Corporate business privacy policy

September 2019

 

This policy is provided on behalf of F‑Secure Corporation and explains the processing of your personal data by companies belonging to F‑Secure's group of companies. It sets out how the personal data that we collect from you, or that you provide to us, will be processed by us.

The data controller for this policy is F‑Secure Corporation, a Finnish company with business ID 0705579-2. Our contact information can be found at the end of this policy.

The personal data of individuals discussed in this policy is primarily collected because F‑Secure is in, or is seeking to enter in, a commercial relationship with the entities you are employed by.

The collected information and its use varies based on whether we have a pre-existing, commercial relationship between F‑Secure and your employer (see section for CUSTOMERS AND PARTNERS) or we have no prior engagement with your employer (see section about MARKETING).

MARKETING

What kind of data we collect on you

From persons visiting our website, we acquire data on the device used, your IP address, the route by which you arrived at our website, and your activities therein, as well as any information you have submitted to us through forms. For more detailed information, see our website privacy policy.

If you provide us your data via forms – online or offline – we ask you the following information: names of the person and company, email address, country, industry, size of company, telephone number, and area or service of interest.

We may also collect your information via our discussion boards or other social media hosted by F-Secure, competitions, promotion, surveys, webinars, and other such events or points of interaction.

If you have been identified as a decision maker or influencer by a third party, or listed as such in public sources, we typically obtain the following information on you and the organization that you represent: company name, title, name, function, language, email, zip code, city and state, country, phone number, industry, turnover, and size of company.

We may aggregate such data with general data on your organization.

For what purposes do we use it

We collect and process the data so that we can, based on your position in your organization, send you information relating to the services, conduct customer surveys, arrange competitions, advertise and market our services (both personalized and in aggregate), and share information and know-how about cyber security and on our services. We also make use of the collected data in market research, product and service development, and business offering development.

Should you or the organization that you represent become our customer, we combine data collected at this pre-sales phase for you when your organization becomes our customer. In such cases, we use it in accordance to the same practices that we employ with the representatives of our corporate customers and partners.

Legal grounds

We collect data on individuals in influential, decision-making positions in companies that would benefit from our services. We consider such activity to be in the legitimate interests of both F-Secure as a vendor and your employer as a buyer.

Where legitimate interest is not suitable or applicable to a type of data processing, we will seek your consent. For example; consent is the legal grounds for data that we collect on your browsing of our websites. Where we base our processing on consent, you may withdraw your consent at any time.

CUSTOMERS AND PARTNERS

What kind of data we collect on you

Regarding individuals, with whose employers we are in a commercial relationship, we process the following personal data on you: your name, your position / role / title, your email address and phone number, which legal entity that has purchased the license or service, such entity’s street / mailing address, country, your language and messaging preferences, available LinkedIn information, relevant access credentials to and logs in our systems.

F-Secure collects this data:

  • Via marketing activities (more information under Corporate Business - marketing),
  • Via our website, our discussion boards or other social media hosted by F-Secure,
  • Via competitions, promotion, surveys, webinars, and other such events or points of interaction,
  • Through sales, support, and account management activities, and
  • Through partner sales and customer management activities (e.g. a partner orders a license to an end customer or changes an end customer’s information).

For what purposes do we use it

We collect and process the data so that we can manage our customer relationships, provide you with information, products and services that you request from us, run joint planning sessions, analyze the data for business development purposes, deliver license certificates, undertake all steps of order fulfillment and payment processes, perform personalized marketing activities, communicate in relation to both the initial sales of our services as well as license and service renewals, our other offerings and other relevant information, collect your feedback and identify authorized users for selected systems and administer user accounts, and provide help and support for the services.

As you may approach us or submit information to us via multiple channels – such as our resellers, events, or website – we combine such information to make our communications relevant to your needs.

Legal grounds

F-Secure has a legitimate interest to process personal data of the employees of its customers and partners to enable and facilitate provisioning its commercial services to its corporate customers and partners, including undertaking relevant sales and marketing activities as enabled by applicable laws on different forms of marketing-related communications.

Where processing is required for an activity, it is necessary that we are able to process the required data. This is the case e.g. when we need to effectively communicate with the representatives of our partners and customers, deliver and invoice the agreed services, respond to an enquiry or support request, or enable your participation in our corporate customer beta program.

Where legitimate interest is not suitable or applicable to a type of data processing, we will seek your consent. For example; consent is the legal grounds for data that we collect on your browsing of our websites. Where we base our processing on consent, you may withdraw your consent at any time.

Profiling

To keep our interaction focused on the services that you are primarily interested in, some of the data that we collect may be based on your activity on our corporate web pages. This occurs in the event that you have consented to having such traffic linked to you, for example by filling any of our web forms. We do not record your web traffic outside F‑Secure websites. The more activity and interest you show towards our solutions, the more likely it is that we will approach you. This is elaborated in our cookie banners and in our website privacy policy.

If you do not wish us to have your email address for this purpose, you may freely request that we remove it from our records. The impact on you is that the messaging that you may receive from us may be less relevant for you and your employer.

We do not disclose such profile information to external parties. We may share general data on your interest with our reseller to better serve your needs (e.g. to enable you to purchase via our local reseller), but only in the event that we have actually started sales negotiations.

Transfers and disclosures

Personal data is primarily processed by F‑Secure's local company that you are interacting with the most. In addition to local processing, the most common reason for exchange of information between different F‑Secure offices is to enable us to efficiently serve you and manage our relationship. See the list of our local country offices here).

Personal data can also be made available to F‑Secure's channel partners when - and to the extent that - disclosure of data is necessary for the relevant purposes of processing data (listed above). For example, if you are interested in purchasing our services, we provide such information to our reseller partner in the area.

Some of F‑Secure's affiliated companies, subcontractors, and distributing partners are located outside the European Economic Area (EEA). Even if the data is stored within the EEA, it may also be processed by our staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details, and the provisioning of support services.

Where personal data is transferred from the EEA to outside the EEA, F‑Secure undertakes to safeguard the security and integrity of processing by implementing the appropriate measures as required by law, and by imposing appropriate contractual safeguards on such data importers (for example by adhering to data transfer clauses approved by the European Union).

Advertisers and advertising networks that require the data to select and serve relevant advertisements to you and others are listed on our website privacy policy.

Third parties

We also work closely with third parties (including, for example, business partners, subcontractors in technical, payment, and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. These vendors have collected this information from private or public sources or directly from you.

Other uses and disclosures

Information on secondary purposes for which personal data may occasionally be processed.

Learn more

There are circumstances not covered by this privacy policy where the use or disclosure of personal data may be justified or permitted, or where we may be obligated by applicable laws to disclose information without acquiring your consent or independent of service provisioning.

One example includes complying with a court order or a warrant issued by the authorities in the relevant jurisdiction to compel the production of information.

Similarly, there may be other circumstances where there is a justifiable legitimate interest to disclose limited sets of information to a third party. Examples of such disclosures include cases where we need to protect ourselves against liability or to prevent fraudulent activity, where it is necessary to solve or contain an ongoing problem, or where we need to meet the legitimate information requirements of our insurers or governmental regulatory agencies. In any such action, we will act according to the applicable laws.

We may also need to transfer your personal data as part of a corporate transaction, such as a sale, merger, spin-off, or other corporate reorganization of F-Secure, where the information is provided to the new controlling entity in the regular course of business. F-Secure group discloses and transfers data internally as required by our then current operational model. We do, however, limit the disclosures internally to only those group companies, units, teams, and individuals who have a need to know such information for the intended purposes of processing it.

We weigh each disclosure requirement carefully and take the possibility of such disclosure requests into account when deciding where and how we store your personal data.

Retention

On a monthly basis, we purge our direct marketing records from all contacts who have not reacted to our messaging or visited our web pages during the last 24 months and who are not affiliated with any of our customers or partners.

If you become our customer or partner, the data is retained for the duration of your organization's relation. User data in our corporate customer registry is stored for the duration of the license/subscription/engagement and up to five years after the last engagement or subscription with the customer or partner has expired.

Security

Information on the security practices that we employ to keep your data secure.

Learn more

We apply strict security measures to protect the confidentiality, integrity, and availability of your personal data when transferring, storing, or processing it.

We use physical, administrative, and technical security measures to reduce the risk of loss, misuse, or unauthorized access, disclosure, or modification of your personal data.

All personal data is stored on secure servers operated by F-Secure or our partners with access limited to authorized personnel only.

Your rights

Information on your statutory rights and how to contact us.

Learn more

You have the right to the data that we have on you. In particular, you have the following rights to the personal data that we hold on you:

  • Access and rectification. You have the right to ask us what personal data we have on you and to get a copy of the data that we can identify pertaining to you in this context. Should you find any errors (e.g. obsolete information) in such data, we urge you to contact our customer care to resolve the issue. Some of our service portals allow you to update your customer information. For such, you should update any changes to your personal data, for example change of address or email address. If you cannot update the changes yourself, you may inform us of the necessary changes.
  • Objection. You are entitled to object to certain processing of personal data, including for example the processing of your personal data for marketing purposes or when we otherwise base our processing of you on a legitimate interest. In the latter case, you need to establish a legally valid rationale for your objection.
  • Right to be forgotten. You also have the right to request us to cease storing your personal data and erase it. In this case you need to establish a legally valid rationale for your request.
  • Portability. You also have the right to ask for personal data that you yourself have provided – pursuant to a contract or your consent. You may request the data in a structured, commonly used, and machine-readable format and further that the data is transmitted to another controller, where technically feasible.
  • Withdrawing consent. In cases where the processing is based on your consent, you have the right to withdraw your consent at any time via relevant settings. For identifiable service analytics data, you can find the settings in the service user interface. You also have the right to opt out from our marketing communications via the preference center accessible through the link.
  • Restriction. If you establish that the data we have on you is incorrect or we have no legal right to use it, you may request that we cease any further processing of your personal data, and merely keep it in store until the issue is resolved.

You can exercise your rights via our customer care function. The links to contact us are in the "Contact information" section.

Note that there may be situations where our confidentiality obligations, our right of professional secrecy, and/or our obligations to provide our services (e.g. to your employer) may prohibit us from disclosing or deleting your personal data or otherwise prevent you from exercising your rights. Your above rights are also dependent on the legal grounds based on which we process your personal data.

If you have any complaints about how we process your personal data, or would like further information, please contact us at any time. If you feel that we are not enabling your statutory rights, you have the right to lodge a complaint with a supervisory authority. In most cases, this authority is the Finnish Data Protection Ombudsman (www.tietosuoja.fi).

Contact information

If you have any questions or concerns about the matters discussed in our privacy policies, please contact:

F-Secure Corporation
Tammasaarenkatu 7
PL 24
00181 Helsinki
Finland

How to contact us:

  • If you are a client of our consumer line of products, please contact us via f-secure.com/support.
  • If you are a client of our corporate line of products, please contact us via f-secure.com/corporate-support.
  • If you are a client of MWR Infosecurity, please use the contact information at mwrinfosecurity.com/privacy-policy/.
  • You can contact F-Secure’s Data Protection Officer by sending a message to privacy-office@f-secure.com. If you wish to exercise your rights as a data subject, please use the above links instead.

 

General

Information on definitions and change management.

Learn more

Definitions

This is what we mean when we make certain references within this policy.

"Client", "you", refers to a private or corporate user or any other data subjects who buy, register for use, or use our services, whose devices and data traffic are protected by our services, and who may have submitted personally identifiable information to us. This information may have been submitted through the use of our services, websites, telephone, email, registration forms, or other similar channels.

"Personal data" refers to any information on private individuals that is identifiable to them or their family or household members. This information may include names, email and mailing addresses, telephone numbers, billing and account information, and other, more technical information that can be linked to you, your device, or the behavior of either, that we process while providing our services.

"Services" refer to any services or products that are manufactured or distributed by F-Secure, including software, web solutions, tools, and related support services.

"Website" refers to the www.f-secure.com website or any other website that F-Secure hosts or controls, including subsites and browser-based service portals.

Changes

This version of the policy clarifies, updates, and replaces the previous version. To continue keeping this document up to date, we will make changes and additions to this from time to time also in the future.

We will publish the changed policy document on our website or at another interaction point where it has previously been made available. If the changes are significant, we may also notify you by other means. Any changes will apply starting from the date that we publish the revised policy document.