F-Secure Business Suite is an information security product suite for both workstations and servers, which are controlled via a management portal. The core privacy aspects of this service are:
- the focus of data collection is on catching malicious activity on the protected devices;
- the collected security data is anonymous to F-Secure by design;
- your employer's IT administrator has access to the data collected in identifiable format.
This service-specific policy is an add-on to the F-Secure privacy statement. This add-on policy focuses on 1) the type of personal and private data that we collect from you in this service, 2) what we use it for, and 3) for how long we keep it. We focus on these items because we believe that they matter to you the most. For other aspects regarding the processing of your personal data, see the F-Secure privacy statement, which applies to all of our services.
This policy is split into the following parts:
- Covered services
- What data is collected and what it is used for
- Legal grounds
The individual services of Business Suite are Client Security and Client Security for Mac, which protect the employee computers; Email Server Security and Server Security, which protect corporate servers (including Windows, Exchange, and SharePoint servers); Linux Security, which protects Linux desktops and servers; Internet Gatekeeper, which scans the traffic passing through corporate gateways; Scanning and Reputation Server, which scans uploaded files and aims to optimize performance inside virtual environments.
Your employer's environment may have all or only some of the individual services. The data collection and processing schemes for the mentioned individual services are similar to each other.
All of the above individual services can be managed by Policy Manager, which is a centralized management tool for the customer company's IT administrator. Policy Manager is on-premise server software.
What data is collected and what it is used for
F-Secure has no visibility into the individual employee data that a customer company's IT administrator processes via Policy Manager for the purpose of managing the services on company-owned devices. F-Secure's service-use-based data collection is limited to statistical data for service management and invoicing purposes from Policy Manager, from which an individual person cannot be identified.
To the extent that the data processed by F-Secure in the services is identifiable to an individual, the services process data to safeguard the following legitimate interests; i) providing F-Secure services to secure our customers' networks and devices as well as the confidentiality and availability of the data therein; ii) enabling F-Secure to detect emerging threats and security-relevant trends among all of its customers, so that our services can keep on par with evolving threats; iii) enabling F-Secure to provide a centralized security service framework across multiple continents to a large number of customers and partners.
The data processing undertaken by the services is mandatory for the efficient protection of the device/network. While the individual service's settings may enable an IT administrator or employee to limit the processing of security data by F-Secure, such adjustments are not recommended, as they endanger achieving the above intended purposes of the services.
The user data in the Policy Manager management portal is visible to your employer's IT administrator for similar purposes, as determined by your employer. If your employer has outsourced its IT administration, that data may also be available to your employer's outsourcing partner.
Anonymized security data and statistical data are stored without a set end date as long as the data is useful for the purpose it was collected for. The other data types described above are stored for the duration given in their respective privacy policies, after which they are deleted or anonymized. Exceptions and additions to the above are listed in the "Retention" section of the F-Secure privacy statement.
As of the date of this policy, individual services within Business Suite do not collect additional analytics data. Data collection is limited to that strictly required to provide the Service.
Policy Manager reports statistical analytics on its usage (for example, used features) to F-Secure. The statistical analytics relate to the general usage of the service, not to any individual.
© F-Secure, August 2018