TERMS AND CONDITIONS – RESEARCH POLICY
The purpose of this Terms and Conditions – Research Policy (hereinafter referred to as the Policy) is to define the rules, terms and conditions regarding the services, including certain Bug Bounty programs for the registered users (hereinafter User) related to the use of www.hacktify.eu website (hereinafter Website) owned by Hacktify International Limited Liability Company (Headquartered at 1027 Budapest, 47 Dózsa György Street, Business registration number 08-09-031951; VAT number 27965043-2-41) (hereinafter HACKTIFY).
(User and HACKTIFY are referred to together as Parties, separately also as Party)
The subject of this Agreement is the services provided by HACKTIFY through the Website. The registered Users may participate in the advertised Bug Bounty programs (hereinafter referred to as the Program) using the Website in order to find and report security flaws and vulnerabilities according to the conditions detailed in the description of the given Program and to report them using the available bug reporting form. HACKTIFY may, in its sole discretion, allow the User to participate in other activities on the Website or provide additional services (hereinafter referred collectively as the Service).
Through our services we provide the ethical environment necessary for testing, so we also ask our Users to use the Website carefully, ethically and with professional respect. The User expressly undertakes to act ethically, prudently and with required professional respect throughout the use of the Website and the activities carried out in relation to each Program in accordance with the applicable law, the description of the Program and the content of the Contract.
In the event of any activity or conduct contrary to the above in the course of the user’s use of the Website or activities in relation to the Programs, HACKTIFY may, in its sole discretion, immediately restrict, suspend or cancel the User’s registration without prior notice, or terminate the Contract with immediate effect as provided in this Agreement.
HACKTIFY shall not be liable for any damages arising out of the use of the Website, registration and activities in connection with the Programs. The User shall not be entitled to any claim against HACKTIFY for damages arising from his/her own activities.
Within the legal framework, neither HACKTIFY nor any of its affiliates, suppliers or partners shall be liable to the User for any damages, losses, recoverable or irretractable claims, costs, incidental, direct or indirect damages, lost profits, savings, and any other financial or non-material claims resulting from the legitimate or unlawful conduct of the User or third parties.
The liability of HACKTIFY or any of its affiliates, suppliers or partners under this Agreement is always limited to the minimum permitted by applicable law. This limitation also applies to any breach of contract by HACKTIFY.
The limitations of liability under this chapter shall apply to the fullest extent permitted by the laws of the User’s country of nationality. User expressly and unconditionally consents to the restrictions under this chapter.
User is fully and exclusively liable for damages resulting from violations of the legal regulations, this Agreement and the description of the Program, as well as for the contractual use of the Website, the authenticity, accuracy and up-to-dateness of the information provided.
User is entitled to use the Website only and exclusively in accordance with the provisions of this Agreement, including in particular if the following liability conditions are acknowledged and accepted.
User hereby expressly, unconditionally and irrevocably consents to and agrees to the following points:
· The User is solely and exclusively responsible for compliance with the applicable laws of the state in which the Website is used and of Hungary.
· The User is solely and exclusively responsible for all legal consequences resulting from his/her breach of confidentiality obligations under this Agreement.
· The User is solely and exclusively responsible for the security of the login information associated with his/her user accounts (Profile) and undertakes not to transfer it to unauthorized persons.
· The User expressly agrees to inform HACKTIFY immediately in all cases where the security of the login information associated with his/her account may have been compromised.
· HACKTIFY reserves the right to temporarily deny access to the User’s account(s) if there are reasonable grounds to believe that the access to it has fallen into unauthorized hands or otherwise compromised. The User expressly agrees that HACKTIFY will investigate the circumstances of the situation in such cases.
· The User is solely and exclusively responsible for knowing and complying with all regulations, policies, guidelines, prohibitions, prospectuses and other documents concerning his/her contractual relationship with financial institutions (in particular banks and/or credit institutions).
· The User is solely and exclusively responsible for the authenticity of all communications, information and data (including in particular all data relating to the user account, personal data) and for the security of the communication. User hereby acknowledges that HACKTIFY assumes that all information and data from the User’s registered e-mail address or phone number are directly from the User. All possible adverse legal consequences arising from the provisions of this paragraph shall be borne solely by the User.
· The User is solely and exclusively responsible for all legal consequences arising out of the use of the Website, so HACKTIFY shall not be responsible in any way for any business or other decisions arising from his/her use of the Website or any information, facts or information obtained in connection therewith.
· The User is solely and exclusively responsible for the proper use of the Website, in particular the software, database and algorithm behind it, and to preserve its security and integrity.
The Visitors of the Website by registering on it can create their own account and profile, which allows them to participate in the current Programs, manage their reports and view statistical data. During registration the User must provide the data listed in this Agreement. The Contract is concluded for an indefinite period from the moment of registration by the User.
Depending on the user’s choice, the profile availability may be one of below:
Vulnerabilities may not be reported anonymously, so the User’s data listed below (Basic Information) will be recorded, however, no personal data will be transmitted to the customer publishing the Program (hereinafter: The Customer).
The following Basic Information shall be provided to report vulnerabilities found in the Program. This information will only be available to HACKTIFY:
After reporting a vulnerability HACKTIFY will encrypt the bug report which will be forwarded to the Customer. In this way, the Customer does not know any data about the User who reported the vulnerability and cannot identify the User in any way. The encrypted report of the vulnerability is stored by HACKTIFY only for the purpose of calculation the reputation points on which the ranking is based and for the determination of Rewards, but at the latest until the date of termination of the contract with the Customer. HACKFITY then deletes the encrypted report, so it cannot be issued even upon official request(s).
By using the Website, registering or using the Services, the natural person User expressly declares and warrants that he / she is entitled to use the Website, to register and to use the Services in accordance with the applicable legislation, and in particular declares and guarantees that he / she has full legal capacity. The age limit for full legal capacity, including adulthood, may vary from state to state.
By using the Website, registering or using the Services the person acting on behalf of the non-personal User expressly declares and warrants that he/she is entitled to use the Website, to register and to use the Services in accordance with the applicable legislation and in particular declares and guarantees that he/she has full legal capacity to represent the non-personal User. The person acting on behalf of the non-personal User further declares and warrants that the non-natural User is a legal person or an organization without legal personality operating legally under the applicable legislation. The legal provisions on the right of representation may differ according to the law of the State in which the non-natural person is registered or the state in which the non-natural person is established.
HACKTIFY is committed to the security of Users’ and customers’ data. The User is obliged to comply with the following regulations, the violation of which constitutes a serious breach of Contract.
(1) Testing may only be carried out for the purposes and on systems described in the Program Description, in accordance with the law, this Agreement and the Program Description;
(2) Adherence to the specific terms and conditions set forth in the Program Description is mandatory, they form an integral part of this Agreement and violation thereof may result in disqualification from the Program, loss of any rewards, and exclusion from the Website (restriction, suspension, deletion of registration);
(3) When using automated tools, if the User (or the Customer) notices a performance degradation in the tested system, the operation must be suspended;
(4) Only methods, techniques and tools that do not violate the requirements and expectations set by the Customer in the description of the given Program and that do not violate the requirements of the behavior normally expected in the given situation may be used during the vulnerability assessment.
(5) User declares and warrants that he/she has the appropriate expertise and experience to perform testing safely;
(6) Testing shall not include access to, use, handling, processing, research, viewing, copying, downloading, transmission, destruction, deletion, modification or storage of any information, personal or confidential data that may become available.
(7) Security flaws, bugs and vulnerabilities discovered during testing must be reported as soon as possible on the designated interface on the Website;
(8) To confirm the vulnerabilities identified, the User must have evidence and proof of concept (e.g. video, screenshot, etc.) to prove the detected vulnerabilities. The non-reproducible reported bug will be rejected;
(9) Public sharing and uploading of supporting documents and other evidence generated during testing to free hosting service providers and social community platforms is prohibited. The User undertakes to share these documents exclusively with HACKTIFY;
(10) Participation in Private Bug Bounty Programs is by invitation. The User is not entitled to disclose the data, facts, information or the existence and details of the Program, the data of the Customer, or to communicate them to others.
(11) In all cases, the User undertakes to carry out his/her activities in accordance with the applicable legal regulations (laws), professional and ethical regulations, this Agreement and the description of the Program.
The protection of the data of the User or in case of a non-natural person User the natural persons’ data who are members of that organization, is important for HACKTIFY.
To register for and use the Website, you must provide the following information:
Details of the person (s) acting on behalf of the non-natural User
Each Program may contain only the individual contractual conditions and rules applicable to the given Program, the knowledge and observance of which is a condition for participation in the Program. The unique terms and conditions may change during the lifecycle of the Program, Users will be notified about this fact and change in the description of the Program. In all cases, the User is obliged to continuously monitor the description of the Program, and in particular the individual conditions, without any special warning, and to act in accordance with the changes in the event of them.
By reporting the vulnerability, the User expressly acknowledges and warrants that he / she has read the specific terms and conditions of the given Program and has acted in accordance with the provisions thereof.
If the specific terms contain provisions that are incompatible with this Agreement, the rules set out herein shall apply.
(1) The User is only entitled to report any detected vulnerabilities through the Website. The User is not entitled to disclose any vulnerabilities to third parties, in particular to mark them on social media, or to report them directly to the owner of the Program.
(2) Each program has its own description, conditions and rules, which the User is obliged to take into account when reporting vulnerabilities, and to act accordingly at all times. It is the responsibility of the owner of the Program (Customer), to provide and update this information.
(3) If the User does not respond to a request/question about his / her bug report to HACKTIFY within 8 days, the acknowledgment of the bug report may be refused.
In accordance with the description of each Program, HACKTIFY, as the principal, gives an order to the User as an agent within the framework of the Agreement to detect possible vulnerabilities, which the User accepts. As part of the assignment, the User will search for vulnerabilities in systems/products/websites/applications advertised in each Program. The User may receive a reward (hereinafter: Reward) for the bug/vulnerability submitted and accepted via the Website in accordance with the description and conditions of the given Program. The following rules apply to the acquisition and payment of Rewards:
1) By submitting a Report and thus submitting a request for payment of the Reward, the User expressly declares and guarantees that he / she is entitled to receive the Reward;
(2) The Reward can be paid to the User by HACKTIFY only after the Customer (Program owner) advertising the given Program has paid HACKTIFY the fee for completing the Program in full;
(3) The User may receive a Reward if he / she was the first to report the detected vulnerability and if the bug report is accepted during the validation;
(4) If the User is entitled to a Cash Reward, he / she may be obliged to provide other data in accordance with financial and accounting legislation;
(5) If the individual User is entitled to a Reward as a result of the successful submission of the Report, and he/she is located in Hungary and a natural person: HACKTIFY will send a separate information and data request e-mail to the individual User in order to pay the Reward. In order to pay the Reward, the individual User entitled to the Reward is obliged to provide the data in the e-mail (data required for invoicing) to HACKTIFY. In accordance with the information e-mail, HACKTIFY will perform certain legal obligations related to the payment with respect to the order on behalf of the individual User.
The non-private User is obliged to issue an invoice for the Reward to HACKTIFY in order to pay the Reward, which HACKTIFY pays after the acceptance of the Report and the payment of the fee by the Customer. Unless otherwise provided in the information e-mail, the User and the Customer are in all cases obliged to fulfill all legal obligations related to the acquisition of the Reward, in particular to report and pay the relevant taxes, contributions or other charges, to issue an invoice, etc. and are solely responsible for fulfilling these obligations;
(6) The User is obliged to provide HACKTIFY with the data necessary for the payment of the Reward. If the User fails to comply with this obligation or if the User does not respond to HACKTIFY’s request for entitlement to the Reward within 30 days, he / she will lose the Reward and will not be entitled to claim the Reward later.
Invoicing for payments to HACKTIFY: Any invoices for payments to HACKTIFY will always be issued by HACKTIFY. The party making the payment, typically the Customer, has the opportunity to provide HACKTIFY with the details of the account holder in whose name the invoice is requested. If the party making the payment does not make such a declaration, HACKTIFY will establish the invoice in the name of the person provided at the time of registration or announcement of the Program, with the data provided at the time of registration or announcement of the Program.
The party making the payment expressly and unconditionally consents to the issuer of the invoice issuing the invoice electronically.
The invoice issued electronically will be sent electronically by HACKTIFY to the e-mail address provided by the paying party as the billing e-mail address (failing that, to the e-mail address provided during registration). An invoice sent electronically shall be deemed to have been delivered by sending the payer to his e-mail account.
The amount indicated on the invoice must be paid by the party making the payment – with the exception of prepayment – within the payment deadline indicated on the invoice – but no later than within 15 calendar days – by bank transfer to HACKTIFY, to the following HACKTIFY bank account. The serial number of the invoice must be indicated in the communication:
Name of account management financial institution: MagNet Bank Zrt.
Account holder name: Hacktify International Kft.
Account number: 16200151-18557796
IBAN No: HU17 1620 0151 1855 7796 00000000 IBAN
S.W.I.F.T. BIC: HBWEHUHB
With the exception of the data uploaded or entered on the Website by the User and the Customer, the Website and all content related to and used and / or displayed on it, in particular images, photographs, animations, sounds, music, effects, text , titles, colors, schema, data file, icon, logo, and their arrangement, database, algorithm, software, including object and source code, (collectively, the “Content”) are owned or solely owned by HACKTIFY. The Content is protected by copyright and industrial property laws and international conventions.
User is only entitled to use the Website and any part thereof or the Content under this Agreement and may not claim ownership of it. The User is not entitled to any copyright or industrial property rights in connection with the Website, any part thereof or the Content, in particular the right to reproduce, distribute, publicly perform, transmit to the public, retransmit to the public, rework or exhibit. User expressly agrees and acknowledges that he / she is not authorized to decrypt the Website or any part thereof and the Content.
In connection with the use of the Website, the User is obliged to comply with the following provisions in particular:
(1) HACKTIFY may revoke the User’s permission to use the Website with immediate effect in the event of a breach of contract by the User;
(2) HACKTIFY may, in its sole discretion, change or discontinue all or any portion of the Website or the Content, including access to the Services or the Website;
(3) User represents and warrants that neither the Report submitted nor its use in reporting the vulnerability will infringe the intellectual property rights, rights and freedoms of third parties and will not result in a violation of any applicable law, this Agreement or the Program Description;
(4) By submitting the Report, the User grants HACKTIFY a full, irrevocable, non-exclusive, transferable, time- or space-free, royalty-free use and exploitation right (License) to use, copy, publish, modify, transmit, utilize and distribute the Report for the purpose of providing its Services. The User does not receive a separate fee for granting the License, it is given to HACKTIFY expressly free of charge, without any consideration. The User grants the License to HACKTIFY in the hope of being entitled to any Reward for his / her research activity.
During the term of this Agreement and even after its termination for any reason, User expressly and unconditionally undertakes the confidentiality of all information classified as business secrets related to this Agreement and HACKTIFY, and thus undertakes to disclose the following data and information to third parties – HACKTIFY prior, without its express written permission – does not disclose or disclose it. It is considered a business secret in particular:
The Website and other related websites may from time to time contain third party websites, links, content or pages displayed by HACKTIFY for the comfort of the User. HACKTIFY has no control over the pages referred to in this paragraph and the content on them and has no access to them and is not responsible for them. The User expressly acknowledges that he / she may not make any claims against HACKTIFY in connection with third party content.
This Agreement may be terminated at any time by written agreement of the Contracting Parties.
The User is free to terminate the Agreement at any time by canceling his/her registration. HACKTIFY may terminate this Agreement at any time in its sole discretion with 30 days’ notice. HACKTIFY will notify the User of the termination of the contract on the Website and/or by e-mail.
In the event of termination of the Agreement by the User, the User permanently waives his claim for the Rewards still to be paid. User expressly acknowledges that in the event of termination of the Agreement by the User, no Rewards, Refunds or Rebates will be due, however, the Permissions granted to HACKTIFY will remain unchanged, so HACKTIFY may continue to use the License without restriction.
HACKTIFY is entitled to terminate this Agreement with immediate effect in the event of a serious breach of this Agreement by the User. Delays of more than 8 days in connection with late payment, breach of confidentiality under this Agreement, breach of intellectual property provisions and breaches of the liability and prohibitions of this Agreement, use or explicit attempt to do so contrary to or incompatible with the purpose of the system contained therein. The User also considers a serious breach of contract: intentionally providing false or inaccurate data, failure to provide information about inaccurate data, violation of any law or other regulations applicable to the User, HACKTIFY or the Customer’s legitimate economic, business, violation of the commercial interest or reputation, as well as a violation of the provisions regarding the scope of the license to use the Website and violation of the provisions of the License granted by the User to HACKTIFY.
The User is obliged to use HACKTIFY’s private communication channels in connection with the use of the Website, comments, bug reports and suggestions, which can be contacted via the Website form or by sending a letter to a dedicated e-mail address ([email protected]) . The Parties acknowledge the communication by e-mail as official, written communication valid for the purposes of the Agreement.
The place of conclusion of the contract is Budapest.
Any disputes arising out of or in connection with this Agreement shall be settled by the Parties, in the first instance, in cooperation with each other.
In resolving any dispute arising out of or in connection with a legal transaction under this Agreement, in particular in connection with its breach, termination, validity or interpretation, the Parties submit to the exclusive decision of the ad hoc arbitral tribunal established and acting by following per under the Model Rules recommended by the Budapest Bar Association (Budapesti Ügyvédi Kamara). The Parties agree that the members of the ad hoc arbitral tribunal shall be elected as members of the Budapest Bar Association from among the persons registered in the register maintained by the Hungarian Bar Association. Number of arbitrators: 3. The Hungarian language shall be used in the proceedings. The Model Regulations, which also serve as the basis for ad hoc arbitration and were also published on the website of the Budapest Bar Association (www.bpugyvedikamara.hu), were reviewed and accepted by the Parties. The Parties shall exclude the provisions of Act LX of 2017 on Arbitration. Act IX. Chapter provides for the possibility of procedural renewal. The substantive law applicable to the settlement of a dispute is Hungarian law, excluding its rules of private international law.
Applicable date 16th October 2020