Business Suite Privacy Policy

In brief

F-Secure Business Suite is an information security product suite for both workstations and servers, which are controlled via a management portal. The core privacy aspects of this service are:

  • the focus of data collection is on catching malicious activity on the protected devices;
  • the collected security data is anonymous to F-Secure by design;
  • your employer's IT administrator has access to the data collected in identifiable format.

 

In full

This service-specific policy is an add-on to the F-Secure privacy statement. This add-on policy focuses on 1) the type of personal and private data that we collect from you in this service, 2) what we use it for, and 3) for how long we keep it. We focus on these items because we believe that they matter to you the most. For other aspects regarding the processing of your personal data, see the F-Secure privacy statement, which applies to all of our services.

This policy is split into the following parts:

  • Covered services
  • What data is collected and what it is used for
  • Legal grounds
  • Disclosures
  • Retention
  • Analytics

 

Covered services

The individual services of Business Suite are Client Security and Client Security for Mac, which protect the employee computers; Email Server Security and Server Security, which protect corporate servers (including Windows, Exchange, and SharePoint servers); Linux Security, which protects Linux desktops and servers; Internet Gatekeeper, which scans the traffic passing through corporate gateways; Scanning and Reputation Server, which scans uploaded files and aims to optimize performance inside virtual environments.

Your employer's environment may have all or only some of the individual services. The data collection and processing schemes for the mentioned individual services are similar to each other.

All of the above individual services can be managed by Policy Manager, which is a centralized management tool for the customer company's IT administrator. Policy Manager is on-premise server software.

What data is collected and what it is used for

The security data that is sent automatically by individual Services to F-Secure is handled by F-Secure's 'Security Cloud' component or its subset. An individual service sends queries to Security Cloud on potentially malicious activity on your devices and data traffic passing through them. F-Secure does not connect these queries to the identity of the user. The Security Cloud data collection is explained in more detail in its dedicated privacy policy. However, your employer's IT administrator is likely able to link your identity with the results provided by Security Cloud, as they need to be able to react to security issues detected by the service.

F-Secure has no visibility into the individual employee data that a customer company's IT administrator processes via Policy Manager for the purpose of managing the services on company-owned devices. F-Secure's service-use-based data collection is limited to statistical data for service management and invoicing purposes from Policy Manager, from which an individual person cannot be identified.

If the services do not work as intended, your employer may utilize F-Secure's expertise to resolve issues. In such cases, you are typically asked to run an F-Secure support tool on the device – whether a personal computer or a server – where the individual service is installed and to deliver the information to F-Secure. The separate F-Secure Support Tool Privacy Policy explains the processes for data collection and handling in such cases.

F-Secure's processing of the personal data of relevant customer company contact persons is explained in the Corporate Business Privacy Policy.

Legal grounds

To the extent that the data processed by F-Secure in the services is identifiable to an individual, the services process data to safeguard the following legitimate interests; i) providing F-Secure services to secure our customers' networks and devices as well as the confidentiality and availability of the data therein; ii) enabling F-Secure to detect emerging threats and security-relevant trends among all of its customers, so that our services can keep on par with evolving threats; iii) enabling F-Secure to provide a centralized security service framework across multiple continents to a large number of customers and partners.

The data processing undertaken by the services is mandatory for the efficient protection of the device/network. While the individual service's settings may enable an IT administrator or employee to limit the processing of security data by F-Secure, such adjustments are not recommended, as they endanger achieving the above intended purposes of the services.

Disclosures

The user data in the Policy Manager management portal is visible to your employer's IT administrator for similar purposes, as determined by your employer. If your employer has outsourced its IT administration, that data may also be available to your employer's outsourcing partner.

In regards to data that is under F-Secure's control; F-Secure employs its affiliates and subcontractors based on the principles set out under "Transfers" in its privacy statement. We do this so that we can maintain, develop, and provide the services globally. We require such subcontractors to act in a manner consistent with this privacy policy and applicable laws.

Retention

Anonymized security data and statistical data are stored without a set end date as long as the data is useful for the purpose it was collected for. The other data types described above are stored for the duration given in their respective privacy policies, after which they are deleted or anonymized. Exceptions and additions to the above are listed in the "Retention" section of the F-Secure privacy statement.

Analytics

As of the date of this policy, individual services within Business Suite do not collect additional analytics data. Data collection is limited to that strictly required to provide the Service.

Policy Manager reports statistical analytics on its usage (for example, used features) to F-Secure. The statistical analytics relate to the general usage of the service, not to any individual.

© F-Secure, August 2018