Samsung Mobile Security Rewards Program Privacy Notice
Effective Date: April 1, 2021
At Samsung Electronics Co., Ltd. (“Samsung”), we know how important privacy is to our customers. Samsung is the data controller for the Samsung Mobile Security Rewards Program (“Rewards Program”) available on https://security.samsungmobile.com. The Data Controller Representative of Samsung in Turkey is “Samsung Electronics Istanbul Pazarlama ve Ticaret Ltd. Şti.”. We created this Privacy Notice (“KVKK Notification Text”) to make sure you understand how we collect and use your personal information
Samsung aims to process personal data of the Samsung Mobile Security Rewards Program (“Rewards Program”) users in accordance with the international data protection provisions and the provisions of the Law No. 6698 on Protection of Personal Data (the “KVKK- also known as LPPD in English abbreviation”) and other legislation.
We hereby inform you that your personal data that you have provided/will provide to Samsung and/or are obtained externally by any means by Samsung due to your being a Rewards Program user shall be processed by Samsung acting as of “Data Controller”:
within the framework of the purpose for which they are required to be processed and as relevant, limited, and proportionate to such purpose,
by preserving the accuracy and the most up-to-date state of such personal data as they have been provided to Samsung by you or otherwise,
and by complying with the conditions stipulated in the KVKK.
With this KVKK Notification Text (Obligation to Inform Text), it has been aimed to continue and develop the activities carried out by Samsung in accordance with the principles contained in the KVKK.
WHAT INFORMATION DO WE COLLECT?
Samsung shall process your personal data for the purposes and legal grounds specified in this KVKK Notification Text. If there is any change in the purpose for which your personal data are processed or in the legal grounds thereof, this KVKK Notification Text shall be updated and re-published by Samsung.
Through Rewards Program, Samsung obtains and maintains information about you in various ways. Your personal data are collected through electronic media, via all kinds of information, documents and certificates you have submitted to Samsung and collected through the application, both before and after the establishment of the contractual relationship and during such contractual relationship.
Information You Provide Directly
The Rewards Program collects information from you directly. For example:
Samsung Account Information: We collect information associated with the Samsung account used to access the Samsung Mobile Security Rewards Program, such as your name, email address, Samsung account ID, and identifiers such as globally unique identifier (GUID).
Rewards Program Interactions: We collect information you submit through the Rewards Program such as when you submit a security report, including your name, email address, country of residence, affected firmware version and device, vulnerability details including any files you attach to the security report, and any communications you send to us. We also collect information related to your submitted security report, such as whether your report was qualified to receive a reward.
Rewards Information: In order to process your rewards, we additionally collect nationality, residence address including postal code, phone number and information concerning any amounts paid to you (including the Paypal address where any amounts payable is sent).
Information About Your Use of Rewards Program
In addition to the information you provide, we will collect information about your use of our Rewards Program through software on your devices and by other means. We will collect:
Device Information: We collect your IP address.
Log Information: Diagnostic, technical, error, and usage information such as the time and duration of your use of the Rewards Program and history of page visits within the Rewards Program website, search query terms when you enter search terms within the Rewards Program, and any information stored in cookies that we have set on your devices.
We also may collect other information about you, your devices and apps, and your use of Rewards Program in ways that we describe to you at the time of collection or otherwise with your consent.
HOW DO WE USE YOUR INFORMATION?
We use the information collected for the following purposes:
To provide you with the Rewards Program, such as to respond to your submissions, requests, questions and responses made through the Rewards Program, as well as, if applicable, provide you with rewards;
To identify and authenticate you so you may use the Rewards Program;
To operate, evaluate and improve our business (including enhancing and improving our products and the Rewards Program; managing our communications; analyzing your submissions, our products, customer base, and the Rewards Program; conducting market research; performing data analytics; and performing other internal functions);
To acknowledge the researcher with their name when we publish security patches information
To protect against, identify and prevent fraud and other criminal activity, claims and other liabilities; and
If you are eligible for a reward, we use third-party payment processors to provide you with rewards. These third-party processors will only use your information to provide you with rewards, and are subject to contractual obligations to ensure that your information is processed safely and as you would expect.
Samsung processes personal information for the purposes described above. Samsung’s legal basis to process personal information is outlined below:
Your personal data are processed being limited to the use of the related service/platform; in compliance with the legislation in force and the Law on Protection of Personal Data; by automated or non-automated methods;
based on Article 5, paragraph 2 of the KVKK, sub-paragraph c) which stipulates ‘if it is necessary to process personal data of contractual parties, provided that such processing is directly related to the establishment or performance of the contract’, and sub-paragraph, e) Data processing is necessary for the establishment, exercise or protection of any right, f) thereof, which stipulates ‘if it is mandatory to process personal data for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not violated’:
and may be updated in line with our obligations arising from the legislation and the company policies.
Your personal data shall be kept for a reasonable period of time until the purpose for which they are processed ceases to exist or until the end of the legal time period specified in the relevant legislation, and in any case until the expiry of the statute of limitations.
WHO DO WE SHARE YOUR INFORMATION WITH?
The procedures and principles to be applicable to personal data transfers are set forth in Articles 8 and 9 of the KVKK, and the personal data of the data subject may be transferred to third parties in Turkey and/or abroad.
We will disclose your information internally within our business and to the following entities, but only for the purposes described above.
Affiliates: other Samsung Electronics Group companies which we control or own; for example, to solve the problem, or to perform payment of rewards where necessary.
Business partners: partners who we work together with to provide you with the Rewards Program, such as third-party payment processors. These business partners control and manage your personal information;
Service providers: carefully selected companies that provide services for or on behalf of us, such as for the management, development, operation and monitoring of the Rewards Program. These providers are also committed to protecting your information;
Other parties when required by law or as necessary to protect Rewards Program: for example, it may be necessary by law, legal process, or court order from governmental authorities to disclose your information. They may also seek your information from us for the purposes of law enforcement, national security, anti-terrorism, or other issues that are related to public security;
Other parties in connection with corporate transactions: we may disclose your information to a third party as part of a merger or transfer, acquisition or sale, or in the event of bankruptcy; and
Other parties with your consent or at your direction: in addition to the disclosures described in this KVKK Notification Text, we may share information about you with third parties when you separately consent to or request such sharing.
HOW LONG DO WE RETAIN YOUR INFORMATION AND WHERE DOES IT GO?
How long your data will be retained depends on the legal basis relied upon to process your data. For example, data we process to perform our contract with you requires us to keep the data throughout the time you use Rewards Program. As long as you are an active user of Rewards Program, we will retain and process this data. Data such as your account information and device information and identifiers fall into this category.
Data we process to promote our business interests, such as your usage of Rewards Program, is only kept for as long as needed for the purposes for which it was collected. For example, this data may be collected to perform analytics so we can develop improvements to Rewards Program, or we may process data to keep a record of inquiries you made through or about Rewards Program to improve your customer service experience.
Please note, although we aim to retain your data for the time period described above, your data may be processed longer pursuant to applicable law. For example, if a specific statute mandates we require a certain piece of data, we comply and retain that data until the required retention period expires.
As long as your data is retained by us your data will always be subject to appropriate safeguards.
Your use of Rewards Program will involve the transfer, storage, and processing of your personal information to other countries; such countries include, without limitation, Republic of Korea and United States of America. All international data transfers are subject to legal requirements to ensure that your personal information is processed safely and as you would expect.
YOUR RIGHTS UNDER KVKK
Data Subject’s Rights under KVKK In accordance with Article 11 of the KVKK, you may apply to Samsung and make requests on the following issues about your personal data:
Learning whether or not your personal data have been processed,
Obtaining information on the procedure, if your personal data have been processed,
Learning the purpose for which your personal data have been processed and whether or not they are used in line with such purpose,
Obtaining information about third parties to whom your personal data are transferred within Turkey or abroad,
Requesting correction of your personal data if they have been processed incompletely or inaccurately and requesting the notification of third parties to whom your personal data are transferred of the correction made in this respect,
Requesting deletion, destruction, or anonymization of your personal data if the reasons for which they are processed no longer exist and requesting the notification of third parties to whom your personal data are transferred of such deletion, destruction, or anonymization procedure,
Objecting to the occurrence of a result which is detrimental to you as a result of analyzing of your processed personal data exclusively through automatic systems,
Requesting indemnification for your damages which are caused by unlawful processing of your personal data.
UPDATES TO THIS KVKK Notification Text
This KVKK Notification Text may be updated to let you know about changes in how we collect and process your information in Rewards Program or changes in related laws. The date when the document was last updated is shown at the top of this KVKK Notification Text. You may access the most up-to-date version of this KVKK Notification Text on https://security.samsungmobile.com