We respect and value your rights to privacy. However, you may be asked to provide particular information in order for us to proceed with the reward payment. Information on what data are being collected, how we handle personal data, and your rights as the data subject are described in the table below.
Business ID FI3269349-7
P.O.Box 24 FI-00181
Tel. +358 9 2520 0700
Fax +358 9 2520 5001
|2.||Contact person for privacy issues related to registry|
Archontoula Gkoutziouli (Software Security Lead)
The primary contact point is by email to firstname.lastname@example.org. Non-electronic communication should be directed to the postal address above, addressed to the contact person(s).
|3.||Name of the description of a file||Payment information for F‑Secure Vulnerability Reward Program — complimentary and part of F‑Secure Business and Service data files|
|4.||The purpose of processing personal data|
Data subjects are recipients of vulnerability reward payments (a “recipient”, below) and are asked to provide the following information.
|6.||Legal grounds||We need to collect and process the above data to be able to perform our part of mutual contract created upon your participation to our Vulnerability Reward Program.|
|7.||Regular sources of information||Data is provided by the recipient of the reward upon request.|
|8.||Retention||We store the above data for 6 months, after which we will delete it, except where we are required to store information on outgoing payments.|
|9.||Regular destinations of disclosed data|
Some of F‑Secure’s affiliated companies are located outside the European Economic Area (EEA). Where personal data is transferred from the EEA to outside of the EEA, F‑Secure undertakes to safeguard the security and integrity of processing by appropriate safeguards as required by the law by imposing appropriate contractual safeguards towards such data importers, e.g., by using data transfer clauses approved by the European Union.
|10.||Description of the principles in accordance to which the data file has been secured||Physical Security|
The data files are physically secured in an internal and/or external fully classed data centers/facilities, which require full identification by relevant security personal for authorized personnel staff on register, before being able to access the physical data files.
Only authorized personnel on register with correct user id and password are allowed and able to access the relevant information systems. Log auditing is in place and always activated.
We strongly suggest that the reward recipients send the information to us in an encrypted email.
You have the right to the data that we have on you. In particular, you have the following rights to the personal data that we hold on you:
Note that there may be situations where our confidentiality obligations, our right of professional secrecy, and/or our obligations to provide our services (e.g. to your employer) may prohibit us from disclosing or deleting your personal data or otherwise prevent you from exercising your rights.
If you have any complaints about how we process your personal data, or would like further information, please contact us at any time. If you feel that we are not enabling your statutory rights, you have the right to lodge a complaint with a supervisory authority. In most cases, this authority is the Finnish Data Protection Ombudsman (tietosuoja.fi).
|12.||Changes||F‑Secure reserves the right to change this description of a file from time-to-time to comply with its legal obligations.|
|13.||Right of access||Data subjects have the legal rights to access their data as defined in the applicable Finnish data protection legislation.|