POLICIES

F5 BIG-IP & Services Privacy Statement

Published on: 1 July 2020
Last updated on: 4 October 2023

Overview

F5 offers network and security solutions branded as BIG-IP in the form of BIG-IP hardware, BIG-IP Virtual Edition, and BIG-IP Cloud Edition (collectively, the “BIG-IP Solutions”).  F5 also provides support, maintenance, and professional services for the BIG-IP Solutions (the “Services”).

F5 does not process personal data through the BIG-IP Solutions.  This Privacy Statement applies to the customer data that F5 processes through the Services.

Roles of the Parties

Under the data protection laws of the EU and similar jurisdictions, F5 is a processor of the customer data, and the customer is (or acts on behalf of) a controller of such data, to the extent it contains personal data. 

Collection and Processing of Personal Data

The BIG-IP Solutions process customer network traffic (which may contain IP addresses or other personal data) within the customer’s location or within the customer’s own cloud environment—all without transmitting network traffic or other personal data to F5.  F5 does not provide a cloud environment in which BIG-IP Solutions operate.

Customers who use support and maintenance Services may choose to provide F5 with personal data.  One way they can do this is by providing F5 with a file called a QKView, which contains network and configuration details relevant to the BIG-IP Solution, including a sampling of its log files, which contain IP addresses.  The customer would take specific steps to generate the QKView and manually upload it to iHealth, an F5 support website.  After running an automated process that removes certain kinds of data from the snapshot (such as portions that appear to be formatted like passwords or private keys), the iHealth website can display the contents of the QKView in human-readable form for the customer or F5 personnel. 

The other way a customer can provide F5 with personal data in the support and maintenance context is by taking specific steps to create, and then manually upload to F5, a different type of snapshot from the BIG-IP Solution’s memory cores (or their virtual equivalent), or a snapshot of the traffic passing through the BIG-IP Solution.  These snapshots typically contain IP addresses.  If the customer uses the BIG-IP Solution to process traffic that contains personal data, the snapshot may contain random snippets of such personal data.

On occasion, F5 customers may return a BIG-IP device to F5 through our Return Material Authorization (RMA) process.  F5 provides instructions to customers about how to remove their data from their devices prior to return.  If a customer does not follow this process, F5 overwrites the data after receiving the device.  F5 also offers RMA alternatives that allow customers to retain out-of-service BIG-IP devices while still receiving a replacement.

F5’s provision of professional services to the customer may, depending on the Services and the customer’s needs, involve incidental access by F5 personnel to the sorts of data described above.

More Information

To exercise your rights with respect to the customer data that F5 processes in connection with a customer’s BIG-IP Solution or Services, please contact that customer. F5’s Data Privacy Framework Certification covers this data to the extent it is personal data. For more information about F5’s privacy practices, please see the F5 Privacy Notice.