The data controller responsible for data processing pursuant to the GDPR, BDSG, other data protection laws applicable in the member states of the European Union, and other regulations relating to data protection is:
If you have any questions or concerns about privacy, please contact privacy(at)deepl.com.
In accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR, data processing for the purpose of contacting us is based on your voluntary consent. To process inquiries sent to this e-mail address, we use a ticketing system provided by Zendesk Inc. (“Zendesk”), 989 Market Street 300, San Francisco, CA 94102, USA. During this process, your data may also be transferred to the USA. We have concluded an agreement with Zendesk on the processing of such information which specifies that Zendesk may only process the data in accordance with our instructions and not for its own purposes. For more information on how personal data is handled by Zendesk and how Zendesk complies with the requirements of Art. 44 GDPR (particularly after the EU-US Privacy Shield has been declared invalid), please click here.
DeepL's corporate Data Protection Officer, Dr. Christian Lenz, can be contacted at the following address: dhpg IT-Services GmbH, Bunsenstr. 10a, 51647 Gummersbach, via e-mail to datenschutz(at)dhpg.de, or by telephone on +49 2261 8195 0.
Data protection applies to personal data as defined by the GDPR, i.e. all information relating to an identified or identifiable natural person. An identifiable natural person is deemed to be a natural person who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific attributes.
When using our translation service, please only enter texts that you wish to transfer to our servers. The transmission of these texts is necessary in order for us to provide the translation and offer you our service. We process your texts, the documents you upload and their translations for a limited period of time to train and improve our neural networks and translation algorithms.
If you make corrections to our proposed translations, these corrections are also forwarded to our servers to verify the accuracy of the corrections and, if necessary, to update the translated text to reflect your changes. We also store your corrections for a limited period of time to train and improve our translation algorithm.
Please note that using our translation service for texts containing personal data of any kind is not allowed.
When using DeepL Pro, the texts or documents you submit will not be permanently stored and will only be kept temporarily, to the extent necessary for the production and transmission of the translation. Once you have received the translation, all submitted texts or documents and their translations will be deleted. When using DeepL Pro, your texts will not be used to improve the quality of our services. For further information, please see our DeepL Pro Terms and Conditions.
Please note that using DeepL Pro for texts that contain personal data of any kind is only permitted if you have concluded a data processing agreement with us (see section 8.1.3 of DeepL Pro Terms and Conditions).
When you access our website www.deepl.com, for technical reasons your device will automatically transmit certain data. The following data is stored separately from all other data that you may send us:
Processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is stored for purely technical reasons and is not associated with a specific person. Website access data is used for error analysis, ensuring system security, logging access to paid services (e.g. DeepL Pro) and to improve our translation service. Based on your IP address, we also use geolocation to determine the region from which you are visiting our website. We use this information to check whether we can offer you the DeepL Pro service in your region, which corresponds to our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR. The storage of the full IP address for a maximum period of 14 is also justified by our legitimate interest in achieving the listed purposes, Art. 6 para. 1 sentence. 1 lit. f) GDPR.
When translating documents, particularly the following data is stored for each translation process:
This information is processed in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR based on our legitimate interest in improving the functionality of our products, as this makes it easier to identify any sources of error related to the translation process. The data is stored in a database that can only be accessed by selected employees and is automatically deleted after 14 days. There is no storage of the submitted documents or their translations in this context.
We use “cookies” and web storage objects to provide you with a variety of features and improve your user experience. Cookies and web storage objects are small text files that are temporarily stored on your computer via your browser.
With the exception of the third-party cookies from our payment service provider Stripe (see explanatory notes, section 8), the customer support software from Zendesk (see explanatory notes, section 11) and the marketing software from HubSpot (see explanatory notes, section 12) the information generated by cookies and web storage objects, relating to the use of this website, is transmitted to our servers within the EU; this is the only place it is stored. This information is not disclosed to third parties.
Overview of the cookies and web storage objects used by DeepL:
|Site localization||IDil||DescriptionStores the interface language selected by the user.||TechnologyCookie||Expiry1 month||OwnerDeepL|
|Site localization||IDi18nextLng||DescriptionStores the interface language selected by the user.||TechnologyLocal Storage||ExpiryPersistent Data||OwnerDeepL|
|Privacy Settings||IDprivacySettings||DescriptionStores the user's cookie-banner decision. You can change the settings here.||TechnologyCookie||Expiry12 months||OwnerDeepL|
|Translator||IDLMTBID||DescriptionUsed to guarantee the origin of a request to the translator and protect from malicious visitors. This ensures that the service is not compromised for the remaining visitors.||TechnologyCookie||Expiry6 months||OwnerDeepL|
|Translator||IDLMT||DescriptionStores settings made explicitly by the user. E.g. preferred translation language or entries in the glossary.||TechnologyLocal Storage||Expiry1 month||OwnerDeepL|
|Discovery and Onboarding||IDclickOnWordHint, LMT_MessageBox, onboardingData, showAppOnboarding, AppOnboardingInfo||DescriptionStores if the user has on-boarded with features to ensure that onboarding prompts are only displayed once.||TechnologyLocal Storage||Expiry1 to 6 months||OwnerDeepL|
|Checkout Process||IDFurther details about Stripe 3rd party cookies can be found under https://stripe.com/cookies-policy/legal.||DescriptionFraud detection and security for check-out and payments. This cookie is only set if you enter the checkout process or view your account payment information.||TechnologyCookie (3rd party)||ExpirySession to 2 years||OwnerStripe|
|Checkout Process||IDuserCountry||DescriptionStores the user's selected country during the checkout process.||TechnologyLocal Storage / Cookie||ExpirySession||OwnerDeepL|
|Checkout Process||IDnewpro-checkout||DescriptionStores the user's selected DeepL Pro plan during the checkout process.||TechnologyLocal Storage||Expiry7 days||OwnerDeepL|
|DeepL Pro-User Login/Session||IDdl_session||DescriptionStores users login token to keep the user logged in on the site. Permanently stored when "remember me" is selected during the login, or expires after 30 minutes of inactivity if not.||TechnologyCookie||Expiry100 years||OwnerDeepL|
|DeepL Pro-User Login/Session||IDdl_logoutReason||DescriptionWhen you get logged out accidentally, we will help you with an error message. We use this cookie to deliver this message to you so you can prevent this problem in the future.||TechnologyCookie||ExpirySession||OwnerDeepL|
|DeepL Pro-User Login/Session||IDep||DescriptionIp-Based Enterprise Account login token. Checked once per session and deleted afterwards.||TechnologyLocal Storage||ExpirySession||OwnerDeepL|
|DeepL Pro-User Login/Session||IDuser||DescriptionStores the display name of logged-in users to display their name. Deleted if the user logs out.||TechnologyLocal Storage||Expiry7 days||OwnerDeepL|
|Release process||IDreleaseGroups||DescriptionUsed for gradual, controlled releases to ensure stability, quality and performance of our service and infrastructure.||TechnologyCookie||Expiry1 month||OwnerDeepL|
|Session ID||IDdapSid||DescriptionSession ID and timestamp. Automatically deleted after 30 minutes of inactivity.||TechnologyCookie||ExpirySession||OwnerDeepL|
|App Usage Statistics - only for DeepL Apps||IDappUsageStats||DescriptionRemembers when the user last used the app.||TechnologyLocal Storage||ExpiryPersistent Data||OwnerDeepL|
|Sales Form Usage Statistics||IDsalesContactStats||DescriptionRemembers when the user submitted the form.||TechnologyLocal Storage||ExpiryPersistent Data||OwnerDeepL|
|Document translation||IDLMT_doctranslate_client||DescriptionUsed to bind an ongoing document translation process to a user and protect the document translation feature from excessive use by individual users. This ensures that the service is not impacted for the remaining users.||TechnologyCookie||Expiry1 month||OwnerDeepL|
|Security||IDdapUid||DescriptionUser identifier to ensure correct operation of our systems, including to identify malicious bots and measure performance.||TechnologyCookie||Expiry12 months||OwnerDeepL|
|Product Support/Zendesk||IDzendesk||DescriptionThird-party cookie used by our ZenDesk support tool. Necessary for the operation of the service (bot detection and session management).||TechnologyCookie||Expiry1 month||OwnerThird Party - Zendesk|
|Product Support/hubspot||IDhubspot||DescriptionThird-party cookie used by our HubSpot sales tool. Used for session management and to prevent misuse.||TechnologyCookie||Expiry1 month||OwnerThird Party - HubSpot|
|Visit Count||IDdapVn||DescriptionStores how many times the user has visited the site.||TechnologyCookie||Expiry12 months||OwnerDeepL|
|Translator||IDuserRecommendations||DescriptionUsed for feature discovery.||TechnologyCookie||Expiry7 days||OwnerDeepL|
|Translator||IDuserRecommendationFlags||DescriptionUsed to store additional translator settings of the user.||TechnologyLocal Storage||Expiry6 month||OwnerDeepL|
|Product information||IDapiDocsVisited||DescriptionStores whether API documentation has been visited to help users select the correct package at checkout.||TechnologyLocal Storage||ExpiryPersistent Data||OwnerDeepL|
In order to sign up for and subsequently use your DeepL Pro subscription, you will need to register and create an account at DeepL. To ensure that you can log in, the following personal data will be stored:
If your company uses Single Sign-On (SSO) to log in to DeepL, there is no need for a separate registration. When you log in via Single Sign-On your company transmits your e-mail address as well as your first and last name directly to us.
If you take out a DeepL Pro subscription after registering, the following personal data will also be collected and processed for the purposes of concluding and fulfilling the contract and preparing invoices:
In order to process payments, we forward the necessary payment data to our authorized payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Where necessary, Stripe will also transfer the data to Stripe, Inc., located in the USA. Further information on Stripe's data protection and compliance with the requirements of Art. 44 GDPR (particularly after the EU-US Privacy Shield has been declared invalid) can be found here. We have concluded a data processing agreement with Stripe, which allows Stripe to process the data solely in accordance with our instructions and not for its own purposes.
We process the data specified in 8.1. and 8.2. in order to initiate or fulfil a contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR. The processing and storage of the data specified above is necessary for the conclusion of the contract as well as its fulfillment. If an order is placed, we will store the data for the duration of the contract period and subsequently, if necessary, for the duration of statutory retention periods. If, following registration, no order is placed, we will store your data for one month, following which it will be deleted.
In addition to the translation service on our website, we also offer apps for Windows and macOS operating systems, as well as a mobile app for iOS, through which you can also translate texts.
The processing of this data is based on our legitimate interest in ensuring and improving the stability and functionality of our services, Art. 6 para. 1 sentence 1 lit. f) GDPR. This data is stored solely for technical reasons and is not linked to a specific person. Data relating to access is used for error analysis, ensuring system security, logging access to paid services (e.g. DeepL Pro), and to improve our translation service. Due to a legitimate interest in achieving the listed purposes, the full IP address will be stored for a short period of time, not exceeding 14 days.
If you use the Windows and macOS app while logged into your DeepL Pro account, the texts you submit will not be stored permanently and will only be kept temporarily to the extent necessary for the creation and transmission of the translation. Once you have received the translation, both the submitted texts or documents and their translations will be deleted (see also section 4).
Your texts will be sent to DeepL for translation. This, however, only takes place when you explicitly request a translation in the App. This data is processed for the purpose of fulfilling the contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR.
This data is processed on the basis of our legitimate interest in ensuring the stability and functionality of our app, the security of our systems, and error analysis in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR. This data is stored for purely technical reasons and is not associated with a specific person. The full IP address is stored for the legitimate interest of achieving the listed purposes for a maximum period of 14 days.
No cookies are used in the iOS app. A unique user ID (no cross-device ID) however, is used, which allows us to track, for example, the source and target language settings, how many characters are translated, whether the copy button is used, and if so, how it is used. The processing of this data is based on our legitimate interest (Art. 6 para. 1 sentence 1 lit. f) GDPR) to better understand the needs of our users and to be able to adapt the app according to customer requirements.
In addition to the paid DeepL Pro API, we also offer a limited free version of our API (DeepL Free API). For further information, please see our DeepL Pro Terms and Conditions and section 3 (see above) on using the free version of DeepL.
In order to use the DeepL Free API, it is necessary to register with DeepL and create an account. For this purpose, your data will be processed in accordance with section 8.1, i.e., your e-mail address, the password you chose, and your IP address will be stored.
If you book the Free API option during the checkout process, further data, as specified in section 8.2, will be collected. Although no costs are incurred when using the DeepL Free API - subject to a (possible) upgrade - your payment data is collected in order to prevent improper use of the Free API. Solely for this purpose, payment information is also passed on, in accordance with section 8.2., to the payment service provider we have commissioned, Stripe Payments Europe Ltd.
We process the data mentioned in sections 8.1. and 8.2. as part of the initiation or fulfillment of the free-of-charge usage contract concluded between you and us on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. If no order is placed following registration, we will store your data for one month and then delete it.
We offer you the possibility to contact our Sales or Support team via a form provided on the website or by e-mail. A valid e-mail address and your name are required so that we know who the enquiry comes from and can respond to it. Your telephone number and the company name can be provided voluntarily.
If your request is related to the conclusion of a contract with us or concerns questions about the implementation of your contract (in particular, Support requests), Art. 6 para. 1 sentence 1 lit. b) GDPR serves as the legal basis for the processing of your personal data, including any subsequent correspondence. Art. 6 para. 1 sentence 1 GDPR also provides justification for the processing of personal data that may be contained in documents sent to our Support team. We will store your data for the duration of our business relationship and subsequently for the duration of the legal retention periods.
If you have contacted our Support team via the contact form, it is possible that we will subsequently inquire by e-mail about your satisfaction with our customer service. In this case, we will process your data on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR in order to determine customer satisfaction and to continuously improve our service.
We use the ticket system of the provider Zendesk Inc. for the processing of your enquiries and the satisfaction survey. (“Zendesk”), 1019 Market Street, San Francisco, CA 94103, USA. This may also involve the transfer of your data to the USA. We have entered into a data processing agreement with Zendesk and Zendesk may therefore only process the data in accordance with our instructions and not for its own purposes. For further information on how Zendesk handles personal data and how Zendesk complies with the requirements of Art. 44 GDPR (particularly after the EU-U.S. Privacy Shield has been declared invalid), please click here.
We process your data, provided that you have given your consent to do so, in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. We have concluded a data processing agreement with HubSpot and therefore HubSpot may only process the data under our instructions and not for its own purposes. For more information on how personal data is handled at HubSpot and how HubSpot complies with the requirements of Art. 44 GDPR (particularly after the EU-US Privacy Shield has been declared invalid), please click here.
Under the legal requirements of section 7 para. 3 UWG (German Act against Unfair Competition), we are authorized to use the e-mail address you provided when signing up for a DeepL Pro subscription for direct advertising for our own similar goods or services. In such cases, we process your data on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR. If you do not wish us to send you such recommendations by e-mail, you can object to the use of your address for this purpose at any time, without incurring any costs other than the transmission costs specified in the basic tariffs. A message in text form is sufficient for this purpose. Each e-mail will of course always contain an unsubscribe link.
We offer you the opportunity to apply for a position at DeepL via our career page the integrated career portal, or by e-mail. This digital recruitment process means that in order complete the application procedure, your application data (usually name, contact information, cover letter, resume, as well as other supporting documents and credentials) is collected and processed electronically. The personal data you provide will be used exclusively for processing your job application. Your personal data will only be passed on or otherwise transferred to persons involved in the recruitment process. The legal basis for the processing of your applicant data is Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1, 8 sentence 2 BDSG ("Bundesdatenschutzgesetz": German Federal Data Protection Act).
If, following the recruitment process, an employment contract is concluded, we will store your personal data as part of your personnel file for the purpose of standard organizational and administrative procedures, in compliance with the more extensive legal obligations. In this case, the legal basis for the processing of your data is Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1 BDSG ("Bundesdatenschutzgesetz": German Federal Data Protection Act).
In the event of a rejection on your part or ours, we will retain the data submitted to us for up to a maximum of six months following notification of the rejection. We will subsequently delete the data unless legal regulations require us to store the data for a longer period.
If you expressly agree to a longer storage period of your data, e.g. for your inclusion in our internal applicant pool, the data will be further processed based on your consent and in accordance with Art. 6. para. 1 sentence 1 lit. a) GDPR. Your data will then be stored in our pool of applicants for 1000 days. You can revoke your consent at any time with effect for the future.
In order to process the applicant and application data, your data will be forwarded to the service provider Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, The Netherlands, which operates the application system. Further information on data protection at Recruitee can be found here. We have concluded a data processing agreement with Recruitee, which means that Recruitee may only process the data in accordance with our instructions and not for its own purposes.
Your connections to our website and our apps are protected with encryption techniques in line with the current state of the art. The level of protection also depends on which encryption your Internet browser and/or mobile device supports. You can tell whether an individual page of our website is transmitted in encrypted form by looking at the closed key or lock symbol in the status bar of your browser. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
The following rights are granted by European Union directives and regulations. If you wish to exercise any of the rights listed below, please contact us at the above address.
You also have the right to lodge a complaint regarding the processing of your personal data with a supervisory authority, such as the data protection supervisory authority responsible for us:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2 - 4, 40213 Düsseldorf, e-mail: firstname.lastname@example.org.
Last update: August 2021