Responsible Disclosure Statement

Pathé Cinémas do care about the security of their systems, websites and applications as well as the protection of the data of their customers, employees and partners. Despite our efforts and means allocated to security, an unforeseen vulnerability can happen. 

If you discover a vulnerability, please inform us as soon as possible so that we can take corrective measures without delay. Your help will be valuable in preventing the risk of malicious exploitation. 

 

How to report a vulnerability? 

 

Please send us your findings on our partner's platform ZeroCopter by using the following URL: https://app.zerocopter.com/en/rd/9b4d433c-1041-4d4b-9352-f72ba85b09f7 

 

What we ask you to do: 

 

  • Do not exploit the vulnerability more than is necessary to demonstrate its existence, including by downloading data to prove a leak, viewing, deleting or modifying data, repeatedly accessing the system, making changes to the system or causing a denial of service. 

  • Do not share the vulnerability with others until it is resolved. 

  • Provide sufficient information to reproduce the problem so that we can resolve it. Usually, the IP address or URL of the affected system and a description of the vulnerability is sufficient. 

  • Delete any confidential data you may have obtained without delay. 

 

What we promise you: 

 

  • We will respond to your report within 5 business days with our assessment. 

  • We will not take legal action if you comply with the conditions set by us regarding your finding. 

  • We will treat your report confidentially and will not share your personal data with third parties without your consent, unless this is necessary to comply with a legal obligation. 

  • We will keep you informed of the progress of the problem. 

  • If you wish, we may cite your name or pseudonym as the discoverer of the problem in public information about the reported problem once it has been resolved. 

  • As a thank you for your help, we offer a reward for every report of an unknown vulnerability. 

 

Scope of this statement: 

 

This statement applies to the website on which it is published and to the corresponding mobile application. 

Websites of Pathé France, Netherlands, Belgium, Switzerland, Senegal, Tunisia, Morocco & Ivory Coast (common platform): 

  • login.pathe.me 

  • www.pathe.fr, s.pathe.fr, c.pathe.fr 

  • www.pathe.be, s.pathe.be & c.pathe.be 

  • www.pathe.ch, s.pathe.ch & c.pathe.ch 

  • www.pathe.sn, s.pathe.sn & c.pathe.sn 

  • www.pathe.tn, s.pathe.tn & c.pathe.tn 

  • www.pathe.ma, s.pathe.ma & c.pathe.ma 

  • www.pathe.ci, s.pathe.ci & c.pathe.ci 

 

Mobile applications of Pathé France, Netherlands, Belgium, Switzerland, Senegal, Tunisia, Morocco & Ivory Coast (common platform): 

 

The websites and applications of other Pathé entities have their own statements which we invite you to consult: 

  • Pathe.com 

  • Pathelive.com 

  • Pathe-Thuis.nl 

  • Pathehome.com 

 

Out of scope: 

 

The following websites and the related mobile applications are out of scope of this CVD program: 

  • *.pro.pathe.fr 

  • location.pathe.fr 

  • pathebusiness.ch 

  • pathebusiness.be 

  • business.pathe.nl 

  • pathe.nl/business 

  • carrieres.pathe.com 

  • pathefilms.ch 

  • pathe.co.uk 

 

This Responsible Disclosure Statement is based on an example written by Floor Terra and the Coordinated Vulnerability Disclosure Guidelines of the NCSC