Date: May 21, 2018
F5 Networks, Inc. (“F5”) has certified its compliance with to the Privacy Shield principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability (the “Principles”), with respect to F5’s Silverline, BIG-IP, BIG-IQ, and signaling delivery controller products (the “Relevant Products”).
You can learn more about Privacy Shield at https://www.privacyshield.gov and see our Privacy Shield self-certification at https://www.privacyshield.gov/list. F5’s self-certification to the Privacy Shield is subject to the investigatory and enforcement authority of the Federal Trade Commission.
Scope. F5’s Privacy Shield certification covers the Relevant Products and any personal data F5 processes related to such Relevant Products on behalf of its customers that operate in the European Economic Area and Switzerland; F5 may amend this notice at any time to add additional products and services to its certification.
Personal Data Collected. F5 provides to its customers, who are businesses and other legal entities, various maintenance and support services for the Relevant Products. In order to provide such services related to the Relevant Products F5 receives and processes certain data related to its customers use of our products and services, including performance data regarding specific devices, network traffic data, and related network performance data, as well as other data that customers may submit to us in order to receive support services, which may include personal data, as well as any personal data accessed, collected, created, received or otherwise processed for the limited purpose of delivering our Silverline services to customers (the “Customer Data”). F5 has no control over whether Customer Data contains any personal data. “Customer Data” does not include (i) De-identified Data, or (ii) Device Data (both defined below).
Collection and Use of personal data. F5 processes Customer Data on behalf of and under the instructions of its customers. Subject to any requirements set forth in a relevant customer’s agreement(s) with us, F5, generally, processes Customer Data as follows:
Marketing and Other Secondary Uses. F5 may send customer satisfaction surveys and other informational or promotional emails to F5 customers (including our specific business contacts with such customers). We may also analyze customer usage and trends in order to provide information and make recommendations to customers about products and services which may be useful to them. F5 customers may opt out of receiving surveys and promotional communications by following the opt-out instructions in such communications; customers may also opt out of such communications, as well as product and service recommendations, by emailing us at firstname.lastname@example.org. We may still send customer service- and transaction-related communications to customers, even if they have opted out of receiving customer satisfaction surveys and other promotional communications.
Sensitive Data. F5 does not wish to receive, nor does it intentionally collect, sensitive personal data from customers. We do not request sensitive personal data from customers. If we receive any customer’s Customer Data that contains sensitive personal data, we will treat it in accordance with this Notice and will only process such data on behalf of and under the instructions of that customer.
Other Data. F5 collects, uses and maintains certain data related to its business and the services it provides to customers, which is not personal data; this privacy notice does not restrict our use and processing of such data, including:
Onward Transfers to Third Parties. We generally disclose Customer Data under the following circumstances:
We contractually require agents, service providers, and affiliates who may process personal data related to the Relevant Products to provide the same level of protections for personal data as required under the Principles. F5 currently does not transfer personal data to a third party for its own use. F5 will remain liable under the Principles if one of its third party processors processes personal data in a manner inconsistent with the Principles, if we are responsible for the event giving rise to the damage.
Accessing personal data. Under the Principles, individuals have rights to access personal data about them, and to limit use and disclosure of their personal data. F5 has committed to respect those rights, with respect to any personal data processed under this privacy notice, related to the Relevant Products. Individuals may email F5 at email@example.com to request access to personal data maintained by F5 as part of Customer Data. Since F5 processes Customer Data on behalf of its customers, we will direct such requests to the relevant F5 customer and will assist such customer as needed in responding to the individual’s request. Customers may update their account and profile information, including business contact details, by contacting their account rep or by emailing firstname.lastname@example.org.
Contacting Us, Complaints and Dispute Resolution. We encourage EU and Swiss individuals who have questions or complaints about how we process their personal data under Privacy Shield to contact us at email@example.com. We will work to resolve your issue as quickly as possible, but in any event within 45 days of receipt.
If you have an unresolved privacy or data use complaints that we have not addressed satisfactorily, please contact, free of charge, our dispute resolution provider, JAMS, at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.
If you are an EU or Swiss individual and unable to resolve any complaints through any of the above methods, you may be able to invoke binding arbitration through a Privacy Shield panel, in accordance with the Privacy Shield Framework at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint.