Keeping our customers’ information safe and secure is one of the highest priorities for Deltek. We have implemented and continually maintain strong security and privacy protections that reflect industry best practices, including relevant requirements under applicable data protection regulations. Deltek’s services are backed by technical and administrative safeguards and dedicated security, operational and privacy teams. As we work to enhance and develop our products and services, we have processes in place to incorporate security and privacy from the early stages of development.
Information & Frequently Asked Questions
Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, better known as the General Data Protection Regulation (GDPR), is designed to enable persons present in the European Union (EU) to better control their personal data. The GDPR identifies two primary parties in scope of its requirements – controllers and processors. Controllers determine the “purpose and means of the processing of personal data.” Processors process personal data “on behalf of the controller.” The GDPR became effective on May 25, 2018.
In the context of the GDPR, Deltek takes on the role of processor in its relationship with its customers. As a result of this role, Deltek has certain general responsibilities as outlined in the GDPR. Keeping customers’ information, including personal data, safe and secure is among our highest priorities and most important responsibilities. Deltek works to implement and maintain strong security and privacy protections that reflect best practices as it relates to the GDPR.
The California Consumer Privacy Act (CCPA) was signed into law on June 28, 2018 and went into effect on January 1, 2020. The CCPA has a tiered applicability based on specific criteria, first to businesses, then to service providers, and lastly to third parties. It also created an array of new consumer privacy rights and governs the sale and sharing of consumers’ personal information.
As with the GDPR, Deltek processes personal information through its products on behalf of its customers, some of whom may be subject to the CCPA. Our customers disclose their consumers’ personal information for the business purpose pursuant to a written contract or agreement entered into with Deltek. In the context of the CCPA, Deltek takes on the role of a service provider in relation to its customers who are governed by the CCPA – as noted in Exhibit 1 to our General Privacy Terms. Deltek is well situated to meet its obligations as a service provider and implemented and maintains processes to ensure the security and privacy features of its products provide the capabilities to enable customers to comply with their obligations under CCPA.
The Court of Justice of the European Union (CJEU) issued a judgment in C-311/18 on July 16, 2020 (commonly referred to as “Schrems II”) declaring that the EU-US Privacy Shield Framework (Privacy Shield) is no longer a valid cross-border data transfer mechanism for personal data transferring from the EU to the US.
However, despite the invalidation of the Privacy Shield, the CJEU noted that personal data transfers from the EU to the US or elsewhere in the world could still take place subject to standard data protection clauses adopted by the Commission (the Standard Contractual Clauses) as a valid cross-border data transfer mechanism. In its judgment, the CJEU stated that it is up to the data exporter and the data importer to assess the level of data protection as part of their contractual agreement and ensure the proper level of protection was afforded to personal data transfers. As this is a new ruling, we at Deltek are monitoring the guidance from EU Member State Data Protection Authorities being issued and anticipate an opinion from the European Data Protection Board to address the concerns of industry based on the judgment.
Deltek takes the security of our Customers’ data very seriously and has established and maintains a robust privacy and data security framework that is outlined in our General Privacy Terms. We incorporate and rely upon the Standard Contractual Clauses as our approved cross-border data transfer mechanism for any personal data transfers from our EU/EEA-based users to the global network of Deltek affiliates, including Deltek, Inc. in the US. For our cloud-based products, we have primary and secondary hosting locations based on region (i.e., EU-based customers have primary and secondary data storage locations in the EU) so transfers of personal data to the US typically do not occur for regular cloud data storage and are intended for customer care or engineering support cases following the requirements of the data processing addendum between Deltek and the customer. As this landscape evolves, we will continue to examine and refine our operations in a manner that continues to align with industry best practices and regulatory guidance and brings comfort to our customers that we remain your trusted partner. If you have any questions or would like to discuss the matter and any specific concerns you have further, please feel free to reach out to email@example.com. We’re happy to help.
Deltek conducts regular audits against the SOC standards, discussed in more detail on our compliance page. We can provide copies of the SOC Reports upon request where appropriate. In addition, Deltek assesses certain products on a regular basis against the National Institute of Standards and Technologies’ Special Publication 800-171. For additional information on these assessments, please visit our compliance page. If you have any specific questions regarding Deltek’s compliance with any legal requirements, please contact firstname.lastname@example.org.
Deltek and its affiliates are located around the world. For more information, please visit our locations page.
Deltek has a robust security program and implements and maintains appropriate technical and organizational measures to ensure that data is secured, taking into account the state of the art technology, the costs of implementation, and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity of potential impact to the rights and freedoms of individuals. Visit our security page for detailed information.
Under the GDPR, Articles 37-39 discuss the designation, position, and tasks of a data protection officer. Deltek’s business practices do not require us to appoint a data protection officer as outlined under the GDPR. However, our Legal Department is responsible for overseeing Deltek’s privacy and data protection program, advising the business with regard to the impact of relevant laws and regulations on our processing operations, and serving as the primary point of contact for inquiries by individuals and supervisory or regulatory authorities. Questions may be submitted electronically to email@example.com or via mail to:
Attn: Legal Department - Privacy
2291 Wood Oak Drive
Herndon, VA 20171
If you are a customer, please consult your agreement with Deltek, which outlines what Deltek’s activities are in the scope of our provision of service or your purchase of our products. You can also contact your customer care representative.
Deltek is building out additional resources, such as our Privacy and Data Security Reference document, so make sure to check this page regularly for the latest information.
If you would like to adjust your preferences for email communications, unsubscribe from certain types of communications or opt-out of all email communications, please visit our Email Preference Center. If you would like to re-subscribe, you can always opt back in through the same process.
Deltek takes claims of copyright infringement seriously and will respond to notices of alleged copyright infringement that comply with applicable law. If you believe any materials accessible on or from any Deltek websites (the "Websites") infringe on your copyright, you may request removal of those materials (or access to them) from the Websites by submitting written notification to Deltek’s copyright agent designated below. In accordance with the Online Copyright Infringement Liability Limitation Act of the Digital Millennium Copyright Act (17 U.S.C. § 512) ("DMCA"), the written notice (the "DMCA Notice") must include substantially the following:
- Your physical or electronic signature;
- Identification of the copyrighted work you believe to have been infringed or, if the claim involves multiple works on the website, a representative list of such works;
- Identification of the material you believe to be infringing in a sufficiently precise manner to allow Deltek to locate that material;
- Adequate information by which Deltek can contact you (including name, postal address, telephone number, and, if available, email address);
- A statement that you have a good faith belief that use of the copyrighted material is not authorized by the copyright owner, its agent, or the law;
- A statement that the information in the written notice is accurate; and
- A statement, under penalty of perjury, that you are authorized to act on behalf of the copyright owner.
Deltek’s designated copyright agent to receive DMCA Notices is:
Deltek - Office of the General Counsel
Attn: Compliance Counsel
2291 Wood Oak Drive
Herndon, Virginia 20171
If you fail to comply with all of the requirements of Section 512(c)(3) of the DMCA, the DMCA Notice may not be effective. Please be aware that if you knowingly materially misrepresent that material or activity on the Website is infringing your copyright, you may be held liable for damages (including costs and attorneys' fees) under Section 512(f) of the DMCA.