With increasing privacy/data protection regulations, in particular the EU General Data Protection Regulation (GDPR), Qlik realizes that privacy is a significant concern for its customers and partners. Qlik takes this concern seriously and adheres to data protection laws by implementing both security-by-design and privacy-by- design methods in its development process. This Qlik Product Privacy Policy (the "Policy") addresses how data privacy is managed within the Qlik product portfolio.
Qlik's products may be deployed by Customers by installing at a location of the Customer's choosing, which may be on-premises or on Customer's cloud provider of choice ("Customer-Managed Deployment") or by utilizing Qlik Cloud Services. Some Qlik products may be deployed as a Customer-Managed Deployment and on Qlik Cloud Services. The deployment options for Qlik products are listed in the table below. For confirmation of how your Qlik product is deployed, you should contact your organization's systems administrator/IT department.
Qlik Product | Customer-Managed Deployment | Qlik Cloud Services |
Qlik Sense Enterprise | X | X |
Qlik Sense® Business | X | |
Qlik Sense Mobile | X | |
Qlik Core® | X | |
Qlik Analytics Platform® | X | |
Qlik Associative Big Data Index | X | |
Qlik Data Catalyst® | X | |
Qlik NPrinting® | X | |
Qlik GeoAnalytics® | X | |
Qlik DataMarket® | X | |
Qlik Connectors® | X | |
Qlik Insight Bot™ | X | |
QlikView® | X |
What Data is sent to Qlik by virtue of a customer using any Customer-Managed Deployment?
Type of Collected Data | Example | When sent to Qlik? |
Installation Data | System data such as CPU, RAM, language setting, operating system and version, Qlik sense version, screen size and resolution | On each install, version upgrade or repair |
Usage Data | User data within Qlik Sense applications such as mouse movements, what options are clicked, actions taken by the user, visited areas in the product, view states (analysis, edit, insights), features used or not used. | In real time |
What are Log Files?
Customer-Managed Deployment collect operational data, consisting largely of non-personal statistical, demographic and usage data generated by the Qlik product, in log files ("Log Files") that can later be used for auditing, monitoring and troubleshooting. These Log Files may include user IDs (which could contain personal data).
Are Log Files sent to Qlik?
Typically, no. Log Files are saved locally within the customer environment. However, a customer can send Log Files and other data to Qlik to assist with troubleshooting/Support issues. Any content sent to Qlik Support is processed only to resolve the Support issue, is kept securely and is subject to our access and data retention policies. It is recommended that Log Files and any other data content sent to Qlik for troubleshooting/Support issues are treated in accordance with general IT best practices pertaining to security and access permissions.
Where a customer uses offline mode for QLS, customer is required to send Qlik logs files periodically to identify the number of users of the licenses. These log files when provided to Qlik do not contain any personally identifiable information.
Customer-Managed Deployment may be configured via administrative settings to adjust what data is captured in their Log Files. For more detailed information on Log Files by product type, please see the links at the end of this Policy.
The only personal data that Qlik receives is authentication information (e.g. Qlik Account). Qlik also processes usage/statistical data on use of the Cloud Products to (i) assist with troubleshooting issues, and (ii) on an anonymized basis, for analytics purposes to ensure quality of service and improve the products. Qlik may identify you where you explicitly ask to be contacted by Qlik e.g. if you complete a feedback form in the product and ask to be contacted in relation to your feedback.
Qlik DataTransfer is an utility that user can choose to use which allows users to move data securely from on-premise to Qlik Cloud Services for consumption in Qlik Sense. The data that is transferred by Qlik DataTransfer is stored in the user’s tenant in Qlik Cloud Services. A copy of the data that the user transfers will be saved locally on the user’s computer. For further information on access to user’s content data and use by Qlik please see section 3 D. of this Policy.
Qlik has three (3) networked data centers: Dublin, Ireland; North Virginia, USA; and Sydney, Australia. Qlik uses Amazon Web Services ("AWS") architecture to host Qlik Cloud Services.
Yes, when you create a new tenant for use with your Cloud Product, you can select any of the above three data centers to store your "at-rest" data. Customers maintain control over who they choose to share their apps with, through permissions and access granting.
The data will leave your region if :
1. you share the data outside the EEA e.g. sharing data with a colleague in the US; and/or
2. you attach personal data to a support case (it is not mandatory to provide Qlik with personal data and we advise that you anonymize the data before sending to Qlik) or if a Qlik employee needs to access a tenant (unlikely) to fix an issue, the employee may access the data from any country where Qlik Affiliates are located. Qlik has in place, internally and with relevant Subprocessors data protection agreements ensuring lawful data transfers. Qlik does not use Third parties to provide support for Cloud.
Qlik uses Third Party Systems for support services and these may be hosted globally. You can find a list of sub-processors here.
No, however you can keep the data within your selected region. See previous question.
Qlik employees do not access a user's content on Qlik Cloud Services unless (a) the user actively shares it with someone at Qlik (e.g. in a Consulting Services context), or (b) Qlik is prompted by the customer to access the individual content for troubleshooting Only a specific, limited group of Qlik employees can access individual user content to troubleshoot and only under strict controls.
This section focuses on the Attunity suite of products, which are all on-premise (individually and collectively, "Attunity Products").
What are Attunity Log Files?
Attunity Products produce log files ("Attunity Log Files") whose main role is to aid in troubleshooting scenarios. While the content of the log varies significantly with the logging configuration specified by the customers, they often include information of servers, network addresses, databases, tables and similar technical data. When the highest level of logging is enabled, it is possible for the log files to contain fragments of the data processed by the products and this may contain personal/sensitive content.
What are Diagnostic Packages?
In order to enhance the supportability of Attunity Replicate, the product offers an option to download a Diagnostic Package which is a zip file containing log files, definitions (including endpoint definitions), statistics and similar technical data. The diagnostic package is downloaded locally where customer can examine the diagnostics information and if needed, send it all or parts of it to Qlik support for further analysis and to help in troubleshooting. The Diagnostic Package does not include customer or personal data unless such data appears in log files (as explained above) and does not include credentials. When sending Diagnostic Packages to Qlik support, it is recommended to review the included data beforehand and remove items that are deemed sensitive or irrelevant.
Are Attunity Log Files sent to Qlik?
Typically, no. Attunity Log Files are saved locally within the customer environment. However, a customer can send Attunity Log Files and other data to Qlik to assist with troubleshooting/Support issues. Any content sent to our Support team is processed only to resolve the Support issue, is kept securely and is subject to our access and data retention policies. It is recommended that Attunity Log Files and any other data content sent to Qlik for troubleshooting/Support issues are treated in accordance with general IT best practices pertaining to security and access permissions.
For more detailed information on Log Files by product type, please see the links at the end of this Policy.
The information below describes when Qlik is a Data Processor and / or Data Controller (as defined under GDPR or analogous legislation).
Qlik is the Data Controller of personal data collected and processed by Qlik to administer, maintain and improve our products, for example authentication data such as usernames and password through Qlik ID, and usage data such as frequency of log-on, usage per day, and traffic/usage per country, etc. which Qlik processes to allocate resources better (e.g. server space) and to better serve Qlik customers and/or improve Qlik services. When subscriptions are purchased Qlik maintains, like all businesses, a database of customer and partner contacts for billing, marketing and other ordinary business purposes. Qlik processes this data in compliance with privacy laws and maintains adequate security protections to protect this data.
The storing / inputting of personal data content relating to identifiable individuals is not the primary function of Qlik Cloud Services and in conformance with the principle of data minimization and anonymization under GDPR, Qlik does not recommend users insert personal data content into applications in our Cloud Service. For further information please see the Qlik Cloud Services Terms of Service and the Qlik SaaS Services Agreement.
Qlik collects basic personal data for which it is the Data Controller (e.g. Qlik Account, Cloud usage data, etc.). As is customary, Qlik also maintains a database of customer and partner contact information for billing, marketing and other ordinary business purposes. Qlik holds this data in compliance with relevant data protection laws and ensures adequate security features are in place around these data types.
Qlik is not typically a Data Processor for customers of Customer-Managed Deployment or Attunity Products. This is because any content a customer chooses to put into or create in the Qlik Customer-Managed Deployment or Attunity Products stays on the customer's system(s). Qlik does not have access to this content; therefore, the customer, and not Qlik, is the Data Controller and the Data Processor of this content in data protection law terms. Exceptions to this may exist if, when Qlik provides Support or Consulting services to a customer, and if the customer chooses to share content within the Customer-Managed Deployment / Attunity Products which happens to contain personal data. Such sharing is at the discretion of the customer and the personal data content should be anonymized or minimized by the customer as per privacy law data anonymization / minimization best-practice. It is therefore not typically necessary for customers to enter into a data processing agreement with Qlik. For further question on data processing agreements, please contact privacy@qlik.com.
Qlik has implemented Privacy-By-Design and Privacy-By-Default protocols that take privacy concerns into account as a native component of its R&D/Product development process. One example of this is the way QlikView and QlikSense address access rights to Qlik applications ("apps") created within the platform: unless the creator of the app or someone with administrator rights affirmatively grants access to the app to other users, by default only the creator of the app will have access to it.
Qlik uses the personal data described above to provide, maintain and improve our products, to resolve technical support issues and to comply with legal requirements. For further information relating to security, access, the sharing of any personal data as well as children's privacy, please see the Qlik Website Cookie & Privacy Policy.
Qlik is aware that compliance with privacy/data protection law, in particular GDPR, is top-of-mind for customers and partners. To that end, there are some useful features in Qlik products that can help you, as the data controller and processor, to comply with EU Data Protection law requirements. Further information is available at https://www.qlik.com/us/trust/gdpr.
For further information, please contact your usual Qlik contact or CustomerSupport@qlik.com.
Further GDPR information related to Qlik can be found at www.qlik.com/us/gdpr.
For privacy information relating to Qlik’s website and general operations, see https://www.qlik.com/us/legal/cookies-and-privacy-policy
Full list of links used in this document:
Qlik Sense Security Overview White Paper: (July 2018)
www.qlik.com/us/resource-library/qlik-sense-security-overview
Qlik Customer-Managed Deployment
www.qlik.com/legal-terms
Qlik Cloud Services
For IT Security related questions (e.g. encryption) you can find information resources on Qlik.com : https://www.qlik.com/us/products/qlik-sense/qlik-sense-cloud
Qlik Cloud’s Terms of Service: www.qlik.com/license-terms
Qlik SaaS Services Agreement: www.qlik.com/license-terms
AWS Privacy Policy: https://aws.amazon.com/privacy/
Further information regarding Log Files:
Legal Information:
Qlik’s Website Terms of Use: https://www.qlik.com/us/legal/terms-of-use
Qlik Licence Terms: https://www.qlik.com/us/legal/license-terms
Qlik Website Cookie & Privacy Policy: https://www.qlik.com/us/legal/cookies-and-privacy-policy
The information in this document is accurate as of February 2021. Qlik reserves the right to make changes from time-to-time to the privacy practices of its products and you are encouraged to check this Policy for future updates. This Policy is for information purposes only and does not form part of customer contractual terms.