Go straight to the text

Samsung Mobile Security Rewards Program Privacy Notice

  1. Effective Date: [March 16, 2026] (Archived versions)
  2. At Samsung Electronics Co., Ltd. (“Samsung”), we know how important privacy is to our customers. Under applicable law, Samsung is the data controller for Samsung Mobile Security Rewards Program (the “Service”). We created this Privacy Notice to make sure you understand how we collect and use your personal data.
  3. Our Privacy Policy (available at https://account.samsung.com/membership/terms/privacypolicy) also applies to your use of the Service. Our Privacy Policy contains more information about how we use your data. It also includes information about your rights and how to contact us. Please read our Privacy Policy in addition to this Privacy Notice. However, this Privacy Notice shall always prevail over the Privacy Policy in relation to how we use your information for the Service.
WHAT INFORMATION DO WE COLLECT?
  1. Through the Service, we obtain and maintain information about you in various ways.
  2. Information You Provide Directly
    • Samsung Account Information: We may collect information associated with the Samsung account used to access the Service, such as your Samsung account identifiers such as globally unique identifier (GUID) and country or region of residence.
    • Rewards Program Interactions: We may collect information you submit through the Service such as when you submit a security report, name for acknowledgment, contact email, country or region of residence, affected firmware version and device, vulnerability details including any files you attach to the security report, and any communications you send to us.
    • Rewards Information: In order to process your rewards, we may additionally collect name, registration number, nationality, country or region of residence (for tax purposes), residence address including postal code, phone number and information concerning any amounts paid to you (including the Paypal address where any amounts payable is sent).
  4. Information We Obtain By Automated Means
  5. We will collect information about you through software on your devices and by other means. We will collect:
    • Information about your Service-enabled devices, such as device model, OS version, device configurations and settings, IP address, Session ID;
    • Information about your usage of the Service, including about how, when, and for how long you use the Service, and technical and error information. We also collect any information stored in cookies we have set on your device;
  6. We also may collect other information about you, your devices and apps, and your use of the Service in ways that we describe to you at the time of collection or otherwise with your consent.
HOW DO WE USE YOUR INFORMATION?
  1. We use the collected information for the following purposes and in accordance with the legal bases set out below:
  2. personal data
    Legal Basis Processing Purposes Processed Personal Data
    To establish or perform a contract
    TDPL Article 5/2-c
    • Identifying and authenticating you
    • Providing you with the Rewards Program, such as reviewing reports made by you and processing and paying rewards, if applicable
    • Samsung account information (Samsung account identifiers such as globally unique identifier (GUID) and country or region of residence)
    • Rewards Program Interactions (a security report, name for acknowledgment, contact email, country or region of residence, affected firmware version and device, vulnerability details including any files you attach to the security report, and any communications you send to us)
    • Rewards Information (name, registration number, nationality, country or region of residence (for tax purposes), residence address including postal code, phone number and information concerning any amounts paid to you (including the Paypal address where any amounts payable is sent))
    • Information about your Service-enabled devices (device model, OS version, device configurations and settings, IP address, Session ID)
    • Information about your usage of the Service ( how, when, and for how long you use the Service, technical and error information, and any information stored in cookies )
    For legitimate interests
    TDPL Article 5/2-e
    • Operating, evaluating, and improving the Service and our business (including developing new products and services; enhancing and improving our products and services; managing our communications; analyzing our products, services, and customer base; conducting market research; performing data analytics; and performing accounting, auditing, and other internal functions)
    • Maintaining adequate security measures
    To fulfill legal obligations
    TDPL Article 5/2-ç
    • Complying with applicable statutes and regulatory and administrative or court orders
    • Enforcing legal obligations
    • Information listed in this column, as applicable
    • Information related to disputes and correspondence with legal authorities
    To exercise or protect a right
    TDPL Article 5/2-e
    • Protecting against, identifying, and preventing fraud, criminal activity, claims, and liabilities
    With explicit consent
    TDPL Article 5/1
    • Linking your Samsung account to compatible third-party devices, applications, features, services or content
    • Samsung account information (Samsung account ID, nickname, and password)
  3. Samsung processes personal information via automated and non-automated means for the purposes described above and in accordance with applicable law. We will obtain your consent (or explicit consent) for data processing in accordance with applicable law unless we have another legal basis to process your information without consent, as applicable, such as to comply with the law, regulatory obligations and legal processes, to provide you with the Service, to perform a contract with you, or pursuant to a legitimate interest provided, as applicable, the fundamental rights and freedoms of the data subject are not violated. The legal basis may vary from one country to another, but we will rely on the appropriate legal basis provided in data protection and other laws of your country.
WHO DO WE SHARE YOUR INFORMATION WITH?
  1. We will disclose your information internally within our business and to the following entities, but only for the purposes described above.
    • Affiliates: other Samsung Electronics Group companies which we control or own;
    • Business partners: partners who we work together with to provide you with the Service, such as Bugcrowd Inc. as third-party payment processors. These business partners control and manage your personal data;
    • Service providers: carefully selected companies that provide services for or on behalf of us, such as TimeGate Co.,Ltd. and Microsoft Korea Inc. as the management, development, operation and monitoring of the Service. These providers are also committed to protecting your information;
    • Other parties when required by law or as necessary to protect the Service: for example, it may be necessary by law, legal process, or court order from governmental authorities to disclose your information. They may also seek your information from us for the purposes of law enforcement, national security, anti-terrorism, or other issues that are related to public security;
    • Other parties in connection with corporate transactions: we may disclose your information to a third party as part of a merger or transfer, acquisition or sale, or in the event of bankruptcy; and
    • Other parties with your consent or at your direction: in addition to the disclosures described in this Privacy Notice, we may share information about you with third parties when you separately consent to or request such sharing.
  3. Your use of the Service will involve the transfer, storage, and processing of your personal data, including as applicable any sensitive or special categories of personal data, to other countries; such countries include, without limitation, the Republic of Korea, and United States of America. The personal data of data subjects in Turkey is transferred abroad in compliance with the Regulation on the Procedures and Principles Regarding the Transfer of Personal Data Abroad, published in the Official Gazette dated 10 July 2024 and numbered 32598, along with relevant legislation.
HOW LONG DO WE RETAIN YOUR INFORMATION?
  1. How long your data will be retained depends on the legal basis relied upon to process your data and/or the purposes of processing. For example, data we process to perform our contract with you requires us to keep the data throughout the time you use the Service. As long as you are an active user of the Service, we will retain and process this data. Data such as your account information and device information and identifiers fall into this category.
  2. Data we process to promote our business interests, such as your use of the Service, is only kept for as long as needed for the purposes for which it was collected. For example, this data may be collected to perform analytics so we can develop improvements to the Service, or we may process data to keep a record of inquiries you made through or about the Service to improve your customer service experience.
  3. Please note, although we aim to retain your data for the time period described above, your data may be processed longer pursuant to applicable law. For example, if a specific statute mandates that we require a certain piece of data, we comply and retain that data until the required retention period expires.
  4. As long as your data is retained by us, your data will always be subject to appropriate safeguards.
YOUR RIGHTS
  1. We provide you with certain rights and choices in connection with the personal data we obtain about you on or through the Service in compliance with applicable law. To learn more about your rights specific to your country, please refer to our Privacy Policy (available at https://account.samsung.com/membership/terms/privacypolicy). Such rights may include asking us to provide whether or not personal data has been processed and details about what we’ve collected (including with regards to the purpose for processing and sharing), to delete it, to correct it, limit, restrict or object to processing, to withdraw consent, and to claim compensation for damages causes by unlawful processing of your personal data.
CONTACT US
  1. You can contact us to exercise your rights and choices, submit a request, or ask us questions. The easiest way to contact us is through the Contact Us section of: https://www.samsung.com/.
  2. You can contact us at:
  3. Data Controller
    Samsung Electronics Co., Ltd.
    129, Samsung-ro, Yeongtong-gu,
    Suwon-si, Gyeonggi-do 16677, Republic of Korea
  4. Data Controller Representative
    Samsung Electronics Istanbul Pazarlama ve Ticaret Ltd. Şti.
    Defterdar Mah.Otakçilar Cad. Sinpaş Flatofis Apt.No.78/46 Eyüpsultan
  5. You may make requests to Samsung or our Data Controller Representative through the “Samsung Electronics Co., Ltd. Data Subject Application Form” available at https://www.samsung.com/tr/info/kvkk/.
UPDATES TO THIS PRIVACY NOTICE
  1. This Privacy Notice may be updated to let you know about changes in how we collect and process your information in the Service or changes in related laws. The date when the document was last updated is shown at the top of this Privacy Notice. If we update the Privacy Notice, we will let you know in advance about changes we consider to be material by placing a notice on relevant services or by emailing you, where appropriate.