Qualys Privacy Statement

Overview

We, Qualys®, Inc. and our affiliates (“Qualys”, Company, “we”, “us” or “our”) respect your right to privacy and your desire to control your Personal Information that you share with us. Personal Information shall mean any information which is related to an identified or identifiable natural person. We have developed this Privacy Statement to inform you about our privacy practices for our public-facing websites (“Sites”), marketing events, products and services we provide (collectively, the “Services”). This Privacy Statement describes how Qualys collects, uses, shares, discloses and processes the Personal Information you provide to Qualys through the Sites, and other than through use and access of Services. It also describes your choices regarding the use, access, and collection of your Personal Information. This Privacy Statement does not apply to our processing of Personal Information or personal data provided by our customers through the contractual provision of our cloud services or use of our products by such customers.

GDPR

If you are a located in European Economic Area (“EEA”) and are subject to the protections of European Union’s (EU) General Data Protection Regulation 2016/679 (“GDPR”), then please see this EEA Supplement Privacy Policy. The EEA Supplement Privacy Policy addresses both the Sites and the Services. The term “Personal Information” used in this Privacy Statement includes all “personal data”, as defined under the GDPR, and any applicable national implementing laws, as amended from time to time.

Notice at Collection

Below are some ways in which you may submit your Personal Information to Qualys:

• Email request for information or registration for guides or seminars – We use links throughout our Sites to provide you with the opportunity to contact, ask questions, request information and materials, register or sign up for guides, seminars, training classes or provide comments and suggestions. You may also be offered the opportunity to have one of our representatives contact you personally to provide additional information about our Services. To do so, we may request certain Personal Information from you, such as your name, title, telephone number, job functions, post addresses, email address, browser and device information and other address information, to help us satisfy your request. This also includes information provided in order to subscribe to any of our newsletters (such as email address) or contact information provided on our Services.
• Account Information – We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services. You may provide contact information including but not limited to billing information, when you create an account. You may also provide information such as display name, display picture, job title, and other details for creation of your account. We keep track of your preferences when you select settings within the account.
• Recruitment and Employment – You may choose to provide us with Personal Information, such as a resume or other employment-related information in connection with a job application or inquiry, whether advertised on the Sites or as otherwise provided by Qualys. Qualys may use this information throughout Qualys and its related entities for the purpose of employment consideration or as you inquire.
• Inquiry and Communications Information - From time to time we may request information via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether to disclose Personal Information. Survey Personal Information will be used to improve our customer service and service offerings. The feedback and data we collect from these surveys are aggregated and we do not single out individual responses unless the respondent chooses to be identified.
• Information submitted through the Site – We may collect Personal Information through the content that you submit on the Sites, which include social media or social networking websites operated by us. For example, you may provide Personal Information to us when you provide responses or feedback to a social media event or survey.
• Audio or Visual Information – We may collect Personal Information through an audio or visual recordings provided by you on our Site which include social media or social networking websites operated by us. We may collect such audio or visual recording information through our sales, customer service or support calls. Audio or visual information would also include your photographs that you voluntarily consent to provide in connection with reviews of and contests, sweepstakes, surveys, webcasts, and events involving our Services.
• Payment Information – We would receive certain Personal Information related to payment and billing information when you register for certain paid Services. We would require a representative to register for billing and payments and for which we would need his/her name and contact information or other Personal Information. We may receive payment information, such as payment card details, which we collect via secure payment processing service provider or directly though you.
• Third Party – We may receive your Personal Information from third parties, which we may combine with Personal Information we collect from you. This may include Personal Information which we receive if you interact on Sites or with our Services. This may also include Personal Information which we receive from our business partners or service providers that perform services on our behalf, such as surveys, marketing events or payment processors.
• Social Media – We may collect Personal Information when you interact with us through various social media networks, such as Facebook, Google, LinkedIn, Twitter or other social networks. We may receive some of your Personal Information directly from social media companies, if you have permitted these social media networks to share your Personal Information with third parties. The information we receive is dependent on the privacy settings which you have accepted with the social media companies.
• Other Sources – We may also collect your Personal Information through publicly available sources, third-party data providers, brand partnerships, or through transactions such as mergers and acquisitions.

Automatic Collection Of Personal Information

• Statistical Information – When you visit the Sites, our systems collect Personal Information (in the manner described above) and statistical or non-personally identifiable information about your visit to the Sites (e. g., IP address, pages visited, origin of visitor domains, and types of browsers used). However, unless you actively submit Personal Information, we do not typically identify you via the non-personally identifiable information. Notwithstanding the foregoing, to the extent permitted by applicable laws, we reserve the right to combine non-Personal Information with Personal Information that you have actively submitted.
• Web Beacons - Qualys uses web beacons alone or in conjunction with cookies to compile information about site visitors’ usage of the Site and interaction with emails from Qualys. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular website tied to the web beacon, and a description of a website tied to the web beacon. For example, Qualys may place web beacons in marketing emails that collect information when you click on a link in the email that directs you to Qualys’ site. We use web beacons to operate and improve Qualys’ site and email communications. Qualys may use information from web beacons in combination with data about Qualys to provide you with information about Qualys and the Qualys Services.

How We Use The Personal Information

Personal Information is collected or received to:

• Provide customer support for our Services;
• Manage our day-to-day business operations;
• Allow you to access and create user accounts and access our cloud platform;
• Communicate with you via email, social media and/or telephone;
• Operate, maintain and improve our Services or Sites;
• Deliver the Services you request and manage your account, including to communicate with you regarding your account on our Sites or your evaluation license;
• For marketing and advertising purposes;
• To improve customer service and service offerings;
• Register you for and provide you access to events and seminars;
• Comply with contractual and legal obligations and requirements; and
• For any other lawful purpose, or other purpose to which you consent.

Information Sharing

We may share your Personal Information as follows:

• Third Party Service Provider – Qualys shares information with third party service providers that help us operate, provide, improve, analyze, integrate, customize, support, distribute, market our Services or related infrastructure service providers (such as Oracle public cloud or Amazon Web Services). This includes service providers who provide consulting, sales, support, and technical services. It is Qualys’ practice to require such suppliers and other service providers to handle Personal Information in a manner consistent with Qualys’ policies and to use your Personal Information only as necessary to provide these Services to us. Qualys does not sell your Personal Information to third parties. These third parties also include entities who assist us in delivering our contests, sweepstakes, or survey offerings and processing the responses.
• Third Party Advertisers - We may share Personal Information with our advertising networks or advertising service providers that require the information to select and serve relevant advertisements to you and others.
• Affiliates - We may share your Personal Information with other affiliated companies owned or controlled by Qualys or companies that are under common control as Qualys.
• Customer Support or Services - We may share Personal Information with third parties who assist us in providing our customer support or services and facilitating our communications with you in relation to an inquiry that you may submit.
• Information Shared for Conference Registration - When you register for a Qualys Security Conference or any other similar event or conference, an account may be created in third-party website, Qualys’ online event provider, with all the information that you entered. This account will allow you to access the platform and the attendees’ list to network before, during and after the event. For further information on your data processing and your rights regarding the information you entered for Qualys Security Conference, please refer to the privacy policy of the applicable third-party provider.
• Community and Blogs - If you participate in any of our online communities or purchase goods or services via our Services, we may disclose your publicly available profile information to other online community members, as well as any other information you choose to provide or make public.
• Digital Marketing - We periodically appoint digital marketing agents to conduct marketing activity on our behalf, and such activity may result in the compliant processing of your Personal Information.
• Legal Requirements - We may also disclose your Personal Information as required by law, such as to comply with a subpoena, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We may also disclose your Personal Information if Qualys, Inc. is involved in a merger, acquisition, or sale of all or a portion of its assets.
• Consent - We may disclose your Personal Information to certain other third parties (including but not limited to the third parties listed below) or publicly with your consent or direction. For example, with your consent or direction, we may post your testimonial on our Sites or service-related documentation.

Your Ability To Access Or Delete Personal Information

In accordance with applicable privacy laws, you may have the following rights regarding your Personal Information. If you wish to request access to, update, correct, or delete your Personal Information, please contact us at privacy@qualys.com. We reserve the right to take appropriate steps to authenticate the applicant’s identity. We will respond to your request within a reasonable timeframe. You may request an erasure of your Personal Information, when the information we hold about you is no longer relevant or is incorrect.

Your Ability To Opt-out Of Further Notifications

From time to time, we notify visitors to the Sites of new products, announcements, upgrades, and updates unless you have opted out of these notices. If you would like to opt-out of being notified, please contact us at privacy@qualys.com.

If you would like to change your preferences online, please visit https://www.qualys.com/communication-preferences/.

Use of Cookies

Please see our cookies policy.

Public Profiles

The profile you create on the Sites will be publicly accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.

Our Security Procedures

We consider the protection of all Personal Information we receive from the Sites visitors, as critical. Please be assured that we have implemented appropriate security measures to protect against the unauthorized loss, misuse, and alteration of any Personal Information we receive from you. There is always some element of risk involved in sending Personal Information over the internet, therefore we advise you not to communicate your confidential or sensitive information to us.

Data Retention

The Personal Information received from you is not stored longer than necessary for the purposes set out in this Privacy Statement or in accordance with our legal obligations and legitimate business interests. In the event the personal information is subject to the EU GDPR or UK GDPR, the retention period for such personal information will be based on the legal basis under which we process such personal information:

Contractual Obligation

The Personal Information is processed during the term of the respective contract. We generally will retain your Personal Information data for the duration of the contract and some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from our contractual relationship.

Consent

Where we are processing Personal Information based on your consent, we generally will retain your Personal Information until you withdraw your consent, or otherwise for the period within which we provide the applicable services to you and for which we are required to process that Personal Information.

Children’s Personal Information

Our Services are not intended for children under the age of eighteen (18) years. We do not intend to collect or receive Personal Information from children under the age of eighteen (18). If you are under the age of eighteen (18), then you should not use our Services or otherwise provide us with any Personal Information either directly or by other means. We are not liable for Personal Information provided to us by a person who under the age of eighteen (18). If a child under the age of eighteen (18) has provided Personal Information to us, we encourage the child’s parent or guardian to contact us to request that we remove the Personal Information.

California Privacy Notice

This California Privacy Notice (“CA Notice”) supplements the information contained in our Privacy Statement above and applies only to residents of the State of California.

This CA Notice informs you what Personal Information we collect, use, share and otherwise process, as well as your rights regarding your Personal Information.

Unless otherwise expressly stated, all terms in this CA Notice have the same meaning as defined in our Privacy Statement or as otherwise defined in the CCPA.

Collection And Use Of Personal Information

The Personal Information we collect is described above in “OUR COLLECTION OF PERSONAL INFORMATION” and “AUTOMATIC COLLECTION OF PERSONAL INFORMATION”. Our use of this Personal Information is described above in “HOW WE USE THIS PERSONAL INFORMATION”.

How Long We Retain Data For

The period for which Qualys retains your Personal Information depends on the type of information collected. After your Personal Information is no longer needed for its purpose, it is either deleted or de-identified or, if that is not possible, then Qualys will securely store your information and isolate it from any further use until deletion is possible.

How We Share Your Information

Qualys may share your information to third parties for business purposes. Please refer to “INFORMATION SHARING” above for more information about our sharing practices.

Your California Privacy Rights

In accordance with California privacy laws, you have the following rights regarding your Personal Information. If you wish to request access to, update, correct, delete or opt-out of the sharing of your Personal Information then please contact us at privacy@qualys.com. We reserve the right to take appropriate steps to authenticate the applicant’s identity. We will respond to your request within a reasonable timeframe.

If you are a job applicant and have any questions or concerns about the use of your personal information, please notify us by using the contact details provided at the bottom of the Candidate Privacy Notice.

US Data Privacy Framework

Qualys complies with the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively, the “Principles”) regarding the collection, use, and retention of Personal Information transferred from the European Union and Switzerland to the United States.

Qualys has certified to the U.S. Department of Commerce that it adheres to the principles. If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles shall govern. To learn more about the Data Privacy Framework, and to view our certification, please visit https://www.privacyshield.gov/.

Qualys’s commitments under the Principles are subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC) authority. In compliance with the Principles, Qualys commits to resolve complaints about our collection or use of your Personal Information. EU and Swiss individuals with inquiries or complaints regarding our Privacy policy should first contact Qualys at privacy@qualys.com.

Qualys is responsible for the third-party acts within its control that result in the processing of Personal Information inconsistent with the principles. Qualys maintains contracts with these providers restricting their access, use and disclosure of Personal Information in compliance with our obligations under the principles.

If Qualys has knowledge that a third party to which it has disclosed Personal Information covered by this Policy is processing such Personal Information in a way that is contrary to this Policy and/or the Principles, Qualys will take steps to prevent or stop such processing. Qualys complies with the principles for all onward transfers of Personal Information from the EU and Switzerland, including the onward transfer liability provisions.

Qualys has further committed to refer unresolved Data Privacy Framework complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. Under certain conditions, as further explained in the Data Privacy Framework Principles, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. The services of JAMS are provided at no cost to you.