GfK Vulnerability Disclosure Policy

The safety and security of our customers’ data together with the reliability of our products and services, are crucial to GfK.

We design and make products and services with the highest levels of security and reliability. Despite our best efforts, vulnerabilities and errors may still occur in our products and services.

This is our approach to handling reports of potential vulnerabilities and errors in our products and services.

We encourage customers, users, researchers, partners and anyone else that interacts with our products and services to report identified vulnerabilities and errors to us.

We’d be grateful if you would use the form on this page to report any vulnerabilities or errors to us.

We highly appreciate the efforts made by anyone that identifies any vulnerabilities or errors to us as it will help us continue the security and reliability of our products and services

Please note that supplying your contact information with your report is entirely voluntary and at your discretion.

We will make use of all reports that are submitted; both those submitted anonymously and those with contact information.

If you do submit your contact information, GfK will only use the information to get in touch with you about the details of your report (if that is necessary). We will use your data in line with our Privacy Policy.

By making a report to us using the form on this page, or otherwise communicating a report to GfK, regarding vulnerabilities and errors, you agree to the following terms:

GfK may use your report for any purpose deemed relevant by GfK, including to correct any vulnerabilities or errors you report and that we believe needs to be fixed.

To the extent that you propose any changes and/or improvements to a GfK product or service in your report, and to the extent that any legal rights exist in your proposal, you assign to GfK all use and ownership rights to such proposals.

You confirm to GfK that:

• You have not exploited or used in any manner, and will not exploit or use in any manner (other than for the purposes of reporting to GfK), the discovered vulnerabilities and/or errors;

• You have not engaged, and will not engage, in testing/research of systems with the intention of harming GfK, its customers, employees, partners or suppliers;

• You have not used, misused, deleted, altered or destroyed, and will not use, misuse, delete, alter or destroy, any data that you have accessed or may be able to access in relation to the vulnerability and/or error discovered;

• You have not conducted, and will not conduct, social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks;

• You have not tested, and will not test, the physical security of any property, building, plant or factory of GfK;

• You have not breached, and will not breach, any applicable laws in connection with your report and your interaction with GfK product or service that lead to your report.

• You agree not to disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, nor the fact that any vulnerabilities and/or errors have been reported to GfK.

• GfK does not guarantee that you will receive any response from GfK related to your report. GfK will only contact your regarding your report if we think it is necessary.

• You agree that you are making your report without any expectation or requirement of reward or other benefit, financial or otherwise, for making such report, and without any expectation or requirement that the vulnerabilities and/or errors reported are corrected by GfK.