Effective Date: 10 October 2019
This Privacy Notice explains the way that F5 Networks, Inc. and its affiliates (collectively, "F5") handle information about you that is collected in the contexts described below.
First, this Privacy Notice applies to the personal data we collect about you in connection with:
- Management of our customer relationships, including through accounts you set up with F5.
- Sales, including our sale of products through resellers, distributors, partners, and third-party marketplaces.
- Our certification programs.
- Our training programs, including F5 University.
- Our marketing and advertising programs.
- Our investor relations.
- Management of our websites and apps in relation to any of the above.
Under the EU General Data Protection Regulation (“GDPR”) and other similar laws, F5 is considered a “controller” of that data because F5 determines how that data will be handled. F5 Networks, Inc. is typically the primary controller within the F5 group of companies.
This Privacy Notice also applies to personal data F5 receives in the context of providing its services (the “Services”). For many Services, F5 acts only as a “processor” (not a controller) with respect to the personal data it collects through the Service. This means that F5 handles the personal data solely on behalf of the relevant customer, unless legally required to do otherwise. The Service-specific Privacy Statements below explain F5’s role as a controller or processor with respect to particular Services and provide additional privacy information.
- Support and Maintenance Privacy Statement
- Professional Services Privacy Statement
- Silverline Privacy Statement
- Application Security Cloud and Bot Protect Services Privacy Statement
1. What types of Personal Data does F5 collect?
We collect, store, and use the following categories of personal data:
- Contact details and professional details, such as name, email address, phone number, title, and employer's name.
- Information about our users' experiences with F5 products, services, events, and online forums and communities, such as DevCentral.
- Contact information derived from interactions with F5 by our actual or prospective customers employees (e.g., interactions with customer service).
- Information about actual or prospective users' interests.
- Payment information for purchases with F5.
- Additional details about certification candidates, including:
- Identity documents and other personal data collected solely to authenticate the candidate's identity and for test security (such as photographs, fingerprints, or palm vein scans).
- Personal data submitted for test accommodations (such as information about health or language concerns).
- Test results.
- Other personal data collected in connection with our Services, as described in the relevant Service-specific Privacy Statement.
We obtain personal data directly from you or your employer; from third-party sources such as resellers, distributors, third-party marketplaces, data brokers, marketing companies, referrals from customers, and users; and from publicly available sources such as company websites. Through some Services, we obtain personal data from our customers, or from individuals who interact with our customers or their online properties.
In some cases, F5 collects personal data through the technology described in the "Cookies and similar technology" section below.
2. How does F5 use and share Personal Data with others?
F5 uses and shares personal data for the following purposes:
- To analyze, improve, and develop F5 products and Services.
- To provide our products, Services, events, websites, communities, training, and other business offerings.
- To manage our relationships with customers, partners, resellers, distributors, event attendees, and others.
- For marketing, advertising, and other communications (including customizing those communications for specific recipients).
- To provide a third party with confirmation or denial of an individual's claimed certification status.
- For surveys and other market research.
- For security, IT management, and related research.
- To enforce the legal terms that govern our business and commercial relationships.
- To provide security and business continuity.
- To follow the law, or in other cases where we believe that using or disclosing the data is appropriate to protect the rights, safety, and property of F5 or others (for example, when required to make disclosures in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements).
- For an actual or contemplated business sale, merger, consolidation, change in control, transfer of substantial assets, or reorganization.
- For other purposes requested or permitted by our customers or users.
For those purposes, we may share personal data with our affiliates and third parties that help us with the activities described in this Privacy Notice. These uses and disclosures are also subject to our contractual obligations.
3. What are the legal reasons F5 can do this?
The laws in some jurisdictions require data controllers to tell you about the legal grounds that allow them to use or disclose your personal data. Where those laws apply, our legal grounds are:
- Legitimate interests: We handle personal data because it furthers the legitimate interests of F5 (or of our customers, business partners, or suppliers) in business activities such as the ones listed below, and because that handling of data does not unduly impact your interests, rights, and freedoms:
- Providing cybersecurity and managing information technology assets
- Protecting business activities, individuals, and property
- Providing customer service
- Marketing and advertising (including sending certain direct marketing)
- Analyzing and improving business activities
- Managing risks and legal issues
- To honor our contractual commitments to the individual: Some of our handling of personal data is necessary to meet our contractual obligations to individuals, or to take steps at the person's request because we are planning to enter into a contract with him/her. For example, when we process an individual’s payment data for a certification examination, we are relying on this basis.
- If the law requires consent, and in some other cases, we handle personal data on the basis of consent. For example, we conduct some of our direct marketing on the basis of consent.
- If the law requires explicit consent, we use personal data on that basis.
- If the law allows, we may be able to infer consent from the circumstances.
- Legal compliance: We sometimes need to use and disclose personal data to comply with our legal obligations.
- Legal claims: Sometimes we use or disclose personal data because it is necessary to establish, exercise, or defend legal claims.
4. What Personal Data rights and choices (including direct marketing opt-out) are available?
For personal data that we collect through our Services, the Privacy Statement for each Service has instructions for how you can exercise your legal rights with respect to such data. Where we process such data solely on behalf of a customer, those instructions typically will indicate that you should contact the customer to exercise those rights. In those cases, if you contact F5 instead, we normally will refer your request to the relevant customer (if we know who that is) and will cooperate with that customer’s handling of the request, subject to any special contractual arrangement with that customer.
For other personal data (including certain personal data we collect through our Services), we offer the options below for exercising your rights and choices about how we use your personal data. Many of these are subject to important limits or exceptions under applicable laws and, where applicable, the EU-U.S. and EU-Swiss Privacy Shield Frameworks (“Privacy Shield”).
- You may review and update certain information by logging into the relevant F5 websites or online services.
- The law of your jurisdiction (for example, within the European Economic Area) may give you additional rights to request access to, correction of, or deletion of certain personal data we store. In some cases, you may be entitled to receive a copy of the personal data you provided to us in portable form or to request that we share it with a third party. The law may also give you the right to request restrictions on the use of your personal data, to object to our use of your personal data, or to withdraw your consent to use your personal data (which will not affect the legality of any processing that happened before your request takes effect). The "How to contact us" section below explains how to make these requests.
- For example, people who live in the European Economic Area (and certain other people) have the right to opt out of our use of personal data for direct marketing. They can exercise their rights to opt out, or to object to other processing, by contacting us as described below.
- Our marketing email messages and certain other communications include instructions about how to unsubscribe, which you can use to limit or stop those communications. Opt-out processes may take some time to complete, but we will work to meet your request as quickly as possible. You cannot opt out of certain communications (such as billing-related communications or emergency service messages).
- You can exercise opt-out rights, object, or withdraw consent in relation to our use of certain cookies and certain similar technologies as described in Section 7 below.
- Notice to California Residents:
- Subject to certain limitations, California Civil Code § 1798.83 permits California residents to request and obtain from us a list of the third parties to whom we have disclosed certain personal information subject to that law (if any) for direct marketing purposes aimed at that recipient in the prior calendar year, as well as the type of personal information disclosed to those third parties. If you are a California resident and would like to request this information, please submit your request to privacy@F5.com.
- Deletion of your online posts: Minors may request deletion or anonymization of content or information they have posted on our websites or online spaces (such as in a public forum), by using the self-service option in the relevant website or online space (if available) or by contacting us as described below. We will handle such requests under applicable law. Where the request is made under California law, and in some other cases, this process does not ensure complete or comprehensive removal of the content or information.
You may contact us with any concerns or complaints regarding our privacy practices, and you also may submit a complaint to the relevant governmental authority. (Individuals whose personal data we receive under our Privacy Shield certification also may file a Privacy Shield-related complaint, as described in the Privacy Shield section below.)
For your protection, we will only implement requests with respect to personal data after we have verified your identity to our satisfaction, taking into consideration the nature of your request.
5. Does the personal data go to other countries?
We are a global company with headquarters in the United States, and the F5 affiliates and third parties with whom we share the personal data as described in this Privacy Notice are located in the United States and elsewhere in the world, including countries where privacy laws may not provide as much protection as your country. F5 complies with legal requirements for protecting the movement of data across borders, including through the use of European Commission-approved Standard Contractual Clauses or by relying on the third party’s participation in Privacy Shield.
Please note that our customers may transfer personal data to F5 on the basis of other legal mechanisms approved by the European Commission and other relevant authorities for transferring data across borders, such as Standard Contractual Clauses. If you wish to exercise a right to see copies of the mechanisms that F5 uses to transfer data to third parties, please contact us.
Finally, certain F5 services allow our customers and users to transfer data to third parties. Those customers and users are solely responsible for those transfers.
6. How does F5 Networks, Inc.’s Privacy Shield certification protect my data?
As a business subject to the investigatory and enforcement authority of the United States Federal Trade Commission, F5 Networks, Inc. has certified it adheres to the Privacy Shield Principles with respect to the personal data that F5 Networks, Inc. receives in reliance on the Privacy Shield. This certification is limited to personal data that meets all of the following conditions: (i) F5 Networks, Inc. receives the data in the U.S. from a transfer from the United Kingdom or elsewhere in the European Economic Area or Switzerland, (ii) F5 Networks, Inc. receives the personal data via a Service, and (iii) the Service-specific Privacy Statement indicates that F5’s Privacy Shield commitment applies to that Service.
Our Privacy Shield certification is available at https://www.privacyshield.gov/list. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov. When F5 Networks, Inc. receives personal data under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on F5 Networks, Inc.’s behalf, F5 Networks, Inc. may have certain responsibility under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) F5 Networks, Inc. is responsible for the event giving rise to the damage.
Covered individuals should direct any questions, concerns or complaints regarding F5 Networks, Inc.’s compliance with the Privacy Shield to us as described at the bottom of this Policy. We will attempt to answer your questions and satisfy your concerns as soon as possible. If, after discussing the matter with us, your issue or complaint is not resolved, we have agreed to participate in a Privacy Shield dispute resolution mechanism operated by JAMS, free of charge to you. To file a complaint with JAMS, you can visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim, but please contact us first. If your complaint still is not resolved through those channels, under limited circumstances, an additional binding arbitration option may be available before a Privacy Shield panel, as described at https://www.privacyshield.gov.
We and third parties may use these automated means to read or write information on your devices, such as in various types of cookies and other browser-based or plugin-based local storage (such as HTML5 storage or Flash-based storage), or to collect pieces of information that together may uniquely identify your device.
Cookies and local storage are files that contain data, such as unique identifiers, that we or a third party may transfer to or read from your devices for the purposes described in this Privacy Notice, such as to recognize the devices, to improve your use of our website and services, for cybersecurity, to prevent fraud, to provide services, and for record-keeping, analytics, and marketing, depending on the context of collection.
These technologies help us:
- Keep track of whether you are signed in or have previously signed in so that we can display all the features that are available to you.
- Remember your settings on the pages you visit so that we can display your preferred content the next time you visit.
- Display personalized content.
- Perform analytics, measure traffic and usage trends, and better understand the demographics of our users.
- Diagnose and fix technology problems.
- Plan for and enhance our business.
Also, in some cases, we assist with the collection of information by advertising services provided by third parties. The ad services may track your online activities over time by collecting information through automated means such as cookies, and they may use this information to show you ads that are tailored to your individual interests or characteristics and/or based on your prior visits to certain sites or apps, or other information we or they know, infer, or have collected from the users like you.
For example, we and these services may use different types of cookies, other automated technology, and data to:
- Recognize users and their devices.
- Inform, optimize, and serve ads.
- Report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services (including how they are related to visits to specific sites or apps).
By clicking on the cookie preferences hyperlink in the footer of participating F5 websites, you can adjust your preferences about how certain cookies and certain similar technologies are used in F5 websites that hyperlink to that preferences tool from their footer. You should repeat this process with each browser you use to visit those websites.
To learn more about interest-based advertising generally, or to use a different method to opt out of targeted, interest-based ads by some of our current ad service partners, visit aboutads.info/choices or youronlinechoices.eu from each browser you use.
You can opt out of Google Analytics and customize the Google Display Network ads by visiting the Google Ads Settings page from each browser. Google also allows you to install a Google Analytics Opt-out Browser Add-on for each browser.
If you replace, change, or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again. We do not respond to browser-based do-not-track signals.
Please visit your mobile device manufacturer's website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation.
8. How long does F5 store Personal Data?
We will retain personal data as long as necessary to fulfill the purposes outlined in this Privacy Notice unless the law requires us to keep it for a longer period of time. To provide security and business continuity for the activities described in this Privacy Notice, we make backups of certain data, which we may retain for longer than the original data.
9. What about security?
To protect personal data, we have put in place reasonable physical, technical, and administrative safeguards. However, we cannot assure you that data that we collect will never be used or disclosed in a manner that is inconsistent with this Privacy Notice.
10. What about other kinds of data?
If the law and our contractual obligations allow, we may aggregate or de-identify your personal data so that the information cannot be linked to you and is no longer personal data. Our use and disclosure of non-personal data is not subject to this Privacy Notice, and we may use or disclose it for any reason permitted by law.
11. What happens when this Privacy Notice changes?
F5 may change this Privacy Notice at any time, including to reflect changes in the law or our data practices. Any updated Privacy Notice will be accessible from the footer of f5.com or another convenient location.
12. How to contact us
If you have questions, requests, or complaints regarding your personal data or this Privacy Notice, please contact us at privacy@F5.com or:
F5 Networks, Inc.
Attn: Privacy Office
801 5th Ave
Seattle, Washington 98104
F5 Networks Limited
Attn: Privacy Office
Chertsey Gate West
43-47 London Street
Data Protection Officer:
Dr. Felix Wittern
Am Sandtorkai 68