Privacy
Our Commitment
At Deltek, we deliver software and information solutions that connect and automate your projects to help fuel your business. We strive to be good stewards of the personal information you entrust to us as you interact with us, visit our websites and use our services or applications. Our global privacy program centers around three key pillars:
Transparency
We want to explain in plain language how we collect, handle, and store your information.
Security
Starting even during product development, we implement and maintain strong security and privacy controls to help you satisfy your compliance requirements.
Accountability
We leverage third-party auditors and other independent verification mechanisms for our privacy and security controls so that you can easily verify our commitments to you.
Our Primary Role
When Deltek collects, uses or stores personal information, we usually do this in our role as “data processor” or “service provider.” This simply means we are handling the information on behalf of our customers and in accordance with their instructions.
If you upload, enter or add data to our products or services for your own business purposes (either as our customer or as the end user of one of our customers), we call this “Customer-Entered Data.” We will protect Customer-Entered Data under the terms of our agreement with you unless otherwise indicated. All other collection and use of personal information is subject to the terms of our Privacy Policy.
International Data Transfers
We help our customers power their projects around the world with our suite of services and support capabilities. This means Deltek must be able to transfer and access data on a global scale. We have invested resources in understanding and respecting the rules for onward transfers of personal information and offer a robust international data transfer framework as part of our agreement with you. This includes:
- Participating in the EU-U.S. Data Privacy Framework and related extensions. Our customers with an European Union (EU) presence can rest assured knowing they have partnered with a company that is committed to data transfers to the United States that satisfy legal requirements in the EU, United Kingdom and Switzerland. For more information about our participation in the Data Privacy Framework, please review our Data Privacy Framework Policy.
- Certified under the Asia-Pacific Economic Cooperation (APEC) Privacy Recognition for Processors (PRP) System. The APEC Cross Border Privacy Rules and PRP system is a voluntary, enforceable, and independently verified privacy certification built upon nine Principles of the APEC Privacy Framework endorsed by 21 APEC Member economies (see www.cbprs.org). The PRP certification demonstrates Deltek’s ability to honor its data processing obligations when handling data on behalf of our customers. We are among the few global companies who participate in both the EU-U.S. Data Privacy Framework and the APEC PRP.
- Utilising Standard Contractual Clauses and detailed Data Processing Agreements. For data transfers between Deltek, Inc. and its related corporate entities, we rely on an intracompany agreement that incorporates the relevant Standard Contractual Clauses approved by the EU and UK. For other international data transfers, Deltek relies on industry standard agreements designed to meet your global privacy needs. For more details, please review our standard DPA.
- Providing Tools to Support Transfer Impact Assessments. While Deltek does not perform Transfer Impact Assessments (TIA) for its customers, we provide you with information to support your own TIA process. To receive a copy of Deltek’s TIA White Paper, please contact your Customer Success Manager.
How Deltek Uses Service Providers
When Deltek leverages service providers in our products and services (sometimes called sub-processors), we remain accountable to you for how your information is used. In addition to conducting an internal review of the information that may be shared with the service provider, its privacy and security controls and the associated risk, Deltek provides you with a list of what service providers are used for each of our products and services and the role they play. Please review our current service providers or sub-processors for more information.
Our Certifications and Assessments
Deltek is annually audited against a variety of standards relating to privacy and security. Deltek’s SOC 2 Type II reports include more than 50 controls related to the privacy trust criteria alone. Our Replicon offering is assessed under ISO/IEC 27001 and FedRAMP Low, and our Costpoint GCCM offering has recently been placed on the FedRAMP marketplace as FedRAMP Moderate Ready. For more information on our certifications and audit standards, explore our Security and Trust Center.