This section focuses on QlikView®, Qlik Sense®, Qlik NPrinting®, Qlik GeoAnalytics®, Qlik DataMarket®, Qlik Core®, Qlik Analytics Platform®, Qlik Big Data Index® and Qlik Connectors® on-premise product lines (each, an “On-Prem Product,” and collectively, the “On-Prem Products”).
What Data is sent to Qlik by virtue of a customer using any On-Prem Product?
Qlik Sense Mobile and Qlik Sense Enterprise collect installation and usage data as described below. In these products, data is collected on an anonymized basis.
Qlik Sense Mobile:
Qlik Sense Mobile is capable of collecting administrative data, statistical and demographical data, and operational information and data generated by a user (but not any personal data or personally identifiable information) so that Qlik may gain optimize, support, improve and promote the product. Users may deactivate and reactivate this collection via the Settings Menu within the product.
Qlik Sense Enterprise:
Qlik collects system data about your installation of Qlik Sense (“Installation Data”) and user metrics (“Usage Data”) (collectively, “Collected Data”). More information on these is below.
|Type of Collected Data||Example||When sent to Qlik?|
|Installation Data||System data such as CPU, RAM, language setting, operating system and version, Qlik sense version, screen size and resolution.||On each install, version upgrade or repair|
|Usage Data||User data within Qlik Sense applications such as mouse movements, what options are clicked, actions taken by the user, visited areas in the product, view states (analysis, edit, insights), features used or not used.||In real time|
Qlik uses the Collected Data for analytics purposes so we may better understand the technical environments in which our software is installed and the behavior of users in our products so that we may optimize, support and improve our products and services. Any Collected Data received is analyzed on a macro, statistical (not by individual user) basis. Collected Data is identifiable on a customer (i.e. company name) level, but is anonymized on an individual (user) level. As no personal data is collected/processed, privacy laws (e.g. EU GDPR) do not apply to such collection/processing. Nonetheless, users have the ability at the time of installation/upgrade to opt out. Thereafter, users can later opt out if they so wish by changing the setting in the Qlik Management Console (“QMC”). Further, Admin Users, on behalf of their entire organization, can opt out their entire organization by changing the setting in the QMC.
In addition, QLS periodically sends to Qlik license usage metrics data, for more information please see here. In terms of personal data sent to Qlik as part of this process, Qlik only receives IdP names of users (which may not be personal data) which Qlik immediately anonymizes. This data is protected by Qlik as the Data Controller of this data in accordance with our data governance rules.
Please see the Qlik User License Agreement (“QULA”) PDF for more details on what information is collected and why (www.qlik.com\legal-terms) .
What are Log Files?
On-Prem Products collect operational data, consisting largely of non-personal statistical, demographic and usage data generated by the Qlik product, in log files (“Log Files”) that can later be used for auditing, monitoring and troubleshooting. These Log Files may include user IDs (which could contain personal data).
Are Log Files sent to Qlik?
Typically, no. Log Files are saved locally within the customer environment. However, a customer can send Log Files and other data to Qlik to assist with troubleshooting/Support issues. Any content sent to Qlik Support is processed only to resolve the Support issue, is kept securely and is subject to our access and data retention policies. It is recommended that Log Files and any other data content sent to Qlik for troubleshooting/Support issues are treated in accordance with general IT best practices pertaining to security and access permissions.
On-Prem Products may be configured via administrative settings to adjust what data is captured in their Log Files. For more detailed information on Log Files by product type, please see the links at the end of this Policy.
This section focuses on products that operate within Qlik Sense Cloud, which is managed and hosted by Qlik, including “Qlik Sense Cloud Basic,” “Qlik Sense Cloud Plus,” “Qlik Sense Enterprise for Elastic deployments” and “Qlik Sense Cloud Business” products (each, a “Cloud Product,” and collectively, the “Cloud Products”).
The only personal data that Qlik will receive is information such as authentication information (e.g. Qlik ID). Qlik also processes usage/statistical data on use of the Cloud Products to (i) assist with troubleshooting issues, and (ii) on an aggregate, anonymized basis, for analytics purposes to ensure quality of service and improve the products. In Qlik Sense Enterprise for Elastic deployments, Qlik will only receive this data if and only in relation to that part of the service which occurs on Qlik’s cloud architecture (e.g. not if the service is hosted by the customer or a third party).
Qlik has three (3) networked data centres: Dublin, Ireland; North Virginia, USA; and Sydney, Australia. Qlik uses Amazon Web Services (“AWS”) architecture to operate the Qlik Sense Cloud service.
Yes, when you create a new Qlik Sense Cloud Business workspace, you can select any of the above three data centres to store your “at-rest” data. However, if you choose to share that application with someone outside of that region (e.g. a French user sharing it with a US user) or if you travel and access the app in a different region (e.g. a French user travels to USA and accesses the app from the USA), then the data will leave that region (in the foregoing examples, leave the EU). This is because it will be viewable from “in-memory” data on a server within the Qlik Sense Cloud in the new region and be transported to the data centre closest to the user. The reason for this is for performance experience of the user/recipient. The user maintains full control over who they choose to share their apps with, through permissions and access granting.
Currently, this region-preference server feature is only available for Qlik Sense Cloud Business. Qlik Sense Cloud Basic does not have this feature and users’ content (regardless of region) is stored in Qlik data centres in the USA. If you are an EU-based user and wish for your data to be stored in the EU only, you should:
Qlik employees do not access a user’s cloud content unless (a) the user actively shares it with someone at Qlik (e.g. in a Consulting Services context), or (b) Qlik is prompted by a trouble-shooting issue to access the individual content. Only a specific, limited group of Qlik employees can access individual user content to trouble-shoot and only under strict controls.
Users may at any time delete their applications and the associated content is controlled by the user. Once deleted by the user, all information hosted by Qlik in that application is deleted, with back-ups deleted after a period of time in line with our internal data retention rules. For dormant applications (i.e. applications within accounts that have been inactive for over 12 months), Qlik may delete these applications. Likewise, Qlik Sense Cloud accounts that are inactive for more than 12 months may be deactivated by Qlik.
For Qlik Sense Cloud subscriptions, all users have control over who has access to apps shared through their personal streams and group owners can control who has access to apps created and shared as part of a work group.
For Qlik Sense Cloud Basic and Qlik Sense Cloud Plus, apps are not visible to other users until the app creator publishes the app to the user(s) stream. Users control who is invited to view the apps in their stream.
For Qlik Sense Cloud Business, users can only see an app if they have access to the group workspace and/or if they have access to the stream to which an app is published. The group owner can control these access rules from the Qlik Cloud Hub, available within the software.
The information below describes when Qlik is a Data Processor and / or Data Controller (as defined under GDPR or analogous legislation).
Qlik is the Data Controller of personal data collected and processed by Qlik to administer, maintain and improve our Cloud Products, for example authentication data such as usernames and password through Qlik ID, and usage data such as frequency of log-on, usage per day, and traffic/usage per country, etc. which Qlik processes to allocate resources better (e.g. server space) and to better serve Qlik customers and/or improve Qlik services. When subscriptions are purchased Qlik maintains, like all businesses, a database of customer and partner contacts for billing, marketing and other ordinary business purposes. Qlik processes this data in compliance with privacy laws and maintains adequate security protections to protect this data.
The storing / inputting of personal data content relating to identifiable individuals is not the primary function of Qlik Cloud Products and in conformance with the principle of data minimization and anonymization under GDPR, Qlik does not recommend users insert personal data content into applications in our Cloud Products. For further information please see the Qlik Cloud Terms of Service.
Qlik is a Data Controller of the information detailed at 1 above (e.g. LEF, authentication, etc.). If a user creates a Qlik Account (e.g. to download Qlik Sense Desktop) or when a customer or partner purchases licences, Qlik does collect basic personal data for which it is the Data Controller. As is customary, Qlik also maintains a database of customer and partner contact information for billing, marketing and other ordinary business purposes. Qlik holds this data in compliance with relevant data protection laws and ensures adequate security features are in place around these data types.
Qlik is not typically a Data Processor for customers of On-Prem Products. This is because any content a customer chooses to put into or create in Qlik On-Prem applications stay on the customer’s system(s). Qlik does not have access to this content; therefore, the customer, and not Qlik, is the Data Controller and the Data Processor of this content in data protection law terms. Exceptions to this may exist if, when Qlik provides Support or Consulting services to a customer, the customer chooses to share with apps developed within the On-Prem Products which happen to contain personal data. Such sharing is at the discretion of the customer and the personal data content should be anonymized or minimized by the customer as per privacy law data anonymization / minimization best-practice. It is therefore not typically necessary for customers to enter into a data processing agreement with Qlik. For further question on data processing agreements, please contact firstname.lastname@example.org.
Qlik has implemented Privacy-By-Design and Privacy-By-Default protocols that take privacy concerns into account as a native component of its R&D/Product development process. One example of this is the way QlikView and Qlik Sense address access rights to Qlik applications (“apps”) created within the platform: unless the creator of the app or someone with administrator rights affirmatively grants access to the app to other users, by default only the creator of the app will have access to it.
Qlik is aware that compliance with privacy/data protection law, in particular GDPR, is top-of-mind for customers and partners. To that end, there are some useful features in Qlik products that can help you, as the data controller and processor, to comply with EU Data Protection law requirements. Further information is available at www.qlik.com/gdpr.
For further information, please contact your usual Qlik contact or CustomerSupport@qlik.com.
Further GDPR information related to Qlik can be found at www.qlik.com/us/gdpr.
For privacy information relating to Qlik’s website and general operations, see https://www.qlik.com/us/legal/cookies-and-privacy-policy
Full list of links used in this document:
Qlik Sense Security Overview White Paper: (July 2018)
Qlik On-Prem products
Qlik Cloud products
For IT Security related questions (e.g. encryption) you can find information resources on Qlik.com : https://www.qlik.com/us/products/qlik-sense/qlik-sense-cloud
Qlik Cloud’s Terms of Service: https://eu.qlikcloud.com/terms/latest
Further information regarding Log Files:
|Qlik Web Connectors||https://help.qlik.com/en-US/connectors/Content/Home.htm|
|Qlik Geoanalytics with QlikView||http://bi.idevio.com/wp-content/qlik/qlikview/releases/IdevioMapsForQlikView-5.11.1/user_guide-April_2018.html#What_20data_20is_20transferred_20to_20the_20server_20from_20the_20GeoAnalytics_20connector_3F|
|Qlik Geoanalytics with Qlik Sense||http://bi.idevio.com/wp-content/qlik/qliksense/releases/IdevioMapsForQlikSense-5.11.1/user_guide-April_2018.html#What_20data_20is_20transferred_20to_20the_20server_20from_20the_20GeoAnalytics_20connector_3F|
Qlik Licence Terms: https://www.qlik.com/us/legal/license-terms
The information in this document is accurate as of November 2018. Qlik reserves the right to make changes from time-to-time to the privacy practices of its products and you are encouraged to check this Policy for future updates. This Policy is for information purposes only and does not form part of customer contractual terms.