Privacy Policy

 Delinea Inc. and its affiliates (“Delinea” or “we”) are committed to protecting the personal information and privacy rights of individuals (“you”) who visit our webpages, purchase or use our software solutions, attend our events, collaborate with us or otherwise interact with us.  This Privacy Policy describes how we collect, use, process, share, and secure your personal information.  It also explains how we use cookies and similar technologies, how to exercise privacy rights available to you, and how to set your privacy preferences.  You can contact us with any questions related to this Privacy Policy or how we process your personal information.  Contact details are available at the bottom of this page.

Page Contents:

• How We Process Personal Information
• Security of Personal Information
• Data Retention
• Marketing Communications
• Cookies and Other Tracking Technologies’
• Selling & Sharing Personal Information
• Privacy Rights
• International Transfers
• Changes & Updates
• Contact Information

How We Process Personal Information

This section provides information on how Delinea processes the categories of personal information we may collect or receive in carrying out business operations.

On-Line Interactions

This section covers websites that are owned or operated by Delinea and linked to this Privacy Policy, including: https://delinea.com, https://cloud.centrify.com, https://www.authomize.com, https://www.gofastpath.com/,  and https://portal.thycotic.com/. 

Delinea’s websites may contain links to external websites operated by third-parties, including our partners and social media platforms like Facebook, Twitter, YouTube, and LinkedIn. The privacy practices of these third-parties are governed by their respective privacy policies or statements. We encourage you to review the third-party privacy policies or statements if you want to understand how they process personal information.

Delinea’s websites may also include social media features, such as the Facebook ‘Like’ button and widgets, ‘Share this’ buttons, or interactive mini-programs. These features may collect your IP address and the page(s) you visit on our websites and may set a cookie to enable proper functioning. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy or statement of the company providing the feature. You can learn more in our  Cookies and Other Tracking Technologies section below.

Business Administration & Sales:  Processing of personal information in relation to business administration, sales, support, and related operations.

[1]  Lawful basis refers to the need under applicable law, such as EU privacy law (e.g., the EU General Data Protection Regulation or “GDPR”) or US privacy law (e.g., California Consumer Privacy Act) , to have a specific reason, recognized by law, for processing personal data.

Job Candidates

If you are interested in a position with Delinea, you can submit an application through our on-line career portal or in response to a job posting.  To manage your application, we need to collect and process certain personal information.  Additional information is provided in the privacy notice provided at the point of application.  ​​We may also receive candidate information from third party recruitment agencies.  Additional information on the data processing practices of the recruitment agencies is available directly from the agency.

Software & Services:   

Use of Delinea’s Software and Services will involve processing of customer business information and personnel data, including personal information, that a customer enters and/or stores as part of utilizing the Software and Services (“Customer Data”). Delinea will process Customer Data as described in the software subscription, licensing, or services agreement (e.g., Master Subscription and License Agreement (MSLA)) and any required data processing agreement (DPA) or instructions we have in place with our customers.  When providing such services, Delinea acts as a data processor.  Please note that Customer Data, including data obtained through the short code program for MFA, will not be shared with any third-parties for their marketing reasons/purposes.

Delinea’s DPA is the governing document that applies when we are a data processor or service provider (depending on the jurisdiction), including when customers purchase subscriptions to access and use Delinea cloud-hosted solutions.  Please review the Data Processing Addendum (DPA) for specific information on data processing, including the categories of personal data that may be processed, purposes of processing, subprocessors, and technical and organizational measures implemented in providing the Software and Services. 

As part of our Software and Services, we provide customers with the ability to access and manage Customer Data through various self-service options.  This includes features to control access, and correct, download, delete, and manage Customer Data.      

If you are an end-user of Delinea’s Software and Services, you may have certain privacy rights as described below.  If you want to exercise those privacy rights, you should direct your request in the first instance to the Delinea Customer you work for or that you interact with directly (the data controller). Delinea will assist customers in handling privacy rights requests by end-users as described in the Data Processing Addendum (DPA).

Security of Personal Information

Delinea maintains appropriate organizational, technical and physical safeguards designed to protect personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.  The specific measures may vary based on the type of personal information we process and the related privacy risks.  While we have implemented reasonable and appropriate measures to secure and monitor the personal information we process, security measures are never absolute.   Additional information on specific technical and organizational measures is provided in the Data Processing Addendum (DPA) and on Delinea’s Trust Center.

Data Retention

We retain the personal information we process where we have a legal basis to do so.  For example, to provide on-going access to our Software or Services, to comply with an applicable legal, tax or accounting requirement, or for on-going business administration.

When we no longer have a legal basis to process your personal information, we will either delete it or anonymize it. In some cases (e.g., when personal information is stored in backup archives), we will securely store your personal information and isolate it from any further processing.  If you are a customer or end-user of our Software and Services, please refer to the specific service agreement and DPA for information on data retention and deletion. 
If you gave consent to us to process your personal information, you can revoke that consent at any time.   For additional information, see the Privacy Rights section below. 

Marketing Communications

When you purchase or subscribe to our Software and Services, download a trial version, attend an event, or request materials, information, or resources (e.g., whitepapers), we may send you marketing communications as permitted by applicable law. 

We also use third-party service providers (e.g., ZoomInfo, Cognism, Lusha, LinkedIn) to market our Software and Services and to obtain curated business contact lists for individuals in professions that may be interested in our Software and Services. These service providers are obligated to comply with applicable data protection laws in obtaining and sharing business contact details with us for marketing purposes. If you do not wish your business contact information to be used in this way or if you do not want to receive marketing communications from us, you always have the right to opt-out as provided below. You can also contact these service providers directly for information on applicable privacy practices or to learn how they obtain, process, and share your personal information.

How to Opt-Out

If you no longer want to receive marketing communications from us, you can opt-out at any time using any of the following methods: 

• Use the unsubscribe or Manage Preferences function in the message;
• Visit our self-service subscription center:  subscription center;
• Send an opt-out or unsubscribe request to privacy@delinea.com;
• Use the Privacy Rights tool. 
  Exercise Your Rights
  Powered by OneTrust

For additional information, please see the Communication Preferences and Privacy Rights sections below. 

Cookies and Other Tracking Technologies

This section describes how Delinea uses cookies and other tracking technologies such as beacons, tags, and scripts on Delinea websites.  You can manage cookie preferences by accessing the cookie icon in the lower left corner of your browser where available.      

What are cookies? 

Cookies are small data files that a website transfers to your computer or mobile device.  Cookies are widely used by website owners to make their websites work, or to work more efficiently, as well as to provide reporting information on website use.  Cookies can be session-based or persistent-based. Session-based cookies exist only during a session and disappear from your computer or device when you close your browser software or power off.  Persistent cookies remain on your computer or device after you close your browser or power off.

Cookies set by the website owner (in this case, Delinea) are called "first party cookies." Cookies set by parties other than the website owner are called "third party cookies."  Third party cookies enable third-party features or functionality to be provided on or through the website, including advertising, interactive content, and analytics. The third-parties that set these cookies can recognize your computer or mobile device both when it visits the website in question and when it visits other websites that also use that third-party's cookies.

Cookies alone do not identify you in the "real world" - they merely recognize the web browser on your computer or mobile device. Unless you choose to identify yourself to us (e.g., completing a webform, requesting a trial), we cannot identify you by name or other "real-world" information from the data collected through cookies.

Why does Delinea use cookies? 

We use first and third-party cookies on our websites as described below:

• Strictly necessary cookies. These cookies are required for the operation of our websites and to maintain key functions, such as security and stability. For example, necessary cookies enable you to log into secure areas of our website (e.g., Support Portal). You cannot disable or reject necessary cookies.
• Performance cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our websites. They help us identify the pages that are the most and least popular and see how visitors move around and interact within the website.  Information collected by these cookies is aggregated and anonymous.
• Functional cookies. These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our website.  When enabled, functional cookies allow us to personalize content for you, greet you by name, and remember your preferences (e.g., region, language preference). If you do not allow these cookies, then some or all of these features may not function properly. For example, functional cookies are required to enable the chat function, including personalized support and seamless meeting booking features.
• Targeting cookies. These cookies may be set by Delinea or our advertising partners. They may be used to build a profile of your interests and show you relevant adverts on other non-Delinea websites.   They are based on uniquely identifying your browser and internet device.

You can set your cookie preferences and see the specific types of first and third-party cookies served through our websites, including information on purpose, host, duration, type, category, and description by accessing the cookie preference tool at the bottom of the page or by clicking the cookie icon where available.

What about other technologies, like web beacons? 

Cookies are not the only way to recognize or track visitors to a website.  For Delinea webpages, we may also employ a technology called web beacons (sometimes called “clear gifs” or “tracking pixels”), which help us by informing us what content is effective. Web beacons are tiny graphics files that contain a unique identifier that is used to track movements on our websites. This allows us, for example, to monitor the traffic patterns of Visitors from one page on our website to another, to deliver or communicate with cookies, to understand whether a Visitor came to our website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of e-mail marketing campaigns.  In contrast to cookies, which are stored on a Visitor's computer or mobile device, web beacons are embedded invisibly on websites. We do not tie the information gathered by web beacons to Visitors’ personal data.

What about targeted advertising? 

Delinea partners with third-party ad networks, such as Google, Facebook, Bing, Twitter, and LinkedIn, to manage advertising on other websites. Our ad network partners use cookies and web beacons to collect data about your activities on Delinea and other websites and to provide targeted advertising to you based upon your interests. The information collected through this process does not enable us or third-parties to identify you "in the real world” including your name, contact details or other personally identifying details unless you choose to provide this information.

How can I control my preferences? 

You can exercise your preferences by opening our cookie preference tool and choosing which cookies to accept or reject. Just follow this the cookie icon where available or select the “Your Preferences” icon in the footer of the webpages.

You can set a Global Opt-Out Signal (https://globalprivacycontrol.org/) or set or amend your web browser controls to accept or refuse cookies more easily.   Because web browser controls vary from browser-to-browser (e.g., Chrome, Firefox, Edge), you should visit your specific browser's help menu for more information on managing cookies and preferences.  Choices you make regarding cookies are website, device, and browser-specific, and may be deleted whenever you clear your browser’s cache.  

Please note that if you disable your web browser’s ability to accept cookies certain functions or features may be impaired  For example, if you want to use the chat function and related features, you will need to enable functional cookies and you can do so directly at the time of use. You can opt-out of the functional cookies at any time by following the instructions in this section.

You can also consult the user instructions for your Internet browser for additional controls relating to the use of cookies, including blocking certain cookies by adjusting the settings on your Internet browser or apply controls available at pages like https://optout.aboutads.info/  or https://optout.networkadvertising.org/.  For mobile application-based "AppChoices" download page please visit https://youradchoices.com/appchoices. 

European users can opt-out at European Interactive Digital Advertising Alliance (EDAA)'s consumer opt-out page (https://youronlinechoices.eu/). Additionally please note this does not opt you out of being served advertising. You will continue to receive generic ads. The privacy policies of Google, Facebook, Bing, X (fka Twitter), and LinkedIn are available at their respective websites.

Selling & Sharing of Personal Information

We do not sell personal information – this includes the personal information of the end-users of our Software and Services.   We may share your personal information for the business purposes described in this Privacy Policy, as described in specific notices provided at the time of collection, or in software subscription, licensing, or service agreements (e.g., MSLA) and DPA.   Depending on the specific business purpose, this may include sharing your personal information with the following categories of recipients:  

• Affiliates within the Delinea group of companies.
• Third-party services providers and vendors who provide data processing services to us or who otherwise process personal information for specific business purposes subject to a service agreement.   
• Government agencies, including competent law enforcement bodies, tax authorities, regulatory agencies, and judicial bodies where we believe disclosure is necessary (i) to comply with a lawful order or applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect the vital interests any person.  Delinea maintains procedures and guidelines for handling government requests for personal information, including review of applicable data protection laws.
• Distributors and resellers (“Channel Partners”) that offer, promote, or sell our Software and Services.
• In connection with a proposed purchase, merger, reorganization, acquisition, dissolution or liquidation of any part of our business.

We ensure a data processing agreement (DPA) is in place, including an approved transfer mechanism (e.g., EU Standard Contractual Clauses, EU-US Data Privacy Framework) where required. We also do not authorize third-parties to use the personal information we share with them for their own marketing purposes (except in cases where you explicitly request or provide consent for us to do so, such as a combined marketing campaign or at a conference or tradeshow when you allow us to share personal information with a sponsor).

If you are an end-user of our Software and Services, you can learn more about the specific sub-processors we engage by reviewing our DPA.

Compelled Disclosure

In certain circumstances, we may need to disclose certain personal information when required or permitted by law.  This may include situations where we reasonably believe that disclosure is necessary to protect our rights, to protect our systems and assets, to protect your safety or the safety of others, or to conduct relevant investigations (e.g., fraud prevention).  We may also be required to disclose personal information to comply with an official judicial proceeding, court order, legal process, or other lawful government order. We object to requests we believe are overly broad, invalid, or were issued improperly. Unless prohibited by applicable law, we will use reasonable efforts to notify the data controller or, where required, data subjects to enable them to take appropriate action.   

Privacy and Children

As a B2B business, we focus our marketing, sales, and operational activities on other businesses, corporations, organizations, and professionals.  We do not target or offer information or services intended for children and we do not knowingly solicit or collect any personal information from children.

Communication Preferences

We offer a self-service subscription center for you to manage marketing and non-transactional communications.  You can also click on the 'unsubscribe' or ‘manage preferences’ link at the bottom of our communications. Please note that if you are an active Customer you cannot opt-out of communications that are required for support, maintenance, and updates related to our Software and Services. 

Correcting and updating your information

Customers and end-users of our Software and Services may update or change their information by editing their user profiles or account settings. If you wish to have your user account deactivated, cancel your account, and/or have your personal data removed from our system, please log in and create a support ticket.  If you have questions or other requests related to account or billing information, contact your sales representatives, support services, or by regular mail addressed to:

Delinea
Attn: Privacy
221 Main Street, Suite 1300
San Francisco, CA 94105
United States of America

We will respond to your correction or update request within 30 days from the date we receive your request.

Acquisitions

As we develop our business, we may sell or purchase assets or undergo corporate reorganizations such as mergers or acquisitions. Based on our legitimate interest in operating our business, we may share some of your personal data for this purpose. If another entity acquires Delinea, or all or substantially all of Delinea's assets, personal information and any other information that Delinea has collected about customers or users will be transferred to such entity as one of the transferred assets. You will be notified via email and/or a prominent notice on our website of any change in ownership of your personal data.  Additional information is available in the applicable software subscription, licensing, or service agreement (e.g., MSLA) and DPA.

Privacy Rights

Available Rights

Depending on a number of factors, including your country or place of residence and applicable data protection laws, you may have certain privacy rights available to you.  The most common privacy rights include:

• Access or Know:  the right to receive information about the personal information we process about you, the source of that information, how we use it, who we share it with, and how long we retain it. This also includes the right to access or receive copies of the personal information we hold about you.
• Rectification, Erasure or Restriction of Processing:  the right to request the rectification, erasure, or restriction of processing of personal information we hold about you.
• Data Portability:  the right to request the personal data that you provided to us, in a structured, commonly used, and machine-readable format and to transmit this data to another controller.
• Object to Processing:  the right to object to the processing of your personal data on grounds relating to your particular situation if we process your personal data based on legitimate interests. You may also object to the processing of your personal data for direct marketing purposes at any time.
• Opt-Out:  the right to opt-out of sharing of your personal information or using for marketing communications. Please note that Delinea does not rent or sell any personal information.
• Exercises Rights Free from Discrimination: the right to exercise applicable privacy rights free from discrimination. 
• Limit Disclosure of Sensitive Information:   the right to limit disclosure of sensitive personal information.
• Lodge or File a Compliant:  the right to lodge a complaint with the competent data protection supervisory authority or court.

Other privacy rights may be available to you under applicable data protection laws and we will honor those rights when you make a request.  For example, if you are a resident of California, you may have the right once a year and free of charge to request and obtain:   1) information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes: and 2) the names and addresses of the third parties with which we shared personal information in the preceding calendar year. 

How to Exercise Your Privacy Rights

We offer you several ways to exercise the privacy rights that are available to you. 

Exercise Your Rights
Powered by OneTrust

• Update your cookie preferences by following the cookie icon at the bottom of the page where available. Please note that any opt-out of cookie-based tracking for advertising purposes is specific to the device, website, and browser you are using, and is deleted whenever you clear your browser’s cache.
• You can use our self-service subscription center to manage marketing and non-transactional communications
• You can use the contact details at the bottom of this page.

Identity Verification 

When you make a privacy request, we will take reasonable steps to verify your identity prior to responding. This step is necessary to prevent unauthorized access to or instructions related to your personal information.  Identify verification will vary depending on the sensitivity of the personal information and whether or not you have an account with us.

Use of an Agent

Consistent with applicable law, you may be able to designate an authorized agent to make a privacy rights request on your behalf. Before acting on a request from a designated agent, we will require proof that the agent is authorized to act on your behalf and may need you to verify your identity directly with us.  Again, this step is necessary to prevent unauthorized access to your personal information.

Responding to Privacy Rights Requests: 

The privacy rights to which you may be entitled vary by jurisdiction and the facts and circumstances of data processing.  Accordingly, one or more of the rights described in this section may not apply or we may fulfill a request only in part. For example, we may need to retain your email address on an opt-out list or retain certain personal information as required by law (e.g., to process payments, or for tax or other legal record-keeping requirements). When you are entitled to exercise a privacy right, we will not discriminate against you when you make such a request, and you may have the right to lodge a complaint if you feel we have not fully complied with a request. We will cooperate with competent data protection authorities in responding to complaints.

International Transfers

Delinea operates globally and utilizes service providers located in several countries.  As a result, personal information may be processed in countries outside the country of collection or the country where you reside.   The jurisdictions where personal information will be processed may have lower standards of data protection than in your country. When we do transfer personal information to other countries, we comply with applicable law and ensure that appropriate safeguards and technical and organizational measures are in place.

For example, if you reside in the European Economic Area (EEA) and we process your personal information outside the EEA, we rely on one of the following approved methods of transfer:

• European Commission adequacy decisions, which acknowledge that certain non-EEA countries have national privacy laws that protect personal information to a substantially similar standard required by European Union law;
• the European Commission’s 2021 Standard Contractual Clauses, which require non-EEA recipients of personal information to continue to protect the personal information they receive to the standard required by European Union law; or
• other lawful data transfer mechanisms, including the EU-U.S. Data Privacy Framework (see additional information below). 

Further details can be provided upon request.   Please see contact information below.

If you are a customer or end-user of our Software and Services, please refer to our Data Processing Addendum (DPA) for specific information on international transfers and use of sub-processors.     

EU – U.S. Data Privacy Framework & Transfers Outside of the EEA, the UK, and Switzerland

Delinea has certified that it adheres to the principles of the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework (collectively “DPF Principles”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Economic Area (EEA), the United Kingdom (incl.Gibraltar), and Switzerland to the United States.

Depending on the type of transfer, Delinea may rely on the PDF Principles as the legal basis for the transfer of personal information from the EEA, United Kingdom, or Switzerland. Delinea is committed to protecting personal data from these locations in compliance with the DPF principles.

To learn more about the Data Privacy Framework, visit the U.S. Department of Commerce’s Data Privacy Framework page available here: https://www.dataprivacyframework.gov/

Delinea is responsible for the processing of personal data it receives, under the Data Privacy Framework, and subsequent transfers to third-parties acting on its behalf. Delinea complies with the DPF Principles for onward transfers of personal data from the EU, the United Kingdom and Switzerland, including the onward transfer of liability provisions.

With respect to personal data received or transferred pursuant to the Data Privacy Framework, Delinea is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Delinea may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/requestUnder certain conditions, more fully described on the Data Privacy Framework website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. If you are located in the European Union, you have the right to lodge a complaint directly with a supervisory authority established by an EU member country. 

Changes & Updates

We will periodically update this Privacy Policy to reflect changes in applicable law and/or our data protection practices. We encourage you to periodically review this page for the latest information or you can subscribe to updates at https://delinea.com/privacy-notifications.

Contacting Us

Questions regarding this Privacy Policy should be directed to privacy@delinea.com or one of the following addresses.

Delinea
Attn: Privacy
221 Main Street, Suite 1300
San Francisco, CA 94105
United States of America
+1(669) 444-5200

Delinea Europe Ltd.
Attn: Privacy
5 New Street Square
London, EC4A 3TW
United Kingdom

This Privacy Policy was last modified on June 4, 2024