Deltek’s Data Privacy Framework Policy

March 15, 2024


We are committed to protecting the confidentiality and privacy of our customers, our people, and others with whom we do business.  Deltek, Inc. and its United States subsidiaries, Deltek Phillippines LLC and all other affiliates (“Deltek”) comply with the requirements of the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively, the “DPF”). Deltek has certified to the U.S. Federal Trade Commission that it adheres to the DPF Principles with respect to personal information (as described below) that is transferred from the European Union and its Member States, the European Economic Area, the United Kingdom (and Gibraltar), and/or Switzerland to the United States. If there is any conflict between the terms in this DPF Policy or another applicable privacy policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework and to view Deltek’s certification, please visit

This DPF Policy applies to personal information within the scope of Deltek’s DPF certification, which covers the following categories of information:

  • Personal information regarding current, former, and prospective employees and contractors for the operation and management of Deltek’s human resource administration and maintaining contact with individuals.
  • Personal information regarding current, former and prospective clients and their personnel or others for the delivery of Deltek’s services, ongoing relationship management, and business development activities.
  • Personal information regarding third parties and their personnel in connection with the management and administration of the business relationships with such third parties.

Certain personal information covered by Deltek’s DPF certifications may also be subject to more specific privacy policies of Deltek. For example:

  • Deltek’s websites maintain their own privacy policies that apply to personal information collected via those sites. These policies may be accessed through those websites.
  • Internal policies and procedures relating to the protection of personal information for prospective, current, and former employees.
  • Personal information obtained from or relating to customers or former customers is further subject to the terms of any specific privacy terms provided to the customer, any contractual arrangements with the customer and applicable laws.

Personal information covered by this DPF Policy is collected and processed only as permitted by the DPF Principles. Notice to individuals regarding the personal information collected from them and how that information is used may be provided through this DPF Policy, other Deltek privacy notices, or other direct forms of communication with appropriate parties, such as contracts or agreements. Where necessary and appropriate, consent for personal information to be collected, used, and/or transferred may also be obtained through these same means.

Deltek collects and processes personal information only to the extent that it is compatible with the purposes for which it was collected or subsequently authorized by the data subject. Deltek does not retain personal information after it no longer serves the purposes for which it was collected or subsequently authorized. Deltek takes reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use.

Accountability for Onward Transfers

Consistent with the DPF Principles, Deltek may transfer personal information to third parties, including transfers from one country to another. We will only disclose an individual’s personal information to third parties under one or more of the following circumstances:

  • The disclosure is to a third party providing services to Deltek, or to the individual, in connection with the operation of our business, and as consistent with the purpose for which the personal information was collected. Deltek will maintain written contracts with these third parties and require that these third parties provide at least the same level of privacy protection and security as required by the DPF Principles. To the extent required by the DPF Principles, Deltek remains responsible and liable under the DPF Principles if a third party that it engages to process personal information on its behalf does so in a manner inconsistent with the DPF Principles, unless Deltek proves that it is not responsible for the matter giving rise to the damage;
  • When an individual has given permission to make the disclosure;
  • Where required and necessary to meet Deltek’s legal obligations, including a lawful request by public authorities, national security or law enforcement obligations, or applicable law, rule, order, or regulation;
  • Where reasonably necessary for compliance or regulatory purposes, or for the establishment of legal claims.

Individual Rights

Individuals whose personal information is covered by this DPF Policy have several rights regarding their personal information.  This includes the right to access the personal information that Deltek maintains about them as specified in the DPF Principles. Individuals may contact us to correct, amend or delete such personal information if it is inaccurate or has been processed in violation of the DPF Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated). Individuals may also have the right to limit the use and disclosure of their personal information (opt out) under certain circumstances, such as marketing. Requests to access, correct, amend, delete, or limit the use and disclosure of personal information (opt out) may be submitted using our Privacy Rights Request Form.


Deltek takes appropriate measures to protect personal information in its possession to ensure a level of security appropriate to the risk of loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures take into account the nature of the personal information and the risks involved in its processing, as well as best practices in the industry for security and data protection.


In compliance with the DPF Principles, Deltek commits to resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our DPF Policy should first contact Deltek’s U.S. Privacy Office at [email protected]. Deltek’s policy is to respond to individuals within forty-five (45) days of an inquiry or complaint. If an individual has an unresolved complaint or concern that is not addressed satisfactorily, that individual may contact the competent EU, UK or Swiss data protection authorities.  Deltek will cooperate with the competent EU, UK, or Swiss data protection authorities and comply with the advice of such authorities.

You may have the option to select binding arbitration under the Data Privacy Framework Panel for the resolution of your complaint under certain circumstances. Deltek is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.


Deltek may update this DPF Policy at any time by publishing an updated version here, however we will not update this DPF Policy in contravention of the DPF Principles.

Download the PDF Version of this Policy »