Privacy Compliance. Unless Qlik specifically agrees otherwise in writing, Customer shall not use or store EEA/Swiss/UK personal data (as defined under EU/Swiss/UK relevant law) or any Content that may be governed by industry specific legislation with the SaaS Service. Qlik is neither the Data Controller nor the Data Processor (as defined under relevant EU/Swiss law) of any personal data Content inputted by Customer or any Authorized User. Customer shall remain solely liable and responsible for complying with applicable privacy laws with respect to Customer’s and its Authorized Users’ use of the SaaS Services and the Content, including but not limited to EU General Data Protection Regulation and any other privacy/data protection obligations in relation to the processing of such Content (including but not limited to the obligations to delete data, process it lawfully, and restrictions regarding transfer outside of the EEA/Switzerland/UK, and responding to data subject access requests). All Content used by or within the SaaS Services may be stored on servers located outside of the EEA/Switzerland/UK, unless options (if available) are selected and used by the Customer to retain the data on relevant servers within the EEA/Switzerland/UK. Further, Customer and Authorized Users are not permitted to store maintain, process or transmit sensitive personal information, including but not limited to financial information, country identifications numbers (such as social insurance, social security, driver’s license or passport numbers) or Protected Health Information (as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)) in the SaaS Services.
