Corporate business privacy policy

Controller & contact

F-Secure Corporation
Business ID 0705579-2
Tammasaarenkatu 7
PL 24, 00180 Helsinki
Tel. +358 9 2520 0700
Fax +358 9 2520 5001

F-Secure country offices outside EEA may operate as data controllers on an ad hoc basis in the event of undertaking area-specific activities outside of the group-wide sales and marketing framework. If you have questions regarding our data processing practices, please our customer care.

Purposes of data collection

If your employing company is not our existing partner / end customer

We collect and process the data so that we can, based on your position in your organization, send you information relating to the services, conduct customer surveys, arrange competitions, advertise and market our services (both personalized and in aggregate), and share information and know-how about cyber security and on our services. We also make use of the collected data in market research, product and service development and business offering development.

Should you or the organization that you represent become our customer, we combine data collected at this pre-sales phase for you when your organization becomes our customer. In such cases, we use it in accordance to the same practices that we employ with the representatives of our corporate customers.

If your employing company is our existing partner / end customer

  • Customer relationship management
  • Providing technical information about F-Secure products
  • Joint planning and developing of the business
  • License certificate delivery
  • Invoicing
  • Personalized marketing
  • Information sharing for F-Secure products
  • Order fulfillment, license and service renewals + up/cross-selling
  • Customer feedback collection
  • User identification for selected systems such as partner portal

Reasoning and legal basis for collecting and processing data, consequences of refusal

If your employing company is not our existing partner / end customer

1. We collect data on individuals in influential, decision-making positions in companies that would benefit from our services. We consider such activity to be in the legitimate interests of both F-Secure as a vendor and your employer as a buyer.

2. To keep our interaction focused on the services that you are primarily interested in, some of the data that we collect may be based on your activity on our corporate web pages. This occurs in the event that you have consented to having such traffic linked to you, for example by filling any of our web forms or opening an email sent to you for other reasons. We do not record your web traffic outside F-Secure websites.

If you do not wish us to have your email address for this purpose, you may do so freely. The impact on you is that the messaging that you may receive from us may be less relevant for you and your employer.

If your employing company is our existing partner / end customer

F-Secure has a legitimate interest to process personal data of the employees of its customers and partners to enable and facilitate provisioning its commercial services to its corporate customers and partners, including undertaking relevant sales and marketing activities as enabled by applicable laws on different forms of marketing-related communications.

Types and sources of data

If your employing company is not our existing partner / end customer

From persons visiting our website, we acquire data on the device used, your IP address, the route by which you arrived at our website, and your activities therein, as well as any information you have submitted to us through forms. For more detailed information, see our Website Privacy Policy.

Regarding data that is submitted by a prospective customer through forms, F-Secure collects the following information: names of the person and company, email address, country, industry, size of company, telephone number, and area or service of interest.

If you have been identified as a decision-maker or influencer by a third party, or listed as such in public sources, we typically obtain the following information on you and the organization that you represent: company name, title, name, function, language, email, zip code, city and state, country, phone number, industry, turnover, and size of company.

We may aggregate such data with general data on your organization.

If your employing company is our existing partner / end customer

  • Legal entity that has purchased the license
  • Name
  • Position/role/title
  • Email address
  • Phone number
  • Street/mailing address
  • Country
  • Language preference
  • Available linkedin information
  • Messaging preferences (what kind of information you want to receive)

This data is collected from the following sources:

  • Marketing processes (see above)
  • Through sales and account management activities
  • Through partner sales and customer management activities (e.g. a partner orders a license to an end customer or changes end customer information)

Regular recipients and destinations of personal data transfers

General

F-Secure protects the privacy of its prospective and current customers' data that is stored in or processed by such third-party vendors or their tools by vetting all vendors and having contracts in place that safeguard our customers' privacy.

Personal data can be made available to F-Secure's affiliated companies and sub-contractors, where - and to the extent that - disclosure of data is necessary for the relevant purposes of processing data - in particular efficient account management by local country offices).

Personal data can also be made available to F-Secure's channel partners, where - and to the extent that - disclosure of data is necessary for the relevant purposes of processing data (listed in the above row). For example, if you are interested in purchasing our services, we provide such information to our reseller partner in the area.

Some of F-Secure's affiliated companies, subcontractors, and distributing partners are located outside the European Economic Area (EEA). Where personal data is transferred from EEA to outside EEA, F-Secure undertakes to safeguard the security and integrity of processing by implementing the appropriate measures as required by the law, and by imposing appropriate contractual safeguards on such data importers (for example, by using data transfer clauses approved by the European Union.

If your employing company is not our existing partner / end customer

Personal data is physically stored in external data centers in the United States of America. From there, personal data can be made available to F-Secure's affiliated companies and sub-contractors, to the extent that disclosure is necessary for the purposes of processing the data, in particular ascertaining the availability of data and its use. The locations of our affiliates can be found here.

If your employing company is our existing partner / end customer

Personal data is physically stored in the European Union (Ireland) by the third-party CRM and ERP SaaS service providers. Local interim repositories may be located in F-Secure country offices (see below).

Retention

If your employing company is not our existing partner / end customer

On a monthly basis, we purge our marketing customer base from all contacts who have not reacted to our messaging or visited our web pages during the last 24 months.

If you become our customer / partner, the data is retained for the duration of your organization's relation and as described below.

If your employing company is our existing partner / end customer

User data under the corporate customer registry is stored for the duration of the license/subscription and for five years after the last asset or subscription of the customer or partner has expired. The reasoning for the duration comes from the fact that F-Secure, and competitors, also sell long licenses and subscriptions (3-5 years) and from the business point of view, the first win-back opportunity may come several years after the license/subscription has expired.

Your rights

You have the right to the data that we have on you. In particular, you have the following rights to your personal data:

  • You have the right to get a copy of the data that we can identify pertaining to you in this context. Please allow us some time to collect the data. Should you find any errors (e.g. obsolete information) in such data, we urge you to contact our customer care. In addition to having the data yourself, you also have the right to request us to send most of such data to another controller on your behalf.
  • You also have the right to object to our collection and use of your personal data for marketing purposes at any time. Opting out from our marketing lists stops the collection of new data (unless you opt in again), but does not delete the data that we may have collected on you via cookies in this context.
  • You can delete your personal marketing related data at any time via our marketing preference center, which is accessible from each marketing-themed email that we send you. After this, we no longer collect additional data on you or combine your browsing history to your identity. Data on your interests on F-Secure sites remains stored and is deleted after twelve months, unless you reconnect with us during that time.
  • If you establish that the data we have on you is incorrect or we have no legal right to use it, you may request us to cease any further processing of your personal data, and merely keep it in store, until the issue is resolved.
  • To the extent that your exercising these rights is not possible due to adjusting your messaging preferences, you can exercise these rights through our customer care.
  • If you feel that we are not enabling your statutory rights, you have the right to lodge a complaint with a supervisory authority.

Mandatory and non-mandatory need of data collection, consequences of refusal

If your employing company is not our existing partner / end customer

In cases where we collect information directly from you (e.g. the email address you have provided or your browsing on our websites), we do so with your consent. You can revoke the consent that you have given for marketing-related purposes.

If your employing company is our existing partner / end customer

It is necessary for F-Secure to process the mentioned data so that we can effectively communicate with the representatives of our partners and customers and thereby deliver and invoice the agreed services.

Profiling

We profile our website visitors so that we know your needs as a (potential) customer better and - when you have provided us with your email address - so that we provide you with relevant messaging on your areas of interest, not merely generic marketing messaging. The more activity and interest you show towards our solutions, the more likely it is that we will approach you.

We do not disclose such profile information to external parties. We may share general data on your interest with our reseller (if you purchase via a reseller) to better serve your needs, but only in the event that we have actually started sales negotiations.

Changes

F-Secure reserves the right to change this description of a file from time to time to comply with its legal obligations.