying third-party information
• Not delete or modify any data or components of our software system
• Not share your findings with others until the issue has been resolved
• Delete all confidential information you obtained through the vulnerability immediately after it has been fixed
• Refrain from using attacks on physical security, social engineering, distributed denial of service, spam, or third-party applications
• Provide us with sufficient information (such as a detailed description including IP addresses, logs, steps to reproduce, screenshots, etc.) to reproduce the problem so we can address it as quickly as possible

We promise you that:

• We will respond to your report as soon as possible with our assessment of the report and an expected date for a solution
• We will treat your report confidentially and will not share your personal information with third parties without your consent, unless it is necessary to fulfill a legal obligation
• We will keep you informed of the progress in resolving the issue
• In any communication about the reported issue, we will, if you wish, credit you as a pioneer

Our goal: We aim to resolve all ICT issues as quickly as possible and would be happy to be involved in any publication about the issue after it has been resolved.

Changes: We reserve the right to revise this policy from time to time. Therefore, please check our website regularly for the latest version of our Responsible Disclosure.