Embarcadero's GDPR Commitment

Embarcadero Technologies, Inc., together with its subsidiary Embarcadero Technologies Europe Ltd. (collectively, "Embarcadero") is committed to complying with the General Data Protection Regulation ("GDPR"), which will go into effect on May 25, 2018. The GDPR regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give European Union ("EU") citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law. The GDPR applies to all companies that do business with EU citizens or process data of EU citizens regardless of the location of the company that is processing such data. To that end, the GDPR applies to Embarcadero.

Our customers can trust that Embarcadero has made GDPR a priority and has devoted significant and strategic resources toward our efforts to comply with GDPR.

Like many other global software companies, Embarcadero is in the process of rolling out its company-wide GDPR policy starting on May 25, 2018. Embarcadero appreciates that its customers have requirements under the GDPR, which are directly impacted by their use of Embarcadero's products and services, and Embarcadero is committed to helping its customers fulfill their requirements under the GDPR and local law.

Embarcadero will keep you informed through its website about its policy regarding the GDPR requirements; however, should you have any questions or concerns, please do not hesitate to contact our legal department at This email address is being protected from spambots. You need JavaScript enabled to view it..



Questions about GDPR?

If you have questions about Embarcadero's GDPR commitment or if you would like to submit an inquiry about your personal data, please fill out and submit this form. A Embarcadero representative will be in touch shortly.




Frequently Asked Questions about GDPR Compliance 1

Embarcadero Technologies, Inc., together with its subsidiary Embarcadero Technologies Europe Ltd. (collectively, "Embarcadero") prepare this document to help you clarify some common confusions around the General Data Protection Regulation ("GDPR"). Embarcadero recognizes the importance of the evolving legal and regulatory landscape around information security and data privacy and remains firmly committed to GDPR readiness.


1 NOTE: The above information is provided by the Embarcadero for informational purposes only and is not intended to serve as legal advice. You should contact your attorney to obtain advice with respect to any particular GDPR question, issue or problem.



Embarcadero Security Statement

Embarcadero Technologies, Inc., together with its subsidiary Embarcadero Technologies Europe Ltd. (collectively, "Embarcadero"), is committed to respecting and protecting the privacy of its customers, partners and website visitors (collectively "You" or "Your"). For more information about our Privacy Statement, Click here.

The security of your personal information is very important to Embarcadero. We use robust security measures, which encompass both technical and organizational security controls, to prevent data loss, information leaks, or other unauthorized data processing operations. For example, Embarcadero requires that its processors and sub-processors (collectively, "Vendors") have implemented and maintain a security program in accordance with industry standards, specifically Embarcadero Vendors shall include the following security program:

I - Physical Access Control: Unauthorized persons shall be prevented from gaining physical access to premises, buildings or rooms where personal data processing systems are located. Vendors have implemented the following controls:

  1. prevent unauthorized individuals from gaining access to the processor’s premises.
  2. restrict access to data centers were data servers are located.
  3. use video surveillance and intrusion detection devices to monitor access to data processing facilities.
  4. ensure that individuals who do not have access authorization (e.g. technicians, cleaning personnel) are accompanied at all times when accessing data processing facilities.

II – System Access Control: Data processing systems must be prevented from being used without authorization. Vendors have implemented the following controls:

  1. implement measures to prevent unauthorized personnel from accessing data processing systems.
  2. provide dedicated user IDs for every authorized personnel accessing data processing systems for authentication purposes.
  3. assign passwords to all authorized personnel for authentication purposes.
  4. ensure that all data processing systems are password protected to prevent unauthorized persons accessing any personal data: (a) after boot sequences; and (b) when left unused for a short period.
  5. ensure that access control is supported by an authentication system.
  6. have implemented a password policy that prohibits the sharing of passwords, outlines processes after a disclosure of a password, and requires the regular change of passwords.
  7. ensure that passwords are always stored in encrypted form.
  8. implement a proper procedure to deactivate user accounts when a user leaves the processor (or processor function).
  9. implement a proper process to adjust administrator permissions when an administrator leaves the processor (or processor function).

III – Data Access Control: Persons entitled to use a data processing system shall gain access only to the data to which they have a right of access, and personal data must not be read, copied, modified or removed without authorization in the course of processing or use and after storage. Vendors have implemented the following controls:

  1. ensure that personal data cannot be read, copied, modified or removed without authorization during processing or use and after storage.
  2. grant data access only to authorized personnel and assigns only the minimum data permissions necessary for those personal to fulfil their duties.
  3. ensure that the personnel who use the data processing systems can access only the data to which they have a right of access.
  4. restrict access to files and programs based on a "need-to-know-basis".
  5. store physical media containing personal data in secured areas.
  6. have measures in place to prevent use/installation of unauthorized hardware and/or software.
  7. have established rules for the safe and permanent destruction of data that are no longer required.

In addition, Embarcadero requires its Vendors (i) to maintain a list of subprocessors that may process the Personal Data of Vendor’s, and make available such list to Embarcadero; (ii) to require all subprocessors to abide by substantially the same obligations as Vendor under Embarcadero Data Processing Agreement for Vendors.

Embarcadero incorporates encryption, incident management, network and system integrity, and availability and resilience requirements into its security program.

Embarcadero uses standard security protocols mechanisms to exchange the transmission of sensitive data such as credit card details. When you enter sensitive personal information such as your credit card number on our site, we encrypt it using secure socket layer (SSL) technology.

In the event that your personal information is acquired, or is reasonably believed to have been acquired, by an unauthorized person and applicable law requires notification, Embarcadero will notify you by e-mail or mail. Embarcadero will give you notice promptly, consistent with the reasonable needs of law enforcement and/or Embarcadero to determine the scope of the breach and to investigate and restore the integrity of the data system.

If you have additional questions about privacy, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it..




Idera Notice of Certification Under the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework

Effective for Idera, Inc. and its subsidiaries on April 23, 2018.

Idera, Inc. and its United States subsidiaries, CopperEgg Corporation, Uptime Software, Inc., AquaFold, Inc, Embarcadero Technologies, Inc., Sencha, Inc., Precise Software Solutions, Inc. and Whole Tomato Software, LLC (collectively, “Idera”), participate in the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union member countries and Switzerland to the United States, respectively. Idera has certified with the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield principles, please visit https://www.privacyshield.gov/welcome.

In compliance with the EU-US and Swiss-US Privacy Shield Principles, Idera commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Idera at This email address is being protected from spambots. You need JavaScript enabled to view it..

Idera has further committed to refer unresolved privacy complaints covering non-Human Resource data under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. If your concern continues to be unresolved, you may pursue binding arbitration through the Privacy Shield Arbitration Panel. To learn more about the Privacy Shield Panel, please visit https://www.privacyshield.gov/article?id=F-The-Arbitration-Panel.

Please note that Idera also receives some data via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.

In regard to Human Resource data, Idera commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner, as applicable and comply with the advice given by them with regard to human resources data transferred from the European Union and Switzerland, as applicable in the context of the employment relationship. For more information about Idera Human Resource data and the Human Resource Privacy Policy, please contact This email address is being protected from spambots. You need JavaScript enabled to view it.. As an employee, you can always review Idera Human Resource Privacy Policy here.

As explained in our Privacy Statement we sometimes provide personal information (such as name, email address, purchases, and billing information) to third parties to perform services on our behalf, or in response to contractual requirements. If we transfer personal information received under the Privacy Shield to a third party, the third party’s access, use, and disclosure of the personal data must also be in compliance with our Privacy Shield obligations, and we will remain liable under the Privacy Shield for any failure to do so by the third party unless we prove we are not responsible for the events giving rise to such failure to comply with the Privacy Shield obligations.

European Union individuals and Swiss individuals have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield certification, Idera has committed to respect those rights. If you wish to access, to limit use, or to limit disclosure, please access your customer account after you enter your customer log in information and revise the information that you entered into our system or contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. and we will assist you through this process.

Idera is subject to the investigatory and enforcement powers of the US Federal Trade Commission. Idera may be required to disclose personal information that we handle under the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have any questions about our handling of your personal data under Privacy Shield, or about our privacy practices generally, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. or at our mailing address below. We will work with you to address your inquiry in a timely manner.

Idera Inc.
Attn: Legal Department
2950 North Loop Freeway West
Suite 700
Houston, Texas 77092