F-Secure SAFE privacy policy

In brief

The F‑Secure SAFE service is a security solution provided by F‑Secure Corporation to protect computers, tablets, and smartphones. More recent versions of F‑Secure SAFE also include a management portal to help you better manage your licenses across your devices and those of your family members.

To summarize SAFE and privacy:

  • we ask for your name, email address, and/or phone number;
  • we collect anonymous security data to protect your device;
  • the focus of data collection is not on you, but on your device and our service; and
  • the portal provides limited visibility among those who share the same subscription.

 

In full

This service-specific policy focuses on 1) the type of personal and private data that the service collects, 2) what we use it for, 3) typical disclosures, and 4) for how long we store it. We focus on these items because we believe that they are the most relevant for you. For other aspects (such as your rights) regarding the processing of your personal data in connection with this service, please see the F‑Secure privacy statement.

This policy is split into the following parts:

  • User data
  • Service portal
  • Security Cloud
  • Analytics
  • Legal grounds
  • Data disclosures and transfers
  • Communications
  • Retention
  • Compliancy notice

 

User data

Personal identifiers

When the service user identity is managed by F‑Secure, we ask for your and other users' name, user name, email address and phone number.

When the service user identity is managed by our partner, the partner may provide us with the same information (your email address, name, and phone number), or an alternative identifier, directly from its systems upon your subscription to our services.

Technical user data

The service also automatically collects the following data about you, your device, and the service:

  • license creation time, number of purchased licenses, and types of services that each user has subscribed to;
  • language;
  • device model, name, operating system, and version, as well as unique identifiers, including your mobile device's IMEI and MSISDN code;
  • device location for location-based services, if the user needs to locate their device;
  • service statistics per device, e.g. how many times the user has locked or unlocked the device or what kind of setting profiles the user has enabled or created;
  • other substantially similar device and service data.

 

This data is used to:

  • deliver the services to you (including identifying authorized users and managing licenses);
  • provide help and support to you;
  • maintain, develop, and enhance the services and your customer experience and do troubleshooting and performance measurement;
  • improve the functionality of the services and related websites;
  • track the services that you have bought and used so that we can manage your customer relationship and communicate with you;
  • send you information about the services, for example to inform you of expiring licenses, new versions and features, digital security in general, related services; arrange competitions and conduct customer satisfaction surveys.

 

Service portal

To help you in managing your subscriptions and settings and to help us help you better in case of problems, the following data from all of the devices and users in the subscription is visible to those who share the same subscription: user / device name, profile name, first name, last name.

You can use the service portal to locate your misplaced devices. In such cases, the location data is processed for your use only for a limited amount of time, after which we will either delete it or make it anonymous. The location data of past queries is only stored for those queries that are visible in the service. A user can only locate their own device or the devices of their children when using Family Rules, not other registered users' devices.

When you query your device location using a third-party map service, the provider of the location data utilizes such data based on its own terms, privacy statements, and laws applicable to it. On the publication date of this policy, F‑Secure is using Google Maps to show the location of your queried device and Google privacy policies shall apply to such use. The data is not accessible to other third parties and it is not used for any other value-added services.

Security Cloud

The core of the service is our 'Security Cloud', to which the service sends queries on potentially malicious activity on your device. These queries – such as URLs and file identifiers – cannot be connected to an individual user. The Security Cloud data collection is explained in more detail in its dedicated privacy statement.

Analytics

The service also collects analytical data on service and website use (such as which features are used and how often). We do this so that we can create services that are of value to you and our other customers. Our interest is the needs and behavior of our users as a group, not in the names of those users. Our analytics are explained in more detail in the analytics section of our privacy statement.

Legal grounds

F‑Secure processes your data so that we can provide you with our services that you have made a contract for or are in the process of doing so. Such contracts may be made either directly with F‑Secure or with another entity (such as our webstore or operator partner) that has tendered our services to you. Tendering of services may take the form of a purchase or be free of charge.

In the case of data that is not strictly necessary to provide you with the services – but would help F‑Secure in providing you with better services in the long run – we collect such data only with your consent.

The service user interface may also provide you with other settings to adjust your preferences.

Data disclosures and transfers

If you have subscribed to the service via our partner, such as a teleoperator, that partner may undertake some of the activities listed above in our stead (such as user authentication or communications). We also exchange some of the collected data as necessary (e.g. status of your subscription, installation success, data collected for resolving a technical support case) with the partner. We do this to provide you with a smooth customer experience and support services, and to communicate with you in a consistent manner.

With your permission, the partner may also access your account to provide you with customer support.

To provide the service, F‑Secure employs its affiliates and subcontractors based on the principles set out under "Transfers" in its privacy statement.

Communications

We strive to provide you with relevant communications. You can adjust the kind of messages you receive from us in the service marketing preferences portal.

Retention

Personally identifiable user data is retained for the duration of an active service subscription. This retention period is extended for six months to allow customers to re-engage their expired subscription. After said retention period, the customer account will be scheduled for removal.

If you have engaged with us on multiple fronts, the grace period prior to the final removal of your account is extended so that it does not disturb the other interactions. This - along with exceptions to the deletion and anonymization of your data - is elaborated under "Retention" in the F‑Secure privacy statement.

If you have purchased the service via our operator partners, the account deletion is controlled by that operator partner. When the partner notifies us that your subscription has been terminated, F‑Secure subsequently removes the account and deletes or anonymizes personal data related to the account.

Analytics data is retained for statistical purposes and is not deleted on removal of personal data and the user account.

Data protection compliancy notice

F‑Secure always applies strict security measures to protect the confidentiality and integrity of your personal data.

Device Administrator rights are required for the application to perform, and F‑Secure is using the respective permissions in full accordance with Google Play policies and with the active consent of the end user. Device Administrator permissions are used for the Finder and Parental Control features, in particular:

  • The remote alarm, wipe, and locate functionalities used in the Finder feature
  • To prevent children from removing the application without parental guidance
  • Browsing Protection

 

December 2018