If, for any reason, there are discrepancies in the translation, the original Dutch version of the Disclaimer shall prevail.
Use of the KVK website
The information on this website is intended for general information purposes only. No rights can be derived from the information on this website. Although the Chamber of Commerce (hereinafter referred to as ‘KVK’) takes care in compiling and maintaining this website and uses sources that are considered to be reliable, the KVK cannot guarantee that the information provided is accurate, complete and up to date. KVK also does not guarantee that the website will function without errors or interruptions. KVK explicitly rejects any liability with regard to the accuracy, completeness and current relevance of the information provided and the (uninterrupted) use of this website.
Third party information, products and services
When KVK displays links to the websites of third parties, this does not mean that KVK recommends the products or services offered on or through these websites. KVK accepts no liability and no responsibility for the content on, use of or availability of the websites that it refers to or that refer to this website. The use of these links is entirely at the user’s own risk. The information on these websites has not been assessed by KVK for accuracy, reasonableness, completeness or current relevance. Requests for the placement of links to third party websites on KVK.nl are assessed on the basis of a number of criteria. Read more about KVK’s linking policy criteria and regulations.
KVK reserves all intellectual property rights and other rights with regard to all information offered on or via this website, including all texts, graphic material and logos. It is not permitted to copy, download or in any way publish, distribute or reproduce the information on this website without the prior written permission of KVK or the lawful consent of the rights holder. However, you may print and/or download information from this website for your own personal use.
KVK reserves the right to change the information provided on or through this website, including the text of this disclaimer, at any time without further notice. Users are advised to periodically check whether the information provided on or through this website, including the text of this disclaimer, has been changed.
This website and the disclaimer are governed by Dutch law. Any disputes arising from or in connection with this disclaimer will be exclusively brought before the competent court in the Netherlands.
It may happen that there is a vulnerability in one of our systems. If you encounter a security problem, we ask you to report it to the National Cyber Security Centre (NCSC) as soon as possible. This will enable KVK to take appropriate measures. Doing so constitutes responsible disclosure.
How do I report a vulnerability in KVK’s ICT system?
If you discover a vulnerability in KVK’s ICT system, please:
- Report it to the NCSC as soon as possible after discovering it.
- E-mail your findings to firstname.lastname@example.org. The website rijksoverheid.nl provides information on how to report a weakness in KVK’s ICT system. There is also information on what your report should contain and how it will be dealt with.
- Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. In general, the IP address or the URL of the system involved and a description of the vulnerability are sufficient, but more information may be needed for more complex security issues.
- Leave your contact details so that we can get in touch with you to work together towards a safe solution. Please provide at least an e-mail address or a telephone number.
- Do not share information about the security problem with others until it is resolved.
- Deal responsibly with your knowledge about the security problem by not undertaking any actions beyond what is necessary to demonstrate the security problem.
- Please be aware that any information from the KVK systems is subject to confidentiality obligations and that further disclosure of that information is a punishable offence.
Do not misuse the discovery
If you discover a vulnerability, please do not misuse this knowledge, for example by:
- Installing malware.
- Copying, changing or deleting data or system configurations (an alternative to this is making a directory listing or screenshot).
- Making changes to the system.
- Repeatedly accessing the system or sharing the access with others.
- Making use of ‘brute forcing’ to gain access to systems.
- Making use of denial-of-service (DNS) attacks or social engineering.
What do we do on receiving a responsible disclosure report?
If you have reported a vulnerability in our ICT system, we will deal with it as follows:
- If your report meets the conditions outlined above, we will not attach any legal consequences to this report.
- We will treat your report as strictly confidential and will not share any personal information with third parties without your permission, unless required to do so by law or court order.
- The NCSC will send you a confirmation of receipt within one working day.
- You will receive a response to your report from the NCSC within three working days, containing an assessment of the report and a date on which a solution is expected to be implemented.
- The NCSC will keep you informed of progress. We will resolve the security problem you have identified in a system within 60 days at the latest. We will then determine in mutual consultation when and how to publish information about the report.