Effective Date: March 6, 2017
- Information we receive through our products, support, or cloud-based services (collectively, the “Fortinet Services”), and
- Information we receive through our website at www.fortinet.com or any other Fortinet website on which this Policy is posted (“Fortinet Websites”).
1. Privacy Practices Specific to Fortinet Services
a. Information Collected Through the Fortinet Services
Through the Fortinet Services, we may collect or process (sometimes just momentarily) a variety of information about users of the Fortinet Services and associated devices and networks connected with the Fortinet Services, including:
- Device identifiers, IP addresses, and other information about computing systems, applications and networks
- Information about activity on computing systems, applications and networks; and
- File and communications content and metadata; and
- Information provided to us through dashboards or portals associated with the Fortinet Services.
b. Uses of Information Collected Through the Fortinet Services
Subject to applicable contractual and legal restrictions, and depending on the particular Fortinet Services at issue, we use and disclose the information described above (sometimes in combination with other information we obtain) for the following purposes:
- To provide the Fortinet Services, including by:
- Analyzing and improving the Fortinet Services
- Providing maintenance and technical support;
- Providing product upgrades;
- Managing and renewing subscriptions;
- To enforce the legal terms that govern the Fortinet Services;
- To comply with law and protect rights and property.
- For other purposes requested or authorized by our users.
Various Fortinet Services use automated technology to recognize and defend against cybersecurity threats, such as by blocking or quarantining suspected malicious data. In addition, to improve cybersecurity, Fortinet may exchange certain threat indicators, such as virus signatures or techniques for detection of malicious activity, with other cybersecurity organizations.
Certain Fortinet Services make certain information they collect available to the customer that manages the service. For details about that customer’s handling of the data, please contact that customer.
We conduct the above activities on the basis of our legitimate interests in operating our business and protecting our customers. Where appropriate, these activities also are conducted on the basis of consent.
2. Privacy Practices Specific to Fortinet Websites
a. Information Collected Through the Fortinet Websites
When you use the Fortinet Websites, we may collect information when you provide information directly to us and when we passively collect information from you.
i. Information You Provide to Us Through the Fortinet Websites
Such information you may provide to us may include, without limitation, your name; address; phone number; email address; and credit card number or other payment details. For example, we collect this information when you fill out an online form, contact us for information or customer support, register to use a service, make a purchase, and request certain features (e.g., newsletters, updates, and other products).
In order to tailor our communications to you and continuously improve our products and services (including registration), we may also ask you to provide us with information regarding your personal or professional interests, experience with our products, and more detailed contact preferences. You always have the option of choosing not to provide us with this information.
We may enable you to send communications to us or to third parties, such as through our live chat feature. All such communications become our property once you submit them. Without limiting the foregoing, when you provide us with suggestions or feedback for any of our products and services, you grant us an irrevocable, exclusive, royalty-free, perpetual, worldwide license to use, modify, prepare derivative works, publish, distribute and sublicense the suggestions or feedback. When you choose to initiate communication with us, or anyone else, you may be contacted in return. Please use your discretion when deciding whether and what to communicate. We reserve the right, in our sole discretion, to monitor, edit or delete communications transmitted to us or that are made publicly available on the Fortinet Websites, but we have no obligation to do so, and we will not be liable for any such edits or deletions.
ii. Information Collected Automatically Through the Fortinet Websites
Tailored Advertising. The Fortinet Websites may include third-party cookies and other ad technology that enables customized ads to be displayed to you through the Fortinet Websites and elsewhere online. When you use the Fortinet Websites, we or third parties operating the ad serving technology may use device or similar information that is collected through cookies, web beacons, pixels, clear GIFs, or similar technologies to customize ads and to perform analytics concerning your use of the Fortinet Websites and other websites tracked by these third parties. These technologies also may control the number of times you see a given ad, deliver ads that relate to your interests, and measure the effectiveness of ad campaigns. To the extent any of this information is collected by third parties, you acknowledge and agree that such collection and use is governed by those third parties’ privacy policies and we are not responsible for the privacy practices of such third parties. Cookies may be associated with de-identified data linked to or derived from data you voluntarily have submitted to us (e.g., your email address) that we may share with a service provider in hashed, non-human readable form.
For more information about tailored ads and your choices to prevent some of these third parties from delivering tailored ads, you may visit the following third party websites: the Network Advertising Initiative Consumer Opt-Out Page or the Digital Advertising Alliance’s Consumer Opt-Out Page. You can also visit the Google Ad Settings page adjust your preferences regarding certain ads facilitated by Google. Please note that you will still receive ads even if you opt out of tailored ads. In that case, the ads will just not be tailored to your interests. If your browser is configured to reject cookies when you visit an opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your opt-out may no longer be effective. Also, the opt-out services identified above are controlled by those third parties, not Fortinet, and Fortinet does not control which companies choose to participate in those programs.
Do Not Track. We are committed to providing you with meaningful choices about the information collected on our Services for third party purposes, and that is why we provide the various advertising opt outs above. However, we do not recognize or respond to browser-initiated Do Not Track signals, as the Internet industry is still working on Do Not Track standards, implementations and solutions.
b. Use of Your Information Collected Through the Fortinet Websites
Fortinet uses and discloses information collected though the Fortinet Websites to better understand your needs and provide better service. We may use the information to:
- Process and respond to your inquiries
- Help you complete a transaction, including fulfillment of orders and promotional offers;
- Manage and renew your subscription(s).
- Send you marketing or other communications that may be of interest to you;
- Update you on service and benefits;
- Analyze the accuracy, effectiveness, usability, or popularity of the Fortinet Websites;
- Improve the content and features of the Fortinet Websites, Fortinet Services or develop new products and services;
- Administer and troubleshoot the Fortinet Websites;
- Enforce the legal terms that govern the Fortinet Websites;
- Comply with law and protect rights and property.
- For other purposes requested or authorized by our users.
We conduct those activities either on the basis of our legitimate interests in operating our business or on the basis of consent.
3. Additional Information About Our Privacy Practices (applicable to both Fortinet Services and Fortinet Websites)
a. Information from Third Parties
We may obtain additional information about you from third parties such as marketers, partners, researchers, and others. We may combine information that we collect from or about you with information we obtain about you from such third parties and affiliates and information derived from any other subscription, product, or service we provide.
b. Aggregated or De-Identified Data
c. Sharing of Your Information
We may share your information in the following ways:
- We may share information with other companies and individuals that assist us.
- We may access or disclose information about you, including the content of your communications, when we believe in good faith that such disclosure is necessary and appropriate in order to: (a) comply with the law or respond to lawful requests or legal processes; (b) protect the rights or property of Fortinet or our partners or customers, including the enforcement of our agreements or policies; or (c) protect the personal safety of individuals such as Fortinet employees, partners, customers or the public.
- We may share your information with any affiliate or agent of Fortinet in order to provide the Services or perform services on our behalf.
- We may also disclose, sell or assign personal information in connection with or in anticipation of a corporate transaction, such as a merger, acquisition, sale of assets or restructuring.
- We may also share your information when we have appropriate consent or when otherwise permitted by law.
d. Your Email Marketing Choices
If you provide us with your email address, we may occasionally send you emails with recommendations or notices regarding our products, prices, and services. This email may include paid advertisements from third parties. We will include unsubscribe instructions with such commercial communications. Please note that these opt-out processes may take some time to complete, consistent with applicable law.
Separately, we send service notifications via email to keep you informed about the status of your service orders or accounts and to provide updates and technical notices. These messages are informational and essential to the maintenance of your subscription and the functionality of our services. There is thus no opt-out for service notifications.
e. Third Party Links and Services
f. Security of Your Personal Information
If a password is used to help protect your personal information, it is your responsibility to keep the password confidential. Do not share this information with anyone.
g. Additional Details About Your Personal Information Rights
You may review and update certain user information by logging in to the relevant portions of the Fortinet Services or Fortinet Websites where such information may be updated. In addition, the law of your jurisdiction may give you the right to request access to and rectification or erasure of certain personal data we hold. It may also give you the right to request restrictions on the processing of your personal data, or to withdraw consent for the processing of your personal data. You may contact us as described below to make these requests. In situations in which we process your personal data only on behalf of our customer (typically the case with respect to our processing of personal data collected through the Fortinet Services), we may refer your request to the relevant customer and cooperate with their handling of the request. You may contact us with any concern or complaint regarding our privacy practices, and you also may lodge a complaint with the relevant governmental authority.
h. International Data Transfer
The data centers that hold data collected from Fortinet Services are located in the European Union and in Canada (on the basis of the European Commission’s decision 2002/2/EC, which recognizes that the Canadian Personal Information Protection and Electronic Documents Act provides adequate data protection). This data is not hosted in the United States. Certain commercial data, such the name, phone number and email address of our main contact at each customer, may be stored in the United States or elsewhere outside your country.
i. Your California Privacy Rights.
Subject to certain limitations, California law permits California residents to request and obtain from us a list of the third parties to whom we have disclosed personal information (if any) for the recipient’s direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to firstname.lastname@example.org.
j. Notification of Changes