Privacy Notice

(vi) Independent dispute resolution

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, F5, Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/file-a-dpf-claim for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

(vii) The type or identity of third parties to which we disclose personal information under the Data Privacy Framework, and the purposes for which we do so

Please refer to section 2 above to find out about the type or identity of third parties to which we disclose personal information under the Data Privacy Framework, and the purposes for which we do so.

(viii) Your right to access your personal data

You also have the right to access any personal data that relates to you and which is processed under the Data Privacy Framework. Further information about this right can be found in section 4 above.

(ix) Your choices regarding use of your personal data

Under the Data Privacy Framework:

• You have the right to opt out of the disclosure of your "non sensitive" personal data to third party controllers and/or to the use of it for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you.
• You have the right to only have "sensitive" personal data about you disclosed to third party controllers and/or used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you through exercise of opt-in choice.
  

For personal data processing that is controlled by F5, Inc., these choices can be exercised through the methods outlined in section 4 above, or through contacting F5, Inc. through the methods noted in section 12 below.

(x) Subjection to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC)

The Federal Trade Commission has jurisdiction over F5, Inc.’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

(xi) Possible use of binding arbitration

You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Data Privacy Framework compliance not resolved by any of the other Data Privacy Framework mechanisms. For additional information about this, please see: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2

(xii) Requirement to disclose personal data in response to lawful requests by public authorities,

Please be aware that F5, Inc. may be required to disclose personal data that relates to you (and which is protected under the Data Privacy Framework) in response to lawful requests by public authorities including to meet national security or law enforcement requirements.

(xiii) F5, Inc.'s liability in cases of onward transfers to third parties.

F5, Inc.'s may transfer personal data for the purposes described in section 2 above to a third party acting as a data controller or as an agent. If we intend to disclose personal data to a third party acting as a data controller or as an agent we will comply with, and protect, personal data as provided in the Accountability for Onward Transfer Principle of the Data Privacy Framework.

F5, Inc. remain liable for the processing of personal data received under the Data Privacy Framework and subsequently transferred to a third party acting as an agent if the agent processes such personal data in a manner inconsistent with the Data Protection Framework principles, unless we prove that we are not responsible for the event giving rise to the damage.

7. Does F5 use cookies and similar technology?

In our websites, apps, and emails, we and third parties may collect certain information by automated means such as cookies, web beacons, JavaScript, mobile-device functionality and other computer code. This information may include unique browser identifiers, IP address, browser and operating system information, device identifiers (such as the Apple IDFA or Android Advertising ID), geolocation, other device information, Internet connection information, as well as details about your interactions with our apps, websites, and emails (for example, the URL of the third-party website from which you came, the pages on our website that you visit, and the links you click on in our websites).

We and third parties may use these automated means to read or write information on your devices, such as in various types of cookies and other browser-based or plugin-based local storage (such as HTML5 storage or Flash-based storage), or to collect pieces of information that together may uniquely identify your device.

Cookies and local storage are files that contain data, such as unique identifiers, that we or a third party may transfer to or read from your devices for the purposes described in this Privacy Notice, such as to recognize the devices, to improve your use of our website and services, for cybersecurity, to prevent fraud, to provide services, and for record-keeping, analytics, and marketing, depending on the context of collection.

These technologies help us:

• Keep track of whether you are signed in or have previously signed in so that we can display all the features that are available to you.
• Remember your settings on the pages you visit so that we can display your preferred content the next time you visit.
• Display personalized content.
• Perform analytics, measure traffic and usage trends, and better understand the demographics of our users.
• Review and analyze user journeys on our websites and apps, such as how users engage with, linger on, navigate, and scroll through our services during a visit.
• Diagnose and fix technology problems.
• Plan for and enhance our business.

Also, in some cases, we assist with the collection of information by advertising services provided by third parties. The ad services may track your online activities over time by collecting information through automated means such as cookies, and they may use this information to show you ads that are tailored to your individual interests or characteristics and/or based on your prior visits to certain sites or apps, or other information we or they know, infer, or have collected from the users like you.

For example, we and these services may use different types of cookies, other automated technology, and data to:

• Recognize users and their devices.
• Inform, optimize, and serve ads.
• Report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services (including how they are related to visits to specific sites or apps).

Below, you can find options for adjusting your preferences for our use of various technologies on our websites in a particular browser.  For most of the cookie preference options described below, your opt-out will be stored a cookie.  That means that you can undo your opt-out by manually clearing the cookies in your browser or by using a browser that automatically clears cookies.  Depending on where you are and some other factors, this may reactivate the sorts of cookies that your previous preference had stopped.  If you do that and then decide to opt-out again for that browser, you will need to perform the relevant opt-out steps again in that browser.

By clicking on the cookie hyperlink in the footer of participating F5 websites, you can launch a consent tool to adjust your preferences about how certain cookies and certain similar technologies are used in F5 websites that hyperlink to that same preferences tool from their footer.  You should repeat this process with each browser you use to visit those websites.  This is the best way to control cookies on the sites that offer this option.

Analytics opt-outs: You can opt out of Google Analytics and customize Google Display Network ads by using the Google Ads Settings page from each browser. Google also allows you to install a Google Analytics Opt-out Browser Add-on for most browsers. 

To learn more about interest-based advertising generally, or to use a different method to opt out of targeted, interest-based ads by some of our current ad service partners, visit aboutads.info/choices or youronlinechoices.eu from each browser you use.

In addition, you may be able to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent. Some browsers offer similar settings for HTML5 local storage, and Flash storage can be managed as described here. However, if you block or otherwise reject our cookies, local storage, JavaScript or other technologies, certain websites (including some of our own websites) may not function properly. 

If you replace, change, or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again. 

Please visit your mobile device manufacturer's website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation. Please note, however, that we do not respond to browser-based privacy signals (such as do-not-track) at this time.

8. How long does F5 store Personal Data?

We will retain personal data as long as necessary to fulfill the purposes outlined in this Privacy Notice unless the law requires us to keep it for a longer period of time. To provide security and business continuity for the activities described in this Privacy Notice, we make backups of certain data, which we may retain for longer than the original data.

9. What about security?

To help protect personal data, we have put in place physical, technical, and administrative safeguards. However, we cannot assure you that data that we collect will never be used or disclosed in a manner that is inconsistent with this Privacy Notice.

10. What about other kinds of data?

If the law and our contractual obligations allow, we may aggregate or de-identify your personal data so that the information cannot be linked to you and is no longer personal data. Our use and disclosure of non-personal data is not subject to this Privacy Notice, and we may use or disclose it for any reason permitted by law.

11. What happens when this Privacy Notice changes?

F5 may change this Privacy Notice at any time, including to reflect changes in the law or our data practices. Any updated Privacy Notice will be accessible from the footer of f5.com or another convenient location.

12. How to contact us

To request to exercise your data protection rights under the GDPR or other laws (besides the CCPA), please visit the General DSR Portal.

For CCPA Requests only for California Residents, please follow the instructions below for California-specific rights.

For security and legal reasons, F5 reserves the right to deny requests that require us to access third-party websites or services.

If you have any other request, question, or complaint regarding your personal data or this Privacy Notice, please complete the form below or:

13. Special details for California residents

This Section 13 applies only to “personal information” about California residents, as that term is defined in the California Consumer Privacy Act (“CCPA”), and it supplements the information in the rest of our F5 Privacy Notice  above. Data about individuals who are not residents of California is handled differently and is not subject to the same rights described in this Section. This Section does not apply to data that F5 handles in its capacity as a processor or “service provider” under the CCPA, even when such data is about a resident of California, or to other data or activities that are not subject to the privacy policy provisions of the CCPA. 

Collection, Retention, and Use of California Personal Information

We collect (and during the 12 months leading up to the effective date of this Privacy Notice we did collect) the categories of personal information described below.  We intend to retain this information for as long as we feel it is necessary for the purposes described further below, or for any longer period required by law.  Because we may collect and use the same category of personal information for different purposes and in different contexts, there is not typically a fixed retention period that always will apply to a particular category of personal information.  Examples of how long we normally intend to retain personal information in certain situations are set forth below.

F5 uses personal information for the following purposes:

• To analyze, improve, and develop F5 products and services.
• To provide our products, services, events, websites, communities, training, and other business offerings.
• To process payments.
• To manage our relationships with customers, partners, resellers, distributors, event attendees, investors, and others.
• For marketing, advertising, and other communications (including customizing those communications for specific recipients).
• To provide a third party (such as an employer) with confirmation or denial of an individual's claimed certification status.
• For surveys and other market research.
• For security, IT management, and related research.
• To enforce the legal terms that govern our business and commercial relationships.
• To provide security and business continuity.
• To follow the law, or in other cases where we believe that using or disclosing the data is appropriate to protect the rights, safety, and property of F5 or others (for example, when required to make disclosures in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements).
• For an actual or contemplated business sale, merger, consolidation, change in control, transfer of substantial assets, or reorganization, or due diligence in anticipation of such an event.
• For other purposes requested or permitted by our customers or users.

“Sale,” “Sharing,” and Related Opt-out

As described further below, some of our disclosures of personal information qualify under the CCPA as what it defines as a “sale” or “sharing” of personal information.  During the 12 months leading up to the effective date of this Privacy Notice, we “sold” and “shared” (as those terms are defined under the CCPA), what the CCPA calls “identifiers” (like IP addresses), “internet or other electronic network activity information” (like information regarding an individual’s browsing interactions on a website), and “commercial information” (like the fact that a browser visited a page directed to people who are considering purchasing from us) to third parties that assist us, such as marketing providers and analytics providers.  This practice continues today.  To our knowledge, we do not “sell” or “share” (as those terms are defined under the CCPA) the personal information of individuals under 16 years of age.

You can exercise your right to opt out of those disclosures by following the instructions on our “Do Not Sell or Share My Personal Information”  form.  (You also can exercise this right by leaving a voicemail with such request at +1 (844) 311-6885 and following the instructions we send you, but this option is slower.)

Your browser may also offer a way to activate the Global Privacy Control signal (“GPC”). Our websites each treat qualifying browsers for which the user has activated the GPC signal as having opted out of what CCPA calls a “sale” of any California personal information that is collected on that site from that browser using cookies and similar technology.  You can override that treatment for a GPC-enabled browser by using the cookie controls available from the website’s footer to opt into particular categories of cookies from that browser.  In that case, “sales” via cookies and similar technology in those categories may resume on that browser.

Opting out of “sales” and “sharing” limits only some types of disclosures of personal information, and there are exceptions to all of the rights described in this section.

Other Disclosures of Personal Information

The following chart indicates the categories of personal information that we collected and the categories of third parties to whom we disclosed this data during the 12 months leading up to the effective date of this Privacy Notice.

We do not use or disclose “sensitive personal information” covered by this Notice and as defined in the CCPA in a manner that requires us to offer a special right to limit our use of this data under the CCPA.


CCPA Right to Access, Correct, or Delete Personal Information 

If you are a California resident, California law also may permit you to request that we:

• Provide access to and/or a copy of certain information we hold about you;
• Delete certain information we have about you;

·       Correct certain personal information we have about you; and

• Inform you about the categories of personal information we have collected about you in the preceding 12 months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we have disclosed certain personal information, and more specific detail about what categories of information were "sold," "shared" or disclosed to particular categories of third parties, similar to the detail above this section of the Privacy Policy;

Please note that certain information may be exempt from such requests under California law. For example, we need certain information to provide our services to you, so we may reject a deletion request for that information while providing services to you.

To request to exercise any of these rights and receive the fastest response, please use our CCPA DSR Portal or leave a voicemail with such request at +1 (844) 311-6885.  For security and legal reasons, F5 will not accept requests that require us to access third-party websites or services. We reserve the right to take steps verify your identity to our satisfaction before responding to your request, which may include, depending the type of request you are making, the sensitivity of any data you are requesting, and the nature of your relationship with us: verifying your name, asking you to click on a link that we send to your email address, requesting that you login to an account you maintain with us, or requesting that you provide us with information about our relationship that only you are likely to have.  

Requests Made by Agents

If you are an agent making a request on behalf of a consumer, we reserve the right to take steps to verify that you are authorized to make that request, which may include requiring you to provide us with written proof such as a notarized authentication letter or a power of attorney.  We also may require the consumer to verify their identity directly with us.  Because opt-out requests for “sales” and “sharing” made through cookies and related technology must be performed from each browser that is used to access our Services, it is easiest for the consumer to perform such opt-outs themselves.  However, if a consumer wishes for an agent to perform browser-based requests on their behalf, the consumer may arrange for the agent to use the consumer’s browser to make such requests.  We are not responsible for the security risks of this or any other arrangements that a consumer may have with an agent.  For clarity, this is not permission for any user to disclose their login credentials to an agent or any third party.  Such disclosure is prohibited and is not required for an agent to make requests under this Privacy Notice.

Nondiscrimination

You also have a right not to receive “discriminatory treatment” (within the meaning of the CCPA) for the exercise of the privacy rights conferred by the CCPA.