Cookies Notice | Website Terms and Conditions

Privacy Policy

Check Point Software Technologies Ltd, including all of its affiliates and subsidiaries worldwide (collectively, “Check Point,” “we,” “us,” or “our”) value the privacy of individuals who use or express interest in the Check Point Websites (as defined below), and the Check Point products and services, including technical support (collectively, our “Services”). This privacy policy (the “Privacy Policy”) explains how we collect, use, and disclose Personal Data and applies to all of Check Point’s Services. Certain Services may have additional product-specific privacy or data protection documentation (such as privacy data sheets) that describe in more detail the types of data processed and product-specific practices; in case of conflict, those documents will apply to the relevant Service in addition to this Privacy Policy.

1. GENERAL INFORMATION

1.1. “Personal Data” means any information relating to a living individual who can be identified, directly or indirectly, from that information or from that information together with other data available to Check Point (or its representatives or service providers). Personal Data includes any information relating to that individual in any form.

1.2 Beyond this Privacy Policy, your use of our Services is also subject to applicable End-user License Agreements available at our website (www.checkpoint.com/legal/). If you purchase or trial our Services that involve the processing of Personal Data, our Customer DPA will also apply to our processing in our role as a processor.

1.3 If you are a California resident, our California Resident Privacy Notice provides more information about your California privacy rights and explains how you can exercise those rights. We do not sell Personal Information in exchange for money or other valuable consideration. However, we may allow certain third parties to collect information through cookies or similar technologies for analytics and advertising purposes, which could be considered a ‘sale’ or ‘share’ under applicable U.S. state privacy laws (such as the California Consumer Privacy Act). You can control these cookies and opt out of such sharing at any time – see Section 7 and our Cookie Notice.

1.4. If you are using the Check Point ZoneAlarm services and products, please refer to our ZoneAlarm Privacy Policy.

1.5 Who we are / roles. We act as a controller for our corporate websites, events, relationship management with customer/partner representatives, and our own sales and marketing. We act as a processor when we provide our Services, and training/certification programs delivered under a customer, partner or institutional agreement.

1.6 Voluntariness of providing data. Unless otherwise stated, providing Personal Data to Check Point is voluntary. However, if you choose not to provide certain information, we may be unable to offer you some of our Services, respond to inquiries, or perform a contract with your organization, where that information is necessary for those purposes.

2. THE SOURCES OF THE INFORMATION WE COLLECT

This Privacy Policy concerns the following sources of information that we collect in connection with our Services, which include:

Our websites, including products websites portals, and user center (e.g. www.checkpoint.com) (“Websites”), emails, marketing communication, marketing campaigns and events, including interactions with our marketing activities e.g., viewing or clicking our digital ads; visiting campaign landing pages; submitting web forms for content, demos or trials; registering for or attending webinars and events, including registration and badge scans at Check Point booths or sessions; and interactions on our official pages on social/professional networks;
We may also receive business contact information from third-party sources, such as marketing and strategic partners, business partners, channel partners, service providers, and publicly available sources, consistent with applicable law and your preferences;
Information we receive through and from all of our Services;
Only for Cyberint/Infinity Platform ERM (External Risk Management) services, we collect data from third party sources as necessary to provide such security services.

3. THE TYPES OF PERSONAL DATA WE COLLECT

We may collect and receive a variety of information from you or about you or your devices from various sources, as described below. If you do not provide your Personal Data when requested, you may not be able to use our Services if that information is necessary to provide you with our Services or if we are legally required to collect it.

3.1 Information that you provide to Check Point – Controller activities. This includes Personal Data you provide when interacting with Check Point during our business operations, such as websites, events, marketing, relationship management, and self-registered training or certification. The nature of the services you are requesting or using will determine the kind of Personal Data we might collect, ask for, and may include (non-exhaustive):

Basic Personal Data such as first name, family name, position/title, company name, company email address, business phone number, business address, city, postcode, and country;
Information that you choose to share through our websites which may be considered Personal Data;
Customer/partner representative information used for relationship management (e.g., business contact details, role, team, communication history, and preferences) to support proposals, contracting, renewals, and service notices;
Marketing and event interactions data (e.g., form submissions, webinar/digital event participation, email engagement, ad/landing-page interactions, and badge scans at Check Point booths or sessions);
Recorded or transcribed communications with our teams, with notice or consent provided as required by law (e.g., sales calls, customer support or service calls, webinars);
Training and certification data (direct registration) such as registration details, attendance records, progress, exam results, and credentials when you personally enroll;
Business-profile information from third-party sources – information we obtain from partners, service providers, and publicly available sources to help keep our records accurate and relevant;
Billing and account administration details (e.g., corporate billing contact name, work email, and business address) used to issue invoices and manage accounts;
Any other information you choose to share that may be considered Personal Data.

3.2 Information that we collect or generate about you – Processor activities. When customers use our Services or when training/certification programs are delivered under a customer, partner or institutional agreement, we process customer data on the customer’s documented instructions and in accordance with our DPA. Customer data may include Personal Data relating to individuals whose information is processed through the Services, depending on the customer’s configuration. This may include (non-exhaustive):

Security telemetry and logs generated by the Services from protected networks, devices, and applications (e.g., traffic metadata, threat indicators, detection and prevention actions) required to deliver security features;
Traffic and security reports generated by the Services (e.g., internet usage metadata, security incidents, and prevention measures) as configured by the customer;
Document-protection activity data, generated by the Services, such as permission changes and information regarding the user performing the action;
Content and related metadata analyzed by the Services, (e.g., scans of emails, files, or other content) for threat detection and prevention;
Mobile-security signals collected through the Services (e.g., app metadata, device-posture indicators) used for security analysis and the detection and prevention of malicious activity;
Product usage and administrative activity (e.g., user/account identifiers, configuration settings, role or permission changes, and audit trails);
Diagnostic, performance, and support data (e.g., technical logs, configurations, limited screenshots) provided or generated during customer support interactions and processed under the customer’s instructions;
Training and certification data processed on behalf of customers, partners, or institutions (e.g., participant rosters, progress, scores, certification status) used solely to administer and confirm completion as instructed by the customer; and
Administrative contact details of customer personnel who open or manage support tickets, used for case handling and communication under the customer contract.

3.3 Cookies. We and our third-party partners may collect Personal Data using cookies, which are small files of letters and numbers that we store on your browser or the hard drive of your computer. We may also use pixel tags and web beacons on our Websites and online services. These are tiny graphic images placed on web pages or in our emails that allow us to determine whether you have performed a specific action. We use cookies, beacons, invisible tags, and similar technologies (collectively “Cookies”) to collect information about your browsing activities and to distinguish you from other users of our Websites. This aids your experience when you use our Websites and online services and allows us to improve the functionality of our Websites. Cookies can be used for performance management, collecting information on how our Websites and online services are being used for analytics purposes. They can also be used for functionality management, enabling us to make your visit more efficient by, for example, remembering language preferences, passwords, and log-in details. For more information on the types of Cookies we and third parties may use in connection with our Websites, please see our Check Point Cookies Notice.

How to Block Cookies. You can block Cookies by setting your internet browser to block some or all Cookies. However, if you use your browser settings to block all Cookies (including essential Cookies) you may not be able to access all or parts of our Websites or online services. By using our Websites, you consent to our use of Cookies and our processing of Personal Data collected through such Cookies, in accordance with this Privacy Policy. You can withdraw your consent at any time by deleting placed Cookies and disabling Cookies in your browser, or as explained below. You can change your browser settings to block or notify you when you receive a Cookie, delete Cookies, or browse our Websites using your browser’s anonymous usage setting. Please refer to your browser instructions or help screen to learn more about how to adjust or modify your browser settings. If you do not agree to our use of Cookies, you should change your browser settings accordingly. You should understand that some features of our Services may not function properly if you do not accept Cookies. Where required by applicable law, you will be asked to consent to certain Cookies before we use or install them on your computer or other device.

3.4 Anonymized data. In addition to the categories of Personal Data described above, Check Point may also process information that has been anonymized, de-identified, or aggregated such that it is no longer processed in a manner that identifies, or could reasonably identify, any individual.

3.5. Recruiting-related processing is covered in our separate Candidate Privacy Notice.

4. HOW WE USE YOUR INFORMATION

4.1 Activities when Check Point acts as a controller When we act as a controller, we process Personal Data for the following purposes (non-exhaustive):

Operating, securing and improving our Websites and corporate portals (including fraud and abuse prevention);
Relationship management with customers, partners and suppliers representatives (e.g., proposals, contracting, renewals, billing, and service notices);
Marketing and events, including sending product and security updates, newsletters and invitations; measuring and improving campaign performance; honoring preferences and opt-outs;
Conversations and outreach using sales enablement tools (e.g., conversation intelligence/recording and outbound dialing platforms) to schedule and place calls, capture notes and transcripts, coach teams and improve customer experience, with appropriate notice/consent where required;
Analytics for websites and corporate portals (including through cookies and similar technologies) and providing limited personalization and profiling that does not produce legal or similarly significant effects;
Administering training and certification where an individual self-registers (e.g., registration, progress tracking, results, and credentials);
Research, development and improvement of our Services and user experience, including the use of aggregated, anonymized or de-identified information;
Compliance with applicable laws, and exercising or defending legal claims;
Operating and administering our business, including audits, finance and accounting, business continuity and disaster recovery, risk management, monitoring and enforcing terms and policies, and protecting the rights, safety and security of our users, customers and systems;
Surveys and feedback to understand satisfaction and preferences and to improve communications, Services and training content; and
Event administration (including registration management and badge scans at Check Point booths or sessions) and coordination with event organizers or co-sponsors, where applicable and permitted.

4.2 Activities when Check Point acts as a processor – “Permitted Purposes” When customers use our Services, we act as a processor. We process customer data, for the following purposes (the “Permitted Purposes”):

Provision of the Services – to provide, operate, host and maintain the Services for the customer, including user authentication, configuration management and performance monitoring;
Security and threat detection – to prevent, detect, investigate and respond to security incidents, malware and abuse as part of the Services’ functionality;
Technical support and maintenance – to diagnose and resolve issues, provide patches, updates and related communications consistent with the customer’s instructions;
Service reliability, quality and security analytics – to maintain and improve the availability, performance, security and functionality of the Services, including capacity planning and updates;
Testing, quality assurance and service enablement – including troubleshooting, configuration validation, and controlled testing to verify fixes and service changes as instructed by the customer;
Usage reporting and billing– where applicable, to produce usage, license or consumption reports;
Training/certification program delivery on behalf of customers/institutions – to administer participants’ enrolment, progress, results and credential management as instructed by the customer/institution;
Compliance – to comply with laws and lawful orders binding on Check Point in its processor role; and
Any other purpose expressly authorized by the customer in writing (including via the DPA, order form, portal configuration or documented instructions);

Lawful bases (controller). Depending on context, we rely on performance of a contract, legitimate interests (e.g., B2B relationship management and security of Services), consent (e.g., certain cookies/marketing and call recording where required), and legal obligations. Where we rely on consent, you may withdraw it at any time (see Section 7).

4.3 AI-related data. We may use telemetry, threat indicators, and interaction data for enhancing the efficiency, security and performance of our Services, including those powered by artificial intelligence (AI) and machine learning. We may also use aggregated or anonymized insights for analytics and Service improvement. When we act as a processor, any AI-related use of customer data is limited to delivering, maintaining and enhancing our Services and remains consistent with the customer’s use and configuration. We do not use customer data for unrelated AI purposes.

4.4. We take steps to ensure that your Personal Data is accessed only by authorized individuals who need such access for the purposes described in this Privacy Policy.

5. DISCLOSURE OF INFORMATION TO THIRD PARTIES

We may share or otherwise disclose the Personal Data we collect from you as described below or otherwise disclosed to you at the time of the collection.

Vendors and service providers. We may share Personal Data with vendors and service providers retained in connection with the provision and improvement of our Services or other relevant services; marketing; analytics and measurement; customer support tools; event partners, organizers and/or co-sponsors; and sales enablement platforms for conversations and outreach (with appropriate notice/consent where required). Vendors are bound by contractual confidentiality and data-protection obligations.
Partners and affiliates. We may share Personal Data with our distributors, partners, corporate affiliates, parents, or subsidiaries for any purpose described in this Privacy Policy.
As required by law and similar disclosures. We may access, preserve, and disclose your Personal Data if we believe doing so is required or appropriate to: (i) comply with law enforcement requests and legal process, such as a court order or subpoena; (ii) respond to your requests; or (iii) protect your, our, or others’ rights, property, or safety.
Merger, sale, or other asset transfers. We may disclose and transfer your Personal Data to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company, or we sell, liquidate, or transfer all or a portion of our business or assets.
Consent. We may also disclose Personal Data from or about you or your devices with your permission.

6. INTERNATIONAL TRANSFERS OF PERSONAL DATA

6.1 Check Point is a global business. Our customers and operations are spread around the world. As a result, we collect and transfer Personal Data on a global basis. That means that we may transfer your Personal Data, and such transfers are carried out in accordance with applicable laws governing cross-border data transfers.

6.2 Europe. Where we transfer your Personal Data to a country outside the European Economic Area (“EEA”) or the United Kingdom (“UK”), we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of the EEA or the UK this may be done in one of the following ways:

the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data (for example, Israel is an approved country);
the recipient might have signed a contract based on applicable “model contractual clauses” approved by the European Commission, obliging them to protect your Personal Data; or
in other circumstances the law may permit us to transfer your Personal Data outside the EEA or UK.

You can obtain more details about the protection given to your Personal Data when it is transferred outside the EEA or the UK (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as described in paragraph 13 below.

Mechanisms we use. We rely on the EU Standard Contractual Clauses (2021) with Transfer Impact Assessments and supplemental measures as appropriate; the UK IDTA/Addendum; adequacy decisions where available; and, for certain transfers to U.S. affiliates, participation in the EU-U.S./UK-U.S./Swiss-U.S. Data Privacy Frameworks (see Section 8). Copies may be provided upon request subject to appropriate redactions.

6.3 China. For residents in the People’s Republic of China (“Mainland China”), we may transfer, access or store your Personal Data outside the Mainland China where we are satisfied that adequate levels of protection are in place to protect the integrity and security of your Personal Data, and where security measures are adopted in compliance with the applicable laws (for example, through contractual arrangements). Where required by applicable laws, we will put in place appropriate measures to ensure that all processing of your Personal Data outside the Mainland China is safeguarded by an equivalent level of data protection to that of the Mainland China.

7. YOUR RIGHTS

7.1 Marketing Communications. You can unsubscribe from our promotional emails via the link provided in the emails. You may also opt out of marketing calls and SMS by telling our representative during a call or replying ‘STOP’ to SMS, or by contacting us at the address in Section 13. Even if you opt out of receiving promotional messages from us, you will continue to receive administrative messages from us.

7.2 Do Not Track. Some browsers allow users to send “Do Not Track” signals. Because there is no common or legally required way to respond to these signals, our Services do not currently respond to them. You can manage cookies and other tracking preferences through your browser settings or our cookie banner.

7.3 California Privacy Rights. If you are a California resident, you can review our California Resident Privacy Notice for information about your privacy rights and choices under California law.

7.4 Your European Privacy Rights. If you are located in the EEA or the UK, you have additional rights described below.

You may request access to the Personal Data we maintain about you, update and correct inaccuracies in your Personal Data, restrict or object to the processing of your Personal Data, have your Personal Data anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your Personal Data to another company. In addition, you also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where you believe an infringement has occurred.
You may withdraw any consent you previously provided to us regarding the processing of your Personal Data at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.

You may exercise these rights by contacting us via our online form available here. Before fulfilling your request, we may ask you to provide reasonable information to verify your identity. Please note that there are exceptions and limitations to each of these rights, and that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain Personal Data for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

7.5. Israeli privacy rights. If you are located in Israel, you have statutory rights of access and correction to Personal Data about you that is held in a database, as provided under the Israeli Privacy Protection Law, 1981. You may exercise these rights by contacting us using the details in Section 13.

8. EU/UK/Swiss-U.S. DATA PRIVACY FRAMEWORK

8.1 Introduction. Check Point Software Technologies, Inc. and its subsidiaries, Zone Labs, LLC, Avanan, Inc. and R&M Computer Consultants Inc. (“Check Point US”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce (collectively, the “DPF Principles”). To learn more about the DPF program, please visit here or the official Data Privacy Framework website. Check Point US has certified to the U.S. Department of Commerce that: (i) it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of Personal Information received from the European Union in reliance on the EU-U.S. DPF; (ii) it adheres to the Data Privacy Framework Principles with regard to the processing of Personal Information received from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF; (iii) it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the U.S. Department of Commerce’s Data Privacy Framework website available at www.dataprivacyframework.gov/.

8.2. Redressal Mechanisms. If you have a question or complaint related to participation by Check Point US in the DPF Frameworks, we encourage you to contact us. For any complaints related to the DPF Frameworks that Check Point US cannot resolve directly, we have chosen to cooperate with the relevant EU Data Protection Authority, or a panel established by the European data protection authorities, for resolving disputes with EU individuals, the UK Information Commissioner (for UK individuals), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) for resolving disputes with Swiss individuals. Please contact us if you’d like us to direct you to your data protection authority contacts. As further explained in the DPF Principles, binding arbitration is available to address residual complaints not resolved by other means. Check Point US is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

8.3. Onward Transfers. Check Point US remains responsible for the processing of Personal Information it receives and subsequently transfers to a third party acting on our behalf, in accordance with the DPF Principles. Check Point US will remain liable under the DPF Principles if such third-party processes such Personal Information in a manner inconsistent with the DPF Principles (subject to the limits and exclusions of liability), unless we prove that we are not responsible for the event giving rise to the damage.

8.4. Additional Rights Under the DPF Principles. Check Point US acknowledges the right of EU, EEA, U.K. (and Gibraltar), and Swiss individuals to request access to their data while it is in the U.S. and to correct, amend, and supplement inaccurate or incomplete data. Said individuals also have the right to request erasure of personal information that has been handled in violation of the DPF Principles. In addition to the rights granted to you under applicable laws as set out under section 7 above, and to the extent applicable, under the DPF Principles you also have the Right to Opt-Out of Check Point US’s disclosure of Personal Information to certain third parties and from the collection of Sensitive Personal Information (i.e., personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), although no Sensitive Personal Information is expected to be collected by Check Point. Accordingly, individuals to which those rights are applicable, may contact us here and request: (i) to opt-out of the disclosure of relevant Personal Information to third parties; (ii) to opt-out of our processing of Personal Information for materially different purposes from those which it was originally collected for. Please note that these rights are not absolute and may be subject to regulatory requirements or other law enforcement orders.

9. HOW WE SAFEGUARD YOUR INFORMATION

9.1. We have extensive controls in place to maintain the security of our information and information systems. Files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed or stored is limited to authorized employees. In addition, our Incident Response Team plays a critical role in our commitment to safeguard your information, as they are responsible for promptly and effectively responding to data security threats. If you have a suspicion of any data breach, security incident or if you wish to report a vulnerability, please contact our team here.

9.2 Check Point employees are required to follow all applicable laws and regulations, including those relating to data protection and information security. Access to Personal Data is limited to those employees who need it to perform their roles. Unauthorized use or disclosure of confidential information or Personal Data by a Check Point employee is prohibited and may result in disciplinary measures.

9.3 Check Point offers annual data protection and security training to its worldwide employees and contractors who have access to internal systems. These trainings are designed to support our personnel in understanding and applying Check Point’s privacy policies and guidelines when handling Personal Data.

9.4 When you contact a Check Point representative, you may be asked for some Personal Data. This type of safeguard is designed to ensure that only you, or someone authorized by you, has access to your file.

9.5 For more information on the security measures taken by Check Point in order to protect your Personal Data, please see our Security Measures Policy

10. THIRD PARTIES

Our Services may contain links to other websites, products, or services that we do not own or operate (“Third-Party Services”). We are not responsible for the privacy practices, policies, or other content of these Third-Party Services. Please be aware that this Privacy Policy does not apply to your activities on these Third-Party Services or any information you disclose to these Third-Party Services. If you have any questions about how these other sites use your Personal Data, you should contact them directly. We encourage you to read their privacy policies before providing Personal Data to them.

11. HOW LONG WE KEEP YOUR PERSONAL DATA

We will retain your information for as long as necessary to achieve the purposes described in this Privacy Policy, unless a longer retention period is required by the applicable laws and regulations. To ensure security and business continuity for the activities outlined in this Privacy Policy, we create backups of certain data, which may be retained beyond the retention period of the original data. When acting as a processor, we retain, return, or delete Customer Data in accordance with the customer’s instructions and our DPA.

12. CHILDREN’S PRIVACY

We do not knowingly collect, maintain, or use Personal Data from children under 16 years of age (“Minors”), and no parts of our Services are directed at children. If you learn that a Minor has provided us with Personal Data in violation of this Privacy Policy, please alert us at privacy_inquiries@checkpoint.com. Parents or guardians may exercise applicable rights using the contact information in Section 13.

13. QUESTIONS, CONCERNS AND UPDATES

If you have any questions or concerns about Check Point’s handling of your Personal Data, or about this Privacy Policy, please contact our Privacy Officer using the following

contact information:

Address:	Check Point Software Technologies Ltd., 5 Shlomo Kaplan Street, Tel Aviv 67897, Israel Attention: Legal Department
Address in the EU:	Check Point Software Technologies GmbH, Oskar-Messter-Str. 13, 85737, Ismaning Germany
Address in the US:	Check Point Software Technologies, Inc. 100 Oracle Parkway, Suite 800 Redwood City CA 94065
Email Address:	privacy_inquiries@checkpoint.com

We are typically able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from our Data Privacy Officer, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, Check Point’s Data Protection Officer will provide you with the contact information for that regulator. We will post any adjustments to the Privacy Policy on this page, and the revised version will be effective when it is posted. You can view our Data Processing Agreement (DPA) online – Customers; Distributors and Resellers. If you need a signed copy of the DPA, you can download it, send a signed copy to privacy_inquiries@checkpoint.com and we will provide you a countersigned copy.