F-Secure Freedome for Business Privacy Policy

In brief

Freedome for Business combines VPN surfing with mobile device management, which are both controlled via the management portal. To achieve this:

  • the service encrypts your data traffic from third parties;
  • the focus of data collection is on your device and our service, not you as an individual;
  • much of the collected data is available for your employer's IT administrator, so they can better manage company devices and applications;
  • we collect anonymous security data to protect your device;

The purpose of the service is to secure and manage your device and its connections. The service is not built to monitor employees. The service does not enable F-Secure or your company's IT administrator to follow your movements, view your photos, or see who you call or communicate with, nor are we able to track the sites that you visit through the service.

In full

This product-specific policy is an add-on to the F-Secure Protection Service for Business ("PSB") privacy policy. This add-on policy focuses on 1) the type of personal and private data that we collect from you in this service and 2) what we use it for. We focus on these two items because we believe that they matter to you the most. For other aspects regarding the processing of your personal data, see the Protection Service for Business privacy policy (for the full PSB service) and F-Secure privacy statement (for common practices across all of our services).

This policy is split into the following parts:

  • Communications
  • User data
  • Analytics data
  • PSB privacy policy

Your private communications

Our guiding principle is that we do not seek to spy on the exact content of your private communications. We only analyze your communications traffic to provide you the service and to keep your data transfers clean. To be more exact, this means that:

  • we need to process some metadata (such as the traffic volume and IP addresses) of your traffic when providing the service to you. To safeguard your privacy, the target IP, port or URL of traffic relayed through the VPN are not stored in a way that they could be later connected to you;
  • we analyze the traffic for suspicious or malicious files and destinations (i.e. URLs); and
  • we automatically screen the traffic to inhibit usage that is against our acceptable use policy.

User data

User data in the management portal

The service collects the following data about you, your device, and use of the service, and makes it available through the management portal:

  • User's name, email, and phone number. This data is linked to your "device ID" that acts as an identifier of the user data in the system.
  • The service version number, device identifiers (e.g. IMEI, model, etc.), subscription key, installation and update date and time, operating system and version, feature status.
  • In addition to the above, the service collects: your mobile device model, as well as the potential jailbreak or root status, service statistics per device such as the virtual location, the aggregate amount of traffic in the VPN tunnel, the amount of traffic scanned, the harmful sites, the number of blocked tracking attempts and blocked website counters.

The collected data varies according to what devices and services you use.

We use this data to operate the services, to manage them (including identifying authorized users and managing licenses), to measure performance, and to further develop, enhance, and improve the service. The data can be used to provide support and problem resolution services.

This data is visible to your company's IT administrator and is also available to F-Secure and through the portal. If the company's IT administration has been outsourced, the data is also available to the outsourcing partner (F-Secure's 'distributor partner'), so that they can provide your company with support and like IT services.

User data in F-Secure systems

In addition to data that is made available in the portal, F-Secure also collects the following data via the service:

  • your device ID, so we can send push notifications to the devices and to combine different types of user data;
  • your device's language, so the service language is consistent with the device language; and
  • we may also collect the battery level, internal memory and SD card memory sizes, and a list of installed applications (to check that the service is installed correctly) for management feature development purposes.

Some jurisdictions require that we collect user devices' public and private IP addresses as well as the start and end time for the VPN tunnel. If we receive a legally valid request, this data can be used to reveal which origin IP was used to connect to a target IP at a given time. It does not compromise the invisibility of your browsing traffic via the service towards F-Secure or your IT administrator, as we do not connect the IP address to you.

Analytics

For us to learn when and how you use our service, to enhance it, and to learn how customers find out about the service, the service also collects data on installation success, installation and activation paths, performance, operation environment, connections, data routing, quota, and other similar metadata (such as which features are used and how often). We do this so that we can create services that are of value to you and our other customers. We are interested in the needs and behavior of our users as a part of the group, not in the names of those users. This activity is explained in more detail in the analytics section of our privacy statement.

PSB privacy policy

The usage of Security Cloud, the roles in which different parties process your personal data, data retention rules, and the legal grounds on which personal data is being processed are described in the F-Secure Protection Service for Business privacy policy.

May 2018