Privacy
Our Commitment
Keeping our customers’ information safe and secure is one of the highest priorities for Deltek. We have implemented and continually maintain strong security and privacy protections that reflect industry best practices, including relevant requirements under applicable data protection regulations. Deltek’s services are backed by technical and administrative safeguards and dedicated security, operational and privacy teams. As we work to enhance and develop our products and services, we have processes in place to incorporate security and privacy from the early stages of development.
For more information on Deltek’s privacy practices, please review our Privacy Policy and Cookie Policy. Deltek is happy to help with any questions, comments or requests related to our data handling practices or how we address the evolving privacy landscape. Please feel free to contact us at [email protected].
Information & Frequently Asked Questions
Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, better known as the General Data Protection Regulation (GDPR), is designed to enable persons present in the European Union (EU) to better control their personal data. The GDPR identifies two primary parties in scope of its requirements – controllers and processors. Controllers determine the “purpose and means of the processing of personal data.” Processors process personal data “on behalf of the controller.” The GDPR became effective on May 25, 2018.
In the context of the GDPR, Deltek takes on the role of processor in its relationship with its customers. As a result of this role, Deltek has certain general responsibilities as outlined in the GDPR. Keeping customers’ information, including personal data, safe and secure is among our highest priorities and most important responsibilities. Deltek works to implement and maintain strong security and privacy protections that reflect best practices as it relates to the GDPR.
As the result of Brexit, the United Kingdom (UK) is no longer a Member State of the European Union (EU)/European Economic Area (EEA) as of January 1, 2021. However, before it initiated Brexit proceedings and was still an EU Member State, the UK implemented the Data Protection Act 2018 which fulfilled the GDPR requirement that all Member States implement a “local” version of the GDPR. The obligations under the Data Protection Act 2018 align with the GDPR and this was key to the June 28, 2021 European Commission’s adequacy decision.
The adequacy decision means that the level of protection provided under UK law is “essentially equivalent” to that guaranteed under the GDPR. The UK’s “adequacy” facilitates the exchange of personal data between the EU/EEA and the UK. However, since it was no longer an EU Member State when the European Commission implemented the updated Standard Contractual Clauses (SCCs) on June 4, 2021, transfers from the UK to other countries cannot avail themselves of the updated SCCs as the lawful cross border data transfer mechanism. The UK’s Information Commissioner’s Office announced that the UK will be drafting and implementing its own version of the SCCs in the near term.
In the interim, Deltek acknowledges the application of the previous version of the SCCs until the ICO approves and implements an alternative mechanism for cross border data transfers from the UK. At that time, Deltek will assess and appropriately implement the relevant lawful data transfer mechanism and update our customers accordingly.
Customers may rest assured that Deltek continues to apply the same safeguards regarding data transfers and securing personal data transferred from the UK as it does for data transfers subject to the GDPR.
The California Consumer Privacy Act (CCPA) was signed into law on June 28, 2018 and went into effect on January 1, 2020. The CCPA has a tiered applicability based on specific criteria, first to businesses, then to service providers, and lastly to third parties. It also created an array of new consumer privacy rights and governs the sale and sharing of consumers’ personal information.
As with the GDPR, Deltek processes personal information through its products on behalf of its customers, some of whom may be subject to the CCPA. Our customers disclose their consumers’ personal information for the business purpose pursuant to a written contract or agreement entered into with Deltek. In the context of the CCPA, Deltek takes on the role of a service provider in relation to its customers who are governed by the CCPA – as noted in Exhibit 1 to our General Privacy Terms. Deltek is well situated to meet its obligations as a service provider and implemented and maintains processes to ensure the security and privacy features of its products provide the capabilities to enable customers to comply with their obligations under CCPA.
On July 16, 2020, the Court of Justice of the European Union (“CJEU”) issued a judgment in Case C-311/18 - Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems, commonly referred to publicly as “Schrems II”, declaring that the EU-US Privacy Shield Framework (“Privacy Shield”) is no longer a valid cross-border data transfer mechanism for personal data transferring from the EU to the US. The CJEU noted that personal data transfers from the EU to the US or elsewhere in the world could still take place subject to standard data protection clauses adopted by the European Commission (the “Standard Contractual Clauses” (SCCs)) as a valid cross-border data transfer mechanism. In consideration of the Schrems II decision, the European Commission worked to update the content, applicability, and scope of the SCCs, releasing the new, modular SCCs on June 4, 2021.
We incorporate and rely upon the SCCs as our approved cross-border data transfer mechanism for any personal data transfers from our EU/EEA-based users to the global network of Deltek affiliates, including Deltek, Inc. in the US. Deltek assessed and implemented the appropriate SCCs module in the Deltek General Privacy Terms, Exhibit 2, to operate as the lawful cross-border data transfer mechanism for all Deltek engagements entered into on or after Sept. 27, 2021. In accordance with the schedule outlined by the European Commission, Deltek will reach out and undertake to transition all existing customers to the new version of the SCCs before December 26, 2022.
Deltek takes the security of our Customers’ data very seriously and has established and maintains a robust privacy and data security framework that is outlined in our General Privacy Terms. As this landscape evolves, we will continue to examine and refine our operations in a manner that continues to align with industry best practices and regulatory guidance and brings comfort to our customers that we remain your trusted partner. If you have any questions or would like to discuss the matter and any specific concerns you have further, please feel free to reach out to [email protected]. We’re happy to help.
Deltek conducts regular audits against the SOC standards, discussed in more detail on our compliance page. We can provide copies of the SOC Reports upon request where appropriate. In addition, Deltek assesses certain products on a regular basis against the National Institute of Standards and Technologies’ Special Publication 800-171. For additional information on these assessments, please visit our compliance page. If you have any specific questions regarding Deltek’s compliance with any legal requirements, please contact [email protected].
Deltek and its affiliates are located around the world. For more information, please visit our locations page.
Deltek has a robust security program and implements and maintains appropriate technical and organizational measures to ensure that data is secured, taking into account the state of the art technology, the costs of implementation, and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity of potential impact to the rights and freedoms of individuals. Visit our security page for detailed information.
Under the GDPR, Articles 37-39 discuss the designation, position, and tasks of a data protection officer. Deltek’s business practices do not require us to appoint a data protection officer as outlined under the GDPR. However, our Legal Department is responsible for overseeing Deltek’s privacy and data protection program, advising the business with regard to the impact of relevant laws and regulations on our processing operations, and serving as the primary point of contact for inquiries by individuals and supervisory or regulatory authorities. Questions may be submitted electronically to [email protected] or via mail to:
Deltek, Inc.
Attn: Legal Department - Privacy
2291 Wood Oak Drive
Herndon, VA 20171
U.S.A.
Please consult our Privacy Policy for more information on how we handle information we collect. We also have more information regarding data collected via our cookies in our Cookie Policy.
These policies are also available to download:
Privacy Policy PDF
Cookie Policy PDF
If you are a customer, please consult your agreement with Deltek, which outlines what Deltek’s activities are in the scope of our provision of service or your purchase of our products. You can also contact your customer care representative.
Deltek is building out additional resources, such as our Privacy and Data Security Reference document, so make sure to check this page regularly for the latest information.
If you would like to adjust your preferences for email communications, unsubscribe from certain types of communications or opt-out of all email communications, please visit our Email Preference Center. If you would like to re-subscribe, you can always opt back in through the same process.
Deltek takes claims of copyright infringement seriously and will respond to notices of alleged copyright infringement that comply with applicable law. If you believe any materials accessible on or from any Deltek websites (the "Websites") infringe on your copyright, you may request removal of those materials (or access to them) from the Websites by submitting written notification to Deltek’s copyright agent designated below. In accordance with the Online Copyright Infringement Liability Limitation Act of the Digital Millennium Copyright Act (17 U.S.C. § 512) ("DMCA"), the written notice (the "DMCA Notice") must include substantially the following:
- Your physical or electronic signature;
- Identification of the copyrighted work you believe to have been infringed or, if the claim involves multiple works on the website, a representative list of such works;
- Identification of the material you believe to be infringing in a sufficiently precise manner to allow Deltek to locate that material;
- Adequate information by which Deltek can contact you (including name, postal address, telephone number, and, if available, email address);
- A statement that you have a good faith belief that use of the copyrighted material is not authorized by the copyright owner, its agent, or the law;
- A statement that the information in the written notice is accurate; and
- A statement, under penalty of perjury, that you are authorized to act on behalf of the copyright owner.
Deltek’s designated copyright agent to receive DMCA Notices is:
Deltek - Office of the General Counsel
Attn: Compliance Counsel
2291 Wood Oak Drive
Herndon, Virginia 20171
[email protected]
If you fail to comply with all of the requirements of Section 512(c)(3) of the DMCA, the DMCA Notice may not be effective. Please be aware that if you knowingly materially misrepresent that material or activity on the Website is infringing your copyright, you may be held liable for damages (including costs and attorneys' fees) under Section 512(f) of the DMCA.