Offboarding

When offboarding, Delinea adheres to GDPR standards for the management and retention of data and privacy information. Details can be found in the SOC (System and Organization Controls) 2 report, per your NDA, and requested at the DelineaTrust Center.

Delinea Privacy Policy

How Delinea collects, uses, processes, shares and secures your personal information is found in our Privacy Policy.

If you are an end-user of Delinea’s Software and Services, you may have certain privacy rights as listed below. If you want to exercise those privacy rights, you should direct your request in the first instance to the Delinea Customer you work for or that you interact with directly (the data controller). Delinea will assist customers in handling privacy rights requests by end-users as described in the Data Processing Addendum (DPA).

  • Security of Personal Information

  • Data Retention

  • Marketing Communications

  • Cookies and Other Tracking Technologies

  • Selling and Sharing Personal Information

  • Privacy Rights

  • International Transfers

Retention of Personal Information

We retain the personal information we process where we have a legal basis to do so. For example, to provide on-going access to our Software or Services, to comply with an applicable legal, tax or accounting requirement, or for on-going business administration.

When we no longer have a legal basis to process your personal information, we will either delete it or anonymize it. In some cases (e.g., when personal information is stored in backup archives), we will securely store your personal information and isolate it from any further processing. If you are a customer or end-user of our Software and Services, please refer to the specific service agreement and DPA for information on data retention and deletion.

If you gave consent to us to process your personal information, you can revoke that consent at any time.

Offboarding a Cloud Instance

Cloud products are delivered as instances, where an instance is one standalone deployment of that product in an assigned location. All data from the primary region is automatically replicated to the paired secondary region.

Cloud computing resources are set up and assigned to the instance. Each customer has their own independent data storage that includes an Azure SQL database and Azure Service Bus for messaging.

Scheduling an Instance for Deletion

An instance gets scheduled for deletion when its license term has expired without renewal. There is a two week grace period past the license end date.

After the grace period expires, the instance becomes Scheduled for Deletion two weeks in the future. At this point the instance is inaccessible with a “scheduled for deletion” message, but all data is retained. It has not been deleted at this point and is fully recoverable until several months after the end date has expired.

Deprovisioning Data

Once the Scheduled for Deletion date is reached, the instance is eligible for deletion and can be deleted at Delinea's discretion.

During a quarterly deprovisioning, customer data is deleted from Azure and the data is in turn removed according to Azure's data destruction policy. Database information is recoverable for 30 days after which time it's gone for good.

Customers may request that Delinea delete their instance, at which point Delinea will do so, but the DB retention policy still exists..

Once deleted, a customer's instance is not recoverable. The data is gone.