Qualys Privacy Statement

Effective Date: September 10, 2024

Overview

We, Qualys®, Inc. and our affiliates (“Qualys”, Company, “we”, “us” or “our”) respect your right to privacy and your desire to control your Personal Information that you share with us. Personal Information shall mean any information which is related to an identified or identifiable natural person. We have developed this Privacy Statement to inform you about our privacy practices for our public-facing websites (“Sites”), marketing events, products and services we provide (collectively, the “Services”). This Privacy Statement describes how Qualys collects, uses, shares, discloses and processes the Personal Information you provide to Qualys through the Sites, and other than through use and access of Services. It also describes your choices regarding the use, access, and collection of your Personal Information. This Privacy Statement does not apply to our processing of Personal Information or personal data provided by our customers through the contractual provision of our cloud services or use of our products by such customers.

GDPR

If you are a located in European Economic Area (“EEA”) and are subject to the protections of European Union’s (EU) General Data Protection Regulation 2016/679 (“GDPR”), then please see this EEA Supplement Privacy Policy. The EEA Supplement Privacy Policy addresses both the Sites and the Services. The term “Personal Information” used in this Privacy Statement includes all “personal data”, as defined under the GDPR, and any applicable national implementing laws, as amended from time to time.

Notice at Collection

Below are some ways in which you may submit your Personal Information to Qualys:

Automatic Collection Of Personal Information

How We Use The Personal Information

Personal Information is collected or received to:

Information Sharing

We may share your Personal Information as follows:

Your Ability To Access Or Delete Personal Information

In accordance with applicable privacy laws, you may have the following rights regarding your Personal Information. If you wish to request access to, update, correct, opt-out of sharing of, or delete your Personal Information, please visit our Privacy Center or contact us at privacy@qualys.com. We reserve the right to take appropriate steps to authenticate the applicant’s identity. We will respond to your request within a reasonable timeframe. You may request an erasure of your Personal Information, when the information we hold about you is no longer relevant or is incorrect.

Your Ability To Opt-out Of Further Notifications

From time to time, we notify visitors to the Sites of new products, announcements, upgrades, and updates unless you have opted out of these notices. If you would like to opt-out of being notified, please contact us at privacy@qualys.com.

If you would like to change your preferences online, please visit https://www.qualys.com/communication-preferences/.

Use of Cookies

Please see our cookies policy.

Public Profiles

The profile you create on the Sites will be publicly accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.

Our Security Procedures

We consider the protection of all Personal Information we receive from the Sites visitors, as critical. Please be assured that we have implemented appropriate security measures to protect against the unauthorized loss, misuse, and alteration of any Personal Information we receive from you. There is always some element of risk involved in sending Personal Information over the internet, therefore we advise you not to communicate your confidential or sensitive information to us.

Data Retention

The Personal Information received from you is not stored longer than necessary for the purposes set out in this Privacy Statement or in accordance with our legal obligations and legitimate business interests. In the event the personal information is subject to the EU GDPR or UK GDPR, the retention period for such personal information will be based on the legal basis under which we process such personal information:

Contractual Obligation

The Personal Information is processed during the term of the respective contract. We generally will retain your Personal Information data for the duration of the contract and some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from our contractual relationship.

Where we are processing Personal Information based on your consent, we generally will retain your Personal Information until you withdraw your consent, or otherwise for the period within which we provide the applicable services to you and for which we are required to process that Personal Information.

Children’s Personal Information

Our Services are not intended for children under the age of eighteen (18) years. We do not intend to collect or receive Personal Information from children under the age of eighteen (18). If you are under the age of eighteen (18), then you should not use our Services or otherwise provide us with any Personal Information either directly or by other means. We are not liable for Personal Information provided to us by a person who under the age of eighteen (18). If a child under the age of eighteen (18) has provided Personal Information to us, we encourage the child’s parent or guardian to contact us to request that we remove the Personal Information.

California Privacy Notice

This California Privacy Notice (“CA Notice”) supplements the information contained in our Privacy Statement above and applies only to residents of the State of California.

This CA Notice informs you what Personal Information we collect, use, share and otherwise process, as well as your rights regarding your Personal Information.

Unless otherwise expressly stated, all terms in this CA Notice have the same meaning as defined in our Privacy Statement or as otherwise defined in the CCPA.

Collection And Use Of Personal Information

The Personal Information we collect is described above in “OUR COLLECTION OF PERSONAL INFORMATION” and “AUTOMATIC COLLECTION OF PERSONAL INFORMATION”. Our use of this Personal Information is described above in “HOW WE USE THIS PERSONAL INFORMATION”.

How Long We Retain Data For

The period for which Qualys retains your Personal Information depends on the type of information collected. After your Personal Information is no longer needed for its purpose, it is either deleted or de-identified or, if that is not possible, then Qualys will securely store your information and isolate it from any further use until deletion is possible.

How We Share Your Information

Qualys may share your information to third parties for business purposes. Please refer to “INFORMATION SHARING” above for more information about our sharing practices.

Your California Privacy Rights

In accordance with California privacy laws, you have the following rights regarding your Personal Information. If you wish to request access to, update, correct, delete or opt-out of the sharing of your Personal Information then please contact us at privacy@qualys.com. We reserve the right to take appropriate steps to authenticate the applicant’s identity. We will respond to your request within a reasonable timeframe.

If you are a job applicant and have any questions or concerns about the use of your personal information, please notify us by using the contact details provided at the bottom of the Candidate Privacy Notice.

US Data Privacy Framework

Qualys complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively, the “Principles”) regarding the collection, use, and retention of Personal Information transferred from the European Union, Switzerland and United Kingdom (and Gibraltar) to the United States.

Qualys has certified to the U.S. Department of Commerce that it adheres to the principles. If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles shall govern. To learn more about the Data Privacy Framework, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Qualys’s commitments under the Principles are subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC) authority. In compliance with the Principles, Qualys commits to resolve complaints about our collection or use of your Personal Information. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy policy should first contact Qualys at privacy@qualys.com.

Qualys is responsible for the third-party acts within its control that result in the processing of Personal Information inconsistent with the principles. Qualys maintains contracts with these providers restricting their access, use and disclosure of Personal Information in compliance with our obligations under the principles.

If Qualys has knowledge that a third party to which it has disclosed Personal Information covered by this Policy is processing such Personal Information in a way that is contrary to this Policy and/or the Principles, Qualys will take steps to prevent or stop such processing. Qualys complies with the principles for all onward transfers of Personal Information from the EU, the United Kingdom and Switzerland, including the onward transfer liability provisions.

Qualys has further committed to refer unresolved Data Privacy Framework complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. Under certain conditions, as further explained in the Data Privacy Framework Principles, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. The services of JAMS are provided at no cost to you.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Qualys commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.