Version 2.2 – Effective March 20, 2013
Qualys® is committed to providing you with excellent service for its QualysGuard® services ("Services"). Because we respect your right to privacy and your desire to control your personal data that you share with us, we have developed this Privacy Statement to inform you about our privacy practices for Qualys.com including related to our Safe Harbor Participation (see "EU Safe Harbor Certification" below). This Privacy Statement is not applicable to any of our other privacy practices, including without limitation, data collected from other Qualys sites or offline. Qualys services may be hosted or provided via partner sites on behalf of Qualys, and if this Qualys Privacy Statement is listed on that site, then it will also apply.
Qualys, Inc. has been awarded TRUSTe's Privacy Seal signifying that this privacy statement and practices have been reviewed by TRUSTe for compliance with TRUSTe's program requirements and the TRUSTed Cloud Program Requirements including transparency, accountability and choice regarding the collection and use of your personal information. The TRUSTe program does not cover information that may be collected through downloadable software. The TRUSTe program covers only information that is collected through the English versions of the Web site, www.qualys.com.
TRUSTe's mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy Trustmark and innovative trust solutions. If you have questions or complaints regarding our privacy statement or practices, please contact us at email@example.com. If you are not satisfied with our response, you can contact TRUSTe.
Qualys adheres to the EU Safe Harbor Privacy Principles with respect to certain personal data that it receives about European Union residents in the course of providing Qualys services. Information about Qualys' participation in Safe Harbor can be found below in the section entitled Safe Harbor Notice.
Web Sites Covered
This Privacy Statement applies to Qualys Web sites that link to this Privacy Statement: http://www.qualys.com; https://qualysguard.qualys.com; https://pci.qualys.com; https://freescan.qualys.com/; https://community.qualys.com; http://cn.qualys.com; http://qualys.jp; https://browsercheck.qualys.com; https://ssllabs.qualys.com; http://news.qualys.com; http://laws.qualys.com; qualysguard.qg2.apps.qualys.com; portal.qg2.apps.qualys.com; https://qualysguard.qualys.eu; https://portal.qualys.eu; qualysguard.qg3.apps.qualys.com; portal.qg3.apps.qualys.com; and https://portal.qualys.com (collectively referred to as "Qualys Web sites").
Qualys Web sites may contain links to other Web sites. Qualys is not responsible for the information practices or the content of such other Web sites. Qualys encourages you to review the privacy statements of other Web sites to understand their information practices.
Information We Gather from You – Personal Information
There are three ways in which you may explicitly and intentionally provide us with and consent to our collection of certain personal information:
- E-mail Request for Information or Registrations for Guides or Seminars – We use links throughout our site to provide you with the opportunity to contact us via e-mail to ask questions, request information and materials, register or sign up for guides, seminars, training classes or provide comments and suggestions. You may also be offered the opportunity to have one of our representatives contact you personally to provide additional information about our services. To do so, we may request additional personal information from you, such as your name, telephone number and other address information, to help us satisfy your request.
- Service Enrollment – If you choose to enroll for one of our Services, we will request certain information from you. Depending on the type of service that you request, you may be asked to provide different personal information. For enrollment in our Services, we may require your name, address (including country, city and state), telephone number, e-mail address, credit card number, bank account information, IP address, IP range, domain name(s), or Web Application URL(s). Other services may require different or supplemental information from you in order to register. For a detailed listing of the type of personal information requested for our various products, please refer to the enrollment page for the particular service.
- Recruitment and Employment – You may choose to provide us with information about yourself, such a resume or other employment related information in connection with a job application or inquiry whether advertised on the Qualys site or as otherwise provided by Qualys. Qualys may use this information throughout Qualys and its related entities for the purpose of employment consideration or as you inquire.
Under no circumstances do we collect any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sex life.
Statistical Information About Your Visit
When you visit Qualys Web sites, our systems collect personal information (in the manner described above) and statistical or non-personally identifiable information about your visit to our sites (e.g. IP address, pages visited, origin of visitor domains, and types of browsers used). However, unless you actively submit personal information, we do not typically identify you via the non-personally identifiable information. Notwithstanding the foregoing, to the extent permitted by applicable law, we reserve the right to combine non-personally information with personal information that you have actively submitted.
Our uses of "cookies" are limited to the following specific situations. The first situation is with respect to temporary cookies. There are two instances in which we use temporary cookies. First, if you are accessing our services through one of our online applications our Web server may automatically send your browser a temporary cookie, which is used to help your browser navigate our site. The only information contained in these temporary cookies is a direction value that lets our system determine which page to show when you hit the back button in your browser. This bit of information is erased when you close your current browser window. If you come to our site from one of our business or advertising partners, our Web server may also send your browser a temporary cookie that reflects an "origination code" for that partner. We use this information for statistical and marketing purposes.
List of Temporary Cookies:
|leadsource, referer, link||Indicates the origination code.|
|kw||Indicates the keyword, similar to the origination code.|
|JSESSIONID, DWRSESSIONID||Used by Qualys Community and/or SSL Labs for session tracking.|
|QualysSession, quickstart, QualysSession_notification_div||Used by QualysGuard for session tracking and management.|
|jive.server.info, jive.user.loggedin||Used by Qualys Community to remember whether logged in and into which back-end server.|
List of Permanent Cookies:
|ELOQUA, ELQSTATUS||For visitor tracking across multiple Qualys websites.|
|_utma, _utmb, _utmc, _utmv, _utmz||For Google Analytics across multiple Qualys websites.|
|jive.recentHistory, jive_wysiwygtext_height||Used by Qualys Community to remember user preferences.|
|sua_name, uid, page_visit_cnt||Used by Qualys BrowserCheck for functionality.|
List of Third Party Cookies: Various third-party cookies are set by the following entities and used for statistical and marketing purposes: LivePerson (http://liveperson.net) and Adroll (http://d.adroll.com).
Qualys uses Web beacons alone or in conjunction with cookies to compile information about Customers and site visitors' usage of the site and interaction with emails from Qualys. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, Qualys may place Web beacons in marketing emails that collect information when you click on a link in the email that directs you to Qualys' site. We use Web beacons to operate and improve Qualys' site and email communications. Qualys may use information from Web beacons in combination with data about Qualys to provide you with information about Qualys and the Qualys Services.
We will share your personal information with third parties only in the ways that are described in this privacy statement. We do not sell your personal information to third parties. In some cases Qualys uses suppliers to collect, use, analyze and otherwise process information on its behalf. It is Qualys' practice to require such suppliers and other service providers to handle information in a manner consistent with Qualys' policies and to use your personal information only as necessary to provide these services to us.
We may also disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process. When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We may also disclose your personal information if Qualys, Inc. is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Qualys Supported Blogs and Forums
We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact the Qualys Safe Harbor Contact as described below.
From time-to-time we may request information from customers via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Survey information will be used for improving our customer service and service offerings. The feedback and data we collect from these surveys is aggregated and we do not single-out individual responses unless the respondent chooses to be identified.
Social Media Widgets
Our web site includes social media features, such as the Facebook Like button and widgets, such as the ShareThis button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our web site. Your interactions with these features are governed by the privacy statement of the company providing it.
The profile you create on our site will be publically accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.
Your Ability to Opt-Out of Further Notifications
From time to time, we notify visitors of our Sites of new products, announcements, upgrades and updates unless you have opted out of these notices. If you would like to opt-out of being notified, please contact us at the address given at the end of this Privacy Statement.
If you would like to change your preferences online, please visit http://www.qualys.com/company/compref/. Please be aware that you may not opt out of receiving information regarding the security, initial use, expiration, product enhancement or migration of our products or services.
Access or Update Personal Information
If your personally identifiable information changes, or if you no longer desire our service, you may correct, update, amend, delete or deactivate it by making the change on your member information page or by emailing our Customer Support at the contact information listed below. We will respond to your request to access to personal information within 30 days.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Our Security Procedures
We consider the protection of all personal information we receive from our Web site visitors and customers as critical. Please be assured that we have security measures in place to protect against the loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information. In order to try to minimize this risk, we encrypt all information that you submit in ordering our services using the Secure Sockets Layer (SSL) protocol. Our security procedures are also subject to at least an annual SSAE 16 or industry standard alternative audit by an internationally-recognized accounting firm. If you have questions about security, please contact us at the information provided below.
Information Related to Data Collected through the QualysGuard Platform
Qualys collects information under the direction of its clients, and has no direct relationship with the individuals whose personal data it processes.
There are three ways in which you may explicitly and intentionally provide us with and consent to our collection of certain personal information:
- Choice – We collect information for our clients, if you are a customer of one of our clients and would no longer like to be contacted by one of our clients that use our service, please contact the client that you interact with directly.
- Service Provider, Sub-Processors/Onward Transfer – Qualys may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this statement regarding notice and choice and the service agreements with our clients.
- Access to Data Controlled by our Clients – Qualys has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Qualys’ client or the data controller. If the client requests Qualys to remove the data, we will respond to their request within 30 business days.
- Data Retention – Qualys will retain personal data we process on behalf of our clients for as long as needed to provide services to our client. Qualys will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
QUALYS SAFE HARBOR NOTICE
Scope of Safe Harbor Certification
Qualys, Inc. complies with the U.S.–E.U. Safe Harbor framework and the U.S.–Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Qualys, Inc. has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Qualys, Inc.’s certification, please visit http://www.export.gov/safeharbor/.
Qualys, Inc. recognizes that the European Community has established a data protection regime pursuant to Directive 95/46/EC, which applies to the European Economic Area ("EEA") and restricts companies in the EEA in transferring personal data about individuals in the EEA to the United States, unless there is "adequate protection" for such personal data when it is received in the United States. To create such "adequate protection" and to overcome the restriction on international data transfers established by the Directive, Qualys adheres to the Safe Harbor Privacy Principles published by US Department of Commerce ("Safe Harbor Principles") with respect to personal data about individuals in the EEA that subsidiaries, customers, suppliers and other businesses in the EEA send to Qualys.
Scope of this Notice
This Notice does not apply to employees of Qualys; this Notice addresses other data subjects residing in the EEA ("EEA Persons") whose data Qualys may receive from one of its subsidiaries, customers, suppliers or other businesses in the EEA, e.g., customers' procurement managers, suppliers' sales representatives, individual independent contractors, EEA residents who are mentioned or referred to in documents to be produced in pre-trial discovery proceedings, etc.
Categories of EEA Data
Qualys collects data processing and advisory services largely for businesses and rarely if ever for consumers. Thus, Qualys receives mostly business-related information from the EEA. Occasionally, Qualys also receives contact information related to individual representatives of businesses with whom Qualys is dealing (including, without limitation, names, addresses, work phone numbers, work email addresses, etc.), and, in connection with our managed document review and advisory services, Qualys processes data that may be relating to EEA residents on behalf of, and in accordance with instructions from, customers (collectively "EEA Data"). Since EEA Data covered by this Notice is by definition sent to Qualys by another company in the EEA (e.g., a supplier to Qualys), the categories of data sent and the purposes of processing often depend on such other company, with whom the EEA Persons typically have a closer employment, business or other relationship (and which therefore, can provide additional information on categories of data shared with us).
Qualys collects and uses EEA Data for purposes of providing data processing and advisory services to its customers, communicating with corporate business partners about business matters, processing EEA Data on behalf of corporate customers, transmitting marketing emails and performing other marketing activities, and conducting related tasks for legitimate business purposes.
Qualys shares EEA Data with affiliates and contractors, which process EEA Data on behalf of Qualys. Qualys also shares EEA Data with other third parties for the purposes for which Qualys receives the EEA Data (e.g., performance of contractual obligations) and as required or permitted by law.
With respect to marketing emails, EEA Persons may opt-out of receiving further email marketing communications from Qualys by sending an email to firstname.lastname@example.org, or by following opt-out instructions that are contained in each marketing email. EEA Persons may also send an email to this address to ask to opt-out of disclosures to third parties, but such a limitation on data sharing may make it difficult or impossible for Qualys to provide the requested services. Notwithstanding other statements in this General EEA Safe Harbor Notice, Qualys may disclose EEA Data where it is legally required to disclose (e.g., under statutes, contracts or otherwise) or the disclosure is permitted by law and Qualys has a legitimate business interest in such disclosure.
Access and Review
EEA Persons whose EEA Data Qualys holds may request access to, and the opportunity to update, correct or delete some or all of the EEA Data that Qualys holds about them. To submit such requests or raise any other questions, please contact the Qualys Safe Harbor Contact as described below. Qualys reserves the right to take appropriate steps to authenticate an applicant's identity, charge an adequate fee before providing access and deny requests, except as required by the Safe Harbor Principles.
Changes To This Statement
We may update this privacy statement to reflect changes to our information practices. If we make any material changes we will notify you by email or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
If you have questions about Qualys' Privacy Statement, please contact our Qualys Safe Harbor Privacy Administrator at 1600 Bridge Parkway, Redwood City, CA 94065, telephone: 650.801.6100, or fax: 650.801.6101; or email us at email@example.com.
If you have a comment or concern that cannot be resolved with Qualys directly, you may contact the competent local data protection authority in your EEA Member State.