Qlik Technologies Inc. and its subsidiaries and affiliates (collectively, “QlikTech”) are committed to protecting the privacy and security of personal information (as defined below). Due to the global nature of its business, QlikTech must share certain personal information across national boundaries. QlikTech agrees that it abides by the U.S.-EU and U.S.-Swiss Safe Harbor Agreements with respect to personal information of its employees processed as part of our human resources activities, including the Safe Harbor privacy principles established thereunder. As a result, QlikTech has adopted this Safe Harbor Privacy Policy (“Policy”). This Policy applies to all personal information received by QlikTech for human resource activities in the United States from the European Economic Area and Switzerland, in any form or format with respect to any identified or identifiable person covered by the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“EU Directive”).
1. DEFINITIONS
“personal information” as used within this Policy means any information or set of information that identifies or could be used by or on behalf of QlikTech to identify an individual and as the term “personal data” is defined in the EU Directive.
“sensitive personal information” as used within this Policy means personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying the sex life of the individual or criminal offences or proceedings.
2. NOTICE
QlikTech receives personal information in connection with the management and administration of human resource functions relating to pre-employment, employment and post-employment matters. QlikTech will collect and use the personal information for various human resource purposes, including but not limited to, job applications, recruiting and hiring activities, evaluation, implementation and administration of human resource, compensation and benefits functions, programs and activities, performance appraisals, training, business travel, access to QlikTech facilities and computer networks, employee directories, human resources recordkeeping, succession planning, compliance with legal requirements and other employment related purposes.
3. CHOICE
To the extent required by the Safe Harbor privacy principles, QlikTech will offer individuals the opportunity to choose (opt out) when their personal information is (a) to be disclosed to a third party (other than a third party acting as an agent to perform task(s) on behalf of and under the instruction of QlikTech), or (b) to be used for a purpose that is incompatible with the purpose for which it was originally utilized or subsequently authorized by the individual. Special QlikTech requirements apply to sensitive personal information. For such sensitive personal information, to the extent required by the Safe Harbor principles, QlikTech will offer individuals the opportunity to give affirmative or explicit (opt in) choice if the sensitive personal information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individual through the exercise of the opt in choice. QlikTech will also treat as sensitive any information received from a third party where the third party identifies and treats it as sensitive. Explicit (opt in) choice is not required when necessary for the establishment of legal claims or defenses; when required to provide medical care or diagnosis; and when necessary to carry out the organization’s obligations in the field of employment law.
4. ONWARD TRANSFER
When personal information is disclosed to a third party acting as an agent to perform task(s) on behalf of and under QlikTech instructions, QlikTech will transfer the personal information only if QlikTech first ascertains that the third party subscribes to the Safe Harbor principles or is subject to the Directive or another adequacy finding or enters into a written agreement with the third party requiring that the third party provide at least the same level of privacy protection as is required by the relevant Safe Harbor principles.
5. SECURITY
QlikTech will employ reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration or destruction. Such measures may include the use of password protection and restricting access to personal information to those with a legitimate human resource purpose in receiving the personal information. Employees who have access to such personal information shall be trained regarding this Policy, the Directive and the Safe Harbor principles embodied in it, advised that they are responsible for fully complying with the privacy principles articulated in this Policy and instructed that violations of these principles shall result in appropriate discipline up to and including termination.
6. DATA INTEGRITY
Personal information must be relevant for the purposes for which it is to be used. Personal information shall not be processed in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, reasonable steps shall be taken to help ensure that the personal information is reliable for its intended use, accurate, complete and current. Reasonable steps shall also be taken to accommodate employee privacy preferences, such as restricting access to the personal information to those who have a legitimate business need to know the personal information, anonymizing certain personal information, or assigning codes or pseudonyms when the actual names are not required for the purpose at hand.
7. ACCESS
QlikTech will provide individuals with access to their personal information and the ability to correct, amend or delete that personal information when it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in question, or where the rights of persons other than the individual would be violated. Access may be limited or denied when granting such access would prejudice employee security investigations or grievance proceedings or prejudice the confidentiality that may be necessary for limited periods in connection with employee succession planning or corporate re-organizations. If an individual becomes aware that the personal information QlikTech maintains on him or her is inaccurate, the individual may contact the individuals listed in the Enforcement section of this Policy.
8. ENFORCEMENT
QlikTech has verified and will verify annually that the attestations and assertions made about its Safe Harbor privacy practices are true and that those privacy practices have been implemented as represented and in accordance with the Safe Harbor principles. This verification has been and will be signed by corporate officer or other authorized representative of QlikTech at least once a year and is available upon request by individuals or in the context of an investigation or a complaint about non-compliance. The verification includes the following:
- That QlikTech’s published Policy is accurate, comprehensive, prominently displayed, completely implemented and accessible;
- That the Policy conforms to the Safe Harbor principles;
- That individuals are informed of any in-house arrangements for handling complaints and of the mechanisms through which they may pursue complaints;
- That QlikTech has in place procedures for training employees in its implementation and disciplining them for failure to follow it; and
- That QlikTech has in place internal procedures for periodically conducting objective reviews of compliance with the above.
9. INQUIRIES AND DISPUTE RESOULTION
Inquiries or complaints regarding this Policy should be directed to the local Human Resources representative. If the inquiry cannot be answered or the complaint resolved locally, the matter should be directed to Sally Baraka, Corporate Attorney, 150 N. Radnor Chester Rd., Radnor, PA 19087 USA; phone: +1 (484) 685-2504; fax: +1 (610) 975-5987; e-mail: privacy@qlikview.com.
QlikTech will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of personal information relating to its employees by reference to the Safe Harbor principles as contained in this Policy. If a complaint remains unresolved, QlikTech will cooperate with the competent European Union data protection authorities and comply with the advice of such authorities, including accordance with required regulations and participating in the dispute resolution procedures of the panel established by the European data protection authorities in order to resolve disputes pursuant to the Safe Harbor principles. In the event that QlikTech or the authorities determine that QlikTech did not comply with this Policy, QlikTech will take appropriate steps to address any adverse effects and to promote future compliance.
10. MODIFICATIONS TO THIS POLICY
This Policy may be amended from time to time in compliance with the requirements of the Safe Harbor principles. Appropriate notice will be given concerning such amendments. To the extent there is any conflict between the Safe Harbor privacy principles and this Policy, the Safe Harbor privacy principles shall take precedence.
Last updated: November 15, 2011