Product and Service Agreements
- Qt Frame Agreement
- Prior Version
- Qt Educational License
- Other Products
Privacy And Security
Any capitalized terms used but not defined in this Exhibit will have the meaning as set forth in the Agreement. In the event of any conflict between the terms of the Agreement and this Exhibit, the Exhibit shall govern.
The Qt Company has implemented and will maintain the following technical and organizational security measures:
1. INFORMATION SECURITY
The Qt Company will maintain an information security program designed to (a) secure personal data against accidental or unlawful loss, access, or disclosure, (b) identify reasonably foreseeable risks to the security and availability of Qt systems, and (c) minimize physical and logical security risks to Qt systems, including through regular risk assessment and testing. The Qt Company will designate one or more employees to coordinate and be accountable for the information security program.
2. ACCESS CONTROLS:
- All employees, Contractors, and partners will have access to The Qt Company's systems and data on a need-to-know basis only.
- Access to confidential information and data will be restricted based on role-based access controls and processes are implemented to curtail access (e.g., expiration of employment).
- All employees, Contractors, and partners will be required to use strong passwords.
3. DATA PROTECTION:
- All sensitive data will be encrypted when stored or transmitted.
- The Qt Company will implement controls to prevent the unauthorized disclosure of confidential data.
- The Qt Company will maintain backup and recovery procedures to ensure the availability of critical systems and data.
4. INCIDENT MANAGEMENT:
- The Qt Company will implement an incident response plan (IRP) to identify, contain, remediate, and report security incidents.
- The IRP will be regularly reviewed and tested to ensure its effectiveness.
- Procedures will be put into place to correct and prevent any deviations and incidents.
- All employees, Contractors, and partners will be required to report any suspected security incidents.
- The Qt Company will implement and maintain a Business Continuity Policy (BCP) designed to ensure the continuity of essential business functions and minimize the impact of potential disruptions.
5. EMPLOYEES:
- The Qt Company will implement and maintain employee security training programs regarding the Qt Company’s information security requirements. The security awareness training programs will be reviewed and updated at least annually.
6. CONTINUOUS IMPROVEMENT:
- Policies and procedures documents will be reviewed at least yearly and after any internal testing. The Qt Company will update or alter its information security program as necessary to respond to new security risks and to take advantage of new technologies.
- The Qt Company will perform regular external vulnerability assessments, and will investigate identified issues and track them to resolution in a timely manner.
- Before publicly launching new Services or significant new features of Services, The Qt Company will perform application security reviews designed to identify, mitigate and remediate security risks.