As a company that respects the privacy of everyone, we put technology and innovation at the service of human beings, we consider the safety and security of our members and customers to be one of our top priorities.
We strive to ensure the highest quality of service and the highest level of safety in our products, right from the design stage. However, despite our best efforts, vulnerabilities can still be present.

EURO-INFORMATION is the provider that manages the Cofidis Information System and manages vulnerability declarations as such.

Euro-information has a vulnerability disclosure policy. This policy clarifies the disclosure of potential vulnerabilities affecting its services and the method of dealing with such reports.

Euro-information thanks you for your statement and for the contribution it makes to the security of as many people as possible.

For any declaration of vulnerability, please send us a message via the following form. In order to improve the handling and identification of this vulnerability, please include as much information as possible in the declaration form.

For security reasons, all of our subsequent exchanges will be encrypted using PGP.

To send us encrypted communications, you can use our PGP key d·identifier 0x4CE11A39 and d·imprint BB5B 009C 0D91 8C60 DEC4 5108 2A51 9B02 4CE1 1A39.

Following your statement, Euro-information teams will analyze its content in order to validate the vulnerability qualification as soon as possible. We will only contact you if further information is required.

In addition:

• No compensation is provided under this program even if the vulnerability is proven;
• For security reasons, no publication of the flaws and their resolution will be made.

Euro-information remains the sole judge of the classification of vulnerability and the categorization of the resulting risk. The processing and resolution time for such vulnerabilities remains at Euro-information’s discretion.

By submitting your declaration of vulnerability to Euro-information, you are required to:

• Comply with applicable laws;
• Do not perform denial-of-service or resource-depletion attacks;
• Use Euro-information systems without any intent to harm the Group, its customers, its employees or its third parties;
• Do not use, modify or erase any data that you may access by exploiting the said vulnerability;
• Do not perform social engineering, spam, or phishing attacks on Euro-information employees or trusted third parties;
• Do not test the physical security of the property of Euro-information or its third parties;
• Do not disclose information about this report, the vulnerability reported, or the fact that a vulnerability has been reported to Euro-information.

This non-disclosure commitment applies regardless of whether Euro-information has prior knowledge of the information.

All aspects of this process are subject to change without notice.

The declaration of a vulnerability does not confer any intellectual property rights on assets owned by Euro-information or any of its third parties.