Go straight to the text

Samsung Mobile Security Rewards Program Privacy Notice

  1. Effective Date: [March 16, 2026] (Archived versions)
  2. Samsung Electronics Co., Ltd. (“Samsung”), knows how important privacy is to our customers. Samsung is the data controller for Samsung Mobile Security Rewards Program (the “Service”). We created this Privacy Notice to make sure you understand how we collect and use your personal information in relation to the Service.
  3. Our Privacy Policy at https://account.samsung.com/membership/terms/privacypolicy also applies to your use of the Service. Our Privacy Policy contains more information about how Samsung uses your personal information. It also includes information about your rights and how to contact us. Please read our Privacy Policy in addition to this Privacy Notice. However, this Privacy Notice shall always prevail over the Privacy Policy in relation to how we use your information for the Service.
WHAT PERSONAL INFORMATION DO WE COLLECT?
  1. Through the Service, Samsung processes personal information about you in a variety of ways.
  2. Personal Information You Provide Directly
    • Samsung Account Information: We may collect information associated with the Samsung account used to access the Samsung Mobile Security Rewards Program, such as your Samsung account identifiers such as globally unique identifier (GUID) and country or region of residence.
    • Rewards Program Interactions: We may collect information you submit through the Rewards Program such as when you submit a security report, name for acknowledgment, contact email, country or region of residence, affected firmware version and device, vulnerability details including any files you attach to the security report, and any communications you send to us.
    • Rewards Information: In order to process your rewards, we may additionally collect name, registration number, nationality, country or region of residence (for tax purposes), residence address including postal code, phone number and information concerning any amounts paid to you (including the Paypal address where any amounts payable is sent).
  4. Personal Information About Your Use of the Service
  5. In addition to the personal information you provide, we will collect personal information about your use of the Service through software on your devices and by other means. We will collect:
    • Information about your Service-enabled devices, such as device model, OS version, device configurations and settings, IP address, Session ID;
    • Information about your usage of the Service, including about how, when, and for how long you use the Service, and technical and error information. We also collect any information stored in cookies we have set on your device
  7. We may also collect other personal information about you, your devices and apps, and your use of the Service in ways that we describe to you at the time of collection or otherwise with your consent.
HOW DO WE USE YOUR PERSONAL INFORMATION?
  1. How we use the personal information we collect, and the legal basis for each use is outlined below:
    personal data
    Purpose of processing Legal Basis
    • Identifying and authenticating you
    • Providing you with the Rewards Program, such as reviewing reports made by you and processing and paying rewards, if applicable
    		 Keeping our promise to you
    (performance of contract)
    GDPR Article 6(1)(b)
    • Operating, evaluating, and improving the Service and our business (including developing new products and services; enhancing and improving our products and services; managing our communications; analyzing our products, services and customer base; conducting market research; performing data analytics; and performing accounting, auditing and other internal functions)
    • Responding to your requests, instructions and inquiries
    • Maintaining adequate security measures
    • Protecting against liability, including comply with industry standards and enforcing our policies
    		 To promote our business interests (legitimate interest)
    GDPR Article 6(1)(f)
    • Complying with applicable legal requirements, relevant industry standards, and our policies
    • Protecting against, identifying, and preventing fraud and other criminal activity, claims and other liabilities
    		 To comply with the law, regulatory obligations and legal processes
    GDPR Article 6(1)(c)
WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
  1. We will disclose your personal information internally within our business and to the following entities, but only for the purposes described above.
    • Affiliates: other Samsung Electronics Group companies which we control or own;
    • Business partners: partners who we work together with to provide you with the Service, such as Bugcrowd Inc. as third-party payment. These business partners control and manage your personal information;
    • Service providers: carefully selected companies that provide services for or on behalf of us, such as TimeGate Co.,Ltd. and Microsoft Korea Inc. as the management, development, operation and monitoring of the Rewards Program. These providers are also committed to protecting your personal information;
    • Other parties when required by law or as necessary to protect the Service or users: for example, it may be necessary by law, legal process, or court order from governmental authorities to disclose your personal information. They may also seek your personal information from us for the purposes of law enforcement, national security, anti-terrorism, or other issues that are related to public security;
    • Other parties in connection with corporate transactions: we may disclose your personal information to a third party as part of a merger or transfer, acquisition or sale, or in the event of bankruptcy; and
    • Other parties with your consent or at your direction: in addition to the disclosures described in this Privacy Notice, we may share your personal information with third parties when you separately consent to or request such sharing.
WHERE DO WE SEND YOUR PERSONAL INFORMATION?
  1. Your use of the Service will involve the transfer, storage, and processing of your personal information to other countries, where necessary; such countries include, without limitation, countries in the European Economic Area, the Republic of Korea and United States of America. Some countries have been determined by the European Commission or relevant data protection authority to adequately protect your personal information, you can find a list of those countries here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. Please note that the data protection and other laws of countries to which your personal information may be transferred might not be as comprehensive as those in your country.
  2. We will take appropriate measures, in compliance with applicable law, to ensure that your personal information remains protected. Such measures may include the use of Standard Contractual Clauses, International Data Transfer Agreement or equivalent to safeguard the transfer of personal information outside of the EEA and the United Kingdom. To request more information, please contact us by the methods outlined in the Contact Us section of this Privacy Notice.
HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
  1. We won’t keep your personal information for longer than is necessary for the purpose for which it was collected. This means that personal information will be destroyed or erased from our systems when it’s no longer required.
  2. How long your personal information will be retained depends on the legal basis relied upon to process your data. For example, personal information we process to perform our contract with you requires us to keep the data throughout the time you use the Service. As long as you are an active user of the Service, we will retain and process this personal information. Personal information such as your account information and device information and identifiers fall into this category.
  3. Personal information we process to promote our business interests, such as your usage of the Service, is only kept for as long as needed for the purposes for which it was collected. For example, this personal information may be collected to perform analytics so we can develop improvements to the Service, or we may process personal information to keep a record of inquiries you made through or about the Service to improve your customer service experience.
  4. Please note, although we aim to retain your personal information for the time period described above, your personal information may be processed longer pursuant to applicable law. For example, if a law requires that we keep some of your personal information, we will comply and retain that data until the required retention period expires.
HOW DO WE KEEP YOUR INFORMATION SECURE?
  1. We take data protection very seriously. We have put in place physical and technical safeguards to keep the personal information we collect secure. However, please note that although we take reasonable steps to protect your personal information, no website, internet transmission, computer system or wireless connection is completely secure.
WHAT ARE YOUR RIGHTS?
  1. Your personal information belongs to you. In accordance with applicable law, you have the right to ask us to provide details about what we’ve collected and you can ask us to delete it or correct any inaccuracies. You can also ask us to restrict or limit the processing, sharing or transfer of your personal information, as well as to provide you with the personal information that we’ve collected so you can use it for your own purposes. You have the right to data portability which means you can ask us to provide your personal information to you or to a third party in a machine-readable format. You can also object to your personal information being processed and withdraw your consent. However, requesting the deletion of your personal information may also result in a loss of access to the Service. We won’t delete data that we’re required by law to retain. You also have the right to object to processing on the basis of legitimate interests.
  2. To make a request concerning your rights or to make an inquiry, contact us using the methods outlined in the CONTACT US section of this Privacy Notice.
CONTACT US
  1. You can contact us to update your preferences, exercise your rights, submit a request, or ask us questions.
  2. You can raise a request via our privacy support page here: https://www.samsung.com/request-desk.
  3. If you are within the EEA and prefer to write to us, you can contact us at:
  4. European Data Protection Officer
    Samsung Electronics (UK) Limited
    Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS, UK
  5. If you are outside the EEA, you can use this address:
  6. Data Controller
    Samsung Electronics Co., Ltd.
    129, Samsung-ro, Yeongtong-gu,
    Suwon-si, Gyeonggi-do 16677, Republic of Korea
  7. You can lodge a complaint with the relevant supervisory authority if you consider that our processing of your personal information infringes applicable law. Contact details for all EU and EEA supervisory authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en.
  8. If you are in the UK you can find the contact details for the UK supervisory authority at https://ico.org.uk/global/contact-us/.
UPDATES TO THIS PRIVACY NOTICE
  1. This Privacy Notice may be updated to let you know about changes in how we collect and process your information in the Service or changes in related laws. The date when the document was last updated is shown at the top of this Privacy Notice.