Skip to content
Grab Black Friday deal here
Log in
Get Surfshark

Privacy Notice for Participants of the Bug Bounty Program

Thank you for participating in our Bug Bounty Program. This Privacy Notice explains how Surfshark B.V. (hereinafter — “we” or “Surfshark”) collects, uses, and protects your personal data in relation to the Bug Bounty Program (hereinafter – “Program”). We are committed to ensuring the privacy and security of your personal information and complying with applicable data protection laws, including the General Data Protection Regulation (hereinafter – “GDPR”).

1. Purposes of processing

We will process your personal data for the following purposes:

  • To organize and coordinate the Program;
  • To ensure the Participant's compliance with our Terms of Service (including, to verify that the Participant is not from a prohibited country);
  • To facilitate the payment (if a decision is made to award a Bounty);
  • To address any additional purposes deemed necessary.

2. Personal data processed

The personal data we process may include:

  • Name, surname, e-mail address;
  • Communication with the Participant;
  • Other data related to the Bug Bounty Program provided to us by the Participant;
  • Payment-related information (if a decision is made to award a Bounty).

Your personal data will be retained for as long as the Bug Bounty Program ends and will be deleted no longer than 6 months after that. Your payment details will be kept by us for 10 years from such payment transaction.

The Bug Bounty Program is governed by the terms and conditions or rules that the Participants agree to abide by, therefore, we have a necessity to process your personal data for the performance of a contract.

3. Data recipients

Your personal data may be transferred to and stored in countries outside the European Economic Area (hereinafter – “EEA”), where data protection laws may differ. In such cases, we will ensure that adequate safeguards are in place to protect your personal data, as required by applicable data protection laws, specifically by entering into the standard contractual clauses with the data recipients established outside the EEA.

4. Children's privacy

The Bug Bounty Program is not intended for individuals under the age of 18. We do not knowingly collect personal data from individuals below this age. If you believe that we have inadvertently collected personal data from a child, please contact us to request the deletion of such data.

5. Automated decision-making

We do not use automated decision-making processes, including profiling, to make decisions that significantly affect you.

6. Data protection rights

As a data subject, you have certain rights under the GDPR, including:

  • The right to access and obtain a copy of your personal data;
  • The right to rectify any inaccurate or incomplete personal data;
  • The right to the erasure of your personal data under certain circumstances;
  • The right to restrict the processing of your personal data in certain situations;
  • The right to object to the processing of your personal data;
  • The right to data portability, allowing you to receive your personal data in a structured, commonly used, and machine-readable format;
  • The right to withdraw your consent at any time (if processing is based on consent);
  • The right to lodge a complaint with a supervisory authority if you believe that your data protection rights have been violated.

7. Our contact details:

If you have any questions, concerns or would like to exercise your data protection rights, please contact us via email at legal@surfshark.com.