General Data Protection Rule (GDPR)

ALM requires certain Personally Identifiable Information (PII) to identify each User’s account. This includes the User’s name, email address, and password, these being the minimum necessary for authentication.

ALM tracks IP addresses to support access auditing.

Only select, trusted employees of Delinea can access customer data and decrypt it, and only by a controlled process that generates an audit trail inaccessible to those employees. This serves the interests of Users without compromising their privacy and control.

In GDPR terms, Delinea customers are the data controllers, and Delinea is the data processor.

Each ALM customer entirely controls their Users, their User Roles, and the access to data by their Users, according to the policies of the customer organization. ALM logs activity so the customer can monitor access and changes to the Secrets, Users, and Roles, all according to the customer’s policies.

Delinea conducts a Privacy Impact Assessment (PIA) annually to verify continued conformance to GDPR principles.