BIG IP – October 30, 2020
The European Union (E.U.) has introduced the General Data Protection Regulation 2016/679 (“GDPR”), which is a new privacy regulation containing security and privacy requirements to fully protect data belonging to E.U. based individuals.
GDPR was adopted by the European Parliament in April 2016 and goes into effect on May 25, 2018.
GDPR is applicable for companies based in and out of the E.U. where data collection and personal data handling from EU-based individuals is in play. Any information which can be used on its own or with other information to locate, contact or identify a single person such as names, identification numbers, online identifiers, location data, or any other factors specific to the individual’s genetic, physical, mental, physiological, cultural, economic, or social identity is considered to be Personally Identifiable Information (PII).
In order to be in compliance with GDPR, any company handling or collecting PII. I pertaining to EU-based individuals needs to ensure their data management protocol adheres to all requirements detailed within GDPR.
Included in the requirements for GDPR are cross-border data flow mechanisms, technical/operational security measures, notice & consent, accountability and data minimization.
For over a year, BIG IP has been re-addressing security at all levels to account for broad changes. The Company has carefully assessed all relevant GDPR details and has ensured they have been appropriately matched with the Company’s privacy roadmap and security policies and controls. The Company has decided to offer the same level of compliance for any user, regardless of their nationality or place of residence, in anticipation of GDPR spreading globally.
BIG IP’s technology and service offerings have pre-established privacy and security features already in place, putting our customers in control. BIG IP’s commitment is to help customers, regardless of location or nationality, maintain stringent controls and accountability for all online and offline offerings through which a customer’s data may be attainable.
BIG IP’s Cloud-based offering relies on industry-leading partners and data providers, each with S.O.C. 2 reports that are re-issued on an annual basis. Data protection is managed throughout the entire data lifecycle, and our commitment is to continuously improve on data handling throughout our existence as a service provider.
As needed, please contact your BIG IP representative for further clarification.
Disclaimer: This document is not to be used as legal advice about any law or regulation. To understand the GDPR, customers must seek their own legal counsel.
BIG-IP.com (“Company” or “We“) respects your privacy and is committed to protecting it through our compliance with this policy.
This policy describes the types of information we may collect from you or that you may provide when you visit our corporate website, www.BIG-IP.com (our “Website“), and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect:
It does not apply to information collected by:
Our website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this website or on or through any of its features. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at: compliance@BIG-IP.com
We collect several types of information from and about users of our website, including information:
We collect this information:
Information You Provide to Us. The information we collect on or through our website may include:
You also may provide information to be published or displayed (hereinafter, “posted“) on public areas of the website or transmitted to other users of the Website or third parties (collectively, “User Contributions“). Your User Contributions are posted on and transmitted to others at your own risk.
Information We Collect Through Automatic Data Collection Technologies. As you navigate through and interact with our website, we may use automatic data collection technologies to collect certain information, not tied to your user profile on our portal, about your equipment, browsing actions, and patterns, including:
We also may use these technologies to collect information about your online activities on our corporate website (www.BIG-IP.com) over time and across third-party websites or other online services (behavioral tracking). You may opt-out of behavioral tracking on this website by responding to the full site takeover when you first land.
The information we collect automatically may include personal information that we may maintain or associate with the personal information we collect in other ways or receive from third parties. It helps us to improve our website and to deliver better and more personalized service, including by enabling us to:
The technologies we use for this automatic data collection may include:
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
HOW WE USE YOUR INFORMATION
We use information that we collect about you or that you provide to us, including any personal information:
If you chose to opt-in to receive marketing materials from us, possibly when you filled our “contact us” form on our corporate website (www.BIG-IP.com), be aware that we may use your information to contact you about our own and third-parties’ goods and services that may be of interest to you. If you do not want us to use your information in this way, please check the relevant box to opt-out located on the “Contact Us” form on our website or at the bottom of any marketing emails you may receive from us. You can also opt-out by sending an email to compliance@BIG-IP.com.
Legal bases for processing (For EEA users): If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have a legal basis for doing so under applicable E.U. laws. The legal basis depends on the Services you use and how you use them. This means we collect and use your information only where:
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
We may disclose aggregated information about our users and information that does not identify any individual without restriction.
We may also disclose your personal information:
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
We do our best to respect your privacy rights and provide you access and control over your data. You may make any of the following requests regarding your data by contacting us at compliance@BIG-IP.com:
Be advised that we use a differential backup system; this means that we cannot delete your specific information from our inactive backups. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change or delete information if we believe the change or deletion would violate any law or legal requirement or cause the information to be incorrect.
If you delete your User Contributions from the website, copies of your User Contributions may remain viewable in cached and archived pages or might have been copied or stored by other Website users. Proper access and use of information provided on the website, including User Contributions, is governed by our Terms & Conditions.
Your California privacy rights
California Civil Code Section § 1798.83 permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to compliance@BIG-IP.com or write to us at 3424 Peachtree Rd NE, Suite 2060, Atlanta, GA 30326.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on secure servers behind firewalls. Any payment transactions and all sensitive personal data will be encrypted using commercially reasonable technology.
We classify your information, but we require your assistance to most capably protect your data. We will ask you to mark data as (1) Unclassified, (2) Confidential, or (3) Sensitive, depending on your classification of any data you submit to us. If you believe that the data you send to us contains personal data or other sensitive information, you must notify us by marking that information as Sensitive.
When classifying your data, you should consider the following definitions:
Your data is processed in our system as either Confidential or Restricted, depending on your classification. If you fail to classify your data, we will consider that data Confidential. Both Unclassified and Confidential data is Unrestricted. Our secure portal uses commercially reasonable technologies, processes, and procedures to maintain the confidentiality, integrity, and availability of all Confidential and Restricted data. While we still make commercially reasonable efforts to protect Unrestricted data, such data is not subject to our most expensive and stringent controls.
The safety and security of your information also depend on you. Where we have given you (or where you have chosen) a password for access to certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the website like message boards. The information you share in public areas may be viewed by any user of the website.
Last Modified: 10/29/2020
These Terms & Conditions are entered into by and between You and BIG IP (“Company“, “we” or “us“). The following terms and conditions, together with any documents they expressly incorporate by reference (collectively, these “Terms & Conditions”), govern your access to and use of BIG-IP.com, including any content, functionality, and services offered on or through www.BIG-IP.com and portal.BIG-IP.com (the “Website“), whether as a guest or a registered user. In order to request and obtain our translation and localization services (our “Services”), you must agree to these Terms & Conditions.
This website is offered and available to users who are 18 years of age or older, competent to enter into contracts, and authorized to provide us with all necessary information to perform any Services you request from us. By using this website, you represent and warrant that you are of legal age to form a binding contract with the Company and meet all of the foregoing eligibility requirements. If you do not meet all of these requirements, you must not access or use the website.
We may revise and update these Terms & Conditions from time to time in our sole discretion. All changes are effective immediately when we post them and apply to all access to and use of the website thereafter. However, if you have a registered account with us, you will be given an opportunity to stop accessing and using the website if you do not agree to our revisions or updates. Additionally, any changes to the dispute resolution provisions set forth in Governing Law and Jurisdiction will not apply to any disputes for which the parties have actual notice on or prior to the date the change is posted on the website.
Your continued use of the website following the posting of revised Terms & Conditions means that you accept and agree to the changes. You are expected to check this page from time to time so you are aware of any changes, as they are binding on you. However, we will make commercially reasonable efforts to notify you of any material changes if you are a registered user of the website.
We reserve the right to withdraw or amend this website, and any service or material we provide on the website, in our sole discretion without notice. We will not be liable if for any reason all or any part of the website is unavailable at any time or for any period. From time to time, we may restrict access to some parts of the website, or the entire website, to users, including registered users.
You are responsible for:
If you choose or are provided with a user name, password, or any other piece of information as part of our security procedures, you must treat such information as confidential, and you must not disclose it to any other person or entity. You also acknowledge that your account is personal to you and agree not to provide any other person with access to this website or portions of it using your user name, password or other security information. You agree to notify us immediately of any unauthorized access to or use of your user name or password or any other breach of security. You also agree to ensure that you exit from your account at the end of each session. You should use particular caution when accessing your account from a public or shared computer so that others are not able to view or record your password or other personal information.
We have the right to disable any user name, password, or other identifier, whether chosen by you or provided by us, at any time if, in our opinion, you have violated any provision of these Terms & Conditions.
Intellectual Property Rights
The website and its entire contents, features, and functionality (including but not limited to all information, software, text, displays, images, video and audio, and the design, selection, and arrangement thereof), are owned by the Company, its licensors or other providers of such material and are protected by the United States and international copyright, trademark, patent, trade secret and other intellectual property or proprietary rights laws.
The Company name, the Company logo, and all related names, logos, product and service names, designs, and slogans are trademarks of the Company or its affiliates or licensors. You must not use such marks without the prior written permission of the Company. All other names, logos, product and service names, designs, and slogans on this website are the trademarks of their respective owners.
You may use the website only for lawful purposes and in accordance with these Terms & Conditions. You agree not to use the website:
Additionally, you agree not to:
The website includes access to your customer portal, which contains chat functionality, file upload and download systems, and access to our Services, and may include other interactive features (collectively, “Interactive Services“) that allow users to post, submit, publish, display or transmit to other users or other persons (hereinafter, “post“) content or materials (collectively, “User Data“) on or through the website, including User Data you ask us to translate or localize.
All User Data must comply with the Data Classification & Content Standards set out in these Terms & Conditions.
Any User Contribution you post to the site will be considered non-confidential and non-proprietary unless you properly comply with the Data Classification & Consent Standards set forth below. By providing any User Contribution on the website, you grant us and our affiliates and service providers, and each of their and our respective licensees, successors, and assigns the right to use, reproduce, modify, perform, display, distribute, and otherwise disclose to third parties any such material for the purpose of providing you with any requested Services.
You represent and warrant that:
You understand and acknowledge that you are responsible for any User Data you submit or contribute. You, not the Company, have full responsibility for such content, including its legality, reliability, accuracy, and appropriateness.
We are not responsible or liable to any third party for the content or accuracy of any User Data posted by you or any other user of the website
We have the right to:
Without limiting the foregoing, we have the right to fully cooperate with any law enforcement authorities or court order requesting or directing us to disclose the identity or other information of anyone posting any materials on or through the website. YOU WAIVE AND HOLD HARMLESS THE COMPANY AND ITS AFFILIATES, LICENSEES AND SERVICE PROVIDERS FROM ANY CLAIMS RESULTING FROM ANY ACTION TAKEN BY ANY OF THE FOREGOING PARTIES DURING OR AS A RESULT OF ITS INVESTIGATIONS AND FROM ANY ACTIONS TAKEN AS A CONSEQUENCE OF INVESTIGATIONS BY EITHER SUCH PARTIES OR LAW ENFORCEMENT AUTHORITIES.
However, we cannot review all material before it is posted on the website and cannot ensure prompt removal of objectionable material after it has been posted. Accordingly, we assume no liability for any action or inaction regarding transmissions, communications, or content provided by any user or third party. We have no liability or responsibility to anyone for performance or nonperformance of the activities described in this section.
Data Classification & Content Standards
These data classification and content standards apply to any and all User Data and use of Interactive Services, including our translation Services. User Data must, in their entirety, comply with all applicable federal, state, local, and international laws and regulations. Without limiting the foregoing, User Data must not:
Your data is processed in our system as either Unrestricted or Restricted, depending on your classification. If you fail to classify your data, we will consider that data Unrestricted. Both Unclassified and Confidential data is Unrestricted. Sensitive data is Restricted. Our secure portal uses commercially reasonable technologies, processes and procedures to maintain the confidentiality, integrity, and availability of all Confidential and Restricted data. While we still make commercially reasonable efforts to protect Unrestricted data, such data is not subject to our most expensive and stringent controls.
You must properly classify your data as required under these Terms & Conditions for us to leverage our technical and organizational measures designed to protect the confidentiality, integrity, and availability of your User Data. If you do not use portal.BIG-IP.com to send us User Data, we make no guarantees or warranties related to the security or safety of such improperly submitted User Data. To request access to portal.BIG-IP.com please write to us at compliance@BIG-IP.com.
We may update the content on this website from time to time, but its content is not necessarily complete or up-to-date. Any of the material on the website may be out of date at any given time, and we are under no obligation to update such material.
You may link to our homepage, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but you must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part without our express written consent.
This website may provide certain social media features that enable you to:
You may use these features solely as they are provided by us, solely with respect to the content they are displayed with, and otherwise in accordance with any additional terms and conditions we provide with respect to such features. Subject to the foregoing, you must not:
We may disable all or any social media features and any links at any time without notice at our discretion.
If the website contains links to other sites and resources provided by third parties, these links are provided for your convenience only. This includes links contained in advertisements, including banner advertisements and sponsored links, if applicable. We have no control over the contents of those sites or resources and accept no responsibility for them or for any loss or damage that may arise from your use of them. If you decide to access any of the third-party websites linked to this website, you do so entirely at your own risk and subject to the terms and conditions of use for such websites.
The owner of the website is based in the state of Florida in the United States. We provide this website for use only by persons located in the United States and any other location where accessing this website is legal. We make no claims that the website or any of its content is accessible or appropriate outside of the United States. Access to the Website may not be legal by certain persons or in certain countries. If you access the website from outside the United States, you do so on your own initiative and are responsible for compliance with local laws, except for laws relating to privacy rights and responsibilities, including the GDPR.
You understand that we cannot and do not guarantee or warrant that files available for downloading from the internet or the website will be free of viruses or other destructive code, except for files that BIG IP has provided for you to download using our Restricted security option via our portal. You are responsible for implementing sufficient procedures and checkpoints to satisfy your particular requirements for anti-virus protection and accuracy of data input and output and for maintaining a means external to our site for any reconstruction of any lost data. WE WILL NOT BE LIABLE FOR ANY LOSS OR DAMAGE CAUSED BY A DISTRIBUTED DENIAL-OF-SERVICE ATTACK, VIRUSES OR OTHER TECHNOLOGICALLY HARMFUL MATERIAL THAT MAY INFECT YOUR COMPUTER EQUIPMENT, COMPUTER PROGRAMS, DATA OR OTHER PROPRIETARY MATERIAL DUE TO YOUR USE OF THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE OR TO YOUR DOWNLOADING OF ANY MATERIAL POSTED ON IT, OR ON ANY WEBSITE LINKED TO IT.
YOUR USE OF THE WEBSITE, ITS CONTENT, AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE IS AT YOUR OWN RISK. THE WEBSITE, ITS CONTENT AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. NEITHER THE COMPANY NOR ANY PERSON ASSOCIATED WITH THE COMPANY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY OR AVAILABILITY OF THE WEBSITE. WITHOUT LIMITING THE FOREGOING, NEITHER THE COMPANY NOR ANYONE ASSOCIATED WITH THE COMPANY REPRESENTS OR WARRANTS THAT THE WEBSITE, ITS CONTENT OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL BE ACCURATE, RELIABLE, ERROR-FREE OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT OUR SITE OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.
THE COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR PARTICULAR PURPOSE.
THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
IN NO EVENT WILL THE COMPANY, ITS AFFILIATES OR THEIR LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS OR DIRECTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, THE WEBSITE, ANY WEBSITES LINKED TO IT, ANY CONTENT ON THE WEBSITE OR SUCH OTHER WEBSITES OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE OR SUCH OTHER WEBSITES, INCLUDING ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO, PERSONAL INJURY, PAIN AND SUFFERING, EMOTIONAL DISTRESS, LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF BUSINESS OR ANTICIPATED SAVINGS, LOSS OF USE, LOSS OF GOODWILL, LOSS OF DATA, AND WHETHER CAUSED BY TORT (INCLUDING NEGLIGENCE), BREACH OF CONTRACT OR OTHERWISE, EVEN IF FORESEEABLE.
THE FOREGOING DOES NOT AFFECT ANY LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
You agree to defend, indemnify and hold harmless the Company, its affiliates, licensors and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors and assigns from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses or fees (including reasonable attorneys’ fees) arising out of or relating to your violation of these Terms & Conditions or your use of the website, including, but not limited to, your User Data, any use of the website’s content, services and products other than as expressly authorized in these Terms & Conditions or your use of any information obtained from the website.
All matters relating to the Website and these Terms & Conditions and any dispute or claim arising therefrom or related thereto (in each case, including non-contractual disputes or claims) shall be governed by and construed in accordance with the internal laws of the State of Georgia without giving effect to any choice or conflict of law provision or rule (whether of the State of Georgia or any other jurisdiction).
Any legal suit, action or proceeding arising out of, or related to, these Terms & Conditions or the website shall be instituted exclusively in the federal courts of the United States or the courts of the State of Georgia in each case located in the City of Atlanta and County of Fulton although we retain the right to bring any suit, action or proceeding against you for breach of these Terms & Conditions in your country of residence or any other relevant country. You waive any and all objections to the exercise of jurisdiction over you by such courts and to venue in such courts.
No waiver of by the Company of any term or condition set forth in these Terms & Conditions shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of the Company to assert a right or provision under these Terms & Conditions shall not constitute a waiver of such right or provision.
If any provision of these Terms & Conditions is held by a court or other tribunal of competent jurisdiction to be invalid, illegal or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of the Terms & Conditions will continue in full force and effect.
This website is operated by BIG IP, L.L.C., located at 3424 Peachtree Rd. N.E., Suite 2060, Atlanta, GA 30326
All other feedback, comments, requests for technical support and other communications relating to the website should be directed to: compliance@BIG-IP.com.
According to standard definitions, an Information Security Policy is a set of rules enacted by an organization to ensure that all users or networks of the I.T. structure within the organization’s domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its authority. Attaining this goal involves setting up an Information Security Policy for the organization and ensuring its adherence. This policy should cover things like acceptable uses of technology, risk reviews at a senior level, operational security procedures, and other general administrative tasks.
An I.S.P. is governing the protection of information, which is an asset the organization needs to protect. Information may be printed, written, spoken, visually explained. In addition, it can be mailed, sent electronically, visually, or verbally transmitted. Information should be appropriately secured regardless of its nature, transmission, or storage.
The organization has implemented the I.S.P. with the goal of identifying, assessing, and taking steps to avoid or to mitigate risk to BIG IP information assets. Information security is achieved by implementing a suitable set of controls, including policies, organizational structures, and software and hardware functions. These controls are established, implemented, monitored, and controlled to ensure that the specific security and business objectives of the organization are met. Such is executed in conjunction with the 9001 Quality Management System (Q.M.S.) processes implemented by the organization.
To implement and properly maintain a robust information security function, the organization recognizes the importance of:
This policy and all related documentation apply to all information, information systems, networks, applications, locations, and users of BIG IP or external providers.
4.1 security organization management
The Management Team, including the V.P. of Technology, have established an 07F18 Security Management Structure document. The Security Management Team has the following responsibilities and authority assigned:
Information security responsibilities are clearly defined, maintained, and communicated. These responsibilities include the security of BIG IP information assets and information technology that are accessed, processed, communicated to, or managed by external parties.
4.2 roles and responsibilities
The Information Security Policy has been established, documented, and is maintained with the purpose of continuous improvement and assurance that the organization’s information is secure. Within the Information Security Policy, roles and responsibilities have been defined and assigned to specific individuals or groups within its organization.
Information Security Steering Group (ISSG): Responsible for information security in the organization to reduce risk exposure and ensure the organization’s activities do not introduce undue risk. The group is responsible for ensuring compliance with established security policies, processes and security initiatives, and with state and federal regulations.
Information Security Officer (ISO): Responsible for information security at the business level for reducing risk exposure, drafting policies, and for ensuring the organization’s activities do not introduce undue risk to the enterprise. The ISO is responsible for ensuring compliance and adherence to this policy.
Information Asset Owner (I.A.O.): Responsible for approving decisions regarding controls and access privileges, performing periodic reclassification and ensuring regular reviews for value and updates to manage changes to risk.
User: Responsible for complying with the provisions of policies and procedures.
The table below uses the RACI (R= Responsible A= Accountable C= Consulted I= Informed) model, for identifying roles and responsibilities during an organizational change process
|Area of Responsibility||ISSG||ISO||IAO||User|
|Establish the Information Security Program (ISP)||A||R||C||N/A|
|Implement and Operate the ISP||A||R||C||N/A|
|Monitor and Review the ISP||A/R||R||C||N/A|
|Maintain and Improve the ISP||A/R||R||C||N/A|
|Provision of Resources||A/R||C||I||N/A|
|Training, Awareness and Competence||A/R||R||C||I|
|Internal ISP Audits||A/R||R||C||I|
|Storage of Source Code||N/A||R||N/A||N/A|
Managers: Managers ensure employees are aware of the relevance and importance of their activities and how they contribute to the achievement of information security objectives. They also ensure that
employees are aware of and comply with all information security policies and procedures of the organization relevant to their role.
I.T. Team: The team is responsible of the following areas related to information security:
The organization has defined the expectation and principles relating to how system setup and credential privileges should be managed. User accounts and privileges shall be managed correctly to ensure authorized user access to information systems is possible while unauthorized access is not, such as but not limited to:
The I.T. Team has established procedures to ensure a consistent and effective approach to the management of information security incidents and I.T. requests, including communication on security events and weaknesses. It enables the efficient and effective management of information security incidents by providing structure for the reporting and management of such incidents.
Information security incidents and I.T. requests shall be reported promptly and responded to in a quick, effective, and orderly manner to reduce the negative effect of incidents, repair damage, and mitigate future risks. Tickets are to be submitted to I.T. Help Desk I.A.W. 07P08 I.T. Service Desk S.O.P.
Weekly reports will be generated by the I.T. Service Desk system for all tickets labeled ‘security’. Trends will be analyzed to determine if any discernible patterns require further investigation.
The I.T. team has daily meetings where, if necessary, post-mortem and trend analysis is discussed. Any serious incidents should be recorded in the Non-Conformance log, and a C.A.R. may be originated I.A.W. 10P01 Corrective Action Request S.O.P., if deemed necessary.
BIG IP has deployed a change management process in order to prevent unintended service disruptions and to maintain the integrity of all company services. There is segregation of duties, and all requests go through a workflow process consisting of request, approval, implementation, and review I.A.W. 07P08 I.T. Service Desk S.O.P. Rollback procedures are documented in case there is a need to go back to a previous state, even though change plans are related to minimal marketable features (MMF) most of the time. Layers of authorization and logging exist, so that production changes are controlled and monitored. Only authorized engineers are able to login to central configuration management machines from where production changes can be applied. BIG IP communicates to different stakeholders when the services might be adversely affected.
Risk assessments will identify, quantify, and prioritize threats that may become relevant to the organization. The results will guide and determine appropriate organization action and priorities for managing information security risks and for implementing controls needed to protect information assets.
Risk management will include the following steps:
Details of our selected controls and how they have been implemented and measured are considered confidential information and restricted to BIG IP. The following sections have been removed to make this document available to the public: security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management, business continuity management and compliance.
Effective Date: January 1, 2020
Last Reviewed on: January 31, 2020
Information We Collect
Our website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information“). In particular, BIG IP’s Website has collected the following categories of personal information from its consumers within the last twelve (12) months:
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation data.
Physical location or movements.
H. Sensory data.
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information.
Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information.
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal information does not include:
BIG IP obtains the categories of personal information listed above from the following categories of sources:
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
BIG IP will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
BIG IP may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We share your personal information with the following categories of third parties:
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, Company has disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category D: Commercial information.
Category F: Internet or other similar network activity.
Category H: Sensory data.
Category K: Inferences drawn from other personal information.
We disclose your personal information for a business purpose to the following categories of third parties:
Sales of Personal Information
In the preceding twelve (12) months, Company has not sold personal information.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that BIG IP disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
Deletion Request Rights
You have the right to request that BIG IP delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time. We currently do not provide financial incentives.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to compliance@BIG-IP.com or write us at: BIG IP, 3424 Peachtree Rd, NE, Suite 2060, Atlanta, GA 30326
Changes to Our Privacy Notice
BIG IP reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.
3424 Peachtree Rd, NE
Atlanta, GA 30326
Our family of companies includes BIG IP, ISI Language Solutions, Protranslating, Language Link, and DWL, bringing over 150 years of combined expertise with offices in 26 locations worldwide. Through our portfolio, we customize and deliver language services in more than 240 languages and dialects.