Effective Date: 13 May 2020
F5 offers support and maintenance (the “Services”) for F5 network solutions like BIG-IP hardware and BIG-IP Virtual Editions (the “Solutions”).
This Privacy Statement applies to the customer data that F5 processes through the Services.
Under the data protection laws of the EU and similar jurisdictions, F5 is a processor of the customer data, and the customer is (or acts on behalf of) a controller of such data, to the extent it contains personal data.
Many customers of the Services do not provide any personal data to F5 through the Services, other than contact information for the individual submitting a support/maintenance request. However, such individuals may choose to provide F5 with additional information that may contain personal data.
One way they can do this is by providing F5 with a file called a QKView, which contains network and configuration details relevant to the Solution, including a sampling of its log files, which contain IP addresses. The customer would knowingly generate the QKView and manually upload it to iHealth, an F5 support website. After running an automated process that removes certain kinds of data from the snapshot (such as portions that appear to be formatted like passwords or private keys), the iHealth website can display the contents of the QKView in human-readable form for the customer or F5 personnel.
The other way a customer can provide personal data is by knowingly creating, and then manually uploading to F5, a different type of snapshot from the Solution’s memory cores (or their virtual equivalent), or a snapshot of the traffic passing through the Solution. These snapshots typically contain IP addresses. If the customer uses the Solution to process traffic that contains personal data, the snapshot may contain random snippets of such personal data.
The process is similar to manually providing configuration information and a few shreds of paper to a shredder manufacturer for assistance with troubleshooting the shredder, except that in this analogy, the manufacturer would erase some of the ink from certain shreds before troubleshooting.
F5 uses the snapshots to diagnose the Solution’s handling of the traffic or to otherwise provide support and maintenance. Other than IP addresses, the actual content of personal data in the snapshots is irrelevant to this process and is disregarded.
For more information about F5’s privacy practices, please see the F5 Privacy Notice. To exercise your rights with respect to the customer data that F5 processes when providing the Services to a customer, please contact that customer. F5’s Privacy Shield certification covers these Services. For more information about F5’s privacy practices, please see the F5 Privacy Notice.