Privacy Statement
Overview
Qualys® is committed to providing you with excellent service for its QualysGuard® services ("Services"). Because we respect your right to privacy and your desire to control your personal data that you share with us, we have developed this Privacy Statement to inform you about our privacy practices for Qualys.com including related to our Safe Harbor Participation (see "EU Safe Harbor Certification" below). This Privacy Statement is not applicable to any of our other privacy practices, including without limitation, data collected from other Qualys sites or offline. Qualys services may be hosted or provided via partner sites on behalf of Qualys, and if this Qualys Privacy Statement is listed on that site, then it will also apply.
Qualys adheres to the EU Safe Harbor Privacy Principles with respect to certain personal data that it receives about European Union residents in the course of providing Qualys services. Information about Qualys' participation in Safe Harbor can be found below in the section entitled Safe Harbor Notice.
Web Sites Covered
This Privacy Statement applies to Qualys Web sites that link to this Privacy Statement: http://www.qualys.com; https://qualysguard.qualys.com; https://pci.qualys.com; https://freescan.qualys.com; https://sans20.qualys.com; and https://freemap.qualys.com (collectively referred to as "Qualys Web sites").
Qualys Web sites may contain links to other Web sites. Qualys is not responsible for the information practices or the content of such other Web sites. Qualys encourages you to review the privacy statements of other Web sites to understand their information practices.
Information We Gather from You – Personal Information
There are three ways in which you may explicitly and intentionally provide us with and consent to our collection of certain personal information:
- E-mail Request for Information or Registrations for Guides or Seminars – We use links throughout our site to provide you with the opportunity to contact us via e-mail to ask questions, request information and materials, register or sign up for guides, seminars, training classes or provide comments and suggestions. You may also be offered the opportunity to have one of our representatives contact you personally to provide additional information about our services. To do so, we may request additional personal information from you, such as your name, telephone number and other address information, to help us satisfy your request.
- Service Enrollment – If you choose to enroll for one of our Services, we will request certain information from you. Depending on the type of service that you request, you may be asked to provide different personal information. For enrollment in our Services, we may require your name, address (including country, city and state), telephone number, e-mail address, credit card number, bank account information, IP address, IP range, domain name(s), or Web Application URL(s). Other services may require different or supplemental information from you in order to register. For a detailed listing of the type of personal information requested for our various products, please refer to the enrollment page for the particular service.
- Recruitment and Employment – You may choose to provide us with information about yourself, such a resume or other employment related information in connection with a job application or inquiry whether advertised on the Qualys site or as otherwise provided by Qualys. Qualys may use this information throughout Qualys and its related entities for the purpose of employment consideration or as you inquire.
Under no circumstances do we collect any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sex life.
Statistical Information About Your Visit
When you visit Qualys Web sites, our systems collect personal information (in the manner described above) and statistical or non-personally identifiable information about your visit to our sites (e.g. IP address, pages visited, origin of visitor domains, and types of browsers used). However, unless you actively submit personal information, we do not typically identify you via the non-personally identifiable information. Notwithstanding the foregoing, to the extent permitted by applicable law, we reserve the right to combine non-personally information with personal information that you have actively submitted.
Use of Cookies
We use "cookies" as described in this section. A "cookie" is a piece of information that our Web site sends to your browser, which then stores this information on your system. If a cookie is used, our Web site we will be able to "remember" information about you and your preferences either until you exit your current browser window (if the cookie is temporary) or until you disable or delete the cookie. Many users prefer to use cookies in order to help them navigate a Web site as seamlessly as possible. You should be aware that cookies contain no more information than you volunteer, and they are not able to "invade" your hard drive and return to the sender personal or other information from your computer.
Our uses of "cookies" are limited to the following specific situations. The first situation is with respect to temporary cookies. There are two instances in which we use temporary cookies. First, if you are accessing our services through one of our online applications our Web server may automatically send your browser a temporary cookie, which is used to help your browser navigate our site. The only information contained in these temporary cookies is a direction value that lets our system determine which page to show when you hit the back button in your browser. This bit of information is erased when you close your current browser window. If you come to our site from one of our business or advertising partners, our Web server may also send your browser a temporary cookie that reflects an "origination code" for that partner. We use this information for statistical and marketing purposes.
The second situation in which we may use cookies is with respect to permanent cookies. This type of cookie remains on your system, although you can always delete or disable it through your browser preferences. There are two instances in which we use a permanent cookie. First, when you visit our Web site and request documentation or a response from us. When you are filling out a form you may be given the option of having our Web site deliver a cookie to your local hard drive. You might choose to receive this type of cookie in order to save time in filling out forms and/or revisiting our Web site. We only send this type of cookie to your browser when you have checked a checkbox on the form with the caption "Please remember my profile information on this computer" when submitting information or communicating with us. The second instance where we use a permanent cookie is where we track traffic patterns on our site. Analysis of the collected information by our tracking technologies allows us to improve our web site and the user experience. In both instances of a persistent cookie, if you choose not to accept the cookie, you will still be able to use our Web site. Even if you choose to receive this type of cookie, you can always set your browser to notify you when you receive any cookie, giving you the chance to decide whether to accept it in each situation in which one is sent.
Web Beacons
Qualys uses Web beacons alone or in conjunction with cookies to compile information about Customers and site visitors' usage of the site and interaction with emails from Qualys. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, Qualys may place Web beacons in marketing emails that collect information when you click on a link in the email that directs you to Qualys' site. We use Web beacons to operate and improve Qualys' site and email communications. Qualys may use information from Web beacons in combination with data about Qualys to provide you with information about Qualys and the Qualys Services.
Use of Suppliers
In some cases Qualys uses suppliers to collect, use, analyze and otherwise process information on its behalf. It is Qualys' practice to require such suppliers to handle information in a manner consistent with Qualys' policies.
Qualys Supported Blogs and Forums
If you use a blog or forum, or other chat tool on this Web site, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. Qualys is not responsible for the personally identifiable information you choose to submit in these forums. You are also responsible for using these forums in a manner consistent with the applicable Terms of Use or other terms and conditions set forth on the relevant forum site.
Surveys
From time-to-time we may request information from customers via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Survey information will be used for improving our customer service and service offerings. The feedback and data we collect from these surveys is aggregated and we do not single-out individual responses unless the respondent chooses to be identified.
Your Ability to Opt-Out of Further Notifications
From time-to-time, we notify visitors of our Sites of new products, announcements, upgrades and updates unless you have opted out of these notices. If you would like to opt-out of being notified, please contact us at the address given at the end of this Privacy Statement.
If you would like to change your preferences online, please visit http://www.qualys.com/company/compref/. Please be aware that you may not opt out of receiving information regarding the security, initial use, expiration, product enhancement or migration of our products or services.
Our Security Procedures
We consider the protection of all personal information we receive from our Web site visitors and customers as critical. Please be assured that we have security measures in place to protect against the loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information. In order to try to minimize this risk, we encrypt all information that you submit in ordering our services using the Secure Sockets Layer (SSL) protocol. Our security procedures are also subject to at least an annual SAS-70 Type II audit by an internationally-recognized accounting firm.
QUALYS SAFE HARBOR NOTICE
Scope of Safe Harbor Certification
Qualys, Inc. recognizes that the European Community has established a data protection regime pursuant to Directive 95/46/EC, which applies to the European Economic Area ("EEA") and restricts companies in the EEA in transferring personal data about individuals in the EEA to the United States, unless there is "adequate protection" for such personal data when it is received in the United States. To create such "adequate protection" and to overcome the restriction on international data transfers established by the Directive, Qualys adheres to the Safe Harbor Privacy Principles published by US Department of Commerce ("Safe Harbor Principles") with respect to personal data about individuals in the EEA that subsidiaries, customers, suppliers and other businesses in the EEA send to Qualys. Qualys' Safe Harbor Certification does not extend to data that Qualys receives directly through www.qualys.com or other websites (information on Qualys' practices regarding data received through websites is contained in the applicable website privacy statements, if any). More information on the Safe Harbor Principles and Qualys' scope of participation is available at http://www.export.gov/safeharbor/index.asp.
Scope of this Notice
This Notice does not apply to employees of Qualys; this Notice addresses other data subjects residing in the EEA ("EEA Persons") whose data Qualys may receive from one of its subsidiaries, customers, suppliers or other businesses in the EEA, e.g., customers' procurement managers, suppliers' sales representatives, individual independent contractors, EEA residents who are mentioned or referred to in documents to be produced in pre-trial discovery proceedings, etc.
Categories of EEA Data
Qualys collects data processing and advisory services largely for businesses and rarely if ever for consumers. Thus, Qualys receives mostly business-related information from the EEA. Occasionally, Qualys also receives contact information related to individual representatives of businesses with whom Qualys is dealing (including, without limitation, names, addresses, work phone numbers, work email addresses, etc.), and, in connection with our managed document review and advisory services, Qualys processes data that may be relating to EEA residents on behalf of, and in accordance with instructions from, customers (collectively "EEA Data"). Since EEA Data covered by this Notice is by definition sent to Qualys by another company in the EEA (e.g., a supplier to Qualys), the categories of data sent and the purposes of processing often depend on such other company, with whom the EEA Persons typically have a closer employment, business or other relationship (and which therefore, can provide additional information on categories of data shared with us).
Purposes
Qualys collects and uses EEA Data for purposes of providing data processing and advisory services to its customers, communicating with corporate business partners about business matters, processing EEA Data on behalf of corporate customers, transmitting marketing emails and performing other marketing activities, and conducting related tasks for legitimate business purposes.
Disclosure
Qualys shares EEA Data with affiliates and contractors, which process EEA Data on behalf of Qualys. Qualys also shares EEA Data with other third parties for the purposes for which Qualys receives the EEA Data (e.g., performance of contractual obligations) and as required or permitted by law.
With respect to marketing emails, EEA Persons may opt-out of receiving further email marketing communications from Qualys by sending an email to unsubscribe@qualys.com, or by following opt-out instructions that are contained in each marketing email. EEA Persons may also send an email to this address to ask to opt-out of disclosures to third parties, but such a limitation on data sharing may make it difficult or impossible for Qualys to provide the requested services. Notwithstanding other statements in this General EEA Safe Harbor Notice, Qualys may disclose EEA Data where it is legally required to disclose (e.g., under statutes, contracts or otherwise) or the disclosure is permitted by law and Qualys has a legitimate business interest in such disclosure.
Access and Review
EEA Persons whose EEA Data Qualys holds may request access to, and the opportunity to update, correct or delete some or all of the EEA Data that Qualys holds about them. To submit such requests or raise any other questions, please contact the Qualys Safe Harbor Contact as described below. Qualys reserves the right to take appropriate steps to authenticate an applicant's identity, charge an adequate fee before providing access and deny requests, except as required by the Safe Harbor Principles.
Safe Harbor Contact
If you have questions, please contact our Qualys Safe Harbor Privacy Administrator at 1600 Bridge Parkway, Redwood Shores, CA 94065, telephone: 650.801.6100, or fax: 650.801.6101.
If you have a comment or concern that cannot be resolved with Qualys directly, you may contact the competent local data protection authority in your EEA Member State.
