Skip Navigation

 

Information Security and Data Protection are key priorities for the x-tention group. Both are essential in order to protect the data of our customers from unauthorized access and manipulation in the best possible way. Despite major investments in security and regular reviews of our standards, it cannot be entirely ruled out that vulnerabilities may emerge. We therefore ask everyone who may discover a security-relevant issue or vulnerability in any of our systems, networks, software or services to notify us immediately. This will help us to initiate appropriate countermeasures promptly and remediate vulnerabilities in a timely manner.

 

We kindly ask you to:

  • Send us your discovery as soon as possible to VULNERABILITY@X-TENTION.AT. In case you prefer to transmit the information in encrypted form, please contact us in advance at the mentioned e-mail address. We will then inform you about the next steps.
  • Provide us with sufficient information to reproduce the problem and rectify it without undue delay. Usually the IP address or the URL of the affected system with a description of the vulnerability respectively attack should be sufficient. In case of more complex issues we may ask you for further information.
  • Do not exploit any vulnerability for accessing, manipulating, or deleting data!
  • In case you downloaded confidential information accidentally, delete it immediately!
  • Do not disclose the vulnerability to any third party until it has been resolved!
    Do not harm the physical security of our premises and systems. Refrain from carrying out any social engineering or (Distributed) Denial of Service attacks ((D)DoS attacks).

 

We assure you:

  • We take all reports seriously. We will investigate any potential vulnerabilities and fix identified issues as soon as possible!
  • We will reply to your report within 48 hours and keep you regularly informed about our progress on resolving the issue.
  • Provided that you comply with the instructions above, no legal action will be taken against you.
  • Your report is treated confidential and we will not share any personal information with third parties.
  • We will inform affected stakeholders about the vulnerability without undue delay.
  • If you explicitly request it, your name will be mentioned as discoverer of the vulnerability in public communication.

 

This Responsible Disclosure Policy is based on the RESPONSIBLE DISCLOSURE GUIDELINE OF THE NATIONAL CYBER SECURITY CENTRE, WRITTEN BY FLOOR TERRA.

 

 

External content & analysis

In order to optimally design our website for you, we use YouTube and LetsCast for the integration of external media as well as Matomo, Google Adwords and LinkedIn Insights for evaluation and marketing purposes after your consent.

By clicking on “Accept all” or “Accept contents only”, you consent to the respective services storing and reading information on your device, processing your data and, if applicable, transferring it to the USA.

You can revoke your consent at any time with effect for the future in the data protection declaration. You can find further information there or in our imprint.