Cloud Platform
Community
Support

Qualys Privacy Statement

Version 2.9 – Effective May 25, 2018

TRUSTe

Overview

Qualys®, Inc. (Qualys) respects your right to privacy and your desire to control your personal data that you share with us. We have developed this Privacy Statement to inform you about our privacy practices for our public-facing Sites (“The Sites”). This Privacy Statement describes how Qualys collects, uses, shares, and secures the personal information you provide to Qualys through The Sites, and other than through Qualys’ Cloud Services. It also describes your choices regarding the use, access, and collection of your personal information. This Privacy Statement is not applicable to any of Qualys’ Cloud Services which are governed by our Master Cloud Services Agreement.

GDPR

If you are a citizen of a country that is subject to the protections of GDPR, then please see this EEA Supplement Privacy Policy. The EEA Supplement Privacy Policy addresses both The Sites and the Cloud Services.

Information We Gather from You – Personal Information

There are two ways in which you may explicitly and intentionally provide us with and consent to our collection of certain personal information:

  • E-mail Request for Information or Registrations for Guides or Seminars – We use links throughout our site to provide you with the opportunity to contact us via e-mail to ask questions, request information and materials, register or sign up for guides, seminars, training classes or provide comments and suggestions. You may also be offered the opportunity to have one of our representatives contact you personally to provide additional information about our services. To do so, we may request additional personal information from you, such as your name, telephone number, and other address information, to help us satisfy your request.
  • Recruitment and Employment – You may choose to provide us with information about yourself, such as a résumé or other employment-related information in connection with a job application or inquiry, whether advertised on the Qualys site or as otherwise provided by Qualys. Qualys may use this information throughout Qualys and its related entities for the purpose of employment consideration or as you inquire.

Statistical Information About Your Visit

When you visit The Sites, our systems collect personal information (in the manner described above) and statistical or non-personally identifiable information about your visit to The Sites (e. g., IP address, pages visited, origin of visitor domains, and types of browsers used). However, unless you actively submit personal information, we do not typically identify you via the non-personally identifiable information. Notwithstanding the foregoing, to the extent permitted by applicable law, we reserve the right to combine non-personal information with personal information that you have actively submitted.

Use of Cookies

Qualys and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. A “cookie” is a piece of information that The Sites send to your browser. Your browser stores the cookie on your system. The cookie will allow Qualys to remember information about you and your preferences until either you exit your current browser window (if the cookie is temporary) or you disable or delete the cookie. Many users prefer to use cookies in order to help them navigate a website as seamlessly as possible. You should be aware that cookies contain no more information than you volunteer, and they are not able to “invade” your hard drive and return personal or other information from your computer. If you do not want Qualys to deploy cookies in your browser, you can set your browser to reject cookies or to notify you when a website tries to put a cookie in your browser software. Rejecting cookies may affect your ability to use some of our products and/or services.

Please see our cookies policy.

Web Beacons

Qualys uses web beacons alone or in conjunction with cookies to compile information about site visitors’ usage of the site and interaction with emails from Qualys. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular website tied to the web beacon, and a description of a website tied to the web beacon. For example, Qualys may place web beacons in marketing emails that collect information when you click on a link in the email that directs you to Qualys’ site. We use web beacons to operate and improve Qualys’ site and email communications. Qualys may use information from web beacons in combination with data about Qualys to provide you with information about Qualys and the Qualys Services.

Information Sharing

We will share your personal information with third parties only in the ways that are described in this privacy statement. We do not sell your personal information to third parties. In some cases, Qualys uses suppliers to collect, use, analyze, and otherwise process information on its behalf. It is Qualys’ practice to require such suppliers and other service providers to handle information in a manner consistent with Qualys’ policies and to use your personal information only as necessary to provide these services to us.

We may also disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We may also disclose your personal information if Qualys, Inc. is involved in a merger, acquisition, or sale of all or a portion of its assets.

Qualys Supported Blogs and Forums

If you use a blog, forum, or other chat tool on a Qualys Website, you should be aware that any personal information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. Qualys is not responsible for the personal information you choose to submit in these forums. You are also responsible for using these forums in a manner consistent with the applicable Terms of Use or other terms and conditions set forth on the relevant forum site. To request removal of your personal information from our blog or community forum, please contact Qualys as described below. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

Testimonials

We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact Qualys as described below.

Surveys

From time-to-time we may request information via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Survey information will be used for improving our customer service and service offerings. The feedback and data we collect from these surveys are aggregated and we do not single out individual responses, unless the respondent chooses to be identified.

Social Media Widgets

The Sites include social media features. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features are hosted either by a third party or directly on The Sites. Your interactions with these features are governed by the privacy statement of the company providing it.

Public Profiles

The profile you create on a Qualys Website will be publically accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.

Your Ability to Opt-Out of Further Notifications

From time to time, we notify visitors to The Sites of new products, announcements, upgrades, and updates unless you have opted out of these notices. If you would like to opt-out of being notified, please contact us at the address given at the end of this Privacy Statement.

If you would like to change your preferences online, please visit https://www.qualys.com/communication-preferences/.

Access or Update Personal Information

If your personal information changes, then please contact us at privacy@qualys.com.

Our Security Procedures

We consider the protection of all personal information we receive from Qualys Website visitors as critical. Please be assured that we have implemented appropriate security measures in place to protect against the unauthorized loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information. In order to try to minimize this risk, we encrypt all information that you submit in ordering our services using the Secure Sockets Layer (SSL) protocol. Our security procedures are also subject to an annual SSAE 18 SOC1 and SOC 2 industry-standard audits by an internationally recognized accounting firm. If you have questions about security, please contact us at the information provided below.

Qualys collects information and has no direct relationship with the individuals whose personal data it processes. In accordance with applicable law, Qualys will retain personal data you provide for marketing purposes and to respond to the requests that you have made from Qualys and use this personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you are a client of one of our customers and would no longer like to be contacted by such customer, please contact the customer that you interact with directly.

  • Service Provider, Sub-Processors/Onward Transfer – Qualys may transfer personal information to companies that provide services to Qualys. Transfers to subsequent third parties are covered by the provisions in this statement regarding notice and choice and the service agreements with our customers.

Qualys Privacy Shield Notice

Before May 25, 2018, Qualys complies with the European Community’s data protection regime pursuant to Directive 95/46/EC, which applies to the European Economic Area (“EEA”) and restricts companies in the EEA in transferring personal data about individuals in the EEA to the United States, unless there is “adequate protection” for such personal data when it is received in the United States.

GDPR

On and after May 25, 2018, Qualys shall comply with the Regulation 2016/679, the “General Data Protection Regulation” (“GDPR”) of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, The GDPR supersedes EU Data Protection Directive (also known as Directive 95/46/EC). For persons subject to GDPR please see the EEA Supplement here.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

Qualys participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Qualys is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.

Qualys complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. Under those provisions and under certain circumstances, Qualys is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Qualys is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Qualys may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Scope of this Notice

This Notice does not apply to employees of Qualys; this Notice addresses other data subjects residing in the EEA and Switzerland (“EEA and Swiss Persons”) whose data Qualys may receive from one of its subsidiaries, prospects, customers, suppliers or other businesses in the EEA or Switzerland, e. g., prospects’ procurement managers, suppliers’ sales representatives, individual independent contractors, and EEA and Swiss residents who are mentioned or referred to in documents to be produced in pre-trial discovery proceedings, etc.

Categories of EEA and Swiss Data

Qualys collects data processing and advisory services largely for businesses and rarely if ever for consumers. Thus, Qualys solely receives business-related information from the EEA and Switzerland. Occasionally, Qualys also receives contact information related to individual representatives of businesses with whom Qualys is dealing (including, without limitation, names, addresses, work phone numbers, work email addresses, etc.), and, in connection with our managed document review and advisory services, Qualys processes data that may be relating to EEA and Swiss residents on behalf of, and in accordance with instructions from, prospects (collectively “EEA and Swiss Data”). Since EEA and Swiss Data covered by this Notice is by definition sent to Qualys by another company in the EEA or Switzerland (e.g., a supplier to Qualys), the categories of data sent and the purposes of processing often depend on such other company, with whom the EEA or Swiss Persons typically have a closer employment, business or other relationship (and which therefore, can provide additional information on categories of data shared with us).

Purposes

Qualys collects and uses EEA and Swiss Data for purposes of providing data processing and advisory services to its prospects, communicating with corporate business partners about business matters, processing EEA and Swiss Data on behalf of corporate prospects, transmitting marketing emails and performing other marketing activities, and conducting related tasks for legitimate business purposes.

Disclosure

Qualys shares EEA and Swiss Data with affiliates and contractors, which process EEA and Swiss Data on behalf of Qualys. Qualys also shares EEA and Swiss Data with other third parties for the purposes for which Qualys receives the EEA and Swiss Data (e.g., performance of contractual obligations) and as required or permitted by law.

With respect to marketing emails, EEA and Swiss Persons may opt-out of receiving further email marketing communications from Qualys by sending an email to unsubscribe@qualys.com, or by following opt-out instructions that are contained in each marketing email. EEA and Swiss Persons may also send an email to this address to ask to opt-out of disclosures to third parties, but such a limitation on data sharing may make it difficult or impossible for Qualys to provide the requested services. Notwithstanding other statements in this Notice, Qualys may disclose EEA and Swiss Data where it is legally required to disclose (e.g., under statutes, contracts or otherwise) or the disclosure is permitted by law and Qualys has a legitimate business interest in such disclosure.

Access and Review

EEA and Swiss Persons whose EEA and Swiss Data Qualys holds may request access to, and the opportunity to update, correct or delete some or all of the EEA and Swiss Data that Qualys holds about them. To submit such requests or raise any other questions, please contact Qualys as described below. Qualys reserves the right to take appropriate steps to authenticate an applicant’s identity, charge an adequate fee before providing access and deny requests, except as required by the Privacy Shield Framework.

Qualys complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Qualys has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

Changes to This Statement

We may update this privacy statement to reflect changes to our information practices. If we make any material changes, we will notify you by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Information

If you have questions about Qualys’ Privacy Statement, please contact our Qualys Privacy Administrator at 919 E. Hillsdale Blvd., 4th Floor, Foster City, CA 94404, USA, telephone: +1 650 801 6100, or fax: +1 650 801 6101; or email us at privacy@qualys.com.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.