POLICIES

F5 Certified!™ Professional Certification Program Privacy Statement

Published on: 20 July 2022

Last updated on: 10 February 2023

1. Overview

The F5 Certified!™ Professional Certification Program provides certificate holders with an internationally recognized validation that they have the skills, understanding and knowledge necessary to work with F5 products and services.

2. Roles of the Parties

Under the data protection laws of the EU and similar jurisdictions, F5 is a controller of personal data that F5 collects in connection with its administration of the F5 Certified! ™ program, while testing providers (such as Pearson VUE and Prometric) act as F5’s processor for collection of personal data to administer F5 examinations.

3. Personal Data Collected by the Service

To register into the F5 Certified!™ program on the certification portal, we collect candidate contact information, such as:

First & last name

Email address

Physical address (country, city & street address)

When the candidate visits an exam provider to take a certification exam, the provider will collect or review additional personal data for exam integrity and fraud prevention purposes, as described in the next section.  The specific data will vary by provider and location, but generally this will include:

Two forms of identification, one of which must be government-issued and include a picture ID, both of which must contain a signature;

  • Digital signature;
  • A photograph of the candidate;
  • Audio and video monitoring of the examination location; and
  • Biometric information, such as fingerprint or palm vein scan.
  • Candidates may also provide F5 with personal data relating to requested testing accommodations (such as information about health, or records establishing language concerns).

We also maintain records of candidates’ certification status and testing history.

4. Use and Disclosure of Personal Data

F5 uses and discloses candidate contact information, and the records of a candidate’s certification and testing history, to administer the exams, communicate with the candidate about their certifications and the F5 Certified!™ program, provide validation to third parties regarding whether the individual holds a certification, and as otherwise described in the F5 Privacy Notice.  

F5 products and services play a critical role in the stability and security of our customers’ networks, and the certifications we issue help our customers choose the most qualified personnel to manage and advise them on those product and services.  Given the negative consequences that could result from the fraudulent acquisition of an F5 certification (for example, a large-scale personal data breach caused by the incorrect use of an F5 product by an individual who obtained their role by cheating on an F5 certification exam), we implement extensive security and anti-fraud measures to protect the integrity of our F5 Certified!™ program.  

Cheating attempts take many forms, such hiring an expert to pose as the candidate and take the exam; attempting to photograph the exam for later sale of exam questions; taking the exam multiple times to memorize questions (for the same purpose); and communication with a third party while taking the exam. 

We use all the personal data we collect in the certification context to combat cheating and protect the integrity of the certification program.  For example, our exam providers use the biometric information to confirm that the candidate has not previously taken an examination while using a different identity, and they use audio and video monitoring of the exam room to ensure that candidates do not copy the exam or communicate with each other or with third parties.

  • Biometric data is processed by the exam provider (not F5), and it is processed only on the basis of explicit consent. Candidates that will not provide this consent for a particular exam must notify F5 of this via an Admission Data Waiver form submitted at least 30 days in advance of the exam so that appropriate procedures will be ready.  Other identity verification data (such as signatures and photographs) are processed on the basis of the legitimate interest of protecting the integrity of the certification process, an interest that is shared by F5, certification candidates, employers of certification candidates, and the public that relies on the networks that F5-certified individuals help to maintain and secure.
     
  • Audio and video monitoring of the exam location is processed on the basis of the legitimate interest of protecting the integrity of the certification process and, in some locations, based on the express consent of the candidate.
     
  • Personal data regarding testing accommodation requests is used to process those requests and to perform our obligations under the certification agreement, consistent with the need for exam integrity and security.

5. Data Retention

Normal retention periods for particular data types are described below, but these periods may be extended as reasonably necessary for the following purposes, when legally permissible:

  • conducting an investigation regarding cheating, theft, or other misconduct;
  • addressing an escalation or complaint made by a candidate or third party;
  • addressing other legal or insurance issues;
  • complying with a legal retention obligation.

Given the lifetime value of a certification, test results and certification history (dates that particular certifications were achieved) are currently slated to be retained for up to 40 years.

Personal data detailing the reason why a particular testing accommodation is requested is deleted when a final decision is made regarding whether to implement the accommodation.

Audio and video recordings of exam locations:

Pearson VUE Test Centers:  Audio & video recordings are retained for 30 days.

Prometric Test Centers:  Audio & video recordings are retained for 120 days, with the following exceptions:

  • Cyprus: 20 days
  • Dublin and Cork: 60 days
  • Italy: 7 days
  • Rest of European Economic Area: 30 days
  • United Kingdom centers delivering UKV/SELT exams: 60 days
  • Other United Kingdom centers: 30 days

Fingerprints and palm vein scans:

Pearson VUE Test Centers:  The standard retention period is three years. When biometric data is collected, Pearson VUE retains only a template (numerical values readable by Pearson Vue systems). Once the retention period has been met, the template is obfuscated and destroyed.

  • Generally, during active investigations or legal activity permitted by law, this biometric data may be retained for six years or longer.
  • However, for candidates in Illinois, absent a valid warrant or subpoena issued by a court of competent jurisdiction, or a legal requirement that takes precedence over the Biometric Information Privacy Act (BIPA), this data is purged after three years.  There are no other exceptions to the Illinois retention period.

        Prometric Test Centers:  Not Applicable. F5 has opted out of the use of biometric data with Prometric.

Digital signature & photo (other than from copies of identity documents):

        Pearson VUE Test Centers:  Pearson VUE retains a photograph of the individual and a digital signature for 3 years.

        Prometric Test Centers:  Prometric does not collect or retain photographs for F5 candidates. Signature data will be retained for 5 years.

Copies of identity documents

        Pearson VUE Test Centers:  For test center delivery, identity documents are not retained.

        Prometric Test Centers:  Five years from the date of the last service, test, or assessment.
 

6. More Information

For more information about F5’s privacy practices, including how to exercise any rights you may have with respect to your personal data, please see the F5 Privacy Notice.