Fortinet Privacy Policy

Effective Date: March 6, 2017

This is the Privacy Policy of Fortinet, Inc. and Fortinet Singapore Private Limited (collectively, “Fortinet,” “we,” “our,” or “us”). We provide security solutions that protect networks, users, and data from continually evolving threats. This Privacy Policy covers Fortinet’s handling of two categories of information:

  1. Information we receive through our products, support, or cloud-based services (collectively, the “Fortinet Services”), and
  2. Information we receive through our website at www.fortinet.com or any other Fortinet website on which this Policy is posted (“Fortinet Websites”).

1.  Privacy Practices Specific to Fortinet Services

    a.  Information Collected Through the Fortinet Services

Through the Fortinet Services, we may collect or process (sometimes just momentarily) a variety of information about users of the Fortinet Services and associated devices and networks connected with the Fortinet Services, including:

  • Device identifiers, IP addresses, and other information about computing systems, applications and networks
  • Information about activity on computing systems, applications and networks; and
  • File and communications content and metadata; and
  • Information provided to us through dashboards or portals associated with the Fortinet Services.

   b.  Uses of Information Collected Through the Fortinet Services

Subject to applicable contractual and legal restrictions, and depending on the particular Fortinet Services at issue, we use and disclose the information described above (sometimes in combination with other information we obtain) for the following purposes:

  • To provide the Fortinet Services, including by:
    • Analyzing and improving the Fortinet Services
    • Providing maintenance and technical support;
    • Providing product upgrades;
    • Managing and renewing subscriptions;
  • To enforce the legal terms that govern the Fortinet Services;
  • To comply with law and protect rights and property.
  • For other purposes requested or authorized by our users.

Various Fortinet Services use automated technology to recognize and defend against cybersecurity threats, such as by blocking or quarantining suspected malicious data.  In addition, to improve cybersecurity, Fortinet may exchange certain threat indicators, such as virus signatures or techniques for detection of malicious activity, with other cybersecurity organizations.

Certain Fortinet Services make certain information they collect available to the customer that manages the service.  For details about that customer’s handling of the data, please contact that customer. 

We conduct the above activities on the basis of our legitimate interests in operating our business and protecting our customers.  Where appropriate, these activities also are conducted on the basis of consent.

2.  Privacy Practices Specific to Fortinet Websites

     a.  Information Collected Through the Fortinet Websites

When you use the Fortinet Websites, we may collect information when you provide information directly to us and when we passively collect information from you.

                                i.     Information You Provide to Us Through the Fortinet Websites

Such information you may provide to us may include, without limitation, your name; address; phone number; email address; and credit card number or other payment details. For example, we collect this information when you fill out an online form, contact us for information or customer support, register to use a service, make a purchase, and request certain features (e.g., newsletters, updates, and other products).  

In order to tailor our communications to you and continuously improve our products and services (including registration), we may also ask you to provide us with information regarding your personal or professional interests, experience with our products, and more detailed contact preferences. You always have the option of choosing not to provide us with this information.

We may enable you to send communications to us or to third parties, such as through our live chat feature. All such communications become our property once you submit them.  Without limiting the foregoing, when you provide us with suggestions or feedback for any of our products and services, you grant us an irrevocable, exclusive, royalty-free, perpetual, worldwide license to use, modify, prepare derivative works, publish, distribute and sublicense the suggestions or feedback.  When you choose to initiate communication with us, or anyone else, you may be contacted in return. Please use your discretion when deciding whether and what to communicate. We reserve the right, in our sole discretion, to monitor, edit or delete communications transmitted to us or that are made publicly available on the Fortinet Websites, but we have no obligation to do so, and we will not be liable for any such edits or deletions.

                              ii.     Information Collected Automatically Through the Fortinet Websites

We may automatically collect information about how you access and use the Fortinet Websites. For example, we may collect and store information such as your browser type, IP address, language, operating system, the state or country from which you accessed the Fortinet Websites, the pages you view, the services you use, the date and time of your visit, the websites you visited immediately before and after visiting our websites, error logs, and other hardware and software information.  Fortinet may maintain logs of the traffic that visits the Fortinet Websites. Log files are used to manage traffic loads and information technology requirements for providing reliable service and for other purposes described in this Privacy Policy. We may use third party analytics providers, such as Google Analytics, and various technologies, including cookies and similar tools, to assist in collecting this information. We may use this information to formulate statistical models about use of the Fortinet Websites, enhance the Fortinet Websites for our users, and provide you with tailored content and advertising. To prevent Google Analytics from using your information in a particular browser for analytics, you may install the Google Analytics Opt-Out Browser Add-on by clicking here

Cookies. The Fortinet Websites may use cookie technology and similar online tools, such as web beacons and web pixels. “Cookies” are small files that a website stores on a user’s computer or device.  We use cookies to identify customers when they visit our sites. Cookies are used to remember user preferences and maximize performance of the Fortinet Websites. Additionally, cookies help us to identify returning users so that we don't ask them to enter their email and password with every visit. Most web browsers automatically accept cookies, but you may set your browser to block cookies (consult the instructions for your particular browser on how to do this). Please note that if you decide to block cookies, this may interfere with your ability to perform certain transactions, use certain functionality, and access certain content on the Fortinet Websites.

Tailored Advertising.  The Fortinet Websites may include third-party cookies and other ad technology that enables customized ads to be displayed to you through the Fortinet Websites and elsewhere online. When you use the Fortinet Websites, we or third parties operating the ad serving technology may use device or similar information that is collected through cookies, web beacons, pixels, clear GIFs, or similar technologies to customize ads and to perform analytics concerning your use of the Fortinet Websites and other websites tracked by these third parties. These technologies also may control the number of times you see a given ad, deliver ads that relate to your interests, and measure the effectiveness of ad campaigns. To the extent any of this information is collected by third parties, you acknowledge and agree that such collection and use is governed by those third parties’ privacy policies and we are not responsible for the privacy practices of such third parties. Cookies may be associated with de-identified data linked to or derived from data you voluntarily have submitted to us (e.g., your email address) that we may share with a service provider in hashed, non-human readable form.

For more information about tailored ads and your choices to prevent some of these third parties from delivering tailored ads, you may visit the following third party websites: the Network Advertising Initiative Consumer Opt-Out Page or the Digital Advertising Alliance’s Consumer Opt-Out Page.  You can also visit the Google Ad Settings page adjust your preferences regarding certain ads facilitated by Google. Please note that you will still receive ads even if you opt out of tailored ads. In that case, the ads will just not be tailored to your interests. If your browser is configured to reject cookies when you visit an opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your opt-out may no longer be effective. Also, the opt-out services identified above are controlled by those third parties, not Fortinet, and Fortinet does not control which companies choose to participate in those programs.

Do Not Track. We are committed to providing you with meaningful choices about the information collected on our Services for third party purposes, and that is why we provide the various advertising opt outs above. However, we do not recognize or respond to browser-initiated Do Not Track signals, as the Internet industry is still working on Do Not Track standards, implementations and solutions.

      b.     Use of Your Information Collected Through the Fortinet Websites

Fortinet uses and discloses information collected though the Fortinet Websites to better understand your needs and provide better service. We may use the information to:

  • Process and respond to your inquiries
  • Help you complete a transaction, including fulfillment of orders and promotional offers;
  • Manage and renew your subscription(s).
  • Send you marketing or other communications that may be of interest to you;
  • Update you on service and benefits;
  • Analyze the accuracy, effectiveness, usability, or popularity of the Fortinet Websites;
  • Improve the content and features of the Fortinet Websites, Fortinet Services or develop new products and services;
  • Administer and troubleshoot the Fortinet Websites;
  • Enforce the legal terms that govern the Fortinet Websites;
  • Comply with law and protect rights and property.
  • For other purposes requested or authorized by our users.

We conduct those activities either on the basis of our legitimate interests in operating our business or on the basis of consent.

3.  Additional Information About Our Privacy Practices (applicable to both Fortinet Services and Fortinet Websites)

a.   Information from Third Parties

We may obtain additional information about you from third parties such as marketers, partners, researchers, and others. We may combine information that we collect from or about you with information we obtain about you from such third parties and affiliates and information derived from any other subscription, product, or service we provide.

b.  Aggregated or De-Identified Data

We may aggregate and/or de-identify information collected by the Fortinet Websites or Fortinet Services or via other means so that the information does not identify you. Our use and disclosure of aggregated, anonymized, and other non-personal information is not subject to any restrictions under this Privacy Policy, and we may disclose it to others without limitation for any purpose.

c.  Sharing of Your Information

We may share your information in the following ways:

  • We may share information with other companies and individuals that assist us.
  • We may access or disclose information about you, including the content of your communications, when we believe in good faith that such disclosure is necessary and appropriate in order to: (a) comply with the law or respond to lawful requests or legal processes; (b) protect the rights or property of Fortinet or our partners or customers, including the enforcement of our agreements or policies; or (c) protect the personal safety of individuals such as Fortinet employees, partners, customers or the public.
  • We may share your information with any affiliate or agent of Fortinet in order to provide the Services or perform services on our behalf.
  • We may also disclose, sell or assign personal information in connection with or in anticipation of a corporate transaction, such as a merger, acquisition, sale of assets or restructuring.
  • We may also share your information when we have appropriate consent or when otherwise permitted by law.

d.  Your Email Marketing Choices

If you provide us with your email address, we may occasionally send you emails with recommendations or notices regarding our products, prices, and services. This email may include paid advertisements from third parties. We will include unsubscribe instructions with such commercial communications. Please note that these opt-out processes may take some time to complete, consistent with applicable law.

Separately, we send service notifications via email to keep you informed about the status of your service orders or accounts and to provide updates and technical notices. These messages are informational and essential to the maintenance of your subscription and the functionality of our services.  There is thus no opt-out for service notifications.

e.   Third Party Links and Services

The Fortinet Services and Fortinet Websites may contain links to third-party websites, including social networking websites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. Please be aware that we are not responsible for the content or privacy practices of other websites or services to which we link. We do not endorse or make any representations about third-party websites or services. The personal information you choose to provide to or that is collected by these third parties is not covered by our Privacy Policy. We strongly encourage you to read such third parties’ privacy policies.

f.  Security of Your Personal Information

We have put in place physical, electronic, and managerial procedures to safeguard data and help prevent unauthorized access, to maintain data security, and to use correctly the data we collect.  However, we cannot assure you that data that we collect will never be disclosed in a manner that is inconsistent with this Privacy Policy.

If a password is used to help protect your personal information, it is your responsibility to keep the password confidential. Do not share this information with anyone.

g.  Additional Details About Your Personal Information Rights

You may review and update certain user information by logging in to the relevant portions of the Fortinet Services or Fortinet Websites where such information may be updated.   In addition, the law of your jurisdiction may give you the right to request access to and rectification or erasure of certain personal data we hold.  It may also give you the right to request restrictions on the processing of your personal data, or to withdraw consent for the processing of your personal data.  You may contact us as described below to make these requests.  In situations in which we process your personal data only on behalf of our customer (typically the case with respect to our processing of personal data collected through the Fortinet Services), we may refer your request to the relevant customer and cooperate with their handling of the request.  You may contact us with any concern or complaint regarding our privacy practices, and you also may lodge a complaint with the relevant governmental authority.

h.  International Data Transfer

The data centers that hold data collected from Fortinet Services are located in the European Union and in Canada (on the basis of the European Commission’s decision 2002/2/EC, which recognizes that the Canadian Personal Information Protection and Electronic Documents Act provides adequate data protection).  This data is not hosted in the United States.  Certain commercial data, such the name, phone number and email address of our main contact at each customer, may be stored in the United States or elsewhere outside your country.

i.   Your California Privacy Rights.

Subject to certain limitations, California law permits California residents to request and obtain from us a list of the third parties to whom we have disclosed personal information (if any) for the recipient’s direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to privacy@fortinet.com.

j.  Notification of Changes

Fortinet reserves the right to change this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, the features of our services, or advances in technology. Please check this page periodically for changes. Your continued use of the services following the posting of changes to this policy will mean you accept those changes.

Contact Information

If you have questions regarding our practices or this Privacy Policy, please contact us at privacy@fortinet.com.  Additional contact options are here.