Pollard Banknote Limited and its subsidiaries (“Pollard” or the “Company”) are leading lottery partners to more than 60 lotteries worldwide, providing high-quality instant ticket products, licensed games, retail merchandising solutions, and a full suite of digital offerings, ranging from game apps to comprehensive player engagement and iLottery solutions, including strategic marketing and management services.
Together, we are committed to the identification and remediation of cyber vulnerabilities that affect our information technology environments, including our systems and networks, and our digital products and services. The purpose of this policy is to document a process for the reporting of cyber vulnerabilities.
We encourage you to contact us at vulnerabilityreporting@pbl.ca to report potential cyber vulnerabilities in our systems.
Pollard will openly accept cyber vulnerability reports and agrees not to pursue legal action against individuals who:
Once you’ve established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party), you must:
We accept cyber vulnerability reports at vulnerabilityreporting@pbl.ca. If a cyber vulnerability is discovered, you must provide a detailed summary of the cyber vulnerability, including the following:
By submitting a cyber vulnerability report, we will presume that you have:
Personal data submitted in a cyber vulnerability report will not be retained by Pollard, other than contact information used solely for coordination. By submitting a report, you acknowledge that:
When you share your contact information with us, we commit to coordinating with you as openly and quickly as possible:
If communication or other issues arise, Pollard may engage a neutral third party to assist in addressing the vulnerability.
Pollard does not authorize, permit, or otherwise allow (expressly or impliedly) any person, including any individual, group of individuals, consortium, partnership, or any other business or legal entity, to engage in any security research or vulnerability or threat disclosure activity on or affecting Pollard systems that is inconsistent with this policy or the law. If you engage in any activities that are inconsistent with this policy or other applicable law, you may be subject to criminal and/or civil liabilities.
Pollard may modify the terms of this policy or terminate it at any time.
Questions regarding this policy may be sent to vulnerabilityreporting@pbl.ca. We also invite you to contact us with suggestions for improving this policy.