VULNERABILITY DISCLOSURE POLICY OF COOPERATIVE U
The COOPERATIVE U is a network of independent traders keen to share a set of values conveyed in particular through the communication carried out by our brand, the sale of U brand products in stores and through our e-commerce platforms.
The safety and security of user data of our services is one of our highest priorities. This is why we are working to implement the best possible security measures, particularly through the intervention of U TECH, a company specializing in the IT field within the COOPERATIVE U.
Despite our efforts, vulnerabilities may still be present in our systems or on our sites and applications accessed via the Internet.
In this context, everyone is encouraged to report them, whether they are a researcher, partner, CSIRT/CERT, customer or in any other qualification.
Our Vulnerability Disclosure Policy describes COOPERATIVE U's principles for requesting and receiving reports. Reporting vulnerabilities will help improve the security and reliability of our systems, sites and applications accessed over the Internet
HOW ?
The method to contact us and provide information about a vulnerability is to use the form.
IN CASE OF DISCLOSURE OF A VULNERABILITY
By making a report to U TECH using the form, or by otherwise communicating a report to U TECH or more generally to COOPERATIVE U concerning vulnerabilities, you acknowledge having fully read and accepted without limitation the terms and conditions described below.
By disclosing a vulnerability to U TECH, you confirm that you are acting responsibly by not taking advantage of the identified vulnerability and in particular that:
- You have not exploited or used in any way, and you will not exploit or use in any way any discovered vulnerabilities, other than for the sole purpose of reporting them to U TECH;
- You have not engaged, and you will not engage, in testing/searching for vulnerabilities with the intention of harming COOPERATIVE U, its companies, its stores, its customers, employees, partners or suppliers;
- You have not used, collected, deleted, altered or destroyed, and you will not use, collect, delete, alter or destroy any data that you accessed or may have had access to in connection with the vulnerability discovery;
- You have not conducted, and will not conduct, any social engineering, spamming, phishing, denial of service, or resource exhaustion attacks;
- You have not tested and will not test the physical security of any COOPERATIVE U property, building or warehouse;
- You have not and will not violate applicable laws in discovering the vulnerability, completing your report or in your interaction with COOPERATIVE U's products, services or information systems that led to your report.;
- You have not disclosed and you undertake not to disclose, to any third party, any information relating to your report, the vulnerabilities reported, nor the fact that a vulnerability has been reported to COOPERATIVE U. This non-disclosure commitment applies regardless of whether U TECH had prior knowledge of the information or not.
By submitting a vulnerability report to us, you agree that:
- U TECH, as well as any third party authorized by U TECH, may use your report for any purpose deemed relevant, including to correct vulnerabilities that are reported, and which U TECH believes exist and need to be corrected. This right of use is granted on an exclusive basis, without financial compensation, for the entire world and for the term of the intellectual property rights.
- To the extent that you propose changes and/or improvements to a product, service or system of COOPERATIVE U in your report, you authorize U TECH, by itself or through the use of a third party, to use, implement work, modify (in particular to adapt), disseminate and distribute these proposals and any resulting implementations. This authorization is given on an exclusive basis, without financial compensation, for the entire world and for the term of the intellectual property rights.
COOPERATIVE U appreciates your contribution to improving its products, services and information systems. However, U TECH does not undertake to send you a response regarding your report. U TECH will communicate with you about your report only if it deems it necessary. You further agree that you are making your report without any expectation or requirement of any reward or other benefit, financial or otherwise, for making such a report, and without any expectation or requirement that the reported vulnerabilities will be remediated.
PERSONAL DATA
U TECH will use all reports submitted, whether submitted anonymously or with contact information.
Please note that providing your contact details with your report is completely voluntary and at your discretion. If you submit your contact details, U TECH will only use this information to contact you to clarify the details of your report, if this is necessary.
For more information, please consult the personal data protection policy .
THANK YOU
COOPERATIVE U appreciates the efforts made by the person making the report to identify the vulnerability or error. Thank you for doing everything you can to improve the security of our products, services and information systems and of the Internet community as a whole.