Skip to content
     

    Privacy Policy

    Delinea Inc. (formerly Centrify Corporation and referred to here as “Delinea” or the “Company”) is committed to respecting the privacy of individuals who visit the Company's Websites (“Visitors”), individuals who register to download free or trial software or use the Company's software and services as defined below (“End Users”), and individuals who register to attend the Company's corporate in-person or web-based events (“Attendees”). Privacy Policy also applies to Delinea's subsidiary, Thycotic Software, LLC.

    TRUSTe


    This Privacy Statement describes Delinea's privacy practices in relation to:

    1. the Company's Websites (as described below);
    2. the products and services (“Software” and “Services”) offered by Delinea and its family of companies to its corporate customers (“Customers”);
    3. Company’s corporate in-person or web-based events.
    In relation to both our Websites and our Software and Services, this Privacy Policy explains the following:
      • what information Delinea may collect about you;
      • how Delinea will use the information we collect about you;
      • when Delinea may use your details to contact you;
      • whether Delinea will disclose your details to anyone else;
      • your choices regarding the personal information you provide to us or which we collect about to you; and
      • the use of cookies and similar technology on our Websites and Software and Services and how you can control them.

    1. Websites covered

    This Privacy Policy covers the information practices of Websites that link to this Privacy Policy, including https://delinea.com, www.centrify.com, www.thycotic.com, https://cloud.centrify.com, https://portal.thycotic.com/ and other Websites which are owned or operated by the Company.

    Delinea's Websites may contain links to other external Websites, for instance to our content on social media platforms like Facebook, Twitter, YouTube, and LinkedIn, and to the Websites of our technology alliance partners and channel partners. The privacy policies or statements of these other Websites govern the information practices or the content of these other Websites. The Company encourages you to review the privacy policies or statements of other Websites to understand their information practices.

    Our website includes social media features, such as the Facebook 'Like' button and widgets, or 'Share this' buttons or interactive mini-programs that run on our website. These features may collect your IP address and the page(s) you are visiting on our site and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy or statement of the company providing it. Learn more about these widgets in our  Cookies and Other Tracking Technologies section below.

    2. Personal data collected

    We set out a summary of how we use, retain, and share the categories of personal data we collect about you and related information in the tables below. In addition to the tables below, Delinea may share personal information within its family of companies for their own business purposes.

    Use of Visitor Information through Our Websites

    Personal How and why we use it Who we share it with and why [1] Lawful Basis [2] How long we keep it for

    Contact information, such as name, company name, title, email address, mailing address, and phone number.

    To send materials you request like whitepapers, details of our events and webinars, and to send you other marketing materials by email, postal mail, or telephone, for instance, if you choose to trial our Software and Services.

    If you choose to set up an account, we use your contact information to provide you with technical training for our Software and Services and to give you access to our online community forum.

    We also collect contact information from members of our partner programs (other companies for who we have arrangements under which they promote our Software and Services) where an individual expresses an interest in our Software and Services. Where that happens, we will use the information to send details of events, webinars, whitepapers, and marketing materials as described above.

    We also use your contact data to measure our own marketing efforts and performance, analyzing all marketing contact with you, its timing, and the extent of its success.

    We may share this information with our customer relationship management software providers (Salesforce), marketing automation platform providers (HubSpot), webinar software providers (WebEx, Zoom), email platforms (such as HubSpot), website hosting providers (Microsoft Azure, AWS, SendGrid, Twilio), our customer success software provider, our online community platform provider, our learning management system software provider, and members of our partner programs.

    The legal basis for the data transfer to these providers is Art. 28 GDPR in connection with the data processing agreements concluded with each of these providers.

    We may send or provide you with marketing materials in line with your prior consent.

    To the extent permitted by applicable law without your consent, such data processing also takes place based on our legitimate interests in promoting our business, providing you with access to additional services in connection with our Software and Services, and assessing the success of our promotional activities.

    We keep data in accordance with this policy. You may opt out of ongoing marketing communications by updating your preferences on the subscription center

    Information you submit to us through our website, including through interactive features

    To send materials you request like whitepapers, details of our events and webinars, and to send you other marketing materials by email, postal mail, or telephone, for instance, if you choose to trial our Software and Services.

    To respond to your request or inquiry.

    To provide you with the services or products which you have requested.

    We may share this information with our customer relationship management software providers (Salesforce), marketing automation platform providers (HubSpot), webinar software providers (WebEx, Zoom), email platforms (such as HubSpot), website hosting providers (Microsoft Azure, AWS, SendGrid, Twilio), our customer success software provider, our online community platform provider, our learning management system software provider, and members of our partner programs.

    The legal basis for the data transfer to these providers is Art. 28 GDPR in connection with the data processing agreements concluded with each of these providers.

    We may send or provide you marketing materials in line with your prior consent.

    To the extent permitted by applicable law without your consent, such data processing also takes place based on our legitimate interests in promoting our business, providing you with access to additional services in connection with our Software and Services, and assessing the success of our promotional activities.

    We keep data in accordance with this policy. You may opt out of ongoing marketing communications by updating your preferences on the subscription center

    Name, contact details, and employment details if you send us a CV, resumé, or other details of your employment history, qualifications, and experience in connection with an advertised job vacancy or a general inquiry regarding employment opportunities with us.

    To assess your application and communicate with you about the position.

    With our human resources information system provider (Workday) based on Art. 28 GDPR in connection with our data processing agreement with the respective provider and, where permitted by applicable law, our background check service providers.

    Taking steps necessary prior to entering into potential employment or consultancy agreement with you and our legitimate interests in properly assessing applicants for employment, including to inform you about other job openings that may be of interest to you. In the EU, we will only do the latter with your prior consent).

    For applicants in the EU, we retain your data until the application process has been concluded and the position has been filled.

    For applicants in the EU and with your consent, we keep your information in case of an unsuccessful application for 6 months after the application process has been concluded in case another relevant position arises and will contact you about it. For applicants not located in the EU, this data is retained in accordance with local law. If you prefer us not to, please let us know at privacy@delinea.com. Information on successful applicants will be used in our Human Resources systems and processes.

    Information from your web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, internet service provider (ISP), operating system, date/time stamp, and clickstream data and the actions you take on the Company's Websites (such as the web pages viewed and the links clicked)

    We use this information for what is usually called "analytics" — essentially to understand how Visitors move around our Websites, what content is popular and what is not – and (either alone or with information about the company you work for) to provide more personalized information about us. We hold this information against a Visitor’s IP address, unless a Visitor submits contact information to us, in which case we hold this information against the submitted contact information. We use this information to help improve our Websites. We also use this information to show you tailored advertising on third-party websites and platforms and personalize content for you.

    Usage data is collected on our behalf and analyzed by third-party analytics providers (Google Analytics) on our behalf based on Art. 28 GDPR in connection with our data processing agreement with this provider. This information is also shared with our advertising and marketing partners, including advertising networks.

    Our legitimate interests in monitoring and improving our Websites or, where this is required by applicable law, based on your consent.

    We keep usage data for analytics and product improvement purposes in accordance with business needs because historical usage data is always relevant to the development of our technology. Please consult the policies of our third-party analytics and tracking providers in our Cookies and Other Tracking Technologies section or their retention and erasure policies.

    Personal testimonials of satisfied customers and other endorsements, including sound and/or video images.

    We publish testimonials on our website to promote our business.

    With our customer reference management software provider based on Art. 28 GDPR in connection with our data processing agreement with the respective provider.

    We use testimonials for our legitimate interests in promoting our business. You can request the removal of your testimonials by contacting us at privacy@delinea.com.

    We retain testimonials until you withdraw your consent (or where we are legally required to remove or otherwise choose to remove).

    Community forum content you upload, such as your account user name, posts, images.

    If you choose to join one of our community forums, we will make what you upload available to other forum Visitors, including your account user name that is associated with such uploaded content.

    With our hosting provider (such as Amazon Web Services), our online community platform provider based on Art. 28 GDPR in connection with our data processing agreement with the respective provider. We also make such content visible to Visitors to our community forums.

    Our legitimate interests in encouraging the sharing of ideas and experiences between Delinea End Users. You can request the removal of the content you upload by contacting us at privacy@delinea.com.

    We retain your community forum-posted content until withdrawn at your request (where we are legally required to remove or otherwise choose to remove.

    Account user name and password.

    For Visitors to set up accounts so that they can interact with our website, such as interacting with our support functions, submitting content to our community forum, or signing up for courses.

    User names are shared with our online community platform provider and learning management system software provider based on Art. 28 GDPR in connection with our data processing agreement with the respective provider. We do not share passwords.

    Our legitimate interests are in receiving information from website Visitors and providing access to information (such as software downloads) that are only available to registered End Users.

    We retain your user name and password until you request deactivation of your account (or until we are legally required to otherwise choose to deactivate your account).

     

    Use of customer information in relation to our software and services

    Personal data How and why we use it Who we share it with and why[1] Lawful Basis[2]  How long we keep it for

    Financial qualification and billing information, such as billing name and address, credit card number, and the number of users or systems within the organization that will be using Software and Services (“Billing Information”).

    To onboard a new client for invoicing, payment, and use of the system.

    With our payment processing providers (ex. First Data, Amazon Web Services) and/or equivalent additional or replacement payment processors and our enterprise resource management software provider (NetSuite)  based on Art. 28 GDPR in connection with our data processing agreement with the respective providers

    Use is necessary for our legitimate interests in providing our Software and Services on a commercial basis and to enable payments in line with the contract between Customer and us.

    We retain Billing Information for the duration of our contract with our Customer and thereafter as necessary for legal and audit purposes in line with legal retention periods.

    Contact information, such as name, company name, title, email address, mailing address, and phone number.

    To provide customer support and training and to solicit feedback from our Customers.

    With our customer success software provider, survey tool service providers, calendar scheduling tool providers, and learning management system software provider based on Art. 28 GDPR in connection with our data processing agreement with the respective providers.

    Our legitimate interests are in supporting our customers in their use of our Software and Services and improving our Software and Services.

    We retain this information for the duration of our contract with our Customer and thereafter as an inactive account. You may request the removal of your contact information by letting us know at privacy@delinea.com. Information in support cases may be retained indefinitely because historical data regarding customer issues is always relevant to the development of our Software and Services.

     

    [1]  Specific vendors listed may change from time to time, in which case this Privacy Policy will be updated accordingly.

    [2]  Lawful basis refers to the need under applicable law, such as EU privacy law (including, in particular, the General Data Protection Regulation) or CCPA, to have a specific reason, recognized by law, for us to have and use your personal data.

    3. Customer data

    Delinea Customers may electronically submit personal information while using the Software and Services ('Customer Data'). Delinea will not share, distribute, or reference any such Customer Data except as provided hereunder, in our software subscription, licensing, or services agreements with our Customers, or as may be required by law. In accordance with our agreements with our Customers, Delinea may access Customer Data (other than as expressly set out in this Privacy Policy) only for the purpose of providing Software and Services, preventing or addressing service or technical problems, license enforcement, and at a Customer's request in connection with other customer support matters, professional services, or as may be required by law.

    4. Data collected through the Delinea software and services

    Delinea collects and processes third-party personal data (of End Users) in addition to the personal data referred to in the table above under the direction of our Customers and only to provide the Software and Services our Customer has agreed to. In this regard, Delinea acts as a data processor to Customers. This includes, for example:

    Personal Data Why the personal data is used by the  software and services

    Unique Device ID (UDID), a system-generated unique user ID, and a device IP address.

    To identify the device used.

    End-User login information in the form of a username and password.

    To enable single sign-on (SSO) functionality.

    Storage of previously-used passwords which are hashed. Hashing passwords is a security method where passwords are encrypted using a one-way algorithm (prior to storage into a database) to provide robust security for credential storage.

    To enforce the password policy.

    A user display name, one-time passcodes, and user security question/answer.

    To determine whether to request more information for multi-factor authentication.

    User location is determined using geolocation technology together with third-party databases.

    To provide functionality such as locating lost or stolen devices. End Users who do not want their location used can turn off location services in their account settings or mobile phone settings.

    We have no ownership of this information or any direct relationship with individual End-Users whose personal data may be processed as part of providing our Software and Services. If you are a customer or End User of one of our Customers and would no longer like to be contacted by one of our Customers that use our Services, please contact our Customer representative that you interact with directly. Delinea may transfer personal data to companies that help us provide our Services as contemplated in this policy. Transfers to subsequent third parties are covered by our software subscription, licensing, and service agreements with our Customers and such third parties.

    Delinea acknowledges that End Users have the right to access their personal information and to request erasure, rectification, and data portability. An individual who seeks access to or who seeks to correct, amend, or delete inaccurate data which Delinea holds solely in order to provide its Software and Services should direct his/her query to the Delinea Customer they interact with directly (the data controller). If a Delinea Customer requests that we remove personal data on their behalf, we will respond to their request within 30 days. Our Customers’ right to receive their Customer Data is covered by the software subscription, licensing, or services agreements with them.

    5. Customer provided content

    Some Services permit Customers to store customer content such as documents, images, and other digital information (“Customer Content”) which may contain personal data of individuals. Delinea processes and stores Customer Content that Customers choose to upload into the Services. Customer Content is accessible by the Customer, and Delinea does not use Customer Content for any other purpose. Each Customer is solely responsible for its Customer Content including that Customer Content is not inappropriate or unlawful and that it does not contain any viruses or harmful content. If Delinea determines in its sole discretion that any Customer Content may be inappropriate or unlawful or that it contains a virus or harmful content, Delinea may remove the Customer Content from the Services.

    6. Google user data

    Through Google Directory APIs, the Services access and store Google Directory user-profiles and group membership information to allow the Services to implement federated identity across Google Directory. This provides Google Directory users with “single sign-on” to the apps that are accessible through the Services portal. Delinea does not share Google Directory user-profiles and group information with third parties.

    Delinea will retain personal data we process on behalf of our Customers for as long as needed to provide services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

    7. Security

    The security of our Customers, website visitors, and other individuals’ personal data is important to us. Delinea uses robust security measures to protect the personal data of Customers and visitors to our Websites from unauthorized access, maintain data accuracy, and help ensure the appropriate use of the aforementioned personal data. When the Services are accessed over the Internet (from a browser or Delinea supplied on-premises Software), Transport Layer Security (TLS) technology protects personal data using both server authentications for data-in-transit and data encryption of personal data stored at rest in Delinea Services. These technologies are intended to ensure that your personal data is safe, secure, and only available to the Customer to whom the information belongs / whom you are affiliated with and those to whom the respective Customer has granted access using unique encryption keys. Delinea hosts its Services in a secure server environment that uses firewalls, intrusion detection systems, and other advanced technology designed to prevent interference or access from outside intruders. However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee or warrant its absolute security. If you have any questions about security, you can contact us at privacy@delinea.com. Customers are responsible for maintaining the security and confidentiality of their End User usernames and passwords.

    8. Marketing opt-out

    Delinea marketing uses Zoominfo, Lusha, LinkedIn, and other direct marketing providers to obtain business contact information for individuals working in certain industries that we think will be interested in our products and services. These companies provide us with assurances that they have complied with applicable data protection and privacy laws, such as the EU’s GDPR, in obtaining the data and providing it to us for our marketing purposes. If you do not wish your business contact information to be used in this way or if you receive marketing from us, you always have the right to opt-out by using the unsubscribe link or as provided below. You can also contact these companies directly for information on privacy or to learn how they obtain your data and provide it to third parties.

    How to opt-out

    If at any time, you no longer want to receive marketing communications from us, please send us a request specifying your new choice. You can send your request to  privacy@delinea.com. Delinea will respond to your request within 30 days from the date of your request.

    We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and will only contact you in relation to these items.

    For additional information about opting out of Delinea marketing emails and newsletters, please see below in the Communication Preferences.

    For additional information about correcting or updating your information, please see below in the Correcting and Updating Your Information

    9. Cookies and other tracking technologies

    In line with our cookie settings for our site, Delinea uses cookies and other tracking technologies such as beacons, tags, and scripts to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company's Websites, Delinea’s (or one of our third-party service providers’) servers may send a cookie to your computer. Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. They permit us (or one of our third-party service providers) to identify a specific device or browser. Web browsers may automatically accept cookies, but if you prefer, you can change your browser settings to prevent that and your help screen or manual will tell you how to do this. However, you will not be able to take full advantage of our Websites, Software, or Services if you do so. Standing alone, cookies do not personally identify you in the "real world;" they merely recognize your Web browser. Unless you choose to identify yourself to Delinea, such as by responding to a promotional offer, opening an account or filling out a Web form (such as a 'Contact Me' or a 'Delinea Express Registration' Web form), the Company is unable to identify you by name or other "real-world" information from the data collected through cookies.

    Delinea uses cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. We use session cookies to make it easier for you to navigate our website. Users can control the use of cookies at the individual browser level. Please note that if you disable your Web browser's ability to accept cookies, you will not be able to use the Company's Support Portal (the knowledge base, case tracking, and other features of the Online Support Portal require that you set your browser to accept cookies) and you will not be able to successfully use the Company's Services. Persistent cookies remain on your computer after you close your browser or turn off your computer. We employ persistent cookies as explained below. Choices you make regarding cookies are website, device, and browser-specific, and are deleted whenever you clear your browser’s cache.

    We use cookies on our Websites for the following purposes:
      • Strictly necessary cookies. These are cookies that are required for the operation of our Websites and under our terms with you to provide our Websites key functions, such as our support portal, to maintain our Websites’ security and stability. They include, for example, cookies that enable you to log into secure areas of our website. We process your personal data with the help of these cookies to provide our Websites to you and based on our legitimate interests to ensure the security of our Websites as well as a smooth user experience and seamless access to its key functions. These cookies cannot be disabled by you.
      • Analytical/performance cookies. Subject to your consent where required by applicable law, they allow us to recognize and count the number of Visitors and to see how Visitors move around our Websites when they are using them. This helps us to improve the way our Websites work, for example, by ensuring that users are finding what they are looking for easily.
      • Functionality cookies. Subject to your consent where required by applicable law, these cookies are used to recognize you when you return to our Websites. This enables us, subject to your choices and preferences, to personalize our content for you, greet you by name and remember your preferences (for example, your region).
      • Targeting cookies. Subject to your consent where required by applicable law, these cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information subject to your choices and preferences to make our website and the advertising displayed on other Websites you visit more relevant to your interests. We may also share this information with third parties for this purpose.

    10. Web beacons

    We employ a software technology called clear gifs (a.k.a. Web Beacons), which help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We do not tie the information gathered by clear gifs to our Visitors’ personal data.

    11. Behavioral targeting / Re-targeting

    Delinea partners with third-party ad networks, including Google, Facebook, Bing, Twitter, and LinkedIn, to manage our advertising on other sites. Our ad network partners use cookies and Web beacons to collect data about your activities on this and other Websites, which do not identify you "in the real world," to provide you targeted advertising based upon your interests.

    To opt-out of interest-based advertising by participating companies in the following consumer choice mechanisms, you can opt-out of certain uses of cookies for advertising purposes by visiting https://optout.aboutads.info/ and/or https://optout.networkadvertising.org/ and you can consult the user instructions for your Internet browser for additional controls relating to the use of cookies, including blocking certain cookies by adjusting the settings on your Internet browser. For mobile application-based "AppChoices" download page please visit https://youradchoices.com/appchoices. European users can opt-out at European Interactive Digital Advertising Alliance (EDAA)'s consumer opt-out page (https://youronlinechoices.eu/). Additionally Please note this does not opt you out of being served advertising. You will continue to receive generic ads. The privacy policies of Google, Facebook, Bing, Twitter, and LinkedIn are available at their respective Websites.

    12. Community forums

    Delinea provides community forums on the Company's Websites. Any personal data you choose to submit in such a forum may be read, collected, or used by others who visit these forums and may be used to send you unsolicited messages. Delinea is not responsible for the types of personal data you choose to submit in these forums. To request the removal of your personal data from our blog or community forum, contact us at privacy@delinea.com

    13. Sharing of information collected

    We will share your personal data with third parties only in the ways that are described in this Privacy Policy.

    14. Service providers

    Delinea may share personal data about Visitors and Attendees with the Company's contracted service providers so that these service providers can provide services on our behalf, such as administering email services. Delinea may also share your personal data with the Company's service providers to ensure the quality of the information provided. These companies are authorized to use your personal data only as necessary to provide these services to us. The data transfer to respective providers is based on Art. 28 GDPR in connection with our data processing agreement with the respective providers.

    15. Business and channel partners

    Software and Services are sold directly by Delinea to Customers and indirectly through distributors and resellers (“Channel Partners”) to Customers. In addition, from time to time, Delinea may partner with other companies to jointly promote Software or Services. If you register interest in Software or Services with Delinea, or if you register interest in a jointly promoted Software or Service from Delinea, the Company may share your personal data collected in connection with your expression of interest in our Software or Services, with our Channel Partner(s) or, in our joint event or promotion, with business partner(s). Delinea contractually limits Channel Partners’ use of your personal data for the purpose of promoting and selling Software and Services and requires them contractually to comply with applicable law on the collection of personal data. Delinea does not control our business partners' use of the personal data they collect from you and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to express interest in Software or Services or a jointly offered product or service. Delinea does not share your personal data with Channel Partners or business partners unless: (1) you specifically opt-in to such sharing via an information request or an event (including virtual events) registration form; or (2) you attend a Company event and have your attendee badge scanned by a business partner. If you do not wish for your information to be shared in this manner, you may choose not to opt-in via information request or event registration forms and elect not to have your badge scanned at Company events. If you choose to share your information with Channel Partners or business partners in the manners described above, your information will be subject to the Channel Partners’ or business partners' respective privacy statements.

    16. Compelled disclosure

    Delinea reserves the right to use or disclose information provided if required by law or based on our legitimate interests if the Company reasonably believes that use or disclosure is necessary to protect the Company's rights, protect your safety or the safety of others, investigate fraud and/or to comply with a judicial proceeding, court order, legal process or other governmental authority; provided, however, that unless prohibited by law, Delinea will use its reasonable efforts to give you notice to enable you to seek a protective order or take other appropriate action.

    17. Privacy and children

    Delinea Websites do not offer information intended to attract children. Delinea does not knowingly solicit personal data from children under the age of 13.

    18. Communications preferences

    Delinea offers Visitors and Attendees who provide contact information a means to choose how the Company uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the 'unsubscribe' link located on the bottom of each of the Company's marketing emails and newsletters. Customers cannot opt out of receiving transactional emails related to their account associated with Software and Services purchased that are required for support and maintenance of these Delinea products.

    19. Correcting and updating your information

    Upon request, Delinea will let Visitors and Attendees know whether we hold any of your personal data. Individuals may update or change their registration information by editing their user profiles. To update a user profile, please log in with your username and password and click 'Account Settings.' If you wish to have your user account deactivated, cancel your account, and/or have your personal data removed from our system, please log in (as described in the preceding sentence) and contact us by creating a support ticket, or contact us using the information below. Personal data and Billing Information may be updated, changed or removed; you can do so by contacting privacy@delinea.com or by regular mail addressed to:

    Delinea
    Attn: Privacy
    201 Redwood Shores Parkway, Suite 300,
    Redwood City, CA 94065
    United States of America

    Delinea will respond to your correction or update request within 30 days from the date of your request.

    20. Acquisitions

    As Delinea continues to develop its business, it may sell or purchase assets or undergo corporate reorganizations such as mergers. Based on our legitimate interests to develop our Company, we may share some of your personal data for the aforementioned purposes. If another entity acquires Delinea, or all or substantially all of Delinea's assets, Customer Data and any other information that Delinea has collected about Customers will be transferred to such entity as one of the transferred assets. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

    21. Data retention

    Insofar as not already explicitly stated in this Privacy Policy, we retain your personal data only for as long as necessary for the purpose for which it was collected or to comply with applicable legal requirements. You have the right to contact us about changing, deleting, or updating any of the personal data you have provided to us.

     

    If you wish to unsubscribe from any of our mailing lists, or if you wish to stop receiving updates, targeted offers, or other customized content, there is a link at the bottom of every marketing email we send out that will allow you to reach a web page where you can update your email preferences.

    22. EU privacy rights

    If you are an EU/EEA resident, depending on the specific circumstances of the case, you have the following rights under the GDPR and applicable national legislation:
      • Access – You have the right to access the personal data processed by us and/or request copies of this data. In particular, you can obtain information about the purposes of processing, categories of personal data, categories of recipients to whom your data has been or will be disclosed, planned retention period, and origin of your data if it was not collected directly from you.
      • Rectification, Erasure or Restriction of processing – You have the right to request the rectification, erasure, or restriction of processing of your personal data.
      • Data portability – You have the right to request your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit this data to another controller. You may also ask us to directly transmit this data to another controller, where technically feasible.
      • Object – You have the right to object to the processing of your personal data on grounds relating to your particular situation if we process your personal data based on our legitimate interests. You may also object to the processing of your personal data for direct marketing purposes at any time.
      • In addition, you have the right to enforce your rights in court or to lodge a complaint with the competent data protection supervisory authority.    

    To exercise any of your rights, please contact us as described in the “Contacting Us” section below.

    23. California privacy rights

    If you are a California resident, consistent with your rights, you can make the following requests with respect to your personal information under the California Consumer Privacy Act (CCPA), which request can be made up to twice in a twelve-month period:
      • Access – You can request that we disclose to you the categories of personal information we collected about you, the categories of sources from which we collected the personal information, the categories of personal information we sold or disclosed, our business or commercial purpose for collecting and selling the personal information, the categories of third parties with whom we shared the personal information, and the specific pieces of personal information we collected about you over the past 12 months.
      • Deletion – You can request that we delete personal information that we maintain about you, subject to certain exceptions.
      • Do Not Sell My Information (Right to Opt-Out) – You can request that we not sell your personal information by updating your email preferences. For purposes of this privacy policy, “sell” means the sale, rental, release, disclosure, dissemination, availability, transfer, or other oral, written, or electronic communication of your personal information to an outside party for monetary or other valuable consideration, subject to certain exceptions in applicable law. We may also use cookies and related technology which could constitute a sale of your personal information under applicable law. For more information and to opt-out of such technologies, please see Section 11 above. Your opt-out of cookie-based tracking for advertising purposes is specific to the device, website, and browser you are using, and is deleted whenever you clear your browser’s cache. 
    Delinea will not discriminate against you because you made any of these requests.

    California residents can update your preferences online, by emailing us at privacy@delinea.com, or as otherwise provided in Section 25 (titled “Contacting Us”).  We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. For example, we may retain personal information as permitted by law, such as for tax or other record-keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests. Note that for purposes of these requests under this “California Privacy Rights” section, and except as provided by California law, the above rights do not apply to information about job applicants, employees, and other personnel; information about employees and other representatives of third-party entities we may interact with; or information/personal data we collect and process on behalf of our Customers as part of providing our Software and Services. 

    We will take reasonable steps to verify your identity prior to responding to your requests. The verification steps will vary depending on the sensitivity of the personal information and whether you have an account with us.

    California residents may designate an authorized agent to make a request on their behalf. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized that person to act on your behalf, and we will need you to verify your identity directly with us.

    For purposes of making these requests, please also note the following regarding how we collect and use your personal information as described in this Privacy Policy, including in the previous 12 months:
    • We may collect, and use for our business and commercial purposes, the following categories of personal information as set forth in the CCPA:
      • Identifiers;
      • Payment and customer record information;
      • Characteristics of protected classifications under California or federal law (such as demographic information like age and gender);
      • Commercial information; professional or employment information;
      • Internet or other electronic network activity information;
      • Geolocation data;
      • Education information;
      • Audio, electronic, or visual information; and
      • Inferences.
    The business or commercial purposes for which these categories of personal information are used are set forth in Section 2 “Personal Data Collected.
    • We collect the foregoing categories of personal information from the sources described in this Privacy Policy as described above, including from you and our service providers.  

    • We may disclose each of the foregoing categories of personal information for the business purposes described in this Privacy Policy in Section 2 “Personal Data Collected to the extent permitted by applicable law. We may disclose this information to the following categories of third parties as described in this Privacy Policy, which may include, our affiliates: service providers and suppliers (such as software providers, platform providers, we service providers, human resource partners, analytics vendors), business and marketing partners (including advertising networks, data analytics providers, and social networks), other parties in connection with business transfers and for legal, safety, fraud prevention, and enforcement reasons, and Channel Partners.

    • We may sell the following categories of personal information for the business and commercial purposes described in Privacy Policy in Section 2 “Personal Data Collected: Identifiers; Internet or other electronic network activity; inferences; commercial information; geolocation information. We may sell this information to our advertising, business, and marketing partners (including advertising networks). We do not knowingly sell the personal information of individuals under the age of 13.

    24. International transfers of personal information

    Given that Delinea is an international business, the use of Delinea Software and Services necessarily involves the transmission of personal information on an international basis to and from countries in the world where third parties we work with or members of the Delinea family of companies are established, this may include but is not limited to transfers to the United States and Canada. The jurisdictions where that information will be processed may have lower standards of data protection than in your home country. When we do transfer personal information to different geographic locations, we ensure appropriate safeguards are in place with appropriate security measures. Furthermore, any international transfers of personal information will be in accordance with this Privacy Policy and in compliance with applicable laws.

    Delinea may store, process, and/or transfer personal data to countries outside of the European Economic Area (EEA) (including countries where the European Commission has not made a decision of an adequate level of protection of personal data), especially to servers in the United States. The transfer of such data will be in compliance with local legislation for the cross-border transfer of data, where applicable. This includes obtaining consent and/or our use of European Commission-approved Standard Contractual Clauses for using or disclosing personal information transferred from the European Union and our continued commitment to honoring principles set forth in as well as additional security measures, where necessary to compensate a lack of data protection compared to the level of data protection in the EEA. If you do not agree to this procedure, you should not use our Software and Services. By using Software and Services, you consent to Delinea's transferring your information to countries outside your own and the EEA, if necessary, for the business purposes as outlined above.

    You may have a right to see the personal data held by Delinea about you. If you wish to obtain a copy of particular information about you, or if you become aware the information we hold is incorrect and you would like to correct it, please send an e-mail to privacy@delinea.com.

    25. Transfer outside of the EEA and Switzerland

    Delinea has certified that it adheres to the principles of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (“Privacy Shield Principles”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Economic Area and Switzerland transferred to the United States.

    While Delinea does not rely on the Privacy Shield Principles as the legal basis for the transfer of personal information from the EEA, United Kingdom, or Switzerland, Delinea is committed to protecting personal data from the EEA, United Kingdom, and Switzerland in compliance with those principles.

    To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov

    Delinea is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Delinea complies with the Privacy Shield Principles for onward transfers of personal data from the EU, the United Kingdom and Switzerland, including the onward transfer liability provisions.

    With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Delinea is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Company may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

    Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. If you are located in the European Union, you have the right to lodge a complaint with a supervisory authority established by an EU member country.

    26. Changes to this privacy statement

    We may periodically update this Privacy Policy and its last modified date to reflect changes to our information practices. If we propose to make any material changes, we will notify you by means of a notice on this page prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

    27. Contacting us

    Questions regarding this Privacy Policy or the information practices of the Company's Websites should be directed to privacy@delinea.com.

    Delinea
    Attn: Privacy
    201 Redwood Shores Parkway, Suite 300
    Redwood City, CA 94065
    United States of America
    +1(669) 444-5200

    This Privacy Policy was last modified on November 21, 2022.