Qlik has an ongoing commitment to protecting the data of our customers, business partners and employees. We believe in communicating in an open, transparent manner about the ways in which your data is collected and used, and respecting customers’ choice and control over their data. Accordingly, we have developed a robust, enterprise-wide privacy program to ensure compliance with the evolving landscape of privacy and data protection laws and maintain the trust our customers have in our products and services.
Qlik’s Privacy Team, led by our Data Protection Officer, in conjunction with our Information Security Team, administers and monitors the effectiveness of our privacy program. Our privacy program is supported by a cross-functional team of Data Privacy Champions, including representatives from Legal, IT, R&D, Product, Consulting, Sales, Marketing and Support. The privacy program is underpinned by comprehensive processes and controls, such as:
Organizations and individuals can use Qlik products with confidence, knowing that we built our products, from inception, with security and privacy in mind. We utilize both security- and privacy-by-design practices in our development processes which adhere to applicable privacy laws.
Your Data, Your Choice
You decide what content data (i.e., the data/applications) you upload into or create in our products. You can also correct and delete your content data whenever you need, to suit your business.
For client-managed products that are on-premise or customer/third party hosted Qlik SaaS solutions, Qlik does not host these and has no access to your content data.
Qlik as a Data Processor
Qlik is a processor of our customers’ personal data within Qlik Cloud. Therefore, customers can confidently use personal data in their tenants with the knowledge that the Qlik Data Processing Addendum provides the protections required by applicable law.
Your Tenant, Your Data, Your Choice
You decide what content data (i.e., the data/applications) you upload into or create in your Qlik Cloud tenant. You control the access, correction and deletion of your Qlik Cloud tenant content data to suit your business and privacy-related compliance needs. Qlik Cloud is a no-view service, with content data content encrypted and hosted according to the customer’s region preference.
Security of Your Data
Your content data is encrypted in Qlik Cloud and we have multiple layers of security in place to protect it. Qlik personnel do not have direct access to your data unless you otherwise invite us into your Qlik Cloud tenant (e.g., to perform Consulting Services). Visit our Trust and Security page to learn more about the security controls we apply to protect your data and to view our security certifications and accreditations.
Choose your Region
You can select your server location by region when creating your Qlik Cloud tenant.
Read our Product Privacy Notice for more information on how Qlik handles privacy within our products, the server regions available to our Qlik Cloud customers, and other relevant information.
For Qlik Cloud, yes. Qlik has four tenant locations and Qlik Cloud hosts your content data only in the location you choose. These are Ireland (EMEA), USA (Americas), Australia (APAC 1) and Singapore (APAC 2). Please note that the back-ups are also in the same data-region (with the EMEA back-up in France & Germany, AMERICAS back-up in USA, APAC 1 in Australia, and APAC 2 in South Korea). Our customers control access to their tenant and who they invite into their tenant (and where these users are).
For on-premise customers, your content data is hosted on your systems in the location(s) you select. Qlik does not host, or have access to, this content data.
For Qlik services (technical support, consulting, etc.), customers may choose to share their content data from Qlik Cloud or their on-prem deployments. However, Qlik does not typically require sensitive/content data to perform our services, and the data we receive for such services does not typically contain any personal data. Such sharing, for example what data a customer inputs/attaches to a technical support ticket, is at the discretion and control of the customer. Any sensitive content, such as personal data aspects, should be anonymized or minimized by the customer as per privacy law data anonymization/minimization best-practice prior to sharing with Qlik, for example before upload to the support portal on Qlik Community. Please note that content data provided to Qlik for services may leave the customer’s country/region. This is because, while Qlik support is generally provided in-region to customers, Qlik’s support model is 24/7/365 (“follow-the-sun”) in order to provide continuous support to our customers. As such, support tickets may be dealt with by Qlik team members outside the customer’s region and support content data may be stored/accessible abroad. For Qlik consulting, while our consulting team members tend to primarily service customers in the same region, we may rely on consulting resources and systems outside of the customer’s region in order to best serve our customers. Further information is available in our International Transfers/Schrems II FAQ.
Qlik’s subprocessor list is available here. Qlik’s responsibilities relating to subprocessors are set out in our Data Processing Addendum.
Our privacy program and measures include:
Qlik Cloud is a no-view service. Customer content, and access to it, is decided and controlled by the customer and its users. Qlik’s Data Processing Addendum enables customers to input personal data content (as defined under laws such as the UK and EU’s GDPRs, Brazil’s LGPD, California’s CCPA, etc.) into Qlik Cloud. If your organization has signed a Business Associate Agreement (BAA) with Qlik, this enables you to input US PHI (as defined under US HIPAA) into Qlik Cloud.
As a general software provider our offerings are generally not subject to industry-specific laws. Visit our Trust & Security page to view our certifications/attestations, including those relating to specific industries. Subject to our agreements with you customers may determine, in light of their particular country and industry requirements, whether the controls of Qlik Cloud meet their particular (e.g., industry specific) requirements and decide whether to put their industry-specific data into Qlik Cloud. Further information regarding Qlik Cloud security, controls and certifications and can be found on our Trust & Security page.
As Qlik Cloud is not PCI DSS certified, customers should not store PCI DSS data in Qlik Cloud.
For Qlik's on-premise products, which are client-managed, Qlik does not receive the content that the customer puts in the software. For support and consulting services, support case attachments and/or consulting-related data are only accessible to those that need access as part of their job responsibilities. All Qlik personnel are bound by confidentiality obligations and receive training on data protection and security.
If you have further privacy questions please contact our privacy team/Data Protection Officer at [email protected].