Go straight to the text

Samsung Mobile Security Rewards Program Privacy Notice

  1. Effective Date: [March 16, 2026] (Archived versions)
  2. At Samsung Electronics Co., Ltd. (“Samsung”), we know how important privacy is to our customers. Under applicable law, Samsung is the data controller for Samsung Mobile Security Rewards Program (the “Service”). We created this Privacy Notice to make sure you understand how we collect and use your personal data.
  3. Our Privacy Policy (available at https://account.samsung.com/membership/terms/privacypolicy) also applies to your use of the Service. Our Privacy Policy contains more information about how we use your data. It also includes information about your rights and how to contact us. Please read our Privacy Policy in addition to this Privacy Notice. However, this Privacy Notice shall always prevail over the Privacy Policy in relation to how we use your information for the Service.
WHAT INFORMATION DO WE COLLECT?
  1. Through the Service, we obtain and maintain information about you in various ways.
  2. Information You Provide Directly
    • Samsung Account Information: We may collect information associated with the Samsung account used to access the Samsung Mobile Security Rewards Program, such as your Samsung account identifiers such as globally unique identifier (GUID) and country or region of residence.
    • Rewards Program Interactions: We may collect information you submit through the Rewards Program such as when you submit a security report, name for acknowledgment, contact email, country or region of residence, affected firmware version and device, vulnerability details including any files you attach to the security report, and any communications you send to us.
    • Rewards Information: In order to process your rewards, we may additionally collect name, registration number, nationality, country or region of residence (for tax purposes), residence address including postal code, phone number and information concerning any amounts paid to you (including the Paypal address where any amounts payable is sent).
  4. Information We Obtain By Automated Means
  5. In addition to the information you provide, we will collect information about you through software on your devices and by other means. We will collect:
    • Information about your Service-enabled devices, such as device model, OS version, device configurations and settings, IP address, Session ID;
    • Information about your usage of the Service, including about how, when, and for how long you use the Service, and technical and error information. We also collect any information stored in cookies we have set on your device;
  7. We also may collect other information about you, your devices and apps, and your use of the Service in ways that we describe to you at the time of collection or otherwise with your consent.
HOW DO WE USE YOUR INFORMATION?
  1. We use the collected information for the following purposes and in accordance with the legal bases set out below:
    personal data
    Legal Basis (where required by applicable law) Processing Purposes
    Keeping our promise to you(performance of contract or preliminary procedures)
    • Identifying and authenticating you
    • Providing you with the Rewards Program, such as reviewing reports made by you and processing and paying rewards, if applicable
    To promote our business interests (legitimate interest)
    • Operating, evaluating, and improving the Service and our business (including developing new products and services; enhancing and improving our products and services; managing our communications; analyzing our products, services and customer base; conducting market research; performing data analytics; and performing accounting, auditing and other internal functions)
    • Maintaining adequate security measures (including fraud detection)
    • Protecting against liability, including complying with industry standards and enforcing our policies
    To comply with the law, regulatory obligations and legal processes
    • Complying with applicable statutes and regulatory and administrative or court orders
    • Enforcing legal obligations
  2. Samsung processes personal information via automated and non-automated means for the purposes described above and in accordance with applicable law. We will process your data in accordance with applicable law pursuant to a proper legal basis such as to comply with the law, regulatory obligations and legal processes, to provide you with the Service, to perform a contract with you, pursuant to a legitimate interest provided, or consent, as applicable. The legal basis may vary from one country to another, but we will rely on the appropriate legal basis provided in data protection and other laws of your country.
WHO DO WE SHARE YOUR INFORMATION WITH?
  1. We will disclose your information internally within our business and to the following entities, but only for the purposes described above.
    • Affiliates: other Samsung Electronics Group companies which we control or own;
    • Business partners: partners who we work together with to provide you with the Service, such as Bugcrowd Inc. as third-party payment processors. These business partners control and manage your personal data;
    • Service providers: carefully selected companies that provide services for or on behalf of us, such as TimeGate Co.,Ltd. and Microsoft Korea Inc. as the management, development, operation and monitoring of the Rewards Program. These providers are also committed to protecting your information;
    • Other parties when required by law or as necessary to protect the Service: for example, it may be necessary by law, legal process, or court order from governmental authorities to disclose your information. They may also seek your information from us for the purposes of law enforcement, national security, anti-terrorism, or other issues that are related to public security;
    • Other parties in connection with corporate transactions: we may disclose your information to a third party as part of a merger or transfer, acquisition or sale, or in the event of bankruptcy; and
    • Other parties with your consent or at your direction: in addition to the disclosures described in this Privacy Notice, we may share information about you with third parties when you separately consent to or request such sharing.
INTERNATIONAL TRANSFERS
  1. Your use of the Service will involve the transfer, storage, and processing of your personal data, including, as applicable, any sensitive or special categories of personal data, to other countries. The countries to which we transfer internationally include, without limitation, the Republic of Korea and United States of America. In some cases, your personal data may simply be accessed remotely from a country listed above, while in others it may be physically transferred to one of the listed countries for processing. The purpose of these international transfers depends on the relevant business need, but your data will only be used for the purposes described above. Some transfers may be temporary, while others may continue until the applicable processing purpose is fulfilled. All international transfers are subject to legal requirements to ensure that your personal data is processed safely and as you would expect.
HOW LONG DO WE RETAIN YOUR INFORMATION?
  1. How long your data will be retained depends on the legal basis relied upon to process your data and/or the purposes of processing. For example, data we process to perform our contract with you requires us to keep the data throughout the time you use the Service. As long as you are an active user of the Service, we will retain and process this data. Data such as your account information and device information and identifiers fall into this category.
  2. Data we process to promote our business interests, such as your use of the Service, is only kept for as long as needed for the purposes for which it was collected. For example, this data may be collected to perform analytics so we can develop improvements to the Service, or we may process data to keep a record of inquiries you made through or about the Service to improve your customer service experience.
  3. Please note, although we aim to retain your data for the time period described above, your data may be processed longer pursuant to applicable law. For example, if a specific statute mandates that we require a certain piece of data, we comply and retain that data until the required retention period expires.
  4. As long as your data is retained by us, your data will always be subject to appropriate safeguards.
YOUR RIGHTS
  1. We provide you with certain rights and choices in connection with the personal data we obtain about you on or through the Service in compliance with applicable law. To learn more about your rights specific to your country, please refer to our Privacy Policy (available at https://account.samsung.com/membership/terms/privacypolicy). Such rights may include asking us to provide whether or not personal data has been processed and details about what we’ve collected (including with regards to the purpose for processing and sharing), to delete it, to correct it, limit, restrict or object to processing, to withdraw consent, and to claim compensation for damages causes by unlawful processing of your personal data.
CONTACT US
  1. You can contact us to exercise your rights and choices, submit a request, or ask us questions. The easiest way to contact us is through the Contact Us section of: https://www.samsung.com/.
  2. You can contact us at:
  3. Data Controller
    Samsung Electronics Co., Ltd.
    129, Samsung-ro, Yeongtong-gu,
    Suwon-si, Gyeonggi-do 16677, Republic of Korea
  4. If you reside in Brazil, you may also contact us at:
  5. Samsung Eletrônica da Amazônia Ltda. (Samsung Brazil)
    Av. Chucri Zaidan, 1240, Morumbi, São Paulo/SP, CEP 04711-130 – Brazil
    Contact Us section at https://www.samsung.com/br/support/contato
    Data Protection Officer (DPO): Pamella Carolina Ribeiro Kim Santos – e-mail:
UPDATES TO THIS PRIVACY NOTICE
  1. This Privacy Notice may be updated to let you know about changes in how we collect and process your information in the Service or changes in related laws. The date when the document was last updated is shown at the top of this Privacy Notice. If we update the Privacy Notice, we will let you know in advance about changes we consider to be material by placing a notice on relevant services or by emailing you, where appropriate.