Privacy Statement



Version 2.2 – Effective March 20, 2013


Validate TRUSTe privacy certification

Overview

Qualys® is committed to providing you with excellent service for its QualysGuard® services ("Services"). Because we respect your right to privacy and your desire to control your personal data that you share with us, we have developed this Privacy Statement to inform you about our privacy practices for Qualys.com including related to our Safe Harbor Participation (see "EU Safe Harbor Certification" below). This Privacy Statement is not applicable to any of our other privacy practices, including without limitation, data collected from other Qualys sites or offline. Qualys services may be hosted or provided via partner sites on behalf of Qualys, and if this Qualys Privacy Statement is listed on that site, then it will also apply.


Qualys, Inc. has been awarded TRUSTe's Privacy Seal signifying that this privacy statement and practices have been reviewed by TRUSTe for compliance with TRUSTe's program requirements and the TRUSTed Cloud Program Requirements including transparency, accountability and choice regarding the collection and use of your personal information. The TRUSTe program does not cover information that may be collected through downloadable software. The TRUSTe program covers only information that is collected through the English versions of the Web site, www.qualys.com.


TRUSTe's mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy Trustmark and innovative trust solutions. If you have questions or complaints regarding our privacy statement or practices, please contact us at privacy@qualys.com. If you are not satisfied with our response, you can contact TRUSTe.


Qualys adheres to the EU Safe Harbor Privacy Principles with respect to certain personal data that it receives about European Union residents in the course of providing Qualys services. Information about Qualys' participation in Safe Harbor can be found below in the section entitled Safe Harbor Notice.


Web Sites Covered

This Privacy Statement applies to Qualys Web sites that link to this Privacy Statement: http://www.qualys.com; https://qualysguard.qualys.com; https://pci.qualys.com; https://freescan.qualys.com/; https://community.qualys.com; http://cn.qualys.com; http://qualys.jp; https://browsercheck.qualys.com; https://ssllabs.qualys.com; http://news.qualys.com; http://laws.qualys.com; qualysguard.qg2.apps.qualys.com; portal.qg2.apps.qualys.com; https://qualysguard.qualys.eu; https://portal.qualys.eu; qualysguard.qg3.apps.qualys.com; portal.qg3.apps.qualys.com; and https://portal.qualys.com (collectively referred to as "Qualys Web sites").


Qualys Web sites may contain links to other Web sites. Qualys is not responsible for the information practices or the content of such other Web sites. Qualys encourages you to review the privacy statements of other Web sites to understand their information practices.


Information We Gather from You – Personal Information

There are three ways in which you may explicitly and intentionally provide us with and consent to our collection of certain personal information:


Under no circumstances do we collect any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sex life.


Statistical Information About Your Visit

When you visit Qualys Web sites, our systems collect personal information (in the manner described above) and statistical or non-personally identifiable information about your visit to our sites (e.g. IP address, pages visited, origin of visitor domains, and types of browsers used). However, unless you actively submit personal information, we do not typically identify you via the non-personally identifiable information. Notwithstanding the foregoing, to the extent permitted by applicable law, we reserve the right to combine non-personally information with personal information that you have actively submitted.


Use of Cookies

We use "cookies" as described in this section. A "cookie" is a piece of information that our Web site sends to your browser, which then stores this information on your system. If a cookie is used, our Web site we will be able to "remember" information about you and your preferences either until you exit your current browser window (if the cookie is temporary) or until you disable or delete the cookie. Many users prefer to use cookies in order to help them navigate a Web site as seamlessly as possible. You should be aware that cookies contain no more information than you volunteer, and they are not able to "invade" your hard drive and return to the sender personal or other information from your computer. If you do not want Qualys to deploy cookies in your browser, you can set your browser to reject cookies or to notify you when a website tries to put a cookie in your browser software. Rejecting cookies may affect your ability to use of some of our products and/or services.


Our uses of "cookies" are limited to the following specific situations. The first situation is with respect to temporary cookies. There are two instances in which we use temporary cookies. First, if you are accessing our services through one of our online applications our Web server may automatically send your browser a temporary cookie, which is used to help your browser navigate our site. The only information contained in these temporary cookies is a direction value that lets our system determine which page to show when you hit the back button in your browser. This bit of information is erased when you close your current browser window. If you come to our site from one of our business or advertising partners, our Web server may also send your browser a temporary cookie that reflects an "origination code" for that partner. We use this information for statistical and marketing purposes.


List of Temporary Cookies:

leadsource, referer, link   Indicates the origination code.
kw   Indicates the keyword, similar to the origination code.
JSESSIONID, DWRSESSIONID   Used by Qualys Community and/or SSL Labs for session tracking.
QualysSession, quickstart, QualysSession_notification_div   Used by QualysGuard for session tracking and management.
jive.server.info, jive.user.loggedin   Used by Qualys Community to remember whether logged in and into which back-end server.

The second situation in which we may use cookies is with respect to permanent cookies. This type of cookie remains on your system, although you can always delete or disable it through your browser preferences. There are two instances in which we use a permanent cookie. First, when you visit our Web site and request documentation or a response from us. When you are filling out a form you may be given the option of having our Web site deliver a cookie to your local hard drive. You might choose to receive this type of cookie in order to save time in filling out forms and/or revisiting our Web site. We only send this type of cookie to your browser when you have checked a checkbox on the form with the caption "Please remember my profile information on this computer" when submitting information or communicating with us. The second instance where we use a permanent cookie is where we track traffic patterns on our site. Analysis of the collected information by our tracking technologies allows us to improve our web site and the user experience. In both instances of a persistent cookie, if you choose not to accept the cookie, you will still be able to use our Web site. Even if you choose to receive this type of cookie, you can always set your browser to notify you when you receive any cookie, giving you the chance to decide whether to accept it in each situation in which one is sent.


List of Permanent Cookies:

ELOQUA, ELQSTATUS   For visitor tracking across multiple Qualys websites.
_utma, _utmb, _utmc, _utmv, _utmz   For Google Analytics across multiple Qualys websites.
jive.recentHistory, jive_wysiwygtext_height   Used by Qualys Community to remember user preferences.
sua_name, uid, page_visit_cnt   Used by Qualys BrowserCheck for functionality.

Some Qualys pages use cookies that permit select third party partners, including Google and Eloqua, to provide you Qualys related content, including Qualys advertisements, on their sites or elsewhere on the Internet. This is based on your prior visits to the Qualys site.


Additionally, third parties may use cookies to allow you to link to social networking sites like Facebook and LinkedIn. As noted above, you can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. You can control whether or not these cookies are used, but preventing them may stop us from offering you some services. Alternatively you may use the third parties' own tools to prevent these cookies. You may also opt out of Google's use of cookies by visiting http://www.google.com/privacy/ads/.


List of Third Party Cookies: Various third-party cookies are set by the following entities and used for statistical and marketing purposes: LivePerson (http://liveperson.net) and Adroll (http://d.adroll.com).


Web Beacons

Qualys uses Web beacons alone or in conjunction with cookies to compile information about Customers and site visitors' usage of the site and interaction with emails from Qualys. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, Qualys may place Web beacons in marketing emails that collect information when you click on a link in the email that directs you to Qualys' site. We use Web beacons to operate and improve Qualys' site and email communications. Qualys may use information from Web beacons in combination with data about Qualys to provide you with information about Qualys and the Qualys Services.


Information Sharing

We will share your personal information with third parties only in the ways that are described in this privacy statement. We do not sell your personal information to third parties. In some cases Qualys uses suppliers to collect, use, analyze and otherwise process information on its behalf. It is Qualys' practice to require such suppliers and other service providers to handle information in a manner consistent with Qualys' policies and to use your personal information only as necessary to provide these services to us.


We may also disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process. When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We may also disclose your personal information if Qualys, Inc. is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.


Qualys Supported Blogs and Forums

If you use a blog or forum, or other chat tool on this Web site, you should be aware that any personal information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. Qualys is not responsible for the personal information you choose to submit in these forums. You are also responsible for using these forums in a manner consistent with the applicable Terms of Use or other terms and conditions set forth on the relevant forum site. To request removal of your personal information from our blog or community forum, please contact the Qualys Safe Harbor Contact as described below. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.


Testimonials

We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact the Qualys Safe Harbor Contact as described below.


Surveys

From time-to-time we may request information from customers via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Survey information will be used for improving our customer service and service offerings. The feedback and data we collect from these surveys is aggregated and we do not single-out individual responses unless the respondent chooses to be identified.


Social Media Widgets

Our web site includes social media features, such as the Facebook Like button and widgets, such as the ShareThis button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our web site. Your interactions with these features are governed by the privacy statement of the company providing it.


Public Profiles

The profile you create on our site will be publically accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.


Your Ability to Opt-Out of Further Notifications

From time to time, we notify visitors of our Sites of new products, announcements, upgrades and updates unless you have opted out of these notices. If you would like to opt-out of being notified, please contact us at the address given at the end of this Privacy Statement.


If you would like to change your preferences online, please visit http://www.qualys.com/company/compref/. Please be aware that you may not opt out of receiving information regarding the security, initial use, expiration, product enhancement or migration of our products or services.


Access or Update Personal Information

If your personally identifiable information changes, or if you no longer desire our service, you may correct, update, amend, delete or deactivate it by making the change on your member information page or by emailing our Customer Support at the contact information listed below. We will respond to your request to access to personal information within 30 days.


We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.


Our Security Procedures

We consider the protection of all personal information we receive from our Web site visitors and customers as critical. Please be assured that we have security measures in place to protect against the loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information. In order to try to minimize this risk, we encrypt all information that you submit in ordering our services using the Secure Sockets Layer (SSL) protocol. Our security procedures are also subject to at least an annual SSAE 16 or industry standard alternative audit by an internationally-recognized accounting firm. If you have questions about security, please contact us at the information provided below.


Information Related to Data Collected through the QualysGuard Platform

Qualys collects information under the direction of its clients, and has no direct relationship with the individuals whose personal data it processes.

There are three ways in which you may explicitly and intentionally provide us with and consent to our collection of certain personal information:




QUALYS SAFE HARBOR NOTICE


Scope of Safe Harbor Certification

Qualys, Inc. complies with the U.S.–E.U. Safe Harbor framework and the U.S.–Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Qualys, Inc. has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Qualys, Inc.’s certification, please visit http://www.export.gov/safeharbor/.


Qualys, Inc. recognizes that the European Community has established a data protection regime pursuant to Directive 95/46/EC, which applies to the European Economic Area ("EEA") and restricts companies in the EEA in transferring personal data about individuals in the EEA to the United States, unless there is "adequate protection" for such personal data when it is received in the United States. To create such "adequate protection" and to overcome the restriction on international data transfers established by the Directive, Qualys adheres to the Safe Harbor Privacy Principles published by US Department of Commerce ("Safe Harbor Principles") with respect to personal data about individuals in the EEA that subsidiaries, customers, suppliers and other businesses in the EEA send to Qualys.


Scope of this Notice

This Notice does not apply to employees of Qualys; this Notice addresses other data subjects residing in the EEA ("EEA Persons") whose data Qualys may receive from one of its subsidiaries, customers, suppliers or other businesses in the EEA, e.g., customers' procurement managers, suppliers' sales representatives, individual independent contractors, EEA residents who are mentioned or referred to in documents to be produced in pre-trial discovery proceedings, etc.


Categories of EEA Data

Qualys collects data processing and advisory services largely for businesses and rarely if ever for consumers. Thus, Qualys receives mostly business-related information from the EEA. Occasionally, Qualys also receives contact information related to individual representatives of businesses with whom Qualys is dealing (including, without limitation, names, addresses, work phone numbers, work email addresses, etc.), and, in connection with our managed document review and advisory services, Qualys processes data that may be relating to EEA residents on behalf of, and in accordance with instructions from, customers (collectively "EEA Data"). Since EEA Data covered by this Notice is by definition sent to Qualys by another company in the EEA (e.g., a supplier to Qualys), the categories of data sent and the purposes of processing often depend on such other company, with whom the EEA Persons typically have a closer employment, business or other relationship (and which therefore, can provide additional information on categories of data shared with us).


Purposes

Qualys collects and uses EEA Data for purposes of providing data processing and advisory services to its customers, communicating with corporate business partners about business matters, processing EEA Data on behalf of corporate customers, transmitting marketing emails and performing other marketing activities, and conducting related tasks for legitimate business purposes.


Disclosure

Qualys shares EEA Data with affiliates and contractors, which process EEA Data on behalf of Qualys. Qualys also shares EEA Data with other third parties for the purposes for which Qualys receives the EEA Data (e.g., performance of contractual obligations) and as required or permitted by law.


With respect to marketing emails, EEA Persons may opt-out of receiving further email marketing communications from Qualys by sending an email to unsubscribe@qualys.com, or by following opt-out instructions that are contained in each marketing email. EEA Persons may also send an email to this address to ask to opt-out of disclosures to third parties, but such a limitation on data sharing may make it difficult or impossible for Qualys to provide the requested services. Notwithstanding other statements in this General EEA Safe Harbor Notice, Qualys may disclose EEA Data where it is legally required to disclose (e.g., under statutes, contracts or otherwise) or the disclosure is permitted by law and Qualys has a legitimate business interest in such disclosure.


Access and Review

EEA Persons whose EEA Data Qualys holds may request access to, and the opportunity to update, correct or delete some or all of the EEA Data that Qualys holds about them. To submit such requests or raise any other questions, please contact the Qualys Safe Harbor Contact as described below. Qualys reserves the right to take appropriate steps to authenticate an applicant's identity, charge an adequate fee before providing access and deny requests, except as required by the Safe Harbor Principles.


Changes To This Statement

We may update this privacy statement to reflect changes to our information practices. If we make any material changes we will notify you by email or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.


Contact Information

If you have questions about Qualys' Privacy Statement, please contact our Qualys Safe Harbor Privacy Administrator at 1600 Bridge Parkway, Redwood City, CA 94065, telephone: 650.801.6100, or fax: 650.801.6101; or email us at safeharbor@qualys.com.


If you have a comment or concern that cannot be resolved with Qualys directly, you may contact the competent local data protection authority in your EEA Member State.

Stay Connected with Qualys
Free Tools & Trials
Qualys Community
Other Links