These regulations on programs on the bugbounty.standoff365.com platform ("Regulations") govern the procedure of arrangement and implementation of such programs.
Client |
A legal entity having placed a request to arrange a Program. |
Organizer |
Joint-Stock Company Positivnye Technologii, OGRN 1127746201087, registered address: 8 Preobrazhenskaya Square, office 60, Moscow, 107061, Russian Federation. |
Report |
An electronic record provided by the Participant to the Organizer by completing a form in the personal account on the Platform. It contains the conclusions and description of the completed Program assignment. |
Platform |
A website at bugbounty.standoff365.com |
Winner |
A Program Participant in respect of whom a decision to pay a reward has been made. |
Program |
A program for searching for vulnerabilities in the Client's Product, hosted on the Platform. |
Product |
An information system, web service, application, software, or another product owned by the Client or in respect to which the Client has all necessary rights to participate in the Program. The Product is tested by the Participants during the Program. |
Participant |
A legally capable individual who has reached 18 (eighteen), or 14 (fourteen) and has provided written consent of their legal representatives for participation in the Program, who acts on their own behalf and is willing to participate in a Program. Persons involved in organizing and running a Program, members of their families, or developers of the code analyzed during the Program cannot participate in the Program. Self-employed individuals who are taxpayers under a special tax regime (in accordance with Federal Law No. 422-FZ dated November 27, 2018 "On an Experiment on Establishing the Special 'Self-Employment Tax' Regime") or individual entrepreneurs may participate in the Program. |
Vulnerability |
A technical flaw in the Client's Product that can be exploited by attackers to disrupt the Product's normal operation, integrity, availability, confidentiality, and/or trigger a non-tolerable event. A non-tolerable event is an event that occurred as a result of a cyberattack, which prevents an organization from achieving its operational and/or strategic goals or leads to significant disruption of its core activities. |
Specify the details of their status and applicable tax regime in their account on the Platform.
If the Winner participates in the Program as an individual:
The Winner shall specify the following details in their account on the Platform:
a) Full name;
b) Date of birth;
c) Payment details: the name and BIK (Sort Code) of the beneficiary bank, the correspondent account, INN (taxpayer identification number) of the beneficiary bank, the beneficiary bank account, the beneficiary name;
d) Passport details: series, number, date of issue, subdivision code, issuing authority, registration address;
e) INN (taxpayer identification number), if applicable.
If the Winner is under 18 (eighteen) years of age, they shall provide the Organizer with written consent of their legal representatives for the Winner's participation in the Program and compliance with these Regulations.
The Organizer may request a scanned copy of the Winner's foreign passport, including scanned copies of the pages with stamps confirming crossings of Russian borders.
If the Organizer is unable to establish the Winner's country of tax residence due to insufficient information provided by the Winner, the Organizer may reduce the reward amount granted to the Winner (an individual) by the PIT (personal income tax) amount calculated at a 30-percent rate.
If the Winner acts as an individual, the Organizer shall calculate the PIT amount, deduct it from the reward amount and remit it to the Russian tax authorities.
To pay the reward money to the Winner, the Organizer shall remit funds using bank details specified by the Winner on the Platform. If no notification of non-receipt of the payment is received by the Organizer from the Winner within 30 (thirty) calendar days following the payment date, the Organizer will be deemed to have fulfilled its reward payment obligations in full.
The procedure and all other necessary information required for a Winner who is a non-Russian citizen and an individual to receive a reward may differ from the information specified in clauses 6.3.2–6.3.7 of these Regulations and shall be posted in the Participant's account.
If the Winner participates in the Program as a self-employed individual and is a taxpayer under the special Self-Employment Tax regime (in accordance with Federal Law No. 422-FZ dated November 27, 2018):
The Winner shall specify the following details in their account on the Platform:
a) Full name;
b) Date of birth;
c) INN (taxpayer’s identification number).
The Winner shall register in the Konsol service in accordance with clause 6.4 of the Regulations.
If the Winner is a self-employed individual and a taxpayer under the special Self-Employment Tax regime, a receipt will be generated in the Konsol service on the day of receiving the reward (in accordance with Art. 14 of Federal Law No. 422-FZ dated November 27, 2018). The Winner is solely responsible for paying taxes on the reward received from the Organizer.
If the Winner is a self-employed individual and was the Organizer's employee at any time in the 2 (two) preceding years, the Organizer shall pay the reward to the Winner as an individual (or an individual entrepreneur if the Winner is registered as such and has provided the documents in accordance with these Regulations).
If the Winner participates in the Program as an individual entrepreneur:
The Winner shall specify the following details in their account on the Platform:
a) Full name;
b) Date of birth;
c) INN (taxpayer’s identification number).
The Winner shall register in the Konsol service in accordance with clause 6.4 of the Regulations.
If the Winner is an individual entrepreneur, they are solely responsible for paying taxes on the reward received from the Organizer in accordance with the applicable tax regime.