Protection Service for Business combines VPN, mobile device management, software update management as well as workstation and server security, which are all controlled via the management portal. The core privacy aspects of this service are:
- the focus of data collection is on your device and our service, not you;
- the only directly identifying data that we collect is your name, email, and phone number;
- much of the collected data is available for your employer's IT administrator, so they can better manage company devices and applications;
- we collect anonymous security data to protect your device.
The service does not enable F-Secure or your company's IT administrator to follow your movements, view your photos, or see who you call or communicate with, nor are we able to track the sites that you visit through the service.
1. User data
1.1 USER DATA IN THE MANAGEMENT PORTAL
The service collects the following data about you, your device, and use of the service, and makes it available through the management portal:
- User's name, email, computer name, device identifiers (e.g. IMEI, WINS name, IP address) and phone number that act as identifiers for the user data in the system.
- The service version number, subscription key, installation and update date and time, blocked malware (may include the file name and path), operating system and version , feature status.
- Installed applications as part of the software update management.
- For the Freedome for Business mobile component;
- in addition to the above, the service collects: your mobile device model, as well as the potential jailbreak or root status, service statistics per device such as the virtual location, the aggregate amount of traffic in the VPN tunnel, the amount of traffic scanned, the harmful sites, the number of blocked tracking attempts and blocked website counters.
The collected data varies according to what devices and services you use.
We use this data to operate the services, to manage them (including identifying authorized users, managing licenses, and sending push notifications), to measure performance, and to further develop, enhance, and improve the service. The data can be used to provide support and problem resolution services.
This data is visible to your company's IT administrator for similar purposes. The data is also available to F-Secure and through the portal. If the company's IT administration has been outsourced, the data is also available to the outsourcing partner (F-Secure's ‘distributor partner'), so that they can provide your company with support and corresponding IT services.
1.2 USER DATA IN F-SECURE SYSTEMS
In addition to data that is made available in the portal: F-Secure also collects the following data directly via the service. This data is not shared with the customer company or distribution partner.
- Your device's language, so the service language is consistent with the device language; and
- the battery level, internal memory and SD card memory sizes, and a list of installed applications.
This data is used for operating the service, troubleshooting, performance measurement, statistics, and service development.
1.3 DATA RETENTION
The data is stored for a length of service provisioning to our customer company and is visible in the portal for the same duration. After termination of the service agreement or license, this data is retained in F-Secure storage for a limited number of months, before final deletion and anonymization. Customer company data may be stored for longer periods.
2. Securing your device
However; if the service detects malware, the details of it are visible in the portal and are connected to the individual device.
3. Data collection for VPN component
Our guiding principle is that we do not seek to spy on the exact content of your private communications. We analyze your communications traffic to provide you the service and to keep your data transfers clean. To be more exact;
- we process some metadata (such as the traffic volume, timestamps, IP addresses) of your traffic when providing the service for you;
- the target IP, port or URL of traffic relayed through the VPN are not stored in a way that they could be later connected to you;
- we also analyze the traffic for suspicious or malicious files and destinations (i.e. URLs); and
- we automatically screen the traffic to inhibit usage that is against our acceptable use policy.