Disclaimer

In this disclaimer ("Disclaimer") the following definitions apply:

• the Website: the Dutch website, the Dutch mobile website and all BinckBank applications.
• BinckBank NV: BinckBank NV is a public limited company incorporated under Dutch law, with registered office at 1083 HN Amsterdam (the Netherlands), Barbara Strozzilaan 310, registered with the Chamber of Commerce in Amsterdam under number 33162223. BinckBank NV has a license as referred to in Section 2:11 of the Dutch Financial Supervision Act (Wft) and is registered as such with DNB and the AFM. BinckBank is the trade name of BinckBank NV
• Use (s): include loading (visiting), logging in, retrieving, consulting, reading, viewing, listening, editing, filling in (forms), sending, (temporary) copying, storing, forwarding, making use of services, providing legal acts.
• User: visitor who uses the Website.
• the Information: among other things, but not limited to: texts and figures, images, hyperlinks, sound and / or video fragments and / or other objects.
• Damage: direct or indirect damage of any kind, including but not limited to lost data, software and goods, lost sales, profit or other economic disadvantage.
• Terms and Conditions: the General Terms and Conditions, the Special Investment Terms and Conditions and all terms and conditions used by BinckBank.

General
BinckBank is the publisher and compiler of this Website. 
By Using the Website, the User accepts the following conditions. 
This Disclaimer applies to this Website as a supplement to the BinckBank Terms and Conditions. In the event of a conflict between this Disclaimer and the BinckBank Terms and Conditions, the Terms and Conditions shall prevail.
Use of the website and communication

BinckBank forms part of BinckBank NV, established on the Barbara Strozzilaan 310, Amsterdam (1083 HN), Netherlands and registered with the Chamber of Commerce in Amsterdam under number 33162223. BinckBank NV is authorized by De Nederlandsche Bank, PO Box 98, 1000 AB Amsterdam and is registered with the Authority for the Financial Markets, PO Box 11723, 1001 GS Amsterdam. BinckBank’s VAT number is NL007606552B01. 

The information contained in this website (hereinafter referred to as the “website”) has been compiled by BinckBank NV (a Public Limited Company established in accordance with Dutch law, having its registered office in Amsterdam at Barbara Strozzilaan 310, hereinafter referred to as "BinckBank"). BinckBank has a licence as defined in article 2:11 of the Dutch Financial Supervision Act (Wft) and is registered as such with the Dutch Central Bank (DNB) and the Netherlands Authority for the Financial Markets (AFM). By virtue of this licence, BinckBank is authorised to offer and perform investment services and related banking services in relation to listed and unlisted financial instruments. BinckBank does not provide any personal (investment) advice as part of its services. As a member of Euronext N.V. (hereinafter referred to as “Euronext”), BinckBank may effect transactions in financial instruments, in the role of Broker, on the exchanges held by Euronext.

The rates, opinions, news, data and other information on this website (hereinafter referred to as “Information”) are subject to constant change and originate in part from third parties. BinckBank takes the utmost care in compiling the Information, but makes no guarantee that the Information is complete and/or accurate. Furthermore, BinckBank accepts no liability whatsoever for direct or indirect losses arising from the use of the Information, except in the case of wilful misconduct or gross negligence on the part of BinckBank. 

The Information on this website does not represent any offer or invitation from BinckBank to the visitor to this website to trade in financial instruments in any way or to make use of the services of BinckBank. BinckBank reminds visitors to this website of the fact that the Internet is not always a fully reliable service for the transmission of and access to Information and that interruptions, delays and errors may occur at any time. BinckBank accepts no liability for direct or indirect losses relating to a (temporary) inability to gain access to or to use this website or for any delay or error in sending or receiving messages, including announcements and instructions, via this website. 

The rights to this website and the Information belong to BinckBank or its suppliers and are protected under copyright and other intellectual property rights. Except for personal and non-commercial use, the Information and/or other parts of this website may not be reproduced, stored in a retrieval system, or transmitted in any form or by any means, whether electronic, mechanical, photocopying, recording or otherwise, without prior written permission from BinckBank. In particular, the posting of Information in full or in part to newsgroups, mailing lists, electronic bulletin boards, chat boxes or comparable discussion forums by the visitor without prior written permission from BinckBank is expressly prohibited. 
For information on the protection and processing of personal data, please consult the BinckBank Privacy Statement. These terms of use are governed by Dutch law. All disputes arising from or connected with these terms of use, the website and/or the Information will be submitted to the competent court in Amsterdam. 
Third Parties
Binckbank does not support or promote the views, actions or products of any third parties mentioned on this site. In addition they will not be held responsible for any acts or offerings of any such third party.

BinckBank Security

The information on this page is intended for security researchers interested in reporting security vulnerabilities to BinckBank. If you are a customer of BinckBank and have questions concerning fraud, phishing or malware, please contact our customer service at info@binckbank.com

At BinckBank, the security of our systems and protection of your information are our top priorities. Our specialists work day and night to optimise our systems and processes. Despite the effort we put into the security of our systems, vulnerabilities can still be present.

If you are a security researcher and have discovered a vulnerability in our systems you could help us by reporting these vulnerabilities to us, so that we can improve reliability of our systems together. Please send us your report (in English or Dutch) via e-mail to: responsible-disclosure@binck.nl. Priority will be granted to encrypted reports. Reports can be send anonymously.
Our security team will investigate your finding/findings and attempt to respond within two working days. 

PGP key
If you want to encrypt your message, please use our PGP key.

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFx2ny0BEAClnvfmp8lUK75EgLo3pfYrIxqvrsGtCccL6q61rgQ+TlL2thGE
3Es4d/3nqhQaULU+AftWTJ96KRIPCSlc2ZeE64GoPCZwZ+DqIP8pWDuz//JPydz+
io6mebOOeoutNHg2Q+WHmvqNaUhwbi5LpewFD1ZQnNSoSIGE4oufzvIkTPCpugPd
kqjGwTbp2dv0IqO0YC20Wm/Z75B9jpFfdfzKxGOa+G89mLcIRgZcDEjJxPmoCLfG
1ozSCgvnuxugR1wnm9BOCMLuGsH9C7ErKknlSeTZM64mp4QZrfSUXviOqFnAIItw
H8hn/2+ykV2iUInlT2IavoQlZBkJv39dGh6WC+XYNuFlCfz9IRBP0qWgnref+rfR
LoPZghVoXgWcuIn+VqpRkrXct+HOi5nA3xa5rMnzzofR7Nxzc2hvHnQK2ol6p2Ht
OCAkI0r1/yDVS058k+HyG4KwdX3dpCopKSbyf3vWp01QYMjYxi3uzHHd8yc9dtvd
ICYX4hUb+wBz1cfU0lc5Tsverr8nskWVVeglXDk+b6JYI7iMHqNi6kGeaXKJd5XY
TttODlXXBbxDjWozf9U5fwKShRqvAtkSPIZEHXnIfsHQ0RbfghoWGKxK08JmdLez
WYMBjVKBFUJZZZ4C6hVMQ/Pk1qLseFqLKpEIbkOp0Llw9IxtnD1I+/xVdQARAQAB
tEJCaW5ja0JhbmsgUmVzcG9uc2libGUgRGlzY2xvc3VyZSA8UmVzcG9uc2libGUt
RGlzY2xvc3VyZUBiaW5jay5ubD6JAlQEEwEIAD4WIQSbLkvareJQKwRwFivmr4xE
JHguFgUCXHafLQIbAwUJA8OHAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDm
r4xEJHguFniDD/414pFYbDdu66BvAZqhlUcwWD/ZL6kThJK9YhWHQrtIcshyQ/ZW
IfMkFD5iJPyBlPh1Ugs5HPmqKq4/jNoybxC01ZNGwC+SNUCYuWB2swc9WjlPfTji
N493l75w5UjRtcDuxqGZ9+LOkbW802Y2ygHYvVrm8FuyRiprifnzJ4oaK0Yfjory
OoCL/VfRwFp0ptJorJ4kwhOtAtq+glX/DRit+JT2KP+NWWaGAZhhJWMnUn5R6Vhj
4QvXpXUlq4kqxaYPB1zEbDzO4CB3taryu5TX3O/eKVnJP+XZu1ECJzninlzaJhR2
uSfIH47IiM8BDQ0+OCM9ogsuk0grAOTVmPnpWmzl9cozti+pb+ggP3Cx2JiyAoVl
nuTex+Osv68t/fFjnGa91AI4Jh8zDltevsQA/TQMclxe025LGwgY49AYwGMYCcnJ
nOmduOM4uaPDRwHmse600eEIiyaGoRzF0NfXAFsg7Q4k6s8uN6xAnGu1YySwCbob
n50/IbjTe7fPdZv0/L+yurNLO1l+IcC9KIzJDk9KbEpUhqrqzKGDGu0tnu3TbPWq
5zRVXKpeQdkfymDjbybyyEgarqxQRMk532qo5DFjl/MH/3l21MXcqwFV1dqA983n
ezaeqT5bO+PLV53D7dL2qYnFXIaoGbtY8IIZwb6pqAFzQ8YmDV8tLZDaybkCDQRc
dp8tARAAr0Nz16s53p66K0C9c7CI2ReO84cqgUMj4mm8mT352RR/cfTQQtkl/eKA
ggt32tRtdUci4phXoLthCbydqLoBXrk69AcM5W7j7wRnJcFyE4c+AIj73hmGYlsY
uTp0jJk/AxGoUxqjEjX/bEd1q/Vi1jSltYD2tUQ+wA1LSnfqbd59R8bH1zXkPNlM
ThkY1FWaa8/jd8UozBNkB0CgKDamrynvXufDDvJW0DfZACvd+qOqIKdnW0gIbRsN
feo2yNKXremXqWcUis23bvH71QPn8K9wnrgBetVb80adxABiPI+PXlEuPt/XKJba
C3a5N+GqGEStDxU7mPu5gora1Mka8OnKeBz3lohRyJBE4gQ0rU0HcNtpPCCYFlI+
Wi1qWR+vAiMLXtgzYXDWzAyqW0ZkyXSk/OUGUYUJWAhE0mVUAjEEQZHq8ztCLGyb
91Ij+h/kucwobtAk9Hfo47rV0i8fL2Jk3pqJaXnp0P299t6IWMplYnegNMjfG6TP
K2cp/okQ8NoPMzSw8nML6i8Dv8LPUspi3rmM/hzJO09lO11DNz3+PgxqAXkdbVtG
k8vWYFWHHsJZo81VOfRjn3cgZYwKUR4eQpZ3GgNjfir9yStUkgRtJ/6xrMo9Fu7L
R/zBvAMH8u344N2xhIqtw0xnX0lj5UVl3MHyAwF5+ugltayeqMUAEQEAAYkCPAQY
AQgAJhYhBJsuS9qt4lArBHAWK+avjEQkeC4WBQJcdp8tAhsMBQkDw4cDAAoJEOav
jEQkeC4WvyUQAJPKQd0TqVh9RGEkXBNgZRwhYldtpyki+A3j2KC5X9StVNNS86l+
iqjnMjFwJeGTTHlsksbl+nXt/GPcIwWS8107OLJBKqHRsYbsp+dQJ5twUhjAxNWs
xCbi4Ml2sGZnO9PYSByeSWPxd1NhH9PhIPP1b0ae9c3h8uS3cAF+uMDPdqjUTCkL
bFpO4edY1dvT+p2Torc9rsZtnhuCGHbU0LZ2AQUd2WWF+3U1n2NLh0eZDEz4GmNr
I0tR8FS8ep9Lhh5xRlfdfnHjahfjBXCrGjcjTOZp6sR1YJXUpx3yVinUPFIk8hU3
aX84WwDWRw8cHP80FY335vK0rKcbBdmhRkYuZqvgbmGZDqFbwR6vcO6PpvWki4FK
4njmMWKplEPcdcbzxy4QYKKYFeiUssb4GN5HI7Tbmqxqpstme/eQCt5EgCBZ04Hr
I4w02diiQtgab8ddolS5ZjS3lanwS6rJqptqbPGgxlxEowXFJA9eFNqIBVSkhYWq
xVA9TVwIaoAy9+CqhKzmORMIZqZB//q6aNmifC6J4a7QOeN/+VC2jBPq5SmqkiBb
31QzacVgCmgmLaKVXb5p1gW5kAFa1+38NR9uvp/hqBavlx+DhKOY3MQtvrBBwCVi
TQM0l06iXu6eFXsfTx8ZHjguA6fWj68ORHF3o7bi5dZaxRFI8pUH0Zxf
=w2vf
-----END PGP PUBLIC KEY BLOCK-----

 
Responsible Disclosure Guidelines
We will investigate legitimate reports and make every effort to quickly fix the vulnerability. We will not take legal action against you or ask law investigation to investigate you if you comply with the following Responsible Disclosure Guidelines:
• Provide details of the vulnerability, including the steps you took to discover the vulnerability, as well as information or a Proof of Concept in order to reproduce the issue;
• Make sure that during your and our investigation of your reported vulnerability, you do not cause any damage to our systems;
• Do not utilise social engineering in order to gain access to our IT systems;
• Never let your investigation disrupt the services of BinckBank and other services;
• Never publicise any bank or customer data that you may have found during your investigation;
• Do not put a backdoor in the system, not even for the purpose of showing the vulnerability. Inserting a backdoor will cause even more damage to the safety of our systems;
• Do not make any changes to or delete data from the system. If your finding requires you to copy the data from the system, do not copy more data than necessary. If one record is sufficient, do not copy more;
• Do not make any changes to the system;
• Do not attempt to penetrate the system any further than required for the purpose of your investigation. Should you have successfully penetrated the system, do not share this gained access with any others;
• Do not utilise any brute-force techniques (e.g. repeatedly entering passwords) in order to gain access to the system;
• Give BinckBank reasonable time to resolve the issue before making any information public.

Vulnerability categories we encourage
We are primarily interested in hearing about the following vulnerability categories:
• Remote Code execution vulnerabilities;
• Cross Site scripting vulnerabilities;
• SQL injection vulnerabilities;
• Encryption weaknesses;
• Vulnerabilities that bypass authentication mechanisms; 
• Vulnerabilities that give unauthorised access to information.

Out of scope vulnerability categories
The following type of vulnerabilities are out of scope of our responsible disclosure program:
• Our policies on presence or absence of SPF/DKIM/DMARC records;
• Server or third party application version revealed and possibly outdated without Proof of Concept on the exploitation of it;
• Reports of insecure SSL/TLS ciphers and other misconfigurations;
• Generic vulnerabilities related to software or protocols not under control of BinckBank;
• Distributed Denial of Service Attacks;
Spam or Social Engineering techniques;
Reports of regular scans like Port scanners or (free) vulnerability scanners.

Your privacy
We will only use your personal information to get in contact with you and to undertake actions regarding your reported vulnerability. We will not distribute your personal information to third parties without your permission, unless we are required to do so by law, or if an external organisation takes over the investigation of your reported vulnerability. In that case, we will make sure that the relevant authority treats your personal information confidentially.
This material is confidential and should not be copied, distributed, published or reproduced in whole or in part or disclosed by recipients to any other person.