Published on: 1 July 2020
Last updated on: 4 October 2023
F5 offers network and security solutions branded as Traffix (collectively, the “Traffix Solutions”). F5 also provides support, maintenance, and professional services for the Traffix Solutions (the “Services”).
F5 does not process personal data through the Traffix Solutions. This Privacy Statement applies to the customer data that F5 processes through the Services.
Under the data protection laws of the EU and similar jurisdictions, F5 is a processor of the customer data, and the customer is (or acts on behalf of) a controller of such data, to the extent it contains personal data.
The Traffix Solutions process customer network traffic (which may contain IP addresses or other personal data) within the customer’s location — without transmitting network traffic or other personal data to F5. F5 does not provide a cloud environment in which Traffix Solutions operate.
Customers who use support and maintenance Services may choose to provide F5 with personal data. One way they can do this is by providing F5 with a file called a TTA file, which contains configuration details relevant to the Traffix Solution, including a sampling of its log files, which contain IP addresses. The customer would take specific steps to generate the TTA file and manually upload it to an F5 support location. F5 systems run an automated process that removes certain kinds of data from the file (such as portions that appear to be formatted like passwords or private keys) prior to its use for support or maintenance.
The other way a customer can provide F5 with personal data in the support and maintenance context is by taking specific steps to create, and then manually upload to F5, a different type of snapshot from the Traffix Solution’s memory cores, or a snapshot of the traffic passing through the Traffix Solution. These snapshots typically contain IP addresses. If the customer uses the Traffix Solution to process traffic that contains personal data, the snapshot may contain random snippets of such personal data.
On occasion, F5 customers may return a Traffix device to F5 through our Return Material Authorization (RMA) process. F5 provides instructions to customers about how to remove their data from their devices prior to return. If a customer does not follow this process, F5 overwrites the data after receiving the device. F5 also offers RMA alternatives that allow customers to retain out-of-service Traffix devices while still receiving a replacement.
F5’s provision of professional services to the customer may, depending on the Services and the customer’s needs, involve incidental access by F5 personnel to the sorts of data described above.
To exercise your rights with respect to the customer data that F5 processes in connection with a customer’s Traffix Solution or Services, please contact that customer. F5’s Data Privacy Framework Certification covers this data to the extent it is personal data. For more information about F5’s privacy practices, please see the F5 Privacy Notice.