Privacy
You can find information around privacy, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) at the following:
|
Link |
Description |
|---|---|
|
https://www.fortinet.com/content/dam/fortinet/assets/legal/EULA.pdf |
End User License Agreement (EULA) |
|
Privacy Policy. Referenced in the EULA, contains information for not only the European Economic Area but for the CCPA as well. |
|
|
How Fortinet supports and complies with GDPR. As this document mentions, a data processing agreement can be made available upon request. |
|
|
https://www.fortinet.com/solutions/industries/regulatory-compliance/GDPR |
Fortinet Solutions for GDPR |
|
https://www.fortinet.com/content/dam/fortinet/assets/solution-guides/checklist-gdpr.pdf |
STATE-OF-THE-ART DATA PROTECTION FOR GDPR 7 Considerations and Where Fortinet Can Help |
|
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Data_Privacy_Practices.pdf |
Data privacy datasheet |
When registering the FortiClient Cloud license on the FortiCloud portal, you can choose where your instance resides:
- North America
- EMEA
- APAC
See Deploying FortiClient Cloud.
To obtain a data processing agreement signed to comply with GDPR, EMEA customers can contact their Fortinet sales contact.
See the following frequently asked questions regarding GDPR and privacy:
|
Question |
Answer |
|---|---|
| Is data accessible through or shared with other regions? | Each customer chooses the region that their FortiClient Cloud is hosted in. The data stays in that region. |
| How long is FortiClient Cloud data retained for? | Data is retained inside the FortiClient Cloud instance. The customer controls much of the data, such as log retention. The FortiClient data is retained in the FortiClient Cloud database in the instance. |
| What happens if a license expires or FortiClient Cloud is decommissioned? | Fortinet has a grace period of 60 days, where the FortiClient Cloud instance is retained, after which one backup is kept for one year. |
| Can a customer trigger a purge of all of their data? | The customer can call Fortinet Support to initiate purging of data at any time. Fortinet verifies the customer’s identify before proceeding with the request. |
| Do FortiClient Cloud customers need the Data Processing Agreement (DPA) to comply with GDPR? | You can request DPA to be signed for FortiClient Cloud by contacting your sales team or emailing privacy@fortinet.com. |
| Is FortiClient Cloud instance data regularly backed up? | Yes, FortiClient Cloud keeps a backup of customer data for five business days. If a critical event occurs, Fortinet can restore data from up to five days prior to the event. |
| Does FortiClient Cloud support disaster recovery? | A copy of FortiClient Cloud data is stored in multiple data centers in same geographic location for data redundancy and disaster recovery. Data backups are updated daily. In the event of a disaster, FortiClient Cloud can quickly fall back to a backup data center and recover your organization’s instance. |
| How does disaster recovery work? | A snapshot of the customer’s FortiClient Cloud instance/data is stored in backup data centers. The snapshot is delta synced daily so that in the event of disaster, Fortinet can restore or spin up backup instances quickly for a fast recovery. |
| Is FortiClient Cloud data at rest encrypted? | FortiClient Cloud instances reside on encrypted storage arrays. |
| How can I request a backup of my FortiClient Cloud data? | You can export endpoint details, endpoint security profiles, and application inventory data from the FortiClient Cloud GUI. You can also open a ticket with Technical Support to request a full backup of your FortiClient Cloud data. |
For questions regarding Fortinet's privacy efforts, contact privacy@fortinet.com.