Effective Date: 7 April 2020
This Privacy Notice explains the way that F5 Networks, Inc. and its affiliates (collectively, "F5") handle information about you that is collected in the contexts described below.
First, this Privacy Notice applies to the personal data we collect about you in connection with:
Under the EU General Data Protection Regulation (“GDPR”) and other similar laws, F5 is considered a “controller” of that data because F5 determines how that data will be handled. F5 Networks, Inc. is typically the primary controller within the F5 group of companies.
This Privacy Notice also applies to personal data F5 receives in the context of providing its services (the “Services”). For many Services, F5 acts only as a “processor” (not a controller) with respect to the personal data it collects through the Service. This means that F5 handles the personal data solely on behalf of the relevant customer, unless legally required to do otherwise. The Service-specific Privacy Statements below explain F5’s role as a controller or processor with respect to particular Services and provide additional privacy information.
We collect, store, and use the following categories of personal data:
We obtain personal data directly from you or your employer; from third-party sources such as our Unity Partners (which include resellers and distributors); third-party marketplaces where our products are offered (such as AWS and Google Cloud Platform); data brokers (such as Dun & Bradstreet); marketing companies; referrals from customers, and users; and from publicly available sources such as company websites and LinkedIn. Through some Services, we obtain personal data from our customers, or from individuals who interact with our customers or their online properties.
In some cases, F5 collects personal data through the technology described in Section 7 below.
F5 uses and shares personal data for the following purposes:
For those purposes, we may share personal data with our affiliates and third parties that help us with the activities described in this Privacy Notice. These uses and disclosures are also subject to our contractual obligations.
The laws in some jurisdictions require data controllers to tell you about the legal grounds that allow them to use or disclose your personal data. Where those laws apply, our legal grounds are:
For personal data that we collect through our Services, the Privacy Statement for each Service has instructions for how you can exercise your legal rights with respect to such data. Where we process such data solely on behalf of a customer, those instructions typically will indicate that you should contact the customer to exercise those rights. In those cases, if you contact F5 instead, we normally will refer your request to the relevant customer (if we know who that is) and will cooperate with that customer’s handling of the request, subject to any special contractual arrangement with that customer.
For other personal data (including certain personal data we collect through some of our Services), we offer the options below for exercising your rights and choices about how we use your personal data. Many of these are subject to important limits or exceptions under applicable laws and, where applicable, the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”).
You may contact us with any concerns or complaints regarding our privacy practices, and you also may submit a complaint to the relevant governmental authority. (Individuals whose personal data we receive under our Privacy Shield certification also may file a Privacy Shield-related complaint, as described in the Privacy Shield section below.)
We are a global company with headquarters in the United States, and the F5 affiliates and third parties with whom we share the personal data as described in this Privacy Notice are located in the United States and elsewhere in the world, including countries where privacy laws may not provide as much protection as your country. F5 complies with legal requirements for protecting the movement of data across borders, including through the use of European Commission-approved Standard Contractual Clauses or by relying on the third party’s participation in Privacy Shield.
Please note that our customers may transfer personal data to F5 on the basis of other legal mechanisms approved by the European Commission and other relevant authorities for transferring data across borders, such as Standard Contractual Clauses. If you wish to exercise a right to see copies of the mechanisms that F5 uses to transfer data to third parties, please contact us.
Finally, certain F5 services allow our customers and users to transfer data to third parties. Those customers and users are solely responsible for those transfers.
As a business subject to the investigatory and enforcement authority of the United States Federal Trade Commission, F5 Networks, Inc. has certified it adheres to the Privacy Shield Principles with respect to the personal data that F5 Networks, Inc. receives in reliance on the Privacy Shield. This certification is limited to personal data that meets all of the following conditions: (i) F5 Networks, Inc. receives the data in the U.S. from a transfer from the United Kingdom, European Economic Area or Switzerland, (ii) F5 Networks, Inc. receives the personal data via a Service, and (iii) the Service-specific Privacy Statement indicates that F5’s Privacy Shield commitment applies to that Service.
Our Privacy Shield certification is available at https://www.privacyshield.gov/list. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov. When F5 Networks, Inc. receives personal data under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on F5 Networks, Inc.’s behalf, F5 Networks, Inc. may have certain responsibility under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) F5 Networks, Inc. is responsible for the event giving rise to the damage.
Covered individuals should direct any questions, concerns or complaints regarding F5 Networks, Inc.’s compliance with the Privacy Shield to us as described at the bottom of this Policy. We will attempt to answer your questions and satisfy your concerns as soon as possible. If, after discussing the matter with us, your issue or complaint is not resolved, we have agreed to participate in a Privacy Shield dispute resolution mechanism operated by JAMS, free of charge to you. To file a complaint with JAMS, you can visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim, but please contact us first. If your complaint still is not resolved through those channels, under limited circumstances, an additional binding arbitration option may be available before a Privacy Shield panel, as described at https://www.privacyshield.gov.
We and third parties may use these automated means to read or write information on your devices, such as in various types of cookies and other browser-based or plugin-based local storage (such as HTML5 storage or Flash-based storage), or to collect pieces of information that together may uniquely identify your device.
Cookies and local storage are files that contain data, such as unique identifiers, that we or a third party may transfer to or read from your devices for the purposes described in this Privacy Notice, such as to recognize the devices, to improve your use of our website and services, for cybersecurity, to prevent fraud, to provide services, and for record-keeping, analytics, and marketing, depending on the context of collection.
These technologies help us:
Also, in some cases, we assist with the collection of information by advertising services provided by third parties. The ad services may track your online activities over time by collecting information through automated means such as cookies, and they may use this information to show you ads that are tailored to your individual interests or characteristics and/or based on your prior visits to certain sites or apps, or other information we or they know, infer, or have collected from the users like you.
For example, we and these services may use different types of cookies, other automated technology, and data to:
By clicking on the cookie hyperlink in the footer of participating F5 websites, you can launch a consent tool to adjust your preferences about how certain cookies and certain similar technologies are used in F5 websites that hyperlink to that same preferences tool from their footer. You should repeat this process with each browser you use to visit those websites.
To learn more about interest-based advertising generally, or to use a different method to opt out of targeted, interest-based ads by some of our current ad service partners, visit aboutads.info/choices or youronlinechoices.eu from ea ch browser you use.
If you replace, change, or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again. We do not respond to browser-based do-not-track signals.
Please visit your mobile device manufacturer's website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation.
We will retain personal data as long as necessary to fulfill the purposes outlined in this Privacy Notice unless the law requires us to keep it for a longer period of time. To provide security and business continuity for the activities described in this Privacy Notice, we make backups of certain data, which we may retain for longer than the original data.
To help protect personal data, we have put in place physical, technical, and administrative safeguards. However, we cannot assure you that data that we collect will never be used or disclosed in a manner that is inconsistent with this Privacy Notice.
If the law and our contractual obligations allow, we may aggregate or de-identify your personal data so that the information cannot be linked to you and is no longer personal data. Our use and disclosure of non-personal data is not subject to this Privacy Notice, and we may use or disclose it for any reason permitted by law.
The subsections below apply only to “personal information” about California residents, as that term is defined in the California Consumer Privacy Act (“CCPA”), and they supplement the information in the rest of our Privacy Notice above. Data about individuals who are not residents of California is handled differently and is not subject to the same rights described below. These subsections do not apply to data that F5 handles in its capacity as a processor, even when such data is about a resident of California.
CCPA categories of California personal information we collect:
F5 collects all of the information described in Sections 1 and 7 of our Privacy Notice, and in our Service-specific Privacy Statements, from and about California residents. You should refer to those locations for more detail, but this information generally falls into the following CCPA categories, to the extent it is personally identifiable: identifiers (such as name, address, email address and other contact information); commercial information (such as information about an individual’s interests and interactions with F5 or our partners, including transaction data); financial data (such as payment information); categories of personal information described in California Civil Code Section 1798.80(e) (such as health information collected from some certification candidates who request an accommodation); visual and biometric information (such as photographs and palm vein prints collected from certification candidates for identity verification and test security); internet or other network or device activity, and other information described in Section 7 of our Privacy Notice; geolocation information; professional or employment related data (such as title); other information that identifies or can be reasonably associated with you; and inferences drawn from any of the above.
CCPA description of uses of California personal information:
In CCPA terms, we and our service providers may use and disclose (and in the past 12 months have used and disclosed) all of the categories of California personal information that we collect for all of the purposes described in Section 2 of our Privacy Notice. These purposes include but are not limited to activities that the CCPA describes as follows:
The extent to which our service providers engage in the uses and disclosures described above varies from provider to provider.
CCPA “sale” of California personal information
The CCPA requires businesses that “sell” personal information, as the term “sell” is defined under the CCPA, to provide an opt-out from such sales. Some people have taken the position that when a website uses third parties’ cookies or similar technology for its own analytics or advertising purposes, the website is engaged in a “sale” under the CCPA if the third parties have some ability to use, disclose or retain the data to improve their service or to take steps beyond the most narrowly drawn bounds of merely providing their service to the website/app. Some take this position even when the website pays the third party (not vice versa), and in most cases merely provides the third party with an opportunity to collect data directly, instead of providing personal information to the third party. If you take the position that any of those relationships involve a “sale” within the meaning of the CCPA, then you may consider F5 to have “sold” what the CCPA calls “identifiers” (like IP addresses), “internet or other electronic network activity information” (like information regarding an individual’s browsing interactions on an F5 website), and “commercial information” (like the fact that a browser visited a page directed to people who are considering purchasing from us) to those sorts of companies. To opt out of this activity:
Additional control options (which should be used for F5 websites that don’t have a cookie link on their footer) are described in Section 7 of our Privacy Notice.
California privacy rights
If you are a California resident, California law also may permit you to request that we:
Certain information is exempt from such requests under applicable law. You also may have the right to receive information about the financial incentives that we offer to you (if any). You also have certain rights under the CCPA not to be subject to certain negative consequences for exercising CCPA rights.
To request to exercise any of these rights and receive the fastest response, please see Section 13. For security and legal reasons, F5 will not accept requests that require us to access third-party websites or services.
In addition to exercising CCPA rights, California minors may request deletion or anonymization of content or information they have posted on our websites or online spaces (such as in a public forum), by using the self-service option in the relevant website or online space (if available) or by contacting us as described below. We will handle such requests under applicable law. In some cases, consistent with applicable law, this process does not ensure complete or comprehensive removal of the content or information.
F5 may change this Privacy Notice at any time, including to reflect changes in the law or our data practices. Any updated Privacy Notice will be accessible from the footer of f5.com or another convenient location.
To request to exercise your data protection rights under the GDPR or other laws (beside the CCPA), please visit the General DSAR Portal.
For CCPA Requests only for California Residents, please visit the CCPA DSAR Portal. Alternatively, you can make your CCPA request via voicemail at the following number: +1 (844) 311-6885. No other requests are accepted at that number.
If you have any other request, question, or complaint regarding your personal data or this Privacy Notice, please contact us at privacy@F5.com or:
F5 Networks, Inc.
Attn: Privacy Office
801 5th Ave
Seattle, Washington 98104
Main European office:
F5 Networks Limited
Attn: Privacy Office
Chertsey Gate West
43-47 London Street
Data Protection Officer:
Dr. Felix Wittern
Am Sandtorkai 68