Bug Bounty Programme Terms and Conditions
Bug Bounty Programme, the Programme – the programme implemented by Paysera, which is applicable to persons who have discovered a security bug at Paysera, reported it to Paysera, and are eligible for a reward.
Bug Bounty Programme Participant, the Participant – a person who has discovered a bug in the Security system of Paysera, reported it to Paysera, and is eligible for a reward.
Bug – an error, malfunction, or other disruption in the programs or systems of Paysera, which may affect Paysera or any other system related to Paysera, which is controlled or managed by Paysera.
Confidential information – any information related to the Paysera System or Clients of Paysera, obtained by participating or intending to participate in the Bug Bounty Programme.
Client – a person who has registered and created an account in the Paysera System.
Paysera – "Paysera LT", UAB, Paysera group companies according to the residence country of the Client, also other legal persons that are engaged by Paysera LT, UAB, in providing services and are authorised to operate on behalf of Paysera LT, UAB.
Paysera System – a software solution on the web pages of Paysera, developed by Paysera and used to provide the services of Paysera.
Sanctioned persons, sanctioned countries – persons or countries subjected to sanctions (restrictions of the state) by the European Union, The Office of Foreign Assets Control (OFAC) of the USA, or other relevant organisations.
1. The Bug Bounty Programme Participant hereby confirms that they have read and agree to the present Bug Bounty Programme terms and conditions.
2. In order to participate in the Bug Bounty Programme, the Bug Bounty Programme Participant shall comply with the following eligibility requirements:
2.1. the Bug Bounty Programme Participant shall be at least 14 years old. If the Participant is at least 14 years old, but is considered a minor in their place of residence, they must obtain consent from their parents or legal guardians prior to getting enrolled in the programme. Paysera has the right to demand the Participant to provide written (also notarised) consent of the Participant's representatives (parents or legal guardians). If the Participant fails to provide written consent within the set period of time, Paysera shall terminate their participation in the Programme;
2.2. the Bug Bounty Programme Participant shall adhere to regulatory legislation.
3. In case Paysera determines that the Bug Bounty Programme Participant has breached at least one of the criteria set out in paragraph 2, the Participant shall be removed from the Bug Bounty Programme and shall not be entitled to a reward.
4. The Bug Bounty Programme Participant is obligated to adhere to the Confidentiality requirements – all information obtained using, participating, or intending to participate in the Programme belongs to Paysera and shall be deemed Confidential. Paysera reserves the right to take legal action for the use or disclosure of information related to the Programme or otherwise disseminating such information.
5. The Bug Bounty Programme Participant shall use only their own data during participation in the Programme.
6. The Bug Bounty Programme Participant is prohibited from:
6.1. carrying out attacks, which may harm or otherwise influence the reliability or integrity of the data or services of Paysera;
6.2. using bug research methods that may result in customer service aggravation;
6.3. getting or using data of Paysera Clients obtained through the participation in the Programme;
6.4. performing actions that would allow the Bug Bounty Programme Participant or any other third person to access, store, erase, or influence the data of Paysera or its Clients in other ways;
6.5. in other ways causing interruptions in the Paysera System, disrupting the activity of Paysera Clients in the System, exploiting a Bug in pursuit of own benefits, or violating legal requirements.
7. A reward to the Bug Bounty Programme Participant is paid in proportion to the severity of the Bug.
8. Only Bugs acknowledged by Paysera are rewarded.
9. A reward is paid for a Bug, which:
9.1. is discovered for the first time and had not been reported or known before;
9.2. is discovered remotely, or provides an opportunity to escalate or get new privileges in regard to the Paysera System, or may cause a leak of confidential information of Paysera or its Clients.
10. A reward is paid in the currency of euro.
11. When a Bug is reported by two or more persons within 24 hours, the reward is split between the persons.
12. A reward for reporting a Bug shall be transferred only to an identified Paysera account of the Participant.
13. At the request of the Bug Bounty Programme Participant, the reward may be donated to Greenpeace, the Red Cross, or Caritas.
14. The Bug Bounty Programme Participant is responsible for paying all the taxes that may be applicable in their country of residence from the reward paid out for the participation in the Bug Bounty Programme. If the Bug Bounty Programme Participant is a citizen of the Republic of Lithuania, the reward shall be paid by deducting taxes prior to payout.
15. The Bug Bounty Programme Participant agrees to provide Paysera with their personal and contact details (name, surname, personal identification number, citizenship, residential address, bank account number) in order for Paysera to pay the reward for their participation in the Bug Bounty Programme in accordance with the requirements of Paysera, and perform other actions set out by legislation.
16. The Participant agrees that Paysera will process the provided data in order to pay a reward for participation in the Programme. Paysera ensures the security of the data obtained through the Bug Bounty Programme Participant's participation in the Programme. The personal data shall be used to the extent it is required in order to implement the present Terms and Conditions. The personal data referred to in paragraph 15 of the Terms and Conditions may not be disclosed without the consent of the Participant, except in cases established by law or these Terms and Conditions.
17. The retention period for the data of the Bug Bounty Programme Participant is 10 (ten) years, unless a longer retention period is required by legal acts. Upon expiration of the Participant's data retention period, Paysera shall erase the data.
18. Paysera has the right to transfer information about the Participant and their activities to public authorities (e.g. for tax purposes), if such obligation is determined by legislation.
19. The Bug Bounty Programme Participant who is a sanctioned person or a citizen of a sanctioned country can participate in the Programme on a reimbursable basis, or their reward may be donated to the charity organisations referred to in paragraph 13 of the present Terms and Conditions.
20. Paysera reserves the right to terminate the Bug Bounty Programme at any time. An integral supplement of these Bug Bounty Programme terms and conditions is the Bug Reporting Rules provided on the Paysera website.