Privacy notice – vulnerability reporting

Controller: barox Kommunikation AG, Switzerland ("barox"). Contact: security@barox.ch.

Purpose and legal basis

Data submitted via this form is processed exclusively to receive, analyse and remediate reported security issues and to fulfil the vulnerability handling and reporting obligations of the EU Cyber Resilience Act (CRA). The legal basis is our legitimate interest in the security of our products and compliance with legal obligations (Art. 6 (1) (c) and (f) GDPR).

Data processed

Retention and recipients

Reports are stored for the lifetime of the affected product plus the statutory retention periods required for CRA documentation. Data is not shared with third parties except with the competent authorities (e.g. CSIRT/ENISA) where legally required.

Your rights

You have the right to access, rectification, erasure and restriction of the processing of your personal data. Contact security@barox.ch. Please do not submit personal data of third parties, passwords or production credentials.