Legal notice and privacy

Treatment of information collected

You expressly authorize and instruct EBRC to process your personal data in accordance with any applicable data privacy law or regulation (e.g. the Luxembourg Law of August 2nd, 2002 on the Protection of Persons with regard to the Processing of Personal Data and when applicable EU General Data Protection Regulation 2016/679).
Any personal information collected on EBRC website will be used to operate our website and for all legitimate and relevant purposes in connection with the Services of EBRC (e.g. marketing and commercial communications about EBRC, latest news and services’ information). Such collected personal data may be combined with any other available information about you. Thus, EBRC will be able to process and respond to requests for which you specifically provided relevant personal information

EBRC shall keep the personal data confidential and will instruct its staff and third parties to the same. EBRC shall implement appropriate and commercially reasonable technical, physical and organizational measures and precautions to protect the personal data from accidental loss, misuse, unauthorized access and disclosure, alteration, or unlawful destruction, in particular where the processing involves the transmission of personal data over a network, and against all other unlawful forms of processing. Such measures shall comply with any applicable data privacy law.

Thereby, your collected personal information will be stored and processed in Luxembourg and may be transferred internationally to EBRC third party suppliers if necessary (e.g. performance of requested services on behalf of EBRC). By using EBRC website, you consent to any such transfer of information, to any country of the European Economic Area, any country ensuring an adequate level of data protection according to the European Commission, and in a third country providing a level of protection different than the protection afforded to such personal data by the laws in the country you are established.

As a data subject, EBRC shall assist you, to the extent reasonably possible, to respond to any access, correction, erasure or blocking requests and objections.

EBRC may disclose any personal information to the extent required by a legal provision or judicial or administrative decision.

Data protection regulation process

For any request regarding data protection or to access, modify or delete your data, please refer to our form.

EBRC Coordinated Vulnerability Disclosure policy

Purpose of this policy:

This policy outlines how EBRC will coordinate the disclosure of information related to vulnerabilities which, if exploited, could lead to confidentiality, integrity or availability of EBRC’s assets being compromised or degraded. EBRC’s assets include (but are not limited to) network, system or data.

How to be a player of this policy?

Security must be part of our DNA!

At EBRC, we are committed to addressing and reporting security issues through a coordinated workflow. We strongly encourage you to be a major player of this process.

This is why, if you discover a vulnerability in one of our asset, we should be grateful to be informed accordingly so that appropriate actions could be implemented to solve the vulnerability as quickly as possible.

In that way, your actions contribute protecting our services.

We kindly ask you to:

  • Contact us by using our contact form,
  • Provide enough information regarding your vulnerability and proof-of-concept,
  • Don’t hesitate to give us a copy of the code you used to perform your exploit as well as any information you deem useful,
  • Not abuse the vulnerability in a way which may harm EBRC or its clients,
  • Not access or modify any data in any account or system for which you do not have legal control,
  • Not disclose the vulnerability to other people until we inform you about its resolution,
  • Not make use of attacks on physical security, social engineering techniques or hacking tools, such as vulnerability scanners or DDOS attack,
  • Comply with all applicable laws and regulation.

What we promise:

  • We will acknowledge receipt of your findings within the best delay,
  • We will handle your report with all due confidentiality and ensure that your personal information is not shared with any third parties without your permission,
  • We will carry out a detailed assessment of your potential findings to determine their accuracy,
  • We will keep you informed of the progress in the solution resolution.

EBRC greatly appreciates the efforts made by security researchers sharing with us their discovery. This gives EBRC a chance of improving its services and offering better protection to our clients.

Thank you for your help and being part of this process.

To contact us, please refer to our contact form. Our team will contact you shortly so you can send them additional information.