The security of our websites, systems and data is of the utmost importance.
Therefore, we allow you to investigate our systems and data only for the purpose of improving our
security: only for that purpose you may investigate potential system weaknesses of security,
vulnerabilities in code etc.
This right is strictly limited to the scope (areas and period) determined in the Project Description.
You will observe the "Binding Ethical hacking Researchers Guidelines" (esp. art. 6 and art. 8) as
published by Intigriti.
You will not investigate our systems and data for potential weaknesses of security if you are an actual
member of personnel of Colruyt Group Services NV or any other company belonging to
Colruyt Group, or worked/have worked under contract for Colruyt Group Services NV in the past
year. The same persons may not assist you in any way when investigating our systems and data.
You will not exceed the limits of the scope of the Project description, the “Binding Ethical hacking
Researchers Guidelines" of Intigriti and this Set of Rules. Please be aware that each project is limited
in time (max 6 months).
You are familiar with all relevant applicable legislation (like intellectual property law, privacy, trade
secrets, ...) and will always operate within legal boundaries when identifying potential security issues.
Please also note, that any exceeding of the Binding Ethical hacking Researchers Guidelines, the limits
of scope of the Period Description (including the timeline) and the Set of Rules will be considered
illegal. In such cases, legal actions and prosecution are possible.
You will always respect the strict confidentiality regarding the mode of operation and you will
disclose your findings only to Intigriti and to the designated person of ourselves.
After the investigation, you will destroy all tangible knowledge obtained as a result of the
investigation and never use this knowledge in any way against us.
You will end immediately your investigation if you find access to private data of personnel, data of
customers, lists of customers, orders, purchase prices (of us),financial data, data hosted by third
parties or in general data considered as trade secrets. Only collect the information necessary to
demonstrate the access and do not go any further.
For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.
It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.
