{"id":12889,"date":"2026-06-18T12:35:34","date_gmt":"2026-06-18T09:35:34","guid":{"rendered":"https:\/\/www.withsecure.com\/withsecure-elements-privacy-policy\/"},"modified":"2026-06-18T12:35:34","modified_gmt":"2026-06-18T09:35:34","slug":"withsecure-elements-privacy-policy","status":"publish","type":"page","link":"https:\/\/www.withsecure.com\/de\/withsecure-elements-privacy-policy\/","title":{"rendered":"Withsecure Elements Privacy Policy"},"content":{"rendered":"<section\n    class=\"wp-block-one-column-block edwp-block js-wp-block-one-column-block wp-block-one-column-block--content-1 layout--spacing-m-top layout--spacing-xxxl-bottom\"\n    >\n    <div class=\"wp-block-one-column-block__container\">\n                                                                                                                                    <div class=\"wp-component-image__wrapper wp-block-one-column-block__image fade-in\">\n                    <figure class=\"wp-component-image__figure\">\n                                            <img loading=\"lazy\" decoding=\"async\" width=\"1920\" height=\"504\" src=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2025\/11\/thin-legal.png.webp\" class=\"wp-component-image\n                            wp-component-image--desktop\n                            wp-component-image--mobile\n                            wp-component-image--ratio-content-32-8 wp-component-image--fit-cover\" alt=\"\" srcset=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2025\/11\/thin-legal.png.webp 1920w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2025\/11\/thin-legal-300x79.png.webp 300w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2025\/11\/thin-legal-1024x269.png.webp 1024w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2025\/11\/thin-legal-768x202.png.webp 768w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2025\/11\/thin-legal-1536x403.png.webp 1536w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2025\/11\/thin-legal-447x117.png.webp 447w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2025\/11\/thin-legal-556x146.png.webp 556w\" sizes=\"auto, (max-width: 1920px) 100vw, 1920px\" \/>                                                    <\/figure>\n                    <\/div>\n                                                                                <\/div>\n<\/section>\n\n\n<section\n    class=\"wp-block-one-column-block edwp-block js-wp-block-one-column-block wp-block-one-column-block--content-4 layout--spacing-xxxl-bottom\"\n     id='#licenceterms'>\n    <div class=\"wp-block-one-column-block__container\">\n                                                                                                                            <div class=\"wp-component-paragraph-with-sidebar wp-block-one-column-block__paragraph-with-sidebar fade-in\">\n    <div class=\"wp-component-paragraph-with-sidebar__sidebar\">\n                    <div class=\"wp-component-paragraph-with-sidebar__mobile-nav\">\n                <label\n                    for=\"block_bef41d5deef56c7a28bac49b7fe192e2-mobile-nav\"\n                    class=\"wp-component-paragraph-with-sidebar__mobile-label\"\n                >\n                    Springen zu                <\/label>\n                <select\n                    id=\"block_bef41d5deef56c7a28bac49b7fe192e2-mobile-nav\"\n                    name=\"wp-component-paragraph-with-sidebar-mobile-nav\"\n                    class=\"wp-component-paragraph-with-sidebar__mobile-select\"\n                    aria-label=\"Zur Seite navigieren\"\n                >\n                    <option value=\"\">Seite ausw\u00e4hlen \u2026<\/option>\n                                            <option value=\"https:\/\/www.withsecure.com\/en\/corporate-privacy\/\" >\n                            Corporate privacy                        <\/option>\n                                            <option value=\"https:\/\/www.withsecure.com\/en\/privacy-policy\/\" >\n                            Datenschutz                        <\/option>\n                                            <option value=\"https:\/\/www.withsecure.com\/en\/withsecure-elements-privacy-policy\/\" >\n                            Withsecure Elements Privacy Policy                        <\/option>\n                                            <option value=\"https:\/\/www.withsecure.com\/en\/withsecure-elements-mobile-protection-privacy-policy\/\" >\n                            WithSecure Elements Mobile Protection Privacy Policy                        <\/option>\n                                            <option value=\"https:\/\/www.withsecure.com\/en\/business-suite-privacy-policy\/\" >\n                            Business Suite Privacy Policy                        <\/option>\n                                            <option value=\"https:\/\/www.withsecure.com\/en\/withsecure-cloud-protection-for-salesforce-privacy-policy\/\" >\n                            WithSecure\u2122 Cloud Protection for Salesforce privacy policy                        <\/option>\n                                            <option value=\"https:\/\/www.withsecure.com\/en\/support-tool-privacy-policy\/\" >\n                            Support tool privaty policy                        <\/option>\n                                            <option value=\"https:\/\/www.withsecure.com\/en\/surveys\/\" >\n                            Surveys                        <\/option>\n                                            <option value=\"https:\/\/www.withsecure.com\/en\/website\/\" >\n                            Website                        <\/option>\n                                    <\/select>\n            <\/div>\n        \n        <div class=\"wp-component-paragraph-with-sidebar__desktop-links\">\n            <ul id=\"menu-privacy-policy\" class=\"wp-component-paragraph-with-sidebar__sidebar-menu\"><li id=\"menu-item-12823\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-12823\"><a href=\"https:\/\/www.withsecure.com\/en\/corporate-privacy\/\">Corporate privacy<\/a><\/li>\n<li id=\"menu-item-847\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-847\"><a href=\"https:\/\/www.withsecure.com\/en\/privacy-policy\/\">Datenschutz<\/a><\/li>\n<li id=\"menu-item-12820\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-12820\"><a href=\"https:\/\/www.withsecure.com\/en\/withsecure-elements-privacy-policy\/\">Withsecure Elements Privacy Policy<\/a><\/li>\n<li id=\"menu-item-11986\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-11986\"><a href=\"https:\/\/www.withsecure.com\/en\/withsecure-elements-mobile-protection-privacy-policy\/\">WithSecure Elements Mobile Protection Privacy Policy<\/a><\/li>\n<li id=\"menu-item-12821\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-12821\"><a href=\"https:\/\/www.withsecure.com\/en\/business-suite-privacy-policy\/\">Business Suite Privacy Policy<\/a><\/li>\n<li id=\"menu-item-2181\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-2181\"><a href=\"https:\/\/www.withsecure.com\/en\/withsecure-cloud-protection-for-salesforce-privacy-policy\/\">WithSecure\u2122 Cloud Protection for Salesforce privacy policy<\/a><\/li>\n<li id=\"menu-item-848\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-848\"><a href=\"https:\/\/www.withsecure.com\/en\/support-tool-privacy-policy\/\">Support tool privaty policy<\/a><\/li>\n<li id=\"menu-item-849\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-849\"><a href=\"https:\/\/www.withsecure.com\/en\/surveys\/\">Surveys<\/a><\/li>\n<li id=\"menu-item-850\" class=\"menu-item menu-item-type-post_type menu-item-object-page menu-item-850\"><a href=\"https:\/\/www.withsecure.com\/en\/website\/\">Website<\/a><\/li>\n<\/ul>        <\/div>\n    <\/div>\n    <div class=\"wp-component-paragraph-with-sidebar__content\">\n        <div class=\"wp-component-paragraph wp-component-paragraph-with-sidebar__paragraph\">\n    <p class=\"p1 text--h2\">WithSecure\u2122 Elements <span class=\"blue-text\">Privacy Policy<\/span><\/p>\n<p>May 2025<\/p>\n<p>&nbsp;<\/p>\n<p><a class=\"btn btn--primary\" href=\"https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/06\/WithSecure-Elements-Privacy-Policy-May-2025.pdf\" target=\"_blank\" rel=\"noopener\" >Download PDF<svg class='edwp-icon edwp-icon--reg button-icon js-icon ' aria-hidden='true'>\n                <use xlink:href='#download'><\/use>\n            <\/svg><\/a><\/p>\n<p>&nbsp;<\/p>\n<p class=\"text--h3\">In Brief<\/p>\n<p>WithSecure\u2122 Elements is a single modular cyber security solution. It is made up of a full range of<br \/>\ncyber security applications, including vulnerability management, patch management, endpoint<br \/>\nprotection, and endpoint detection and response technologies.<\/p>\n<p>WithSecure\u2122 Elements consist of modular cyber security solutions (collectively the \u201cWithSecure<br \/>\nElements Product Family\u201d), namely:<\/p>\n<ul>\n<li>Elements Exposure Management.<\/li>\n<li>Elements Vulnerability Management.<\/li>\n<li>Elements Extended Detection and Response (XDR).\n<ul>\n<li>Elements Collaboration Protection.<\/li>\n<li>Elements Endpoint Detection and Response.<\/li>\n<li>Elements Endpoint Protection.<\/li>\n<li>Elements Identity Security.<\/li>\n<li>Elements XDR Cloud Security.<\/li>\n<li>Elements Mobile Protection.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>The above listed solutions may be provided separately or jointly, and this privacy policy describes the<br \/>\ndata collected by the WithSecure Elements Product Family and is to be read in conjunction with the<br \/>\nWithSecure General Privacy Policy available here: Corporate privacy | WithSecure\u2122.<\/p>\n<p>This privacy policy focuses on the items we believe are the most relevant for you. Such items are in<br \/>\nparticular:<\/p>\n<ul>\n<li>the type of personal and private data that the service collects,<\/li>\n<li>what we use it for,<\/li>\n<li>our justification,<\/li>\n<li>typical disclosures, and<\/li>\n<li>for how long we store it.<\/li>\n<\/ul>\n<p>More information on such topics as well as on other aspects (data subject rights, contact information,<br \/>\netc.) of the processing of your personal data is also available via the embedded links on this page.<\/p>\n<p>This privacy policy is given by WithSecure Corporation, a Finnish corporation with<br \/>\nBusiness ID 0705579-2 (&#8222;WithSecure&#8220;, &#8222;we&#8220;, &#8222;our&#8220;). All our relevant subsidiaries also apply this policy.<\/p>\n<p class=\"text--h3\">Elements Collaboration Protection<\/p>\n<p>WithSecure Elements Collaboration Protection is a cloud-based security solution that is designed to<br \/>\nmitigate business email risks in organizations by providing effective threat protection for email<br \/>\nmessages and file exchange of selected cloud services (such as Microsoft 365). The solution provides<br \/>\neffective threat protection against internal email threats, advanced phishing attacks, and malicious<br \/>\ncontent and URLs. In addition to email messages, the solution protects different types of content,<br \/>\nincluding cloud service specific content, such as tasks, calendar appointments, contacts, and sticky<br \/>\nnotes, against malicious content and URLs.<\/p>\n<ul>\n<li>The focus of data collection is on finding malicious content in users&#8216; mailboxes and not on any<br \/>\npersonal information about individuals.<\/li>\n<li>Much of the processed and collected data remains in the customer company&#8217;s selected tenant.<\/li>\n<\/ul>\n<p class=\"text--h4\">What kind of data is collected<\/p>\n<p class=\"text--h5\">Security data<\/p>\n<p>Elements Collaboration Protection processes content such as email messages, calendar<br \/>\nappointments, tasks, contacts, and groups in selected mailboxes of customer employees, which are<br \/>\ndefined in the security policy and have a valid license assigned.<\/p>\n<p>While processing this data, the solution analyzes files, web links (URLs) included in message bodies,<br \/>\nand some parts of message headers. To identify security threats, files and URLs are sent to<br \/>\nWithSecure&#8217;s Security Cloud for reputation checks and advanced threat analysis.<\/p>\n<p>Please see section 12 (\u201cSecurity Cloud\u201d) below for more information about the Security Cloud.<\/p>\n<p>If harmful content is detected (such as a malicious attachment or URL), the solution moves or copies<br \/>\nthe entire object or affected parts to the hidden quarantine folder located in the customer&#8217;s selected<br \/>\ntenant. The relevant properties of quarantined items such as user mailbox, sender and recipient<br \/>\naddresses, item subject, folder name, and harmful attachment name and URL are saved in the<br \/>\nquarantine database.<\/p>\n<p>For data the service collects on administrator users, which is available through the management portal,<br \/>\nplease see section 9 (\u201cData on Portal Users\u201d) below.<\/p>\n<p>Of the data collected by the scanning activity, the results are made available to the users administering<br \/>\nthe solution via the WithSecure Elements Collaboration Protection portal. The results may include:<\/p>\n<ul>\n<li>name of the user mailbox where the message or item with harmful content was found<\/li>\n<li>email address of the sender (messaging metadata)<\/li>\n<li>email addresses of recipients (messaging metadata)<\/li>\n<li>subject of message or item (messaging metadata)<\/li>\n<li>email message headers (messaging metadata)<\/li>\n<li>name of the folder where harmful content was found (messaging metadata)<\/li>\n<li>names of the files where harmful content was found<\/li>\n<li>web links (URLs) found to be harmful<\/li>\n<\/ul>\n<p>WithSecure processes the data to protect the target networks, the devices and data therein. In<br \/>\nparticular:<\/p>\n<ul>\n<li>to block real or potentially harmful content in inbound, outbound, and internal email traffic<\/li>\n<li>to detect malicious and suspicious activity in users&#8216; mailboxes<\/li>\n<li>to detect other threats and security attacks against or via selected cloud services (such as Microsoft 365)<\/li>\n<li>to analyze the service and security data collected for the purposes of improving the detection capability of WithSecure services, with emphasis on improving the functionality, usability, and detection capability of this service<\/li>\n<\/ul>\n<p>The WithSecure Elements Collaboration Protection portal collects non-identifiable telemetry data on<br \/>\nthe use of its features for service improvement purposes, which the administrator can choose to opt<br \/>\nout from sending in the policy settings.<\/p>\n<p>WithSecure checks your email address on a regular basis for data breaches. WithSecure engages <a href=\"https:\/\/spycloud.com\/legal-and-privacy-center\/privacy-policy\/\" target=\"_blank\" rel=\"noopener\">a<br \/>\nthird-party provider<\/a> for detecting and collecting information on data breaches that relate to the email<br \/>\naddress that WithSecure checks for you.<\/p>\n<p>The data processing undertaken by the Service is necessary for the efficient protection of customer<br \/>\ncompany data in its cloud service organization (such as Microsoft 365). While the individual service&#8217;s<br \/>\nsettings may enable an IT administrator to limit the processing of security data by WithSecure, such<br \/>\nadjustments are not recommended, as they endanger achieving the intended purposes of the Services.<\/p>\n<p class=\"text--h3\">Elements EDR and EPP<\/p>\n<p>WithSecure Elements Endpoint Detection and Response (EDR) and WithSecure Elements Endpoint<br \/>\nProtection (EPP) services are often used in conjunction with each other. We have combined the EDR<br \/>\nand EPP specific wording into one section in this privacy policy for convenience.<\/p>\n<p>You can still subscribe to either service separately, however if you extend the EPP service with the<br \/>\nEDR module the wording in this privacy policy pertaining to the EDR service will prevail if it is in conflict<br \/>\nor inconsistent with the wording pertaining to the EPP service.<\/p>\n<p class=\"text--h4\">General privacy considerations<\/p>\n<p>Both EDR and EPP form a part of security measures that protect valuable data (such as employee<br \/>\ninformation, trade secrets, business plans) residing in the customer devices and network.<br \/>\nWithSecure&#8217;s processing of data collected by EDR and EPP is bound to the purpose of providing<br \/>\ninformation security services of constantly evolving capabilities to its customers.<\/p>\n<p class=\"text--h5\">WithSecure Elements Endpoint Protection<\/p>\n<p>Our EPP combines device management, software update management as well as workstation and<br \/>\nserver security, which are all controlled via the management portal.<br \/>\nThe core privacy aspects of the EPP service are:<\/p>\n<ul>\n<li>the focus of data collection is on your device and our service, not you as an individual;<\/li>\n<li>all of the collected data is available for your employer\u2019s IT administrator, so they can better manage company devices and applications and react to threats efficiently;<\/li>\n<li>we collect anonymous security data to protect your device.<\/li>\n<\/ul>\n<p>The EPP service does not enable WithSecure or your company\u2019s IT administrator to follow your<br \/>\nmovements, view your photos, or see who you call or communicate with, nor are we able to track the<br \/>\nsites that you visit through the service. The company\u2019s IT administrator can enable features in the<br \/>\nEPP service that when turned on prevent the user from accessing websites deemed as harmful or<br \/>\nblocked for compliance reasons. In such cases the alert in the portal visible to the company\u2019s IT<br \/>\nadministrator will include information on the domain that was blocked.<\/p>\n<p class=\"text--h5\">WithSecure Elements Endpoint Detection and Response<\/p>\n<p>The EDR is a security solution specifically designed to detect technical information security anomalies<br \/>\nand advanced attacks using methods beyond the reach of more traditional antivirus solutions.<\/p>\n<p>EDR consists of a number of sensors placed within customers&#8216; networks, a backend run by<br \/>\nWithSecure, and a service portal that operates as the communication venue between WithSecure, our<br \/>\ncorporate end user (&#8222;customers&#8220;), and the reseller partner.<\/p>\n<p>These EDR sensors are only installed on the customer network on devices designated by the<br \/>\ncustomer or IT admin managing the company\u2019s assets to detect and preserve evidence about security<br \/>\nanomalies in the customer&#8217;s network. These sensors gather event logs and record relevant aspects<br \/>\nof device usage. The data is sent from the EDR sensor to WithSecure for analysis.<\/p>\n<p>Through EDR, the customer gains additional visibility to their own network. Such visibility enables<br \/>\nspotting and investigating signs of ongoing and past attacks and attempts to breach security controls.<br \/>\nThe core aspects of the EDR service are:<\/p>\n<ul>\n<li>the focus of the data collection is not on an individual employee, business document or email contents;<\/li>\n<li>the focus of the data processing is on detecting technical security anomalies in customer devices and networks;<\/li>\n<li>the solution is not intended for monitoring non-security-related activities such as profiling employees\u2019 activities, interests or interactions.<\/li>\n<\/ul>\n<p>All data collection and handling in the context of EDR is aimed at supporting the detection and<br \/>\nsubsequent investigation of security breaches and attempts to circumvent the technical security<br \/>\ncontrols of the customer&#8217;s technical infrastructure and other assets.<\/p>\n<p class=\"text--h4\">What kind of data is collected<\/p>\n<p>For data the service collects on administrator users, which is available through the management portal,<br \/>\nplease see section 9 (\u201cData on Portal Users\u201d) below.<\/p>\n<p class=\"text--h5\">Data on other users in the management portal<\/p>\n<p class=\"text--hxs\">EPP data in management portal<\/p>\n<p>Depending on the software that you have a subscription for and its configuration, the EPP service may<br \/>\ncollect the following data about you, your device, and use of the service, and makes it available<br \/>\nthrough the management portal:<\/p>\n<ul>\n<li>User\u2019s name, user\u2019s email address, device name, and device identifiers (e.g. UUID, UPN, WINS name, IP address) that act as identifiers for the user data in the system.<\/li>\n<li>The service version number, subscription key, installation and update date and time, blocked malware (may include the file name and path), blocked applications, blocked USB devices, device operating system and version, feature status.<\/li>\n<li>Installed applications as part of the service offering.<\/li>\n<li>Connected USB devices as part of the device control feature.<\/li>\n<li>Various data on operating system, user and application configuration (e.g. encryption state, user privileges, password policies, etc.) describing the security posture and usage of the company devices for better manageability.<\/li>\n<li>Mobile device model and configuration when related to security or compliancy, as well as the potential jailbreak or root status, service statistics per device such as the harmful sites, the number of blocked tracking attempts and blocked website counters.<\/li>\n<li>Customer credentials (e.g. Bitlocker recovery key, if configured to do so).<\/li>\n<li>Other substantially similar data.<\/li>\n<\/ul>\n<p>The collected data varies according to what devices and services you use.<\/p>\n<p>This data is visible to your company\u2019s IT administrator for similar purposes. The data is also available<br \/>\nto WithSecure and through the portal. If the company\u2019s IT administration has been outsourced, the<br \/>\ndata is also available to the outsourcing partner (WithSecure\u2019s \u2019distributor partner\u2019), so that they can<br \/>\nprovide your company with support and corresponding IT services.<\/p>\n<p class=\"text--hxs\">Use of collected data in EPP<\/p>\n<p>The collected data is used to carry out the following functions:<\/p>\n<ul>\n<li>to operate the services,<\/li>\n<li>to manage the services (including identifying authorized users, managing licenses, and sending push notifications),<\/li>\n<li>to measure performance, and<\/li>\n<li>to further develop, enhance, and improve the service.<\/li>\n<\/ul>\n<p>The data can be used to provide support and problem resolution services.<\/p>\n<p class=\"text--hxs\">Other data collected by EPP<\/p>\n<p>In addition to data that is made available in the portal WithSecure also collects the following data<br \/>\ndirectly via the EPP service. This data is not shared with the customer company or distribution partner.<\/p>\n<ul>\n<li>Your device\u2019s language, so the Service language is consistent with the device language;\n<ul>\n<li><strong>For mobile clients,<\/strong> internal memory and SD card memory sizes, and a list of installed applications.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>This data is used for operating the service, troubleshooting, performance measurement, statistics, and<br \/>\nservice development.<\/p>\n<p>WithSecure and the reseller partner may also each initiate a collection of additional diagnostic data<br \/>\nfrom the protected device, where it is necessary to resolve a support case. By default, you will be<br \/>\nprompted prior to sending the diagnostic data to WithSecure, however your IT administrator can switch<br \/>\nthis prompt feature off. More information on related data collection is available in the <a href=\"https:\/\/www.withsecure.com\/en\/corporate-privacy\/\">WithSecure Support Tool privacy policy<\/a>.<\/p>\n<p class=\"text--hxs\">Data collection for mobile devices in EPP<\/p>\n<p>Our guiding principle is that we do not seek to spy on the exact content of your private communications.<br \/>\nWe validate URLs before they are loaded to provide you the service and to keep your data transfers<br \/>\nclean. To be more exact we analyze the traffic for suspicious or malicious files and destinations (i.e.<br \/>\nURLs).<\/p>\n<p class=\"text--hxs\">Automated data collection in EDR<\/p>\n<p>The EDR sensors collect the following kinds of event-based data (&#8222;Event Data&#8220;):<\/p>\n<ul>\n<li>technical user identifiers;<\/li>\n<li>domain names and network connections;<\/li>\n<li>metadata of process creation, behavior, and access to various systems \/ subsystems;<\/li>\n<li>system log entries relevant to detecting security breaches;<\/li>\n<li>data that matches known attack patterns that trigger detection rules and other known indicators of compromise;<\/li>\n<li>unwanted behavior which could be a security risk to the company (e.g. authenticating to a server with weak authentication protocol); and<\/li>\n<li>other substantially similar device and service data.<\/li>\n<\/ul>\n<p>Events are timestamped, and annotated in a fashion to enable automation to identify the user and<br \/>\ndevice under which the events took place.<\/p>\n<p>Data sent to the service backend on an ongoing basis is filtered both to minimize the amount of data<br \/>\ntraffic and to protect the privacy of the customer&#8217;s employees.<\/p>\n<p><strong>Application metadata.<\/strong> The EDR solution also collects information on applications present on<br \/>\nendpoints where the sensor is installed, as well as system\/network information and other metrics from<br \/>\nsuch EDR sensors (\u201cApplication Metadata\u201d). Application Metadata does not include Event Data.<\/p>\n<p><strong>Portal data.<\/strong> In the EDR service the portal collects non-identifiable telemetry data on the use of its<br \/>\nfeatures for service improvement purposes.<\/p>\n<p class=\"text--hxs\">Use of automatically collected data in EDR<\/p>\n<p>The collected data is used to carry out the following functions:<\/p>\n<ul>\n<li>To provide effective security anomaly detection;<\/li>\n<li>To service performance monitoring and direct troubleshooting efforts;<\/li>\n<li>To further develop and enhance the service functionality and WithSecure&#8217;s overall detection capability to respond to threats;<\/li>\n<li>To network health status measurement; and<\/li>\n<li>To provide customers with visibility about the applications and activity in their network.<\/li>\n<\/ul>\n<p class=\"text--hxs\">Manual data collection in EDR<\/p>\n<p>Through EDR, customers gain the capability to retrieve additional data to fully investigate or confirm<br \/>\na suspected security incident which was identified from automatically collected data. EDR sensors<br \/>\nprovide several data collection features which can be manually invoked by the customer:<\/p>\n<ul>\n<li>Map File System \u2013 retrieving the names and properties, for example, the size of all files and folders in a particular disk location;<\/li>\n<li>File\/Folder Retrieval \u2013 retrieving the full contents of a particular file or folder;<\/li>\n<li>Map Registry \u2013 retrieving the keys and values from a particular location in the Windows Registry;<\/li>\n<li>Registry Hive Retrieval \u2013 retrieving an entire Hive from the Windows Registry;<\/li>\n<li>Process Memory Image Retrieval \u2013 retrieving a full copy of the memory from a particular process;<\/li>\n<li>Full SystemMemory Image Retrieval\u2013retrieving a full copy of the entire system memory space for a particular device;<\/li>\n<li>Process Enumeration \u2013 retrieving a list of all running processes;<\/li>\n<li>Service Enumeration \u2013 retrieving a list of all Operating System services;<\/li>\n<li>Scheduled Task Enumeration \u2013 retrieving a list of all Operating System scheduled tasks;<\/li>\n<li>Windows Event Log Retrieval \u2013 retrieving some or all contents of a Windows device\u2019s event logs;<\/li>\n<li>Master File Table (MFT) Retrieving the MFT from Windows devices;<\/li>\n<li>Master Boot Record (MBR) Retrieval \u2013 retrieving the MBR from Windows devices;<\/li>\n<li>Network Connection Enumeration \u2013 retrieving an enumeration of all open network connections.<\/li>\n<\/ul>\n<p class=\"text--hxs\">Use of manually collected data in EDR<\/p>\n<p>These data collection capabilities are to be used only when required in the following situations:<\/p>\n<ul>\n<li>To investigate a security incident;<\/li>\n<li>To identify security risks that cannot be identified from automatically collected data.<\/li>\n<\/ul>\n<p>The data is sent from the EDR sensor to a backend run by WithSecure to be made available for our<br \/>\ncustomers.<\/p>\n<p class=\"text--h3\">Elements Exposure Management<\/p>\n<p>WithSecure Elements Exposure Management (XM) is a continuous and proactive solution designed<br \/>\nto predict and prevent breaches against your company\u2019s assets and business operations. XM provides<br \/>\nvisibility into your company\u2019s attack surface and enables the efficient remediation of its highest-impact<br \/>\nexposures through a unified view.<\/p>\n<p>In addition to the general sections applicable to the WithSecure Elements Product Family, the data<br \/>\ncollected in XM is described in more detail in the following sections.<\/p>\n<p>Elements XM also collects the following data on the users:<\/p>\n<ul>\n<li>Users\u2019 name and email address;<\/li>\n<li>Information on credentials;<\/li>\n<li>Status of the MFA;<\/li>\n<li>Date of last password change.<\/li>\n<\/ul>\n<p><strong>Elements Vulnerability Management.<\/strong> XM for Business contains the data processing of Elements<br \/>\nVulnerability Management. See more details in section 8 below.<\/p>\n<p><strong>Exposure Management for Cloud (formerly known as Cloud Security Posture Management).<\/strong><br \/>\nSee more details on data processing in section 4.1 below.<\/p>\n<p><strong>Attack Surface Management.<\/strong> The XM solution may process contact email, name, phone number<br \/>\nand address information, if any.<\/p>\n<p class=\"text--h4\">Exposure Management for Cloud<\/p>\n<p>XM for Cloud is a vulnerability and misconfiguration scanning and management capability that allows<br \/>\nyou to identify and manage threats, report risks, and get an outlook on the security posture of your<br \/>\ncloud infrastructure accounts. The core privacy aspects of this service are:<\/p>\n<ul>\n<li>the focus of data collection is on detecting vulnerabilities and misconfigurations in your employer&#8217;s cloud account, not on any individual&#8217;s activities therein;<\/li>\n<li>the only directly identifying data that we need is your name, email, and optionally phone number;<\/li>\n<li>we monitor service use to maintain its performance and prevent misuse.<\/li>\n<\/ul>\n<p>The service is built to find vulnerabilities and misconfigurations in your employer&#8217;s cloud infrastructure<br \/>\naccount, enabling you to find and fix them and thus prevent breaches performed by malicious parties.<\/p>\n<p>It can be subscribed either alone or with XM for Business. Having both will enable attack path<br \/>\nsimulation taking into account threats between the cloud and other asset types.<\/p>\n<p class=\"text--h5\">What kind of data is collected by XM for Cloud<\/p>\n<p class=\"text--hxs\">Data in the management portal<\/p>\n<p>For data the service collects on administrator users, which is available through the management portal,<br \/>\nplease see section 9 (\u201cData on Portal Users\u201d) below.<\/p>\n<p>The service automatically collects the following data on its operational environment, and on the use<br \/>\nof the service, and makes it available through the management portal:<\/p>\n<ul>\n<li><strong>Data on service use.<\/strong> Subscriber access tokens, scan node, device identifiers (including IP<br \/>\naddress), EntraID (users, user groups, user devices, roles), service version number,<br \/>\nsubscription key, installation and update date and time, feature status, and basic operating<br \/>\nsystem status (such as memory and disk usage).<\/li>\n<li><strong>Data on vulnerability and misconfiguration scan results.<\/strong> Information about the<br \/>\noccurrence of known security issues and risks identified during the scan as presented to you<br \/>\nvia the service.<\/li>\n<\/ul>\n<p>The portal provides limited visibility among those who share the same subscription.<\/p>\n<p class=\"text--hxs\">Data in WithSecure systems<\/p>\n<p>In addition to vulnerability scan result data that is made available to you via the service, WithSecure<br \/>\nalso collects the following organization-level data directly via the service. This data is not shared with<br \/>\nthe customer company or distribution partner.<\/p>\n<ul>\n<li>The customer ID and name;<\/li>\n<li>the customer\u2019s cloud account ID (and possible nick name);<\/li>\n<li>metadata related to scanned assets;<\/li>\n<li>the amount and the value of unique cloud assets scanned for misconfigurations and<br \/>\nvulnerabilities within a cloud account \/ organization;<\/li>\n<\/ul>\n<p>This data is used for operating the service, troubleshooting, performance measurement, statistics,<br \/>\nlogging and resolving malicious usage, and service development.<\/p>\n<p class=\"text--h4\">Exposure Management for Business<\/p>\n<p>XM for Business subscription includes a vulnerability and misconfiguration scanning and management<br \/>\ncapability that allows you to identify and manage threats, report risks, and get an outlook on the<br \/>\nsecurity posture of your devices (VM), Identity (EntraID) and External Attack Surface.<\/p>\n<p>The service is built to find vulnerabilities and misconfigurations in your employer&#8217;s environment,<br \/>\nenabling you to find and fix them and thus prevent breaches performed by malicious parties.<\/p>\n<p>It can be subscribed either alone or with XM for Cloud. Having both will enable attack path simulation<br \/>\ntaking into account threats between the cloud and other asset types.<\/p>\n<p class=\"text--h5\">What kind of data is collected by XM for Business<\/p>\n<p class=\"text--hxs\">Data in the management portal<\/p>\n<p>For data the service collects on administrator users, which is available through the management portal,<br \/>\nplease see section 9 (\u201cData on Portal Users\u201d) below.<\/p>\n<p>The service automatically collects the following data on its operational environment, and on the use<br \/>\nof the service, and makes it available through the management portal:<\/p>\n<ul>\n<li><strong>Data on service use.<\/strong> Subscriber access tokens, scan node, device identifiers (including IP<br \/>\naddress), EntraID (users, user groups, user devices, roles), service version number,<br \/>\nsubscription key, installation and update date and time, feature status, and basic operating<br \/>\nsystem status (such as memory and disk usage).<\/li>\n<li><strong>Data on vulnerability and misconfiguration scan results.<\/strong> Information about the<br \/>\noccurrence of known security issues and risks identified during the scan as presented to you<br \/>\nvia the service.<\/li>\n<\/ul>\n<p>The portal provides limited visibility among those who share the same subscription.<\/p>\n<p class=\"text--hxs\">Data in WithSecure systems<\/p>\n<p>In addition to vulnerability scan result data that is made available to you via the service, WithSecure<br \/>\nalso collects the following organization-level data directly via the service. This data is not shared with<br \/>\nthe customer company or distribution partner.<\/p>\n<ul>\n<li>The customer ID and name;<\/li>\n<li>the customer\u2019s cloud account ID (and possible nick name);<\/li>\n<li>metadata related to scanned assets;<\/li>\n<li>the amount and the value of unique cloud assets scanned for misconfigurations and<br \/>\nvulnerabilities within a cloud account \/ organization;<\/li>\n<\/ul>\n<p>This data is used for operating the service, troubleshooting, performance measurement, statistics,<br \/>\nlogging and resolving malicious usage, and service development.<\/p>\n<p class=\"text--h3\">Elements Identity Security<\/p>\n<p>WithSecure Elements Identity Security is a module within Elements XDR designed to detect and<br \/>\nrespond to identity-based threats. It accomplishes this by alerting you to potentially compromised<br \/>\nusers and providing insights into malicious activity and appropriate responses. The integration with<br \/>\nEntra ID allows collection of the following data:<\/p>\n<ul>\n<li>Sign-in logs: These logs identify risky sign-ins when users log into the Microsoft 365<br \/>\nenvironment or third-party applications using Entra ID for single sign-on.<\/li>\n<li>Audit logs: Captured to detect actions after the initial access step in the attack lifecycle.<\/li>\n<li>Non-interactive sign-in logs: These relate to system activities where there is no human<br \/>\ninteraction. This is crucial because Entra ID service accounts can be targeted by attackers.<\/li>\n<\/ul>\n<p>The purpose of this service is to swiftly detect suspicious activity, preventing the impact of cyber<br \/>\nattacks such as data breaches or financial losses. Importantly, it is not intended for employee<br \/>\nmonitoring. WithSecure does not allow your company\u2019s IT administrator to track your movements,<br \/>\nview your photos, or monitor your communication.<\/p>\n<p class=\"text--h4\">What kind of data is collected<\/p>\n<p>Our guiding principle is that we do not aim to spy on the specific content of your private<br \/>\ncommunications. Instead, we analyze metadata from logins, allowing us to observe Entra ID tenant<br \/>\nmanagement actions. For instance, we can track activities such as signing in from new countries,<br \/>\nadding new users, granting permissions, or creating application principals.<\/p>\n<p>We do collect events from the Entra ID Tenant. These events typically include access time, associated<br \/>\nusernames, device types, applications used, whether multi-factor authentication was employed, and<br \/>\nthe IP address along with its associated location information.<\/p>\n<p class=\"text--h3\">Elements XDR Cloud Security<\/p>\n<p>WithSecure Elements XDR Cloud Security is a module within Elements XDR designed to detect and<br \/>\nrespond to cloud-based threats. It accomplishes this by alerting you to potentially compromised<br \/>\nresources and providing insights into malicious activity and appropriate responses. The integration<br \/>\nwith Azure allows collection of the following data:<\/p>\n<ul>\n<li>Azure Activity Logs: These logs provide information in relation to subscription level events for<br \/>\nexample when a resource is modified or a virtual machine is started to identify potential threats<br \/>\nand the progression of an attack.<\/li>\n<li>Resource logs: Captured to provide visibility of resource level actions to identify potential<br \/>\nthreats.<\/li>\n<\/ul>\n<p>The purpose of this service is to swiftly detect suspicious activity, preventing the impact of cyber<br \/>\nattacks such as data breaches or financial losses. Importantly, it is not intended for employee<br \/>\nmonitoring. WithSecure does not allow your company\u2019s IT administrator to track your movements,<br \/>\nview your photos, or monitor your communication.<\/p>\n<p class=\"text--h4\">What kind of data is collected<\/p>\n<p>Our guiding principle is that we do not aim to spy on the specific content of your private<br \/>\ncommunications. Instead, we analyze cloud resource behavior and user interactions with these<br \/>\nresources. For instance, we can track activities such as who has changed security settings within the<br \/>\ncloud, whether data exfiltration tools have been used, and whether there has been a sharp increase<br \/>\nin resource usage that could indicate cryptojacking.<\/p>\n<p>We do collect events from the Azure Tenant. These events typically include access time, event type<br \/>\nassociated usernames, resource IDs, server name, subscription ID and applications used.<\/p>\n<p class=\"text--h3\">Elements Mobile Protection<\/p>\n<p>WithSecure Elements Mobile Protection combines our Network Gateway solution (detects and blocks<br \/>\nmalicious network requests) and malware protection with mobile device management, which are both<br \/>\ncontrolled via the management portal. To achieve this:<\/p>\n<ul>\n<li>the focus of data collection is on your device and our service, not you as an individual;<\/li>\n<li>results of the query will be available for your employer\u2019s IT administrator, so they can better<br \/>\nmanage company devices and applications.<\/li>\n<\/ul>\n<p>The purpose of the service is to secure and manage your device and its connections. The service is<br \/>\nnot built to monitor employees. The service does not enable WithSecure or your company\u2019s IT<br \/>\nadministrator to follow your movements, view your photos, or see who you call or communicate with.<\/p>\n<p>The URL requests, for example, are evaluated based on their reputation and harmful websites are<br \/>\nblocked based on the settings controlled by your employer\u2019s IT administrator. If you would like more<br \/>\ninformation on allowed-listed or blocked websites, please contact your employer\u2019s IT administrator.<\/p>\n<p class=\"text--h4\">What kind of data is collected<\/p>\n<p>Our guiding principle is that we do not seek to spy on the exact content of your private communications.<br \/>\nWe only analyze the URL request to provide you the Service and to keep your data transfers clean.<br \/>\nTo be more exact, this means that:<\/p>\n<ul>\n<li>the solution automatically analyzes suspicious or malicious requests;<\/li>\n<li>the solution automatically inhibits usage that is against your company\u2019s acceptable use policy.<\/li>\n<\/ul>\n<p><strong>Securing your device with Security Cloud.<\/strong> The service sends queries on potential malicious activity,<br \/>\nmalicious software, or unwanted applications on protected devices, URL requests to WithSecure<br \/>\nSecurity Cloud. WithSecure Security Cloud is a cloud-based system for cyber threat analysis that is<br \/>\noperated by WithSecure. With the Security Cloud, WithSecure can maintain an up-to-date overview<br \/>\nof the global threat landscape and protect our customers against new threats the moment they are<br \/>\nfirst found. These queries \u2014 such as URLs, file identifiers, and application metadata \u2014 cannot be<br \/>\nconnected to an identifiable user by WithSecure.<\/p>\n<p>To protect your privacy, WithSecure separates the above security data from other data collected on<br \/>\nyour use of the service, anonymizes it, and destroys it when it is no longer needed for the purpose.<\/p>\n<p class=\"text--h5\">User data<\/p>\n<p class=\"text--hxs\">User data in the management portal<\/p>\n<p>For data the service collects on administrator users, which is available through the management portal,<br \/>\nplease see section 9 (\u201cData on Portal Users\u201d) below.<\/p>\n<p>The Service collects the following data about you, your device, and use of the Service, and makes it<br \/>\navailable through the management portal:<\/p>\n<ul>\n<li>User\u2019s email, first name, family name, and alias. This data is linked to your &#8222;device UUID&#8220; that<br \/>\nacts as an identifier of the user data in the system.<\/li>\n<li>The service version number, device identifiers (e.g. UUID, model, etc.), subscription key,<br \/>\ninstallation and update date and time, operating system and version, feature status.<\/li>\n<li>In addition to the above, the service may collect other information from the devices related to<br \/>\nsecurity and compliancy, such as: your mobile device model, as well as the potential jailbreak<br \/>\nor root status, service statistics per device such as the amount of traffic scanned, the harmful<br \/>\nwebsites, the number of blocked tracking attempts and blocked website counters.<\/li>\n<\/ul>\n<p>The collected data varies according to what devices and services you use.<\/p>\n<p>By default, the blocked URLs are not sent to the management portal, but this setting can be enabled<br \/>\nby your employer\u2019s IT administrator.<\/p>\n<p>We use this data to operate the services, to manage them (including identifying authorized users and<br \/>\nmanaging licenses), to measure performance, and to further develop, enhance, and improve the<br \/>\nservice. The data can be used to provide support and problem resolution services.<\/p>\n<p>This data is visible to your company&#8217;s IT administrator and is also available to WithSecure and through<br \/>\nthe portal. If the company&#8217;s IT administration has been outsourced, the data is also available to the<br \/>\noutsourcing partner (WithSecure&#8217;s &#8218;distributor partner&#8216;), so that they can provide your company with<br \/>\nsupport and IT services.<\/p>\n<p class=\"text--hxs\">User data in WithSecure systems<\/p>\n<p>In addition to data that is made available in the portal, WithSecure also collects the following data via<br \/>\nthe Service:<\/p>\n<ul>\n<li>your device ID, so we can send push notifications to the devices and to combine different<br \/>\ntypes of user data;<\/li>\n<li>your device&#8217;s language, so the service language is consistent with the device language;<\/li>\n<li>we may also collect the battery level, internal memory and SD card memory sizes, and a list<br \/>\nof installed applications (to check that the service is installed correctly) for management<br \/>\nfeature development purposes.<\/li>\n<\/ul>\n<p class=\"text--hxs\">Analytics data<\/p>\n<p>We also reuse the above service data and security data for data analytics purposes, based on the<br \/>\nlegal grounds established above. Data analytics are an integral part of our service delivery, as nearly<br \/>\nall WithSecure services are dependent on our infrastructure to properly operate. Our data analytics<br \/>\nenables us to direct that infrastructure to support your use of the services.<\/p>\n<p class=\"text--h3\">Elements Vulnerability Management<\/p>\n<p>WithSecure Elements Vulnerability Management is a vulnerability scanning and management platform<br \/>\nthat allows you to identify and manage threats, report risks, and get an outlook on the security posture<br \/>\nof your IT systems. The core privacy aspects of this service are:<\/p>\n<ul>\n<li>the focus of data collection is on detecting vulnerabilities in your employer&#8217;s corporate network,<br \/>\nnot on any individual&#8217;s activities therein;<\/li>\n<li>the only directly identifying data that we need is your name, email, and optionally phone<br \/>\nnumber;<\/li>\n<li>we monitor service use to maintain its performance and prevent misuse.<\/li>\n<\/ul>\n<p>The service is built to find vulnerabilities in the hardware and software of your employer&#8217;s corporate<br \/>\nnetwork, enabling you to find and fix them and thus prevent breaches performed by malicious parties.<\/p>\n<p class=\"text--h4\">What kind of data is collected<\/p>\n<p class=\"text--h5\">Data in the management portal<\/p>\n<p>For data the service collects on administrator users, which is available through the management portal,<br \/>\nplease see section 9 (\u201cData on Portal Users\u201d) below.<\/p>\n<p>The service automatically collects the following data on its operational environment, and on the use<br \/>\nof the service, and makes it available through the management portal:<\/p>\n<ul>\n<li><strong>Data on service use.<\/strong> Subscriber access tokens, scan node, device identifiers (including IP<br \/>\naddress), service version number, subscription key, installation and update date and time,<br \/>\nfeature status, and basic operating system status (such as memory and disk usage).<\/li>\n<li><strong>Data on vulnerability scan results.<\/strong> Information about the occurrence of known<br \/>\nvulnerabilities and risks identified during the scan as presented to you via the service.<\/li>\n<li>for authenticated Elements Vulnerability Management system scans:\n<ul>\n<li>The certificate or credentials that act as access tokens to perform an in-depth scan;<\/li>\n<li>The software and its version installed on target systems<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>The portal provides limited visibility among those who share the same subscription.<\/p>\n<p class=\"text--h4\">Data in WithSecure systems<\/p>\n<p>In addition to vulnerability scan result data that is made available to you via the service, WithSecure<br \/>\nalso collects the following organization-level data directly via the service. This data is not shared with<br \/>\nthe customer company or distribution partner.<\/p>\n<ul>\n<li>The amount and the value of unique IP addresses scanned for vulnerabilities within<br \/>\norganization;<\/li>\n<li>in the case of on-premise scan node deployments, the scan node\u2019s configuration details, such<br \/>\nas installation directory and hardware fingerprint of the device on which the scan node agent<br \/>\nis installed.<\/li>\n<\/ul>\n<p>This data is used for operating the service, troubleshooting, performance measurement, statistics,<br \/>\nlogging and resolving malicious usage, and service development.<\/p>\n<p class=\"text--h3\">Data on Portal Users<\/p>\n<p class=\"text--h4\">What kind of data is collected<\/p>\n<p>The service collects the following data, which is available through the management portal, on<br \/>\nadministrator users:<\/p>\n<ul>\n<li>Username of the user logged onto the managed device<\/li>\n<li>The user\u2019s email address<\/li>\n<li>The user\u2019s phone number (optional)<\/li>\n<li>Logs of the user\u2019s actions visible in the portal in the audit log<\/li>\n<\/ul>\n<p class=\"text--h4\">Use of collected data<\/p>\n<p>Data on access and actions performed by administrators in the management portal is collected for<br \/>\naudit purposes. Generally, this is limited to changes performed or access to sensitive data (for<br \/>\nexample downloading endpoint diagnostic files). This data is visible to administrators in the portals<br \/>\naudit log.<\/p>\n<p class=\"text--h3\">Analytics<\/p>\n<p>In addition to the data visualized in the portal, the service also uses a subset of collected data for<br \/>\nservice analytics. We do this so that we can create services that are of value to you and our other<br \/>\ncustomers. WithSecure also collects analytics data on the service portal to learn how the administrator<br \/>\nusers use the service portal so we can improve the portal user experience.<\/p>\n<p>This section outlines our general practices for the collection and processing of data for analytics<br \/>\npurposes.<\/p>\n<p>When speaking about WithSecure data analytics, it comprises both reused service data, reused<br \/>\nsecurity data, and the data that is collected for analytics purposes to begin with.<\/p>\n<p>We want to give you a more personal customer experience and provide you with even better services<br \/>\nin the future. For that we need to track usage patterns and create customer segments. For example,<br \/>\nwhat features are used most, where the service fails, what needs fixing, and how you found out about<br \/>\nour services.<\/p>\n<p><strong>What we collect.<\/strong> The data that we process for the purposes of data analytics include things like asset<br \/>\nidentifier and relations between devices \/ users \/ user groups, operation environment, service<br \/>\noperation time, license type (trial or paid version), device metrics (such as phone model and operating<br \/>\nsystem, language), partial IP address, service errors, problematic files and URLs, service performance<br \/>\ndata, how you interact with our services (such as which features are used and how often), the domain<br \/>\nname from which you connect to the service, elements clicked, timestamps, regional location,<br \/>\neffectiveness of our in-service messaging, service activation (such as tracking that you have received<br \/>\nthe related messages and that installation was successful), installation and activation paths, service<br \/>\nperformance, connections, data routing, quota, and other similar data.<\/p>\n<p>On a practical level, when we ask for your consent in our services\u2019 user interface, it controls whether<br \/>\nthe following data is sent: i) additional data, like which features are used and how often, and service<br \/>\nmetrics, and ii) the number of attributes sent in a given data set.<br \/>\nThe above relates to your use of our cyber security services. Data analytics running on our websites<br \/>\nare described in our website privacy policy.<\/p>\n<p><strong>Opting out.<\/strong> We really appreciate your help in improving our services. However, if you want to<br \/>\nminimize all data traffic towards WithSecure, we respect that. Those of our services that employ<br \/>\nadditional analytics give you the choice on whether to contribute. You can opt out at any time from the<br \/>\nsubsequent collection of analytical data that is non-essential to our service provisioning.<\/p>\n<p>If you have opted out from all analytics data collection, our messaging directed to you will be based<br \/>\nonly on the service data collection (the data that we collect in any case to provide you with the services)<br \/>\nand some of our messaging is likely to be less relevant.<\/p>\n<p>If you oppose all collection of data from your online life (including our websites), the more wholesale<br \/>\nmethod for preventing online advertisers from profiling your mobile device usage is to reset the<br \/>\nadvertising identifier from time to time and to turn on the do-not-track setting in your device settings,<br \/>\nor to use our privacy product.<\/p>\n<p><strong>Analytics data retention.<\/strong> In our data analytics activities, we combine analytics data with the service<br \/>\ndata. The resulting combined data set then continues to be processed based on a \u201clegitimate interest\u201d.<br \/>\nThe previously collected analytical data is retained as part of the service statistics, as its retroactive<br \/>\nremoval would break the statistics. When you cease subscribing to our services (i.e. your account is<br \/>\ndeleted), the analytical data related to your service use will be reverted to anonymous data, and we<br \/>\nare no longer able to associate it with you.<\/p>\n<p><strong>Data exchange.<\/strong> Because of the technical environment (that is, the internet, the app store ecosystem,<br \/>\nand social media), we are not able to do all of the collection and activities related to data analytics<br \/>\nourselves. We have to exchange some data (such as \u201cAndroid marketing identifier\u201d and other like<br \/>\nidentifiers) with our online analytics and marketing partners to enable our digital analytics and<br \/>\nmarketing activities. The vast majority of the data that we have on you is not shared with others.<\/p>\n<p>Some of our subcontractors who provide us with analytical capabilities for our products may also<br \/>\ncreate and publish aggregate reports on the data that they have collected. In such cases, the statistics<br \/>\nand aggregate reports do not contain any data that could be linked to any individual person.<\/p>\n<p><strong>We do not sacrifice your privacy.<\/strong> Where we differ from most companies doing this is in that we<br \/>\nunderstand how the ecosystem works and go through great pains to select our few partners with care, removing all data that is not absolutely necessary for the above purpose. You can naturally opt out<br \/>\nfrom the collection of analytics data at any time via the service settings.<\/p>\n<p>When we process the data for analytical or statistical purposes, we pseudonymize the data. In other<br \/>\nwords, our data analysts do not know the individual to which a specific data set refers to. The<br \/>\npseudonymization is only reversed in specified use cases. For example, when we communicate with<br \/>\nyou, we connect the results \u2014 not the full data \u2014 of our data analytics to your email address. Another<br \/>\nexample is that we may use the data to resolve issues you may have with our product, when providing<br \/>\nyou with technical support services.<\/p>\n<p>We also limit such added analytics only to the surface of our services and keep them at arm\u2019s length<br \/>\nfrom the core privacy areas of our services. For example, we do not have any external analytics in our<br \/>\nSecurity Cloud.<\/p>\n<p class=\"text--h3\">Luminen\u2122 and use of GenAI<\/p>\n<p>WithSecure Luminen\u2122 is a layer of user experience of Elements that is utilizing Generative AI<br \/>\nalgorithms \/ Large Language Models in order to provide a natural language and localized assistance<br \/>\nto our users. Naturally, the use of LLM raises questions about privacy and the use of the data.<\/p>\n<p>We use LLMs as provided by Amazon AWS Bedrock service and our users\u2019 data does not leave AWS.<br \/>\nThe introduction of Luminen does not change anything compared to the rest of Elements&#8216; functionality.<br \/>\nAll data is processed in AWS in Europe. Data of our users is not and will not be used to train future<br \/>\nversions of foundational models. We never query models outside of AWS with our users\u2019 data. Any<br \/>\npossible training of non-foundational models by WithSecure will only use anonymized data.<\/p>\n<p>To limit the risk of leakage and hallucination, we use a common LLM technique known as Retrieval-<br \/>\nAugmented Generation \u2013 RAG and provide the model with a specific prompt along with specific<br \/>\ncontext data \u2013 which is pre-computed for a specific need. The user cannot define or modify the prompt,<br \/>\nand the model cannot freely query for data across Elements.<\/p>\n<p>The data that is made available to the LLM, as part of the context consists of Security Events,<br \/>\nXDR\/BCD incidents, XM findings and relevant threat intelligence data. This data can contain<br \/>\ninformation like username, workstation name, email address (in case of ECP Security Event and XM<br \/>\nfindings). However, Luminen\u2122 does not have access to any additional data, which would not be<br \/>\nalready in Security Events, XM findings or XDR\/BCD incidents.<\/p>\n<p class=\"text--h3\">Security Cloud<\/p>\n<p class=\"text--h4\">General<\/p>\n<p>The WithSecure Security Cloud is a cloud-based system for cyber threat analysis, designed,<br \/>\ndeveloped, and operated by WithSecure Corporation. With the Security Cloud, we can maintain an<br \/>\nup-to-date overview of the global threat landscape and protect our customers against new threats the<br \/>\nmoment they are first found. For more information, please read our Security Cloud whitepaper.<\/p>\n<p class=\"text--h4\">Solution-specific use<\/p>\n<p class=\"text--h5\">Elements Endpoint Protection<\/p>\n<p>The service sends queries on potential malicious activities or protected devices and networks to<br \/>\nWithSecure Security Cloud. While we limit the processing of any information that could be considered<br \/>\nsensitive by our users, we collect the minimum amount of user and organization information for the<br \/>\npurpose of providing high quality protection to our users. The collected data may contain:<\/p>\n<ul>\n<li>Files that are blocked by WithSecure for a security reason, and related metadata. The<br \/>\nmetadata includes for example file hash, file name and file path. We need to analyze files and<br \/>\nemails for malicious content and behaviors for your protection. Files are processed in a safe<br \/>\nenvironment to catch harmful behaviors. Collection of this data helps WithSecure to keep a<br \/>\nglobal threat situation map that allows reacting quickly to new threats.<\/li>\n<li>Web addresses that you have tried to visit but have been blocked by WithSecure for a security<br \/>\nreason or which exhibit potentially malicious behavior, and related metadata. The metadata<br \/>\nincludes for example response headers. A site may get blocked based on selected protection<br \/>\npreferences and parental control reasons. The collected information also allows protection<br \/>\nagainst phishing and ransomware attacks.<\/li>\n<\/ul>\n<p>The portal administrators will only see a summary of the result, for example if the file is infected or not.<br \/>\nHowever, if the service detects malware, a summary of the detection is visible in the portal and can<br \/>\nbe connected to an individual device by those having access to portal.<\/p>\n<p class=\"text--h5\">Elements Collaboration Protection<\/p>\n<p>Data sent to Security Cloud is always anonymized and cannot be connected to an individual user in<br \/>\nany way.<\/p>\n<p class=\"text--h5\">Elements Mobile Protection<\/p>\n<p>The service sends queries on potential malicious activity, malicious software, or unwanted applications<br \/>\non protected devices, and URL requests to WithSecure Security Cloud. These queries \u2014 such as<br \/>\nURLs, file identifiers, and application metadata \u2014 cannot be connected to an identifiable user by<br \/>\nWithSecure.<\/p>\n<p class=\"text--h5\">Elements Endpoint Detection and Response<\/p>\n<p>The service sends queries on potential malicious activity, malicious software, or unwanted applications<br \/>\non protected devices, data traffic, and networks to WithSecure Security Cloud. These queries \u2013 such<br \/>\nas URLs, file identifiers, and application metadata \u2013 cannot be connected to an identifiable user by<br \/>\nWithSecure.<\/p>\n<p>To protect your privacy, WithSecure separates the security data set out in section 7 above from other<br \/>\ndata collected on your use of the service, anonymizes it, and destroys it when it is no longer needed<br \/>\nfor the purpose.<\/p>\n<p class=\"text--h3\">Legal Grounds<\/p>\n<p>As a data controller we are committed to maintaining high standards of data protection when we are<br \/>\nprocessing personal data. We try to minimize our exposure to personal data as much as possible and<br \/>\nwhen personal data is processed by WithSecure within our Elements Services we generally rely on<br \/>\nlegitimate interest as a basis for processing personal data.<\/p>\n<p class=\"text--h4\">Elements Collaboration Protection<\/p>\n<p>Both WithSecure and each customer company operate as independent controllers over their<br \/>\nrespective areas of data processing that takes place in the context of the services.<\/p>\n<p>To the extent that the data processed by WithSecure in the services is identifiable to an individual, the<br \/>\nservices process data to safeguard the following legitimate interests;<\/p>\n<ul>\n<li>providing WithSecure services to secure our customers&#8216; networks and devices as well as the<br \/>\nconfidentiality and availability of the data therein;<\/li>\n<li>enabling WithSecure to detect emerging threats and security-relevant trends among all of its<br \/>\ncustomers, so that our services can keep on par with evolving threats;<\/li>\n<li>enabling WithSecure to provide a centralized security service framework across multiple<br \/>\ncontinents to a large number of customers and partners.<\/li>\n<\/ul>\n<p>The data processing undertaken by the service is mandatory for the efficient protection of customer<br \/>\ncompany data in its cloud service organization (such as Microsoft 365). While the individual service&#8217;s<br \/>\nsettings may enable an IT administrator to limit the processing of security data by WithSecure, such<br \/>\nadjustments are not recommended, as they endanger achieving the above intended purposes of the<br \/>\nservices.<\/p>\n<p class=\"text--h4\">Elements Endpoint Protection<\/p>\n<p>To the extent that the data processed by WithSecure in the EPP services is identifiable to an individual,<br \/>\nthe services process such data to safeguard the following legitimate interests:<\/p>\n<ul>\n<li>providing WithSecure services to secure our customers\u2019 networks and devices as well as the<br \/>\nconfidentiality and availability of the data therein;<\/li>\n<li>enabling WithSecure to detect emerging threats and security-relevant trends among all of its<br \/>\ncustomers, so that our services can keep on par with evolving threats;<\/li>\n<li>enabling WithSecure to provide a centralized security service framework across multiple<br \/>\ncontinents to a large number of customers and partners.<\/li>\n<\/ul>\n<p>Additionally, Web Portal analytics are put in place to improve WithSecure products.<\/p>\n<p>In the case of data that is not strictly necessary to provide you with the Services \u2014 but would help us<br \/>\nin providing you with better services in the long run \u2014 we collect such data only with your consent.<\/p>\n<p>Your employing company independently establishes its legal grounds for the processing of identifiers<br \/>\nfor the purposes set out above.<\/p>\n<p class=\"text--h4\">Elements Exposure Management<\/p>\n<p>For both Elements Vulnerability Management and Elements Exposure Management WithSecure has<br \/>\na legitimate interest in identifying its portal users and monitoring such users&#8216; portal usage as set out<br \/>\nabove to make sure that only authorized users are able to utilize the service and that services are only<br \/>\nused for their lawful purposes. To this effect, you are responsible for providing accurate and truthful<br \/>\naccess credentials to be able to use the service.<\/p>\n<p>The data collected by the services in the form of &#8222;vulnerability scan results&#8220; is processed for the dual<br \/>\npurposes of:<\/p>\n<ul>\n<li>improving WithSecure&#8217;s customers&#8216; network and device security as well as the confidentiality<br \/>\nand availability of the data therein, and<\/li>\n<li>allowing WithSecure to detect emerging threats and security-relevant trends among all of its<br \/>\ncustomers, so that WithSecure services can keep on par with evolving threats. The<br \/>\nvulnerability scan results do not, by default, contain personally identifiable data.<\/li>\n<\/ul>\n<p>Any contact details processed in Attack Surface Management are processed on the basis of legitimate<br \/>\ninterest.<\/p>\n<p class=\"text--h4\">Elements Mobile Protection<\/p>\n<p>The data processing by the services is mandatory for the efficient protection of the device and a<br \/>\nprerequisite for WithSecure\u2019s capability to provide its contracted services. As such processing is<br \/>\ninseparable from the services that we provide to you, this gives us a valid need to process your data<br \/>\nand a justification to do so.<\/p>\n<p>In some cases, processing may take place in the form of \u201clegitimate interest\u201d.<\/p>\n<p class=\"text--h4\">Elements Endpoint Detection and Response<\/p>\n<p>The results of these services are utilized for the benefit of WithSecure&#8217;s customers. Both the customer<br \/>\nand WithSecure \u2013 as a provider of security services \u2013 have a recognized legitimate interest in<br \/>\nundertaking necessary and proportional activities to that effect.<\/p>\n<p>The core &#8222;privacy interest&#8220; of the EDR solution is to safeguard the valuable data residing in the<br \/>\ncustomer\u2019s devices and network. This also includes personal data of the employees of the customer<br \/>\nwhose devices the EDR sensors monitor. To achieve the above, the solution profiles the events taking<br \/>\nplace on the devices of the corporate network(s) to reveal potentially malicious activities taking<br \/>\nplace on specific devices within customer networks. Objecting to such data collection has a negative impact<br \/>\non the protection awarded by the WithSecure services for the above data in your organization.<\/p>\n<p>The potential negative privacy impact of consequent employee device monitoring is mitigated by<br \/>\ntechnical safeguards, limitations on collected data types, and correlating the collected data to<br \/>\nidentifiable individuals \/ devices only in pre-designed phases of processing. Providing the EDR<br \/>\nsolution is dependent on automated data collection from the protected devices \/ environment.<\/p>\n<p class=\"text--h4\">Identity Security<\/p>\n<p>WithSecure Elements Identity Security processes data to ensure the security and integrity of our<br \/>\nclients&#8216; Entra ID environments. This is achieved by alerting clients to potentially compromised identities<br \/>\nand providing insights into appropriate responses. The data collected is essential for meeting the<br \/>\nrequirements of the product and is done based on legitimate interest.<\/p>\n<p class=\"text--h5\">XDR Cloud Security for Azure<\/p>\n<p>WithSecure Elements XDR Cloud Security processes data based on our legitimate interest in<br \/>\nidentifying potential threats and the progression of attacks.<\/p>\n<p class=\"text--h4\">Secondary uses<\/p>\n<p>In addition, we may also need to use and\/or continue to store data i) to meet a \u201clegal obligation\u201d to<br \/>\nprocess data for specified purposes, or ii) under the grounds of \u201clegitimate interest\u201d. For an example<br \/>\nlist of situations where we may resort to such justifications, see the \u201cOther uses and disclosures\u201d<br \/>\nsection in our <a href=\"https:\/\/www.withsecure.com\/en\/corporate-privacy\/\">general privacy policy<\/a>.<\/p>\n<p class=\"text--h3\">Transfers and Disclosures<\/p>\n<p>The data presented in the service portal is visible to your company\u2019s IT administrator, whether internal<br \/>\nor external. If the company\u2019s IT is managed by a third party, this data is also available to them<br \/>\n(WithSecure\u2019s &#8222;distributor\/reseller partner&#8220;), so that they can provide your company with support for<br \/>\nour services and corresponding IT services.<\/p>\n<p>WithSecure further employs its own affiliates and subcontractors so we can provide our services<br \/>\nglobally.<\/p>\n<p>More information on transfers and disclosures is available in the WithSecure <a href=\"https:\/\/www.withsecure.com\/en\/corporate-privacy\/\">General Privacy Policy<\/a>.<\/p>\n<p class=\"text--h3\">Retention<\/p>\n<p>WithSecure Elements services gather and share data with other Elements services. This data is stored<br \/>\nfor a length of service provisioning to our customer company and is visible in the respective Elements<br \/>\nportal for the same duration. After the last Elements subscription has expired, the data is retained in<br \/>\nWithSecure storage for a maximum of four (4) months before final deletion or anonymization unless<br \/>\notherwise agreed on a case-by-case basis with the customer. This enables renewal of the service<br \/>\nafter its expiration without the need to reinstall and without losing old data.<\/p>\n<p>This maximum retention time after expiration of the last subscription applies also to the data for which<br \/>\nElements allows customers to set custom retention time during the use of the service, e.g. Elements<br \/>\nVulnerability Management allows retention time to be set for vulnerability findings and Elements<br \/>\nCollaboration Protection for quarantined emails.<\/p>\n<p>Logs, such as basic audit logs, which show which users accessed the portal or API, and detailed<br \/>\nservice logs, which show what actions were used, are kept for a maximum of two years on a rolling<br \/>\nbasis.<\/p>\n<p>WithSecure&#8217;s Security Cloud is a cloud-based threat analysis and reputation system that scans data<br \/>\nfor any malicious or harmful content. Data sent to Security Cloud is always anonymized and cannot<br \/>\nbe connected to an individual user in any way. Any files or URLs sent to Security Cloud, are<br \/>\nautomatically deleted near-instantaneously after analysis, if they are not found to be suspicious.<\/p>\n<p>Anonymized security data and statistical data are stored on WithSecure servers without a set end date<br \/>\nas long as the data continues to be useful for the purpose it was collected for.<\/p>\n<p><strong>More information, exceptions, and additions:<\/strong><\/p>\n<p>The customer company has a right to request their data to be removed earlier than the data would<br \/>\notherwise be stored based on the above mentioned retention times. The default rule under the law is<br \/>\nthat personal data should be deleted or anonymized once it is no longer needed for its<br \/>\npurpose. However, there are exceptions when we need to deviate from the primary retention times<br \/>\nincluding the following examples:<\/p>\n<ul>\n<li>backups (e.g. copy of your personal data may exist in backups until they are rotated);<\/li>\n<li>applicable laws require us to store the data (e.g. to keep track of the purchase and payment<br \/>\nof our services);<\/li>\n<li>to pursue available remedies or to limit any damages that we may sustain (e.g. due to an<br \/>\nongoing dispute or investigation);<\/li>\n<li>to solve or contain a recurring problem or to have enough information to respond to future<br \/>\nissues (e.g. your support ticket related to a problem that was not permanently corrected<br \/>\nduring your customership);<\/li>\n<li>to prevent fraudulent activity (e.g. to enforce a ban on our community);<\/li>\n<li>your personal data is incorporated to other data for a secondary purpose (e.g. retaining logs);<\/li>\n<li>other similar circumstances, where there continues to be a legitimate need for the ongoing<br \/>\nstorage of personal data.<\/li>\n<\/ul>\n<p>The final removal of your user account, WithSecure Business Account, may be delayed to avoid<br \/>\ndisturbing the other interactions you have with us. This is the case when you i) have an WithSecure<br \/>\nCommunity, Learning Management System or Partner Portal account, ii) you continue to subscribe to<br \/>\nour marketing messages. You can opt out from our marketing messages at any time.<\/p>\n<p>If we have received your information when providing you with technical support, the information is<br \/>\nstored as long as the respective support case remains unsolved. Once solved, the information is<br \/>\ngradually deleted or anonymized within two years from closing the case.<\/p>\n<p>Analytics data collected with the user\u2019s consent is retained for statistical purposes and is not deleted<br \/>\non removal of personal data and the user account. After termination of the account, analytics data<br \/>\ncannot be linked to any personally identifiable user.<\/p>\n<p class=\"text--h3\">Security<\/p>\n<p>We apply strict security measures to protect the confidentiality, integrity, and availability of your<br \/>\npersonal data when transferring, storing, or processing it.<\/p>\n<p>We use physical, administrative, and technical security measures to reduce the risk of loss, misuse,<br \/>\nor unauthorized access, disclosure, or modification of your personal data.<\/p>\n<p>All personal data is stored on secure servers operated by WithSecure or our partners with access<br \/>\nlimited to authorized personnel only.<\/p>\n<p class=\"text--h3\">Your Rights<\/p>\n<p>Information on your statutory rights and how to contact us is available in the WithSecure General<br \/>\nPrivacy Policy here: <a href=\"https:\/\/www.withsecure.com\/en\/corporate-privacy\/\">Corporate privacy | WithSecure\u2122<\/a><\/p>\n<p class=\"text--h3\">General<\/p>\n<p>This privacy policy is effective as of May 20 2025. Please note that this privacy policy will regularly be<br \/>\nupdated to reflect any changes in the way we handle your personal data or any changes in applicable<br \/>\nlaws.<\/p>\n<p>This version of the policy clarifies, updates, and replaces the previous version. To continue keeping<br \/>\nthis document up to date, we will make changes and additions to this from time to time also in the<br \/>\nfuture.<\/p>\n<p>More information on definitions and change management is available in the WithSecure General<br \/>\nPrivacy Policy here: <a href=\"https:\/\/www.withsecure.com\/en\/corporate-privacy\/\">Corporate privacy | WithSecure\u2122<\/a><\/p>\n<\/div>\n    <\/div>\n<\/div>                                                                                <\/div>\n<\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":3,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-12889","page","type-page","status-publish","hentry"],"acf":[],"card":"<div class=\"wp-component-card-insight js-card-link wp-component-card-insight--highlighted\">\n    <div class=\"wp-component-card-insight__image-wrapper\">\n        <img width=\"618\" height=\"440\" src=\"https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder.jpg\" class=\"wp-component-card-insight__image\" alt=\"\" decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder.jpg 618w, https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder-300x214.jpg 300w, https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder-447x318.jpg 447w, https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder-205x146.jpg 205w\" sizes=\"auto, (max-width: 618px) 100vw, 618px\" \/>                    <p class=\"wp-component-card-insight__content-type\">Seite<\/p>\n            <\/div>\n    <div class=\"wp-component-card-insight__content\">\n                            <h3 class=\"wp-component-card-insight__title\">Withsecure Elements Privacy Policy<\/h3>\n                                                    <div class=\"wp-component-card-insight__button-wrapper\">\n                <a class=\"wp-component-button btn btn--primary btn--dark wp-component-card-insight__button btn--small\" href=\"https:\/\/www.withsecure.com\/de\/withsecure-elements-privacy-policy\/\">Mehr erfahren<\/a>            <\/div>\n            <\/div>\n<\/div>","_links":{"self":[{"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/pages\/12889","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/comments?post=12889"}],"version-history":[{"count":0,"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/pages\/12889\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/media?parent=12889"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}