Protection Service for Business privacy policy

In brief

Protection Service for Business combines VPN, mobile device management, software update management as well as workstation and server security, which are all controlled via the management portal. The core privacy aspects of this service are:

  • the focus of data collection is on your device and our service, not you;
  • the only directly identifying data that we collect is your name, email, and phone number;
  • much of the collected data is available for your employer's IT administrator, so they can better manage company devices and applications;
  • we collect anonymous security data to protect your device.

The service does not enable F-Secure or your company's IT administrator to follow your movements, view your photos, or see who you call or communicate with, nor are we able to track the sites that you visit through the service.

In full

This product-specific policy is an add-on to ‘F-Secure privacy policy for services'. This add-on policy focuses on 1) the type of personal and private data that we collect from you in this service and 2) what we use it for. We focus on these two items because we believe that they matter to you the most. For other aspects regarding the processing of your personal data, see ‘F-Secure privacy policy for services', which applies to all of our services. "We" refers to F-Secure. Our customer company may process the data it has access to via this service to purposes that differ from those listed below.

1. User data

1.1 USER DATA IN THE MANAGEMENT PORTAL

The service collects the following data about you, your device, and use of the service, and makes it available through the management portal:

  • User's name, email, computer name, device identifiers (e.g. IMEI, WINS name, IP address) and phone number that act as identifiers for the user data in the system.
  • The service version number, subscription key, installation and update date and time, blocked malware (may include the file name and path), operating system and version , feature status.
  • Installed applications as part of the software update management.
  • For the Freedome for Business mobile component;
    • in addition to the above, the service collects: your mobile device model, as well as the potential jailbreak or root status, service statistics per device such as the virtual location, the aggregate amount of traffic in the VPN tunnel, the amount of traffic scanned, the harmful sites, the number of blocked tracking attempts and blocked website counters.

The collected data varies according to what devices and services you use.

We use this data to operate the services, to manage them (including identifying authorized users, managing licenses, and sending push notifications), to measure performance, and to further develop, enhance, and improve the service. The data can be used to provide support and problem resolution services.

This data is visible to your company's IT administrator for similar purposes. The data is also available to F-Secure and through the portal. If the company's IT administration has been outsourced, the data is also available to the outsourcing partner (F-Secure's ‘distributor partner'), so that they can provide your company with support and corresponding IT services.

1.2 USER DATA IN F-SECURE SYSTEMS

In addition to data that is made available in the portal: F-Secure also collects the following data directly via the service. This data is not shared with the customer company or distribution partner.

  • Your device's language, so the service language is consistent with the device language; and
  • the battery level, internal memory and SD card memory sizes, and a list of installed applications.

This data is used for operating the service, troubleshooting, performance measurement, statistics, and service development.

1.3 DATA RETENTION

The data is stored for a length of service provisioning to our customer company and is visible in the portal for the same duration. After termination of the service agreement or license, this data is retained in F-Secure storage for a limited number of months, before final deletion and anonymization. Customer company data may be stored for longer periods.

2. Securing your device

The service checks the reputation of your files. If the file is not known to be safe, the service may send it to Security Cloud to be scanned. The collected security data includes the package name, the current version and the origin of the file, and the permissions that it requires. These queries are fully anonymous and cannot be connected to an individual user in any way. More information on Security Cloud is available in the dedicated privacy policy.

However; if the service detects malware, the details of it are visible in the portal and are connected to the individual device.

3. Data collection for VPN component

Our guiding principle is that we do not seek to spy on the exact content of your private communications. We analyze your communications traffic to provide you the service and to keep your data transfers clean. To be more exact;

  • we process some metadata (such as the traffic volume, timestamps, IP addresses) of your traffic when providing the service for you;
  • the target IP, port or URL of traffic relayed through the VPN are not stored in a way that they could be later connected to you;
  • we also analyze the traffic for suspicious or malicious files and destinations (i.e. URLs); and
  • we automatically screen the traffic to inhibit usage that is against our acceptable use policy.

4. Analytics

In addition to the data visualized in the portal, the service also uses a subset of collected data for service analytics. We do this so that we can create services that are of value to you and our other customers. Our analytics are explained in more detail in the analytics section of our privacy policy for services.

August 2016