Cross-platform software libraries and APIs
Qt Creator IDE and productivity tools
UI Design tool for UI composition
for Qt projects
Digital advertising for UI apps
Usage intelligence for embedded devices
GUI test automation
Code coverage analysis
Test results management and analysis
Software static code analysis
Software architecture verification
The latest version of Qt.
Make the most of Qt tools, with options for commercial licensing, subscriptions, or open-source.
Explore Qt features, the Framework essentials, modules, tools & add-ons.
The project offers PySide6 - the official Python bindings that enhance Python applications.
Qt empowers productivity across the entire product development lifecycle, from UI design and software development to quality assurance and deployment. Find the solution that best suits your needs.
Insight into the evolution and importance of user-centric trends and strategies.
Learn how to shorten development times, improve user experience, and deploy anywhere.
Tips on efficient development, software architecture, and boosting team happiness.
Get the latest resources, check out upcoming events, and see who’s innovating with Qt.
A wealth of Qt knowledge at your fingertips—discover your ideal learning resource or engage with the community.
Whether you're a beginner or a seasoned Qt pro, we have all the help and support you need to succeed.
1. This Data Processing Addendum together with its Schedules (“DPA”) forms part of the Appendix for Qt Insight between the Customer, as defined in the Agreement, and The Qt Company (“Agreement”). This DPA sets out data protection requirements with respect to the processing of Events Personal Data (as defined below) that is collected, stored, or otherwise processed by The Qt Company (including its global affiliates and employees) in providing the Insight Service under the Agreement. This DPA is effective as of the effective date of the Appendix for Qt Insight, unless this DPA is separately executed in which case it is effective as of the last date of signature.
2. This DPA applies to the Qt Company as a processor of Events Personal Data and to Customer as a Controller or Processor of Events Personal Data, to the extent such data is subject to Data Protection Laws.
3. DEFINITIONS. Capitalized terms not defined in this DPA are as defined in the Agreement or Appendix for Qt Insight.
3.1. “Events Personal Data” means any Personal Data in Events Data (as defined in the Appendix for Qt Insight);
3.2. “Personal Data” means information about an identified or identifiable natural person or which otherwise constitutes “personal data”, “personal information”, “personally identifiable information” or similar terms as defined in Data Protection Laws.
3.3. “Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
3.4. “EEA” means the European Economic Area;
3.5. “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
3.6. “GDPR” means EU General Data Protection Regulation 2016/679;
3.7. “Security Incident” means any breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Events Personal Data being processed by The Qt Company.
3.8. “Subprocessor” means any natural or legal person, which processes Events Personal Data on behalf of The Qt Company in the provision of the Insight Service.
3.9. “Subprocessor List” means the list of The Qt Company’s Subprocessors for Insight Services, to be updated from time to time.
3.10. The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “processing” and “Supervisory Authority” shall have the same meaning as in the GDPR.
4. PROCESSING OF EVENTS PERSONAL DATA
4.1. Instructions. “Customer Instructions” means: (i) processing to provide the Insight Service and perform The Qt Company’s obligations in the Appendix for Qt Insight (including this DPA) and (ii) other reasonable documented instructions of Customer consistent with the terms of the Appendix for Qt Insight t. Schedule 1 (Subject Matter and Details of Processing) sets forth details regarding the processing of Events Personal Data by The Qt Company.
4.2. Notification Regarding Instructions. The Qt Company will notify Customer if it receives an instruction that The Qt Company reasonably believes infringes Data Protection Laws (but The Qt Company has no obligation to actively monitor Customer’s compliance with Data Protection Laws).
5. COMPLIANCE WITH LAWS
5.1. The Qt Company and Customer will each comply with Data Protection Laws in their respective processing of Events Personal Data.
5.2. Customer will comply with Data Protection Laws in its issuing of instructions to The Qt Company. Customer will ensure that it has established all necessary lawful bases under Data Protection Laws to enable The Qt Company to lawfully Process Events Personal Data for the purposes contemplated by the Appendix for Qt Insight (including this DPA), including, as applicable, by obtaining all necessary consents from, and giving all necessary notices to, Data Subjects.
5.3. The parties will work together in good faith to negotiate an amendment to this DPA as reasonably necessary to address the requirements of Data Protection Laws from time to time.
5.4. Customer is responsible for reviewing the information made available by The Qt Company and making an independent determination as to whether the Service meets Customer’s requirements and legal obligations under Data Protection Laws.
5.5. Customer is solely responsible for complying with Security Incident notification laws applicable to Customer and fulfilling any obligations to give notices to government authorities, affected individuals or others relating to any Security Incidents.
6. SECURITY. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, The Qt Company shall in relation to the Events Personal Data implement appropriate technical and organizational measures. Technical and organizational measures are set forth in Schedule 2 of this DPA.
7. SUBPROCESSING
7.1. The Qt Company will maintain an up-to-date list of its Insight Service Subprocessors, including their functions and locations, as specified in the Subprocessor List attached to this DPA, and as updated from time to time.
7.2. Subprocessors as of the date of entry into this DPA:
7.3. Notice of New Subprocessors. The Qt Company may update its Subprocessors from time to time. At least thirty (30) days before any new Subprocessor processes any Events Personal Data, The Qt Company will notify Customer through email or other means and provide an updated Subprocessor list.
7.4. Objection to New Subprocessors. If, within thirty (30) days after notice of a new Subprocessor, Customer notifies The Qt Company in writing that Customer objects to The Qt Company’s appointment of such new Subprocessor based on reasonable data protection concerns, the parties will discuss such concerns in good faith. If the parties are unable to reach a mutually agreeable resolution to Customer’s objection to a new Subprocessor, Customer, as its sole and exclusive remedy, may terminate the Order for the affected Insight Service and The Qt Company will refund any prepaid, unused fees for the affected Insight Service.
8. DATA SUBJECT RIGHTS
8.1. Taking into account the nature of the processing, The Qt Company shall assist Customer by implementing appropriate technical and organisational measures, insofar as this is reasonably possible, for the fulfilment of Customer’s obligations to respond to requests to exercise Data Subject rights under Data Protection Laws.
8.2. The Qt Company shall promptly notify Customer if it receives a request from a Data Subject under any Data Protection Law in respect of Customer’s Events Personal Data; and ensure that it does not respond to that request except on the written instructions of Customer or as required by applicable laws to which The Qt Company is subject, in which case the Qt Company will, to the extent permitted by appplicable law, inform Customer of that legal requirement before responding to the request.
9. PERSONAL DATA BREACH
9.1. The Qt Company shall notify Customer without undue delay upon becoming aware of a Security Incident and provide Customer with sufficient information to allow Customer to report or inform Data Subjects of the Security Incident under Data Protection Laws.
9.2. Upon Customer’s request and taking into account the nature of the applicable processing, The Qt Company will assist Customer by providing, when available, information reasonably necessary for Customer to meet its Security Incident notification obligations under Data Protection Laws.
9.3. Customer acknowledges that The Qt Company’s notification of a Security Incident is not an acknowledgement by The Qt Company of fault or liability.
9.4. Security Incidents do not include unsuccessful attempts or activities that do not compromise the security of Events Personal Data, including unsuccessful login attempts, pings, port scans, denial of service attacks or other network attacks on firewalls or networked systems.
10. DATA PROTECTION IMPACT ASSESSMENT. Upon Customer’s request and taking into account the nature of the applicable processing and the information available, to the extent such information is available to The Qt Company, The Qt Company will assist Customer in fulfilling Customer’s obligations under Data Protection Laws to carry out a data protection impact or similar risk assessment related to Customer’s use of the Service, including, if required by Data Protection Laws, by assisting Customer in consultations with relevant government authorities.
11. DELETION OR RETURN OF COMPANY PERSONAL DATA
11.1. Following termination or expiration of the Agreement, The Qt Company will, in accordance with its obligations under the Agreement, delete all Events Personal Data from The Qt Company’s systems.
11.2. Deletion will be in accordance with industry-standard secure deletion practices. The Qt Company will issue a confirmation of deletion upon Customer’s request.
11.3. Notwithstanding the foregoing, The Qt Company may retain Events Personal Data: (i) as required by applicable law or (ii) in accordance with its standard backup or record retention policies, provided that, in either case, The Qt Company will (x) maintain the confidentiality of, and otherwise comply with the applicable provisions of this DPA with respect to, retained Events Personal Data and (y) not further process retained Events Personal Data except for such purpose(s) and duration specified in applicable Data Protection Laws.
12. RECORDS AND AUDIT
12.1. Information and audit rights of Customer arise under this section to the extent that the Agreement does not otherwise give Customer information and audit rights meeting the relevant requirements of Data Protection Law.
12.2. Records. The Qt Company will keep records of its processing in compliance with Data Protection Laws and, upon Customer’s request, make available to Customer records reasonably necessary to demonstrate compliance with The Qt Company’s obligations under this DPA and Data Protection Laws.
12.3. Third-Party Compliance Program. The Qt Company will describe its third-party audit and certification programs (if any) and make summary copies of its audit reports (each, an “Audit Report”) available to Customer upon Customer’s written request at reasonable intervals (subject to confidentiality obligations). Customer may share a copy of Audit Reports with relevant government authorities as required upon their request. Customer agrees that, to the maximum extent permissible under applicable law, any audit rights granted by Data Protection Laws will be satisfied by Audit Reports and the procedures set forth in this section.
12.4. Customer Audit. Subject to the terms of this section, Customer has the right, at Customer’s expense, to conduct an audit of reasonable scope and duration pursuant to a mutually agreed-upon audit plan with The Qt Company that is consistent with the audit parameters (an “Audit”).
12.4.1. Customer may exercise its Audit right: (i) to the extent The Qt Company’s provision of an Audit Report, or responses to Customer security questionnaires, does not provide sufficient information for Customer to verify The Qt Company’s compliance with this DPA or the parties’ compliance with Data Protection Laws, (ii) as necessary for Customer to respond to a government authority audit or (iii) in connection with a Security Incident.
12.4.2. Each Audit must conform to the following parameters (“Audit Parameters”): (i) be conducted subject to a confidentiality agreement with The Qt Company, (ii) be limited in scope to matters reasonably required for Customer to assess The Qt Company’s compliance with this DPA and the parties’ compliance with Data Protection Laws, (iii) occur at a mutually agreed date and time and only during The Qt Company’s regular business hours, (iv) occur no more than once annually (unless required under Data Protection Laws or in connection with a Security Incident), (v) cover only facilities controlled by The Qt Company, (vi) restrict findings to Customer Events Personal Data only and (vii) treat any results as confidential information to the fullest extent permitted by Data Protection Laws.
13. TRANSFERS OF PERSONAL DATA; STANDARD CONTRACTUAL CLAUSES. A. The Standard Contractual Clauses will only apply to Events Personal Data subject to the GDPR that is transferred, either directly or via onward transfer, to any third country not covered by a suitable framework or other legally adequate transfer mechanism recognized by the European Commission as providing an adequate level of protection for Personal Data, (each a “Transfer”). In such a situation where Customer is acting as a controller, the Controller-to-Processor Clauses will apply to a Transfer. “Controller-to-Processor Clauses” means the standard contractual clauses between controllers and processors for Transfers, as approved by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, and currently located at https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en. This DPA incorporates the Standard Contractual Clauses by reference.
14. GENERAL TERMS
14.1. Confidentiality. The Qt Company will ensure personnel who process Events Personal Data enter into written confidentiality agreements obliging them to maintain confidentiality or are subject to statutory obligations of confidentiality.
14.2. Termination of DPA. This DPA terminates upon expiration or termination of the Appendix (or, if later, the date on which The Qt Company has ceased all processing of Events Personal Data).
14.3. Conflict. Except as amended by this DPA, the Appendix and Agreement will remain in full force and effect.
14.4. Order of Precedence. In the event of any conflict or inconsistency among the following documents, the order of precedence will be: (1) any applicable Standard Contractual Clauses, (2) this DPA and (3) the Agreement. To the fullest extent permitted by Data Protection Laws, any claims brought in connection with this DPA (including its Schedules) will be subject to the terms and conditions, including, but not limited to, the exclusions and limitations, set forth in the Agreement.
14.5. Governing Law. This DPA is governed by the governing law of the Agreement unless otherwise required by Data Protection Laws.
SCHEDULE 1: Subject Matter and Details of Processing
SCHEDULE 2: Technical and Organizational Measures
The Qt Company has implemented and will maintain the following technical and organizational measures:
Information Security: The Qt Company will maintain an information security program designed to (a) secure personal data against accidental or unlawful loss, access, or disclosure, (b) identify reasonably foreseeable risks to the security and availability of Qt systems, and (c) minimize physical and logical security risks to Qt systems, including through regular risk assessment and testing. The Qt Company will designate one or more employees to coordinate and be accountable for the information security program.
Access Controls:
Data Protection:
Employees:
Qt Group includes The Qt Company Oy and its global subsidiaries and affiliates.