F-SECURE PERSONAL DATA POLICY
This Personal Data Policy is given by F-Secure Corporation, a Finnish publicly listed corporation with Business ID 0705579-2 (“F-Secure”, “we”, “our”). This policy also applies to all subsidiaries of F-Secure Corporation.
This Personal Data Policy describes the principles and practices that apply to our processing of Personal Data in our business operations.
As a public listed company, operating in a field of content security, we seek to provide you with a safe and secure user experience. We will seek to ensure that the Personal Data you submit to us remains private, and that such Personal Data is only used for the purposes set out in this policy, service specific terms or notices, license terms and the agreement(s) in place between you and us, as applicable in relation to data collected.
Summary in Brief
- We will only collect Personal Data based on your consent and/or where we have a valid reason to do so.
- We will process Personal Data in personally identifiable format only where necessary to do so. We process any data you have submitted in anonymous format unless there is a valid reason to retain such data in identifiable format. We will also purposefully restrict our own visibility to your personal content that we are processing on your behalf, so as to protect your privacy.
- We will not disclose your Personal Data to third parties, except as provided in this Personal Data Policy in general and in the agreement(s) between you and us in particular.
- We will take the actions that this Personal Data Policy and the applicable mandatory laws require, so as to protect the security of the Personal Data we collect from you.
The remainder of this policy describes our Personal Data handling practices in more detail. However, please note that due to the generic nature of this Personal Data Policy, some sections herein may not apply to you, or may apply to you only partially, depending on the services and software that you use and on your other interaction with us.
This Personal Data Policy contains terms that have a specific meaning.
"Client", “you”, means a private user or a corporate user or other data subject who purchases, registers for use or uses our Services and who may have submitted personally identifiable information through the following venues: i) through the use of our Services (including web applications), ii) Websites, iii) telephone, iv) email communications, v) registration forms or vi) other similar connections.
"Personal Data" means any information on a private individual and any information on his/her personal characteristics or personal circumstances, where these are identifiable as concerning him/her or the members of his/her family or household. This may include, for example, name, email and mailing address and telephone number, billing and account information, contact information, and other information incidental to the Services and provision thereof.
"Services" means any products or services of F-Secure such as software, web applications or any other services or products manufactured or distributed by F-Secure, including any related support services.
"Session Data" means, inter alia, Website usage information, such as the type of Internet browser and operating system used, the domain name of the site from which a person browsing the Internet came, the date, time and duration of the visit, number of visits, average time spent on the Website, pages viewed, and number of cookies accumulated. Session Data is typically collected via cookies.
“Subcontractors” means any subcontractor of F-Secure, which F-Secure uses to provide its Services.
“Technical data” means security related data, technical, statistical and analysis data, data relating to software applications and technical user environment, metadata on files you are handling via our Services (i.e. type (e.g. digital photo, text document etc.), size and number of files, header information, dates of their creation, modification and deletion), and other similar data.
"Website" means http://www.f-secure.com –site or any other website hosted by F-Secure or under F-Secure’s control, and its respective sub-sites together with the respective content available from that site and sub-sites. For the purposes of clarity: whereas Website(s) may contain links to third-party sites, this Personal Data Policy does not cover data collected by such third-party sites.
Based on the fact that you are our Client, by reason of law and/or on based on the following consents we have the right to process Personal Data pertaining to you.
You acknowledge and consent that by communicating with F-Secure or its business partners relating to our Services, by filling out a form or survey, registering to use our Services, by submitting information in our web applications, by entering a contest or sweepstakes, by registering your email address with us or emailing us, we have the right to process Personal Data pertaining to you. We may also collect Personal Data from you at certain points on the Website that state that Personal Data is being collected.
You further consent that F-Secure may further disclose or transfer any of the Personal Data to its affiliates, subcontractors, distributors and partners located in the EEA or outside the EEA as set out below.
Please note that our respective agreements with you define the consents in greater detail.
3. TYPES OF PERSONAL DATA PROCESSED
We collect Personal Data only when necessary.
We process any data you have submitted in anonymous format unless there is a valid reason to retain such data in identifiable format (e.g. license management or Service maintenance and support). We will also purposefully restrict our own visibility to your own data that we are processing on your behalf so as to protect your privacy.
When you become our Client, we collect Personal Data that is necessary to provide the Services to you, such as your contact information and billing information, your name and email address, mail address, telephone number, country, language and age.
You also may need to choose a password or you might be assigned with a unique identifier, which will be used to identify you as an authorized user and to manage the Services.
In order to process a purchase transaction, to manage and provide you with the Services and to be better able to serve you, we may also collect information about the relevant Service purchase(s) such as number of purchased licenses, purchase history, distribution partner tendering the Services to you, device identification data, data on technical environment (e.g. operating system) the Service is used in, and, in the case of storage and sharing services, Service usage data.
When providing you with support services, we may need to collect and process data on malware infections and relevant email identification data in a personally identifiable format, where you have provided such data to us.
Some of the above data may be provided to us by the distribution partner or corporate entity tendering the Services to you.
Information collected when visiting our Website is explained in more detail in section 10 below.
4. HOW PERSONAL DATA IS USED
We use the Personal Data in order to:
a) identify the authorized users and check customer qualifications, process and track your transactions based on agreement(s) between you and us (such as issuing invoices, administering accounts, shipping, collecting and processing payments), and for license management purposes;
b) record your use and purchases of the Services as our Client to enable us to communicate with you about the Services for customer relationship management purposes;
c) manage the Services and the Website and diagnose technical matters;
d) provide, maintain, enhance and ensure the functioning of the Services;
e) provide help and assistance for the Services and provide you with support Services;
f) send you information about the Services (e.g. to inform you of new versions and features) via direct messaging or other means of communication;
g) arrange competitions and send you surveys asking questions about your customer experience;
h) personalize our Website for you;
i) pursue Service and business development;
j) effect a corporate transaction, in connection with the sale, merger, spin-off, or other corporate reorganization of our corporation, where the information is provided to the new controlling entity in regular course of business; and
k) comply with, and as permitted by, any legal or regulatory requirements or provisions.
4.2 Marketing Activities
From time to time, we may market, sell, extend promotions, special offers and other information relating to i) the Services as well as ii) services of those companies with which we have a commercial relationship. We will only do so if you have granted us permission to do so or we are otherwise able to do so under applicable law. In addition, we will closely adhere to applicable laws when undertaking the above activities. We may utilize our subcontractors and partners to undertake the above activities on our behalf. Upon your request, we will immediately remove you from our direct marketing list.
4.3 Session Data
We use Session Data to better understand how our Website is navigated, where and how many visitors arrive at specific pages, the length and frequency of stays at our Website, the variety of searches of our Website's database, and the types of browsers and computer operating systems used by our visitors. We use this information to improve our Website content and ease of use and to personalize and improve your individual viewing experiences on our Website. Please note that when processing Session Data, we do not process it in personally identifiable manner.
We may generate statistics and aggregate reports for internal use and for sharing with F-Secure group companies, partners and advertisers. These statistics and aggregate reports will not contain any Personal Data.
5. TRANSFER OF PERSONAL DATA
5.1 To Whom We Transfer Personal Data
From time to time, we may disclose Personal Data relating to you to those Subcontractors and F-Secure group companies who provide the Services (or parts thereof) regarding which you have entered into an agreement with F-Secure. We will share with these companies only such Personal Data that they necessarily need to work with. We transfer all Personal Data electronically.
Where our Clients’ Personal Data needs to be disclosed to our Subcontractors, We require, in our contracts with them, that they use such information solely for the purpose of providing services to F-Secure, and under the strict instructions of F-Secure, and with respect to that information, to act in a manner consistent with this Personal Data Policy, your agreements with us and the mandatory laws applicable to F-Secure.
To ensure better availability and provisioning of Services in various time zones and during different times of day, some of these entities are located in countries outside the EEA. Where personal data is transferred from EEA to outside EEA, F-Secure will safeguard the security and integrity of the transferred Personal Data by appropriate means as required by the law. We will do this by imposing appropriate technical and/or contractual safeguards with regard to relevant Subcontractors and F-Secure group companies (e.g. by using data transfer clauses approved by European Union).
From time to time, we disclose Personal Data to our distribution partners, from whom you have purchased the Services. We will share with these companies only such Personal Data that is necessarily needed by such distribution partners for purposes of undertaking their agreed activities, but not exceeding those listed above in section 4. The commercial parties to whom we transfer Personal Data are also bound by agreements and by legislation to safeguard the Personal Data.
We may also disclose your Personal Data to ensure the availability of the Services and the Website according to our rights under the appropriate agreements, license terms or applicable legislation; to protect ourselves against liability or prevent fraudulent activity; or where it is necessary to permit us to pursue available remedies or limit any damages that we may sustain. Kindly note that we will take these kind of activities only if and to the extent the applicable law allows.
We may also disclose your Personal Data to effect a corporate transaction, in connection with the possible sale, merger, spin-off, or other corporate reorganization of F-Secure, where the information is provided to the new controlling entity in regular course of business.
We may also disclose your Personal Data to our insurers and to governmental regulatory agencies if and when allowed by applicable laws.
Please note that there are circumstances not covered by this Personal Data Policy, where the use or disclosure of Personal Data may be justified or permitted, or where we may be obligated to disclose information without consent. Such circumstances may include to comply with an order or warrant issued by or an order made by a court, person or body with authority in relevant jurisdiction to compel the production of information, or to comply with the court rules relating to the production of records.
5.2 To Whom We Do Not Transfer Personal Data
We will not sell, rent, or lease your Personal Data to any third parties. Hence, for example, we do not sell your email addresses or your name and personal demographic information to mass marketers.
6. RETAINING PERSONAL DATA
We will retain your Personal Data in our databases in accordance with our data retention policies and applicable laws. This period may extend beyond the end of your relationship with us, but it will be only as long as it is necessary for us to retain such data. For example, we may need or be required to retain information regarding your purchase of the Services and your payment for the same. We may also need to retain certain information to prevent fraudulent activity; to permit us to pursue available remedies or to limit any damages that we may sustain; to have sufficient information to respond to any issues that may arise later; because of agreements between you and us; or if the law requires it.
7. PROTECTING PERSONAL DATA
We apply strict security measures and physical, administrative and technical safeguards to help protect the confidentiality and integrity of the Personal Data when transferring, storing or processing such data. We apply these security measures and safeguards to reduce the risk of loss, misuse or unauthorized access, disclosure or modification of the Personal Data.
Your Personal Data will be stored in secured locations and on servers controlled by us, located either at our offices or at the offices of our Subcontractors, as described below. Only authorized personnel on register with correct user-identification and password are allowed and able to access the relevant information systems. The data is physically secured in an internal and/or external fully classed data centers/facilities, with appropriate identification procedures. Where our Clients’ Personal Data needs to be disclosed to our Subcontractors, we require, in our contracts with them, that they protect all Personal Data in a manner consistent with this Personal Data Policy and applicable laws. If you choose to contact us through the Website or via emails, you should be aware that any information transmitted electronically via the Internet might not be secure.
8. ACCESSING AND MODIFYING YOUR PERSONAL DATA
We seek to ensure that Personal Data is as accurate, complete and current as is necessary for the purposes for which we use such information. We encourage you to inform us if details of your Personal Data are changed (such as change of address or email address).
If you wish to correct your Personal Data, which you can indicate as incorrect, you can do so by contacting us.
At any time, you have the right to ask us to provide a copy of the Personal Data that you have supplied and that is retained by us. We have the right to charge a small fee for this service according to the applicable laws.
9. TECHNICAL DATA
Our Services may also collect certain technical data related to your use of the Services. Technical data is collected and processed by F-Secure for the purposes of enabling us to provide you with the Services and for research and development purposes. Technical data is processed separately from personally identifiable data. Consequently, technical data is processed in a non-personally identifiable manner and F-Secure undertake efforts to render as anonymous and/or obfuscate any Personal Data contained in such data. Technical data is processed in a personally identifiable manner only with your express consent or where we are unable to deliver our relevant Services to you without processing such data in personally identifiable format.
Depending on the type of Service, you may allow/disallow some technical data being sent, while some of the technical data needs to be sent for respective features of the Services to function properly. F-Secure may further disclose or transfer any of the technical data to its affiliates, sub-contractors, distributors and partners.
When you visit our Website, we collect Session Data about you in non-personally identifiable format in a number of ways, including tracking your activities through your IP address in the Website or most-recently-visited URL. However, we do not collect any personally identifiable information about you unless you voluntarily submit such information to us, for example by purchasing an F-Secure product, filling out a form or survey, entering a contest or sweepstakes, registering your email address with us or emailing us.
When you access our Website, it may seek to place cookies on your computer to collect Session Data. A cookie contains a unique identification number that identifies the Website visitor's browser. Cookies help us recognize your browser when you visit our Website again. Please note that unless a visitor specifically informs us of his/her identity, we will not know who the individual visitor is.
Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or prompt you before accepting a cookie from the sites you visit.
If you decide not to accept our cookies, you may not be able to access our Website or use related Website services.
10.3 Third Parties Advertising on Our Website or Together with Our Services
10.4 Purchasing F-Secure Products and Services
When purchasing our products and/or services from our e-store; your associated Personal Data and associated payment and billing information shall be processed by us as explained above in this policy. However, we do not store your payment card information submitted in our e-store. Such information will be instead provided to the selected payment provider and shall be processed under such payment provider's privacy policies.
Depending on where you are located, the e-store may alternatively be operated by our distribution partner. In such case, this is indicated in the e-store and the processing of your Personal Data disclosed in connection to the license purchase is governed primarily by the terms and privacy policies of such distribution partner as well as the applicable laws relating to such license purchase
For your convenience, our Website provides links to other sites. When you click on one of these links, you are leaving our Website and entering another site. We are not responsible for such third-party sites. You should carefully review the privacy statements of any other sites that you visit, because those privacy statements will apply to your visit to such other sites and may be significantly different from our policy.
We are not responsible for the privacy policies and practices of any linked website.
11. CHANGES TO POLICY
We will change or supplement this Personal Data Policy from time to time. We will post an appropriate notice of changes to the Personal Data Policy in the Website. If we make significant changes to our statement, we may also notify you by other means, such as posting a notice on our home page or sending an email. Personal Data Policy changes will apply to the information collected from the date we post the revised Personal Data Policy to the Website, as well as to existing information held by us.
12. CONTACT INFORMATION FOR MATTERS RELATED TO PERSONAL DATA
If you have any questions or concerns about the matters discussed in this Personal Data Policy, please contact:
Tel. +358 9 2520 0700
Copyright © F-Secure 2010