We at Dutch Flower Group B.V. and our subsidiaries (DFG) work hard every day to maintain and improve our systems and processes so that our customers can work safely online at all times. However, should you find a weakness in one of our IT systems, we would appreciate your help.
What you can report
You can report any number of weaknesses in our IT systems. If you spot a weakness, please contact us as soon as possible. Examples are:
How to report a weakness
You can report weaknesses to us by email: firstname.lastname@example.org. Prevent information from being intercepted by criminals. State concisely in your email what weakness(es) you have found. We will take action immediately.
What we do with your report
A team of security experts will investigate your report and will contact you within two work days to discuss the weakness, how you found it and follow-up action.
We will only use your personal details to take action based on your report. We will not share your personal details with others without your express permission.
Observe the rules
If you discover a weakness and investigate it, you might perform actions that are punishable by law. If you observe the rules for reporting weaknesses in our IT systems, we will not report your offence to the authorities and will not submit a claim.
It is important for you to know, however, that the public prosecutor’s office – not DFG – will decide whether or not you will be prosecuted, regardless of whether we report your offence to the authorities. We cannot promise that you will not be prosecuted if you commit a punishable offence when investigating a weakness.
The National Cyber Security Centre of the Ministry of Security and Justice has created guidelines for reporting weaknesses in IT systems. Our rules are based on these guidelines.
Take responsibility and act with extreme care and caution. When investigating the matter, only use methods or techniques that are necessary in order to find or demonstrate the weaknesses.
Will I receive a reward for my investigation?
Yes, you might receive a reward – but we are not required to give you one. You are not necessarily entitled to compensation. The amount of the reward is not fixed in advance. DFG determines the amount, based on the following:
Am I allowed to publicise the weaknesses I find and my investigation?
Never publicise weaknesses in our IT systems or your investigation without consulting us first. We can work together to prevent criminals from abusing your information. Consult with our security experts and give us time to solve the problem.
What shouldn’t I use this email address for?
The email address email@example.com is not intended for the following:
Can I report a weakness anonymously?
Yes, you can. You do not have to give us your name and contact details when you report a weakness. Please realise, however, that we will be unable to consult with you about follow-up measures, e.g. what we do about your report, further collaboration, giving you credit or a possible reward.