How Qlik manages privacy in its products
1. Qlik Product Deployment Options
Customers may choose to deploy Qlik's products on-premise or on customer's cloud provider of choice (in either case, "Client-Managed Deployment"), or by utilizing a cloud hosted solution provided and managed by Qlik (“Qlik Cloud”). Some Qlik products may be deployed as a Client-Managed Deployment and on Qlik Cloud. Further information regarding deployment options for Qlik products can be found on www.qlik.com. For confirmation of how your Qlik product is deployed, you should contact your organization's systems administrator/IT department.
2. Qlik Cloud
A. Where is Qlik Cloud hosted?
Qlik Cloud is hosted through a public cloud provider.
Customers can choose at the time of tenant creation the region in which they want their Qlik Cloud content data to reside. Qlik currently has three (3) regions: United States, Ireland or Australia. Primary backups of Qlik Cloud are stored in separate US, EU and APAC. Further backups are stored using another public cloud provider within the same region in which the Qlik Cloud content data and primary backup resides.
B. Can I choose to keep my Qlik Cloud content data in my region (e.g., can EU users ensure their data does not leave the EU)?
When you create a new Qlik Cloud tenant, you can select any of the available regions to store your "at-rest" data. Customers maintain control over access to and disclosure of their apps, through permissions and access granting.
The data will leave your region if:
- you share the data with someone outside your region e.g. sharing data with a colleague in the US; and/or
- you attach personal data to a support case (it is not mandatory to provide Qlik with personal data and we advise that you anonymize the data before sending to Qlik) or if a Qlik employee needs to access a tenant (unlikely) to fix an issue, the employee may access the data from any country where Qlik Affiliates are located. Qlik has in place, internally and with relevant subprocessors, data protection agreements ensuring lawful data transfers. Qlik does not use third parties to provide support for Cloud.
Qlik uses third parties in relation to support services, whose systems may host the data globally. You can find a list of sub-processors on Qlik Community.
C. What personal data is collected when a customer uses Qlik Cloud?
Qlik receives authentication information (e.g., Qlik Account) and usage/statistical data on users of Qlik Cloud to (i) ensure the security, quality and availability of the product (e.g. authentication, server space allocation), (ii) assist with troubleshooting issues, (iii) if you complete a feedback form in the product, contact you for your feedback, and/or (iv) after anonymizing the data, for analytics purposes to ensure quality of service and improve our products.
Customers may use Qlik Cloud’s Hybrid Data Delivery service to continuously stream data in near real-time from on-premise or in a client-managed cloud to Qlik Cloud or another 3rd party cloud destination of the customer’s choosing. Such data is transferred via a landing zone (managed and controlled by the customer) where it is transformed to make it analytics-ready and usable with Qlik’s cloud service offerings. Data streaming by Qlik Cloud Hybrid Data Delivery is a continuous process, initially triggered solely by the customer. Qlik will only host the data from Qlik Cloud’s Hybrid Data Delivery service if the destination chosen by the customer is Qlik Cloud.
Some features of Qlik software (e.g., Insight Advisor) make use web speech API, which are implemented as standard by some modern browsers. To use these features, the user enables voice input for the given web page in the browser. When activated, the browser will send the audio content to a web service selected by the browser provider and return the transcribed text. For example, Google Chrome sends audio files to Google servers, and Microsoft Edge sends audio files to Microsoft Azure. Customers who choose to block access from their users' browsers to these services can ensure that no audio data leaves their premises, and that Qlik features continue to work without the Web Speech capability. Speech and other search features within Qlik's products may store copies of searches to enhance user experience (e.g., for auto-completion purposes of subsequent searches).
E. Content Data Access and Use by Qlik:
A user’s content (the data they input into their tenant) is encrypted at-rest. Under our policies and controls, Qlik employees do not access a user's content in their Qlik Cloud tenant unless (a) the user actively shares it with someone at Qlik (e.g. in a Consulting Services context), or (b) Qlik is invited by the customer to access the individual content for troubleshooting. Only a specific, limited group of Qlik employees can access individual user content to troubleshoot, following an explicit invitation by the customer, and only under strict controls.
F. Architecture & Security:
i. Security: A full description of the Qlik Cloud security features can be found in our Security Paper.
ii. Data retention of content data
Users may at any time delete their applications and the associated content is controlled by the user. Once deleted by the user, all information hosted by Qlik in that application is deleted, with back-ups deleted after a period of time in line with our internal data retention rules. For dormant applications (i.e., applications within accounts that have been inactive for over 12 months), Qlik may delete these applications. Likewise, Qlik Cloud accounts that are inactive for more than 12 months may be deactivated by Qlik.
iii. Who can access content data?
For Qlik Cloud, users have control over who has access to apps shared through their personal spaces and tenant, space and app owners can control who has access to apps created and shared as part of spaces. Customers are solely responsible for how they share or allow access to their content data (with Qlik, internally and/or with third parties) which may be controlled via the customers identity provider (e.g., IDP).
3. Client-Managed Deployments
What data is sent to Qlik by virtue of a customer using any Client-Managed Deployment?
A. License Activation:
i. Data Analytics products: When a Client-Managed Deployment is implemented for Data Analytics products, it may be activated using a License Enabler File (LEF) or Signed Licence Key (SLK). As part of the activation process, the user is required to provide information such as license key number, owner organization and owner name to Qlik via the applicable Client-Managed Deployment for verification and forensic purposes. This information, together with other product-specific non-personal information (e.g., product version, user agent) and the IP address of the device initiating the activation request, is transmitted from the Client-Managed Deployment to Qlik at the time of initial activation and on such future occasions when the product needs to download an updated LEF file (when additional purchased user licenses are activated, for example). Customers may use one of two systems to activate licenses; Signed License Key (QLS) method or the Serial/Control Number. More information regarding QLS can be found here. For licence/entitlement purposes, Qlik may receive personal data (e.g., username, work email, IP address) of the user.
ii. Data Integration products: To activate a Client-Managed Deployment of a Data Integration product a license document provided with purchase needs to be locally registered with the product. The license document identifies technical details, such as machine or network restrictions and the name of the licensed organization unit. No information (including personal information) is transmitted to Qlik in this process.
B. Authentication: Authentication is a process that happens on a per-user basis, once per usage session. Once logged in, the user does not have to authenticate again until the session that tracks the user has timed out or the user chooses to actively log out. The purpose of this authentication process is to verify the identity of the user for governance purposes. Authentication differs from authorization; authentication determines whether a user can access the Client-Managed Deployment at all, whereas authorization determines what the user, once authenticated, can see or do (as determined by the customer’s system administrator (“Admin User”)). Qlik does not receive this data for Client-Managed Deployments.
C. Usage Data: Qlik Sense Mobile and Qlik Sense Enterprise collect installation and usage data on an anonymized basis as described below.
i. Qlik Sense Mobile: Qlik Sense Mobile is capable of collecting administrative, operational and statistical data generated by a user (but not any personal data or personally identifiable information) so that Qlik may optimize, support, improve and promote the product. Users may deactivate and reactivate this collection via the Settings Menu within the product.
Type of Collected Data
When sent to Qlik?
System data such as CPU, RAM, language setting, operating system and version, Qlik sense version, screen size and resolution.
On each install, version upgrade or repair
User data within Qlik Sense applications such as mouse movements, what options are clicked, actions taken by the user, visited areas in the product, view states (analysis, edit, insights), features used or not used.
In real time
iii. Collected Data: Qlik uses the Collected Data for analytics purposes so we may better understand the technical environments in which our software is installed and the behavior of users in our products so that we may optimize, support and improve our products and services. Collected Data is identifiable on a customer (i.e. company name) level but is anonymized on an individual (user) level, and is analyzed on a macro, statistical basis only. As no personal data is collected/processed, privacy laws (e.g., GDPR) do not apply to such collection/processing. Nonetheless, users have the ability at the time of installation/upgrade to opt out. Thereafter, users can later opt out if they so wish by changing the setting in the Qlik Management Console ("QMC"). Further, Admin Users, on behalf of their entire organization, can opt out their entire organization by changing the setting in the QMC. QLS periodically sends to Qlik license usage metrics data, for more information please see here. As part of this process, Qlik receives IdP names of users (which may not be personal data) which Qlik immediately anonymizes. This data is protected by Qlik as the Data Controller of this data under the GDPR in accordance with our data governance rules.
Please see the Qlik Customer Agreement ("QCA") for more details on what information is collected and why.
D. Qlik Log Files & support data
What are Log Files?
Client-Managed Deployments collect operational data, consisting largely of non-personal statistical, demographic and usage data generated by the Qlik product, in log files ("Log Files") that can later be used for auditing, monitoring and troubleshooting. These Log Files may include metadata such as user IDs (which could contain personal data). For Qlik Data Integration products, while the content of the Log Files varies significantly depending on customer-specified logging configurations, it often includes information of servers, network addresses, databases, tables and similar technical data. When the highest level of logging is enabled for Qlik Data Integration products, the Log Files may contain fragments of the data processed by the products, including personal content.
Are Log Files sent to Qlik?
Typically, no. Log Files are saved locally within the customer environment. However, a customer can send Log Files and other data to Qlik to assist with troubleshooting/support issues. Any content sent to Qlik Support is processed only to resolve the support issue, is kept securely and is subject to our access and data retention policies. We recommend that our customers treat Log Files and any other data content sent to Qlik for troubleshooting/support issues in accordance with general IT best practices pertaining to security and access permissions.
Where a customer uses offline mode for QLS, the customer is required to periodically send Log Files to Qlik to identify the number of users of the licenses. Most Qlik product Log Files when provided to Qlik do not contain any personally identifiable information; they typically contain technical data such as server information and network addresses. In line with data minimization best practices, Customers should review any Log Files or similar transmissions before sending to Qlik to remove any personal content. Client-Managed Deployments may be configured via administrative settings to adjust what data is captured in their Log Files. Documentation on Log Files by product type is available on help.qlik.com.
4. Qlik as a Data Processor for customers:
The information below describes when Qlik is a Data Processor and / or Data Controller (as defined under GDPR or analogous legislation).
A. Qlik Cloud:
Qlik is the Data Controller of personal data collected and processed by Qlik to administer, maintain and improve our products, for example authentication data such as usernames and password through Qlik Account, and usage data such as frequency of log-on, usage per day, and traffic/usage per country, etc.. Qlik processes this data to (i) ensure the security, quality and availability of the product (e.g. authentication, server space allocation), (ii) assist with troubleshooting issues, (iii) contact you if you complete a feedback form in the product and ask to be contacted in relation to your feedback, and/or (iv) for analytics purposes to ensure quality of service and improve the products. Qlik also maintains, like all businesses, a database of customer and partner contacts for billing, marketing and other ordinary business purposes. Qlik processes this data in compliance with privacy laws and maintains adequate security protections to protect this data.
If your organization is a party to the QCA, this incorporates a Data Processing Addendum which enables your organization, subject to its terms and receipt by Qlik, to input personal data content into Qlik Cloud. Qlik is the Data Processor of such content personal data. While customers may input personal data under these terms into Qlik Cloud, our terms prohibit the input of PHI, PCI or any other personal data subject to industry-specific regulation. For further information please see the QCA and the Data Processing Addendum. Please note that content inputted into Qlik Cloud is solely controlled by the customer and is encrypted at-rest in the Qlik Cloud tenant.
B. Qlik Client-Managed Deployments
Qlik may collects basic personal data for which it is the Data Controller (e.g., licence data, usage data, etc.). Qlik processes this data to (i) ensure the security, quality and availability of the product (e.g., authentication, server space allocation), (ii) assist with troubleshooting issues, (iii) contact you if you complete a feedback form in the product and ask to be contacted in relation to your feedback, and/or (iv) for analytics purposes to ensure quality of service and improve the products. As is customary, Qlik also maintains a database of customer and partner contact information for billing, marketing and other ordinary business purposes. Qlik holds this data in compliance with relevant data protection laws and ensures adequate security features are in place around these data types.
Qlik is not typically a Data Processor for customers of Client-Managed Deployments. This is because any content a customer chooses to put into or create in the Qlik Client-Managed Deployment stays on the customer's system(s). Qlik does not have access to this content; therefore, the customer, and not Qlik, is the Data Controller (and the Data Processor, where relevant) of this content in data protection law terms. Exceptions to this may exist if, when Qlik provides Support or Consulting services to a customer, and if the customer chooses to share content within the Client-Managed Deployment Products, which happens to contain personal data. Such sharing is at the discretion of the customer and the personal data content should be anonymized or minimized by the customer as per privacy law data anonymization / minimization best-practice. It is therefore not typically necessary for customers to enter into a data processing agreement with Qlik for Client-Managed Deployments. For further question on data processing agreements, please contact email@example.com.
5. Privacy compliance at Qlik
A. Privacy-By-Design and Privacy-By-Default in products
Qlik has implemented Privacy-By-Design and Privacy-By-Default protocols that take privacy concerns into account as a native component of its R&D/Product development process. One example of this is the way Qlik Sense addresses access rights to Qlik applications ("apps") created within the platform: unless the creator of the app or someone with administrator rights affirmatively grants access to the app to other users, by default only the creator of the app will have access to it.
B. General privacy compliance information
Resources & Updates
For further information, please contact your usual Qlik contact or firstname.lastname@example.org
Further information on Qlik’s privacy program can be found at www.qlik.com/us/trust/privacy.
Full list of links used in this document:
The information in this document is accurate as of June 2021. Qlik reserves the right to make changes from time-to-time to the privacy practices of its products and you are encouraged to check this Policy for future updates. This Policy is for information purposes only and does not form part of customer contractual terms.