<b>Browsing Protection by F-Secure privacy policy</b>

March 2022

<b>In brief</b>

The Browsing Protection by F-Secure is an extension for protecting encrypted browsing with security products by F-Secure.

Security products by F-Secure require this browser extension to be able to protect your web browsing, online banking and shopping, and to show you security information while you are browsing the internet.

To summarize Browsing Protection by F-Secure and privacy:
<ul>
<li>we collect anonymous security data to protect you and your device;</li>
<li>we collect non-personalized technical user data; and</li>
<li>the focus of data collection is not on you, but on your device and our service.</li>
</ul>
Please read our service-specific <a class="xref" href="https://www.f-secure.com/en/legal/privacy/policies" target="_blank">Privacy Policy</a> for full details about what data we collect and how we use it in the installed F-Secure security product.

<b>In full</b>

This add-on-specific policy focuses on the items we believe are the most relevant for you. Such items are in particular 1) the type of personal and private data that the service collects, 2) what we use it for, 3) our justification, 4) typical disclosures, and 5) for how long we store it.

<b>User data</b>

The add-on automatically collects the following data about you, your device, and the service:
<ul>
<li>the reason why a webpage is blocked, for example if it is harmful or suspicious;</li>
<li>license information;</li>
<li>operating system, its version, and unique identifiers;</li>
<li>device language, location, and model;</li>
<li>URL of the blocked webpage</li>
</ul>
This data is used to:
<ul>
<li>maintain, develop, and enhance the services and your customer experience and do troubleshooting and performance measurement;</li>
<li>improve the functionality of the services and related webpages;</li>
<li>provide help and support.</li>
</ul>

<b>Security Data</b>

The service sends queries on potential malicious activities or protected devices and networks to F-Secure Security Cloud. F-Secure Security Cloud is a cloud-based system for cyber threat analysis that is operated by F-Secure. With the Security Cloud, F-Secure can maintain an up-to-date overview of the global threat landscape and protect our customers against new threats the moment they are first found. While we limit the processing of any information that could be considered sensitive by our users, we collect the minimum amount of user and organization information for the purpose of providing high quality protection to our users. The collected data may contain:
<ul>
<li>Files that are blocked by F-Secure for a security reason, and related metadata. The metadata includes for example file hash, file name and file path. We need to analyze files and emails for malicious content and behaviors for your protection. Files are processed in a safe environment to catch harmful behaviors. Collection of this data helps F-Secure to keep a global threat situation map that allows reacting quickly to new threats.</li>
<li>Web addresses that you have tried to visit but have been blocked by F-Secure for a security reason or which exhibit potentially malicious behavior, and related metadata. The metadata includes for example response headers. A site may get blocked based on selected protection preferences and parental control reasons. The collected information also allows protection against phishing and ransomware attacks.</li>
</ul>

<b>Legal grounds</b>

F-Secure processes your data so that we can provide you with our services that you have made a contract for or are in the process of doing so. Such contracts may be made either directly with F-Secure or with another entity (such as our webstore or operator partner) that has tendered our services to you. Tendering of services may take the form of a purchase or be free of charge.

We need to automatically collect and process relevant data for our services to work, to enhance them, and to provide them to you. The data is processed to:
<ol>
<li>provide F-Secure services to secure our customers' networks and devices as well as the confidentiality and availability of the data therein;</li>
<li>enable F-Secure to detect emerging threats and security-relevant trends among all of its customers, so that our services can keep on par with evolving threats;</li>
<li>enable F-Secure to provide a centralized security service framework across multiple continents to a large number of customers and partners.</li>
</ol>
The data processing by the services is mandatory for the efficient protection of the device/network and a prerequisite for F-Secure's capability to provide its contracted services. As such processing is inseparable from the services that we provide to you, this gives us a valid need to process your data and a justification to do so.

For consumer products, this right takes place in the form of "contract performance". For corporate products, this right takes place in the form of "legitimate interest". In some cases, there is also a "legal obligation" to process data for specified purposes.

<b>Data disclosures and transfers</b>

If you have subscribed to the service via our partner, such as a teleoperator, that partner may undertake some of the activities listed above in our stead (such as user authentication or communications). We also exchange with the partner such above listed data (e.g. status of your subscription, installation success, service in active use, data collected for resolving a technical support case) as is necessary and proportional. We do the above exchanges to provide you with a smooth customer experience and support services, and to communicate with you in a consistent manner.

<b>Retention</b>

Personally identifiable user data is retained for the duration of an active service subscription plus for the grace period of six months thereafter. This is to allow customers to re-engage their expired subscription. Thereafter, the customer account will be scheduled for removal.

User data collected with the user's consent is retained for statistical purposes and is not deleted on removal of personal data and the user account. After termination of the account, user data cannot be linked to any personally identifiable user.

<b>Data protection compliancy notice</b>

F-Secure always applies strict security measures to protect the confidentiality and integrity of your personal data.

Device Administrator rights are required for the application to perform, and F-Secure is using the respective permissions in full accordance with Google Play policies and with the active consent of the end user. Device Administrator permissions are used for the Finder and Parental Control features, in particular:
<ul>
<li>The remote alarm, wipe, and locate functionalities used in the Finder feature</li>
<li>To prevent children from removing the application without parental guidance</li>
<li>Browsing Protection</li>
</ul>

<b>Your rights</b>

You have the right to the data that we have on you. In particular, you have the following rights to the personal data that we hold on you:

<ul class="ul" id="concept_F1119E87A1194A8C972BC7BFA532DEBA__d34e23">
<li class="li" id="concept_F1119E87A1194A8C972BC7BFA532DEBA__d34e25"><strong class="ph b">Access and rectification</strong>. You have the right to ask us what personal data we have on you and to get a copy of the data that we can identify pertaining to you in this context. Should you find any errors (e.g. obsolete information) in such data, we urge you to contact our customer care to resolve the issue. Some of our service portals allow you to update your customer information. For such, you should update any changes to your personal data, for example change of address or email address. If you cannot update the changes yourself, you may inform us of the necessary changes.</li>
<li class="li" id="concept_F1119E87A1194A8C972BC7BFA532DEBA__d34e30"><strong class="ph b">Objection</strong>. You are entitled to object to certain processing of personal data, including for example the processing of your personal data for marketing purposes or when we otherwise base our processing of your data on a legitimate interest. In the latter case, you need to establish a legally valid rationale for your objection.</li>
<li class="li" id="concept_F1119E87A1194A8C972BC7BFA532DEBA__d34e35"><strong class="ph b">Right to be forgotten</strong>. You also have the right to request us to cease storing your personal data and erase it. In this case you need to establish a legally valid rationale for your request.</li>
<li class="li" id="concept_F1119E87A1194A8C972BC7BFA532DEBA__d34e40"><strong class="ph b">Portability</strong>. You also have the right to ask for personal data that you yourself have provided – pursuant to a contract or your consent. You may request the data in a structured, commonly used, and machine-readable format and further that the data is transmitted to another controller, where technically feasible.</li>
<li class="li" id="concept_F1119E87A1194A8C972BC7BFA532DEBA__d34e45"><strong class="ph b">Withdrawing consent</strong>. In cases where the processing is based on your consent, you have the right to withdraw your consent at any time via relevant settings. For identifiable service analytics data, you can find the settings in the service user interface. You also have the right to opt out from our marketing communications via the preference center accessible through the link.</li>
<li class="li" id="concept_F1119E87A1194A8C972BC7BFA532DEBA__d34e51"><strong class="ph b">Restriction</strong>. If you establish that the data we have on you is incorrect or we have no legal right to use it, you may request that we cease any further processing of your personal data, and merely keep it in store until the issue is resolved.</li>
</ul>

You can exercise your rights via our customer care function. The links to contact us are in the "Contact information" section.

Note that there may be situations where our confidentiality obligations, our right of professional secrecy, and/or our obligations to provide our services (e.g. to your employer) may prohibit us from disclosing or deleting your personal data or otherwise prevent you from exercising your rights. Your above rights are also dependent on the legal grounds based on which we process your personal data.

If you have any complaints about how we process your personal data, or would like further information, please contact us at any time. If you feel that we are not enabling your statutory rights, you have the right to lodge a complaint with a supervisory authority. In most cases, this authority is the Finnish Data Protection Ombudsman (<a class="xref" href="http://www.tietosuoja.fi/" target="_blank">www.tietosuoja.fi</a>).

Contact information

If you have any questions or concerns about the matters discussed in our privacy policies, please contact:

F-Secure Corporation

Tammasaarenkatu 7

PL 24

00181 Helsinki

Finland

If you are a client of our consumer line of products and you wish to exercise your rights as a data subject, please contact us via <a class="xref" href="https://www.f-secure.com/support" target="_blank">our consumer support channels</a>.