I recently found a HTTP site from an insurance company in which the only way to subscribe is through a http POST request to compile with personal sensitive information. I called the helpdesk which assured me it is okay and confirmed that it was the only way to subscribe. How can I report this? This business respond to EU regulations.