Experiencing a breach?
Select Language
Request demo
Languages
Request demo
Back to Home

Partners

Partner offeringPartner success services
Back to Home

Resources

Resources Hub Resources
Back to Resources

Resources Hub

See all
Contact us
Back to Resources

Resources

Success storiesWebinarsEventsPodcastsPressroomBlogW/LabsIndustry recognition
Contact us
Back to Home

About

About WithSecureLeadershipCompany contacts & officesCareers at WithSecureMuseum of Malware ArtAchievements & certificationsSustainabilityCompare UsVulnerability reward program
Contact us
Back to Home

Platform

Elements Cloud Elements capabilities
Back to Platform

Elements Cloud

See overview
Back to Platform

Elements capabilities

Exposure ManagementExtended Detection & ResponseCo-Security Services
Back to Home

Solutions

Industry Use case
Back to Solutions

Industry

Solution industry page linkSolution industry page linkSolution industry page link
Back to Solutions

Use case

ComplianceSolution use case page linkAI threatsSolution use case page linkSOC transformationSolution use case page link
Back to Home

Login

Back to Home

Languages

English Finnish French German Japanese

Business Suite Privacy Policy

July 2022

In brief

WithSecure Business Suite is an information security product suite for both workstations and servers, which are controlled via a management portal. The core privacy aspects of this service are:

  • the focus of data collection is on catching malicious activity on the protected devices;
  • the collected security data is anonymous to WithSecure by design;
  • your employer’s IT administrator has access to the data collected in identifiable format.

Structure

This service-specific policy focuses on the items we believe are the most relevant for you. Such items are in particular:

1) the type of personal and private data that the service collects,

2) what we use it for,

3) our justification,

4) typical disclosures, and

5) for how long we store it.

More information on such topics as well as on other aspects (data subject rights, contact information, etc.) of the processing of your personal data is also available via the embedded links to our General privacy policy.

Covered services

The individual services of Business Suite are Client Security and Client Security for Mac, which protect the employee computers; Server Security, which protect corporate servers; Linux Security, which protects Linux desktops and servers; Atlant for Virtual Environments, which scans uploaded files and aims to optimize performance inside virtual environments.

Your employer’s environment may have all or only some of the individual services. The data collection and processing schemes for the mentioned individual services are similar to each other.

All of the above individual services can be managed by Policy Manager, which is a centralized management tool for the customer company’s IT administrator. Policy Manager is on-premise server software.

What data is collected and what it is used for

The security data that is sent automatically by individual Services to WithSecure is handled by WithSecure’s ’Security Cloud’ component or its subset. An individual service sends queries to Security Cloud on potentially malicious activity on your devices and data traffic passing through them. WithSecure does not connect these queries to the identity of the user. However, your employer’s IT administrator is likely able to link your identity with the results provided by Security Cloud, as they need to be able to react to security issues detected by the service.

WithSecure has no visibility into the individual employee data that a customer company’s IT administrator processes via Policy Manager for the purpose of managing the services on company-owned devices. WithSecure’s service-use-based data collection is limited to statistical data for service management and invoicing purposes from Policy Manager, from which an individual person cannot be identified.

If the services do not work as intended, your employer may utilize WithSecure’s expertise to resolve issues. In such cases, you are typically asked to run an WithSecure support tool on the device – whether a personal computer or a server – where the individual service is installed and to deliver the information to WithSecure. The separate WithSecure support tool privacy policy explains the processes for data collection and handling in such cases.

WithSecure’s processing of the personal data of relevant customer company contact persons is explained in the General privacy policy.

Legal grounds

To the extent that the data processed by WithSecure in the services is identifiable to an individual, the services process data to safeguard the following legitimate interests;

  • providing WithSecure services to secure our customers’ networks and devices as well as the confidentiality and availability of the data therein;
  • enabling WithSecure to detect emerging threats and security-relevant trends among all of its customers, so that our services can keep on par with evolving threats;
  • enabling WithSecure to provide a centralized security service framework across multiple continents to a large number of customers and partners.

The data processing undertaken by the services is mandatory for the efficient protection of the device/network. While the individual service’s settings may enable an IT administrator or employee to limit the processing of security data by WithSecure, such adjustments are not recommended, as they endanger achieving the above intended purposes of the services.

Transfers and disclosures

The data presented in the service portal is visible to your company’s IT administrator, whether internal or external. If the company’s IT is managed by a third party, this data is also available to them

(WithSecure’s “distributor/reseller partner”), so that they can provide your company with support for our services and corresponding IT services.

WithSecure further employs its own affiliates and subcontractors so we can provide our services globally.

More information on transfers and disclosures is available in the WithSecure General Privacy Policy here.

Sources

More information on data sources is available in the WithSecure General Privacy Policy here

Retention

Anonymized security data and statistical data are stored without a set end date as long as the data is useful for the purpose it was collected for. The other data types described above are stored for the duration given in their respective privacy policies, after which they are deleted or anonymized.

More information on retention times is available in the WithSecure General Privacy Policy here

Analytics

As of the date of this policy, individual services within Business Suite do not collect additional analytics data. Data collection is limited to that strictly required to provide the Service.

Policy Manager reports statistical analytics on its usage (for example, used features) to WithSecure. The statistical analytics relate to the general usage of the service, not to any individual.

Security

We apply strict security measures to protect the confidentiality, integrity, and availability of your personal data when transferring, storing, or processing it.

We use physical, administrative, and technical security measures to reduce the risk of loss, misuse, or unauthorized access, disclosure, or modification of your personal data.

All personal data is stored on secure servers operated by WithSecure or our partners with access limited to authorized personnel only.

Your rights

Information on your statutory rights and how to contact us is available in the WithSecure General Privacy Policy here

General

Please note that this privacy policy will regularly be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws.

This version of the policy clarifies, updates, and replaces the previous version. To continue keeping this document up to date, we will make changes and additions to this from time to time.

More information on definitions and change management is available in the WithSecure General Privacy Policy here