Privacy Policy DeepL

Protecting your privacy and personal data is very important to us. We therefore only use your personal data within the scope of legal regulations, in particular the General Data Protection Regulation ("GDPR") and the German Federal Data Protection Act ("BDSG"). With this privacy policy, we would like to inform you - regardless of whether you set up a DeepL account, use our DeepL Pro subscriptions, our various apps or visit our website - about the nature, scope and purposes of the collection, use and processing of your personal data by DeepL SE.

1. Data controller / Contact / Data Protection Officer

The data controller responsible for data processing pursuant to the GDPR, BDSG, other data protection laws applicable in the member states of the European Union, and other regulations relating to data protection is:

DeepL SE Maarweg 165 50825 Cologne Germany

If you have any questions or concerns about privacy, please contact privacy(at)deepl.com. For the conclusion of a data processing agreement pursuant to Art. 28 GDPR (see in detail section 4 and 5) and for general questions about our products, please contact sales(at)deepl.com. Further information on the data processing when contacting DeepL can be found in section 13.

DeepL's external corporate Data Protection Officer, Dr. Christian Lenz, can be contacted at the following address: dhpg IT-Services GmbH, Bunsenstr. 10a, 51647 Gummersbach, via email to datenschutz(at)dhpg.de, or by telephone on +49 2261 8195 0.

2. Scope of Data Protection

Data protection applies to personal data as defined by the GDPR, i.e. all information relating to an identified or identifiable natural person. An identifiable natural person is deemed to be a natural person who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific attributes.

3. Texts, Translations and Improvements - DeepL Translator / Write (free version)

When using our free services, please only enter content that you wish to transfer to our services. The transmission of this content is necessary in order for us to provide the translation or improvement and offer you our service. We process the content you upload and their translations or improvements for a limited period of time to train and improve our neural networks and algorithms. This also applies to corrections you make to our translation or improvement suggestions. If you use the glossary feature within our free services without a DeepL account and enter certain pairs of terms there, this data is only stored locally and is not forwarded to DeepL. Therefore, you cannot use your glossary entries in another browser or on another device. If you use the glossary feature while being logged into your DeepL account, glossaries may be forwarded to DeepL.

Please note that according to its Terms of Use, you may not use DeepL Translator / Write for the translation or improvement of texts containing personal data of any kind.The translation or improvement of personal data is only possible as part of a DeepL Pro subscription (please see sections 4 and 5).

4. Texts and Improvements – DeepL Translator Pro / DeepL API Pro / DeepL Write Pro

When using our services DeepL Translator Pro, DeepL API Pro and DeepL Write Pro to translate or improve texts, the texts or documents you submit will not be permanently stored and will only be kept temporarily to the extent necessary for the production and transmission of the translation or improvement. After complete performance of the contractually agreed services all submitted texts or documents and their translations or improvements will be deleted. When using these services, your texts will not be used to improve the quality of our services. For further information on the processing of your data within a DeepL Pro subscription, please refer to section 6 of this privacy policy and our Terms and Conditions.

Please note that using DeepL Translator Pro, DeepL API Pro and DeepL Write Pro for the translation or improvement of texts containing personal data of any kind is only permitted if there is a justification for this under data protection law. Therefore, our Ts&Cs provide for the conclusion of a data processing agreement (see section 8.1.3 ofDeepL Pro Terms and Conditions). To enter into such an agreement, please contact sales(at)deepl.com.

5. DeepL Voice

When using the DeepL Voice services, the audio data of the users will be processed to provide our translation services. The processing includes the transcription and translation of the audio data.

After complete performance of the contractually agreed services the audio data, their transcriptions and the translations will be deleted. For DeepL Voice for Conversations transcribed and translated audio data will be stored in the local storage on the customer's side to guarantee a seamless performance of the services. The content in the local storage will be deleted by closing the DeepL app. For further information on the processing of your data within a DeepL Pro subscription, please refer to section 6 of this privacy policy and our Terms and Conditions.

When providing our Voice services to customers, we act in our capacity as processor. Your data will therefore be processed on the basis of the data processing agreement entered into with our customers. To enter into such an agreement, please contact sales(at)deepl.com.

For DeepL Voice for Meetings we use third party cloud services to be able to integrate our bot application in the Microsoft Teams app. The cloud services are provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, D18 P521 Dublin 18, Ireland (“Microsoft”) or Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (AWS). The cloud services will only be used to host our bot application and forward the audio data to our infrastructure. Neither will the transcription or translation be happening on Microsoft or AWS servers, nor will we store any data on Microsoft or AWS servers for this purpose. We have concluded a data processing agreement with Microsoft and AWS and Microsoft and AWS may only process the data according to our instructions and not for its own purposes. Further information on the handling of personal data at Microsoft can be found here, at AWS it can be found here.

6. Creating a DeepL account and Signing up for a DeepL Pro Subscription

6.1 Creating a DeepL account 

You have the option of creating a DeepL account. You can use the DeepL Translator or DeepL Write via this account within the applicable DeepL Account Terms and Conditions (please see also section 3). To create the account, the following personal data will be stored:

• E-mail address
• Password
• IP address

We process the email address and password on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR in order to perform the contract of use. Your IP address is processed in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR, as it is in our legitimate interests to match your IP address with IP addresses that have misused our service in the past for fraud prevention purposes.

Please note that the creation of a DeepL account is a prerequisite for signing up for and using a DeepL Pro subscription (see section 6.2), but creating a DeepL account does not oblige you to purchase a paid subscription. Even if you do not sign up for a DeepL Pro subscription after creating the account, the DeepL account remains available and you can use it. You can delete your DeepL account at any time within the account settings or by sending an e-mail with your request to support(at)deepl.com.

If you use your business email address for creating an account with DeepL, we may share this email address with the holder of the company email domain associated with your email address. We will only do this, if the company has legitimate reasons to ask for this data e.g., is interested in purchasing DeepL Pro licenses for the whole company and has confirmed to us that email addresses under their company email domain may only be used for business purposes and may not be used for private purposes. In some cases, sharing of data may also include sharing of usage data associated with your account to allow the company to assess their specific need on DeepL Pro licenses. The sharing of this data is in DeepL's legitimate interest to best support our customers in the acquisition, roll-out and adoption of our paid services, Art. 6 para. 1 sentence 1 lit. f) GDPR.

If your company uses Single Sign-On (SSO) to log in to DeepL, there is no need for a separate registration with DeepL. When you log in via Single Sign-On your company transmits your email address as well as your first and last name directly to us. We also process this data on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.

6.2 Signing up for DeepL Pro

If, after creating a DeepL account, you sign up for a DeepL Pro subscription, additionally the following personal data will be collected and processed for the purposes of concluding and fulfilling the contract (Art. 6 para. 1 sentence 1 lit. b) GDPR):

• First name, surname, and where applicable, company name
• Address
• Payment details
• Tax numbers (where applicable)
• Selected subscription option
• Possibly other, additional data you provided during the registration process.

Your payment details will also be processed by us if you initially sign up for a DeepL Pro subscription with a free trial period. Despite the free trial period, the processing of your payment details is already necessary at the time of the formation of the contract within the meaning of Art. 6 para. 1 sentence 1 lit. b) GDPR, as a DeepL Pro subscription is in principle a paid subscription and we only in some cases allow our customers to test our products free of charge for a trial period. However, if no cancellation is made within the aforementioned trial period, the subscription will automatically continue to be subject to payment and the method of payment specified by you will be debited at the time stated in the booking process.

In addition to the aforementioned data, we process further (usage-)data relevant for the provision and billing of our service, such as subscription ID, date and time of the subscription conclusion, billing period, successful payment processing, logins, number of translated or improved characters and documents, upgrades and downgrades. The processing and storage of the aforementioned data is necessary for the conclusion of the contract as well as its performance and is therefore justified according to Art. 6 para. 1 sentence 1 lit. b) GDPR. If you yourself are not a party to the contract, but DeepL Pro is provided to you, e.g. by your employer or an organization to which you belong, we justify the processing of the data mentioned in section 6.1 and the aforementioned usage data via Art. 6 para. 1 sentence 1 lit. f) GDPR, as this is necessary for the performance of the business relationship with our customers, i.e. your employer or your organization.

We store the data for the duration of the contract term and subsequently, if applicable, for the duration of statutory retention periods, insofar as these prescribe the retention for the respective types of data. We will delete your account if you wish to do so after canceling your subscription. Otherwise, we will maintain your account as DeepL account (see section 6.1) so that it is available to you in the event of a renewed subscription without you having to register again. This is in your as well as in our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.

6.3 Processors involved in the DeepL Pro checkout process

In order to process payments, we forward the necessary payment data to our authorized payment service provider Stripe Payments Europe Ltd., Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (“Stripe”). Where necessary, Stripe will transfer the data to Stripe, Inc., located in the USA. Further information on data protection at Stripe and compliance with the requirements of Art. 44 GDPR can be found here and here. We have concluded a data processing agreement with Stripe, which allows Stripe to process the data solely in accordance with our instructions and not for its own purposes.

In addition, we use the fraud prevention services of Riskified Ltd, 30 Kalisher St., Tel-Aviv, 6525724, Israel (“Riskified”). Riskified’s service helps us to detect and analyse fraud in online transactions. This enables us to prevent fraudulent activity and misuse of our services.

When you purchase DeepL Pro services on our website, DeepL may transmit data like your first name, last name, billing address, email address, the DeepL service you booked, its price, your IP address, a truncated form of your payment data (for credit cards this is the BIN, the last four digits of the credit card and the bank issuing the card, for SEPA payments this is the bank code and the last 4 digits from your IBAN) to Riskified for verification purposes. Riskified also directly collects and processes your IP address and information on your device and on your behaviour in our checkout process as well as an identifier via its beacon, a Java script that is implemented in the DeepL check process. Riskified analyses these various data points and provides us with an assessment of whether a transaction is to be considered safe or likely to be fraudulent. More information on the logic typically involved in such an analysis can be found here. If Riskified assesses a payment as fraudulent, we may automatically decline your request to subscribe to DeepL Pro. This is justified, because this fraud analysis is necessary for entering into a contract with us. In case you receive an error message, but consider the decision not correct, you can reach out to support(at) deepl.com at any time and one of our support agents will review your case.

We will also feed back user data to Riskified if Riskified has provided us with a positive assessment and we have concluded and executed the contract, but the transaction is subject to a chargeback or the debit on the specified means of payment is not successful after the end of the trial period.

The inclusion of Riskified's fraud prevention services and the related data processing described above is necessary for our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR for the prevention of fraud in order to verify the legitimacy of payments made via DeepL’s checkout process.

Riskified processes the data we transfer to them and the data they collect in our checkout process for their own purposes. The data may be transferred to the USA. You can find more information about Riskified's handling of personal data here: https://www.riskified.com/privacy/.

6.4 Processing of usage data

In your account in the section “usage”, you can also view data about your usage behavior e.g., - depending on your subscription - the number of characters translated or improved in the past or the number of documents translated. If you have a consumption-based subscription, such as the DeepL API Pro, you can also view the monthly costs incurred. We justify this data processing via Art. 6 para. 1 sentence 1 lit. b) GDPR, insofar as it is necessary for the performance of the contract, in particular for billing purposes or for managing the number of documents still available for translation. Insofar as the processing goes beyond what is necessary for the performance of the contract, we base the processing on our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, as we seek to meet our customers' wish to visualize information on usage behavior in a transparent manner. The graphical representation of the development of consumption over the contract period is considered to be also in the interest of our customers.

If you yourself are not a party to the DeepL Pro subscription, but access to our products is provided to you by your employer or an organization to which you belong, we may share data about your usage of the subscription (e.g. number of translated characters and documents across the DeepL products, last session and last usage date) with your employer or organization. Providing this data corresponds to our legitimate interests as well as the legitimate interests of our customers in receiving the information they need about the use of the subscription they have paid for, Art. 6 para. 1 sentence 1 lit. f) GDPR.

6.5 Processing of the Submitted Texts and Translations / Improvements

As contractually agreed, we process the content you submit to DeepL Pro and their translations or improvements only temporarily, insofar as this is necessary for the creation and transmission of the translation or improvement. This processing is therefore justified by Art. 6 para. 1 sentence 1 lit. b) GDPR. The content you submit and the translations or improvements will - within the framework of the contractual agreements and as stated in section 4 and 5 - will be deleted after the performance of the contractually agreed service. This does not apply, if you use the "saved translations" or glossary feature. In this case, content provided by you, including translations, will be stored for your account and kept accessible for you at all times. When you use the “saved translations” feature in our mobile apps, your texts and translations are stored locally.

This data processing is necessary for the performance of our contract and is therefore justified by Art. 6 para. 1 sentence 1 lit. b) GDPR.

7. Translation of Documents

7.1 Translation of Documents with DeepL Translator and DeepL Pro

You can translate documents in different file formats both with DeepL Pro (.docx, .pptx, .html, .pdf and .txt) as well as with DeepL Translator (.docx, .pptx and .pdf). When using document translation in DeepL Translator, section 3 of this privacy policy applies. If you translate documents of the file types mentioned above while you are logged in to your DeepL Pro account, the texts you submit will only be processed temporarily and will be deleted after the completion of the translation process, including the translations themselves (see also section 4 and 6.3 of this privacy policy). With both DeepL Pro and DeepL Translator, the translation of your documents will be provided exclusively by DeepL and processed on our infrastructure in the EEA.

7.2 Temporary Storage of Metadata when Translating Documents

Regardless of whether you use our paid or free service when translating documents, particularly the following data is stored for each translation process:

• Status/progress of the translation process
• Document file type
• Selected language pair for translation
• Estimates of time needed for the translation
• References to the applied glossary (when using DeepL Pro)
• Content of the applied glossary (when using the free translator)
• Number of characters calculated
• Errors that occurred during the translation process

This information is processed in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR based on our legitimate interest in improving the functionality of our products, as this makes it easier to identify any sources of error related to the translation process. The data is stored in a database that can only be accessed by selected employees and is automatically deleted after 14 days.

8. Automatic Collection of Data via Website Access

Regardless of whether you use our paid or free service, your device automatically transmits certain data for technical reasons when you access our website www.deepl.com. The following data that you may send us will be stored:

• Date and time of access
• Browser type and version
• Operating system
• URL of the website previously visited
• Volume of data transmitted
• Requested domain
• Notification of successful data retrieval
• Search term when using a web browser
• Abbreviated/anonymized IP
• Full IP address
• Diagnostic information in the event of errors

Processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is stored for purely technical reasons. Website access data is used for error analysis, ensuring system security, logging access to DeepL Pro and for improving our translation or improvement services. Based on your IP address, we also use geolocation to determine the region from which you are visiting our website. We use this information to check whether we can offer you the DeepL Pro service in your region, which corresponds to our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR. The storage of the full IP address for the users of the DeepL free version for a maximum period of 14 days is also justified by our legitimate interest in achieving the listed purposes, Art. 6 para. 1 sentence 1 lit. f) GDPR. The storage of IP addresses of users of the paid DeepL Pro subscription for the duration of the contract is justified by Art. 6 para. 1 sentence 1 lit. b) GDPR.

Our website also uses services of Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA ("Cloudflare"), which operates a so-called Content Delivery Network (CDN). To protect our website, the data transfer between your browser and our servers is routed through Cloudflare's infrastructure in order to analyze whether it is an abusive attack. As part of this analysis, your data is transmitted to Cloudflare in encrypted form, if necessary also to Cloudflare servers in the USA. However, since your requests and other customer data are encrypted between your end device and the DeepL servers, Cloudflare does not have any access to this data, but only to meta-data (such as your IP address). Only static resources (such as graphics) are loaded directly from Cloudflare-servers. In addition, Cloudflare determines a so-called bot score immediately before the login to DeepL, which is based on the analysis of the metadata of the client (browser) used. The use of Cloudflare is in our legitimate interest to secure the use of our website and to prevent and defend harmful attacks from outside, Art. 6 para. 1 sentence 1 lit. f) GDPR. We have concluded a data processing agreement with Cloudflare and Cloudflare may therefore only process the data according to our instructions and not for its own purposes. You can find more information about Cloudflare's handling of personal data here.

When you visit the DeepL Dialogues website, we use Matomo Analytics to measure, collect, analyse and report your data for purposes of understanding the use of and optimising our website. Where you have provided us with your consent, we collect information relating to your website visit including your IP address, behaviour on our website including where you sign up to an event or our newsletter and, as applicable, where you have visited us via a specific advertisement. 

9. Use of Cookies and other Technologies on deepl.com

9.1 Use of Cookies, Web Storage and other Technologies on deepl.com

We use cookies, web storage objects and other technologies to provide you with a variety of features and improve your user experience. If you do not want us to use such technologies, you can change your browser settings accordingly. Please note that if you completely disable the use of cookies, web storage objects and other technologies, the functionality and scope of the website may be impaired.

These cookies may process personal data including data about your device, such as your IP address as set out in section 8 above. Where we use non-necessary cookies as set out below and process your personal data, we will only do so where you have provided us with your consent.

We specifically use cookies or web storage objects in the following categories:

• Necessary: These cookies or web storage objects are necessary for our website to work properly, to enable smooth navigation and access our most important functions. This includes essential security and accessibility features and preferences such as interface and translator language as well as the handling of the checkout process for DeepL Pro. The collecting of data via the necessary cookies or web storage objects is justified according to § 25 para. 2 no. 2 TDDDG (“Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz”: German Telecommunications and Digital Services Data Protection Act). The further processing of this data is either necessary in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR for performing the contract or justified due to our legitimate interest in presenting our products and our company in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.
• Performance: These cookies or web storage objects measure how our site is used. We use this information to improve our website and services. With these cookies we measure, for example, how often users return and which functions they use. We and our external service providers use these cookies or web storage objects with your explicit consent in accordance with § 25 para. 1 TDDDG. The further processing of this data is also based on your consent, Art. 6 para. 1 sentence 1 lit. a) GDPR.
• Functional: These cookies or web storage objects enable us to provide you with enhanced functionality and personalization on our website. For example, we can personalize your experience based on which pages you visited, , including when you interact with our chatbot and provide you with personalised DeepL solutions based on your interactions with our website. In accordance with § 25 para. 1 TDDDG and Art. 6 para. 1 sentence 1 lit. a) GDPR, we only use these cookies or web storage objects and process the data collected from them with your explicit consent. 
• Marketing: These cookies and other technologies are used to deliver content, offers and advertising more relevant to you and your interests. By selecting this category, you also consent to DeepL sending your data to third parties outside the EU (e.g., Google), including the sharing of hashed email addresses. In accordance with § 25 para. 1 TDDDG and Art. 6 para. 1 sentence 1 lit. a) GDPR, we only use these cookies, web storage objects and other technologies and process the data collected from them with your explicit consent.

The table below lists the different types of technologies that may be used on our website. Cookies or web storage objects are stored until the specified expiration time or until you delete them in your browser or, if it is a session cookie, until the session has expired. You can withdraw the consent you have given for the use of cookies, web storage objects and other technologies in the categories “Performance”, “Functional” and “Marketing” or manage your settings at any time. You can do this by deactivating (or activating) the slide button in the top right-hand corner of the respective category in the table below.

Overview of the cookies and web storage objects used by DeepL:

10. Analysis of User Behaviour

In order to better understand how our products are used and to better tailor our products to the needs and desires of our customers, we analyze pseudonymized data about our customers' use of DeepL Pro products. The analysis allows us to understand general usage habits and derive different target and user groups. We can then address the identified user groups in a more specific way and, for example, point them to previously unused or unknown features of our products. In this way, we enable our customers to get to know and use all the features of their DeepL subscription and can thus improve the user experience of the DeepL products. This corresponds to our legitimate interests according to Art. 6 para. 1 p. 1 lit. f) GDPR. The data is processed exclusively on DeepL’s servers in the EEA, the data is not transferred to the USA. No transfer of the data to third parties takes place.

In case that users visit the website https://developers.deepl.com which is hosted by GitBook we use the services of Conva Ventures Inc. (“Conva Ventures” the corporation behind Fathom Analytics) to get basic insights about how our API documentation is being used. For the analysis, no cookie is set, and the analysis will only rely on the IP address and user agent of the user which will be hashed first. These pseudo-anonymized hashes will be anonymized after 24 hours. The data will be processed on servers in the USA. We have concluded a data processing agreement with Conva Ventures and Conva Ventures only processes the data in accordance with our instructions and not for its own purposes. You can find more information about Conva Ventures’ handling of personal data here.

11. DeepL Apps

In addition to the translation and improvement services on our website, we also offer apps for Windows and macOS operating systems (“desktop apps”), as well as apps for iOS and Android (“mobile apps”), through which you can also translate or improve texts.

You can use the desktop apps and the mobile apps in both the free version and the paid DeepL Pro version. If you use the free version of DeepL in the apps, Section 3 of this Privacy Policy applies; if you use the paid DeepL Pro version, Sections 4 to 6 apply. As the desktop apps use the same interfaces for creating translations or improvements as the web-based service, also sections 7 and 8 of this privacy policy apply to the use of these apps.

When translating or improving texts with our apps, for technical reasons - regardless of whether you use our paid or free service - your device will automatically transmit certain data. The following data which you can transmit to us, is stored:

• Date and time of access
• Version of the app
• Operating system
• Volume of data transmitted
• Notification of successful data retrieval
• Abbreviated/anonymized IP address
• Full IP address
• Diagnostic information in the event of errors
• Type of mobile device (only for iOS and Android app)
• Language in use
• Time zone difference from Greenwich Mean Time (GMT)
• Access status/HTTP status code

The processing of this data is based on our legitimate interest in ensuring and improving the stability and functionality of our services, Art. 6 para. 1 sentence 1 lit. f) GDPR. This data is stored solely for technical reasons. Data relating to access is used for error analysis, ensuring system security, logging access to DeepL Pro and to improve our translation or improvement services. The full IP address of users using the free version of DeepL is stored for a maximum period of 14 days, which is also justified by our legitimate interest in achieving the listed purposes, Art. 6 para. 1 sentence 1 lit. f) GDPR. The full IP address of DeepL Pro users is stored for the duration of the contract on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.

If you use our mobile apps, it is also possible to have the entered text and the translation or improvement read aloud or to dictate the text to be translated or improved yourself. The speech service installed on your device is used for this purpose. Please note that this may result in the transfer of the entered or spoken content to the provider of the speech service used by your device, possibly also to the USA. DeepL has no influence on this processing of your voice and audio data, therefore the privacy policy and terms of use of the speech service used by your device e.g. provided by Apple, Google or Samsung, but also those of other speech services that cannot be listed exhaustively, apply. 

We use necessary cookies and web storage objects in our desktop apps as described in section 9.

No cookies are used in our mobile apps. However, a unique user ID (no cross-device ID) is used, which allows us to track, for example, the source and target language settings, how many characters are translated or improved, whether the copy button is used, and if so, how it is used. The processing of this data is based on our legitimate interest (Art. 6 para. 1 sentence 1 lit. f) GDPR) to better understand the needs of our users and to be able to adapt the app according to customer requirements.

12. DeepL API Free

In addition to the paid DeepL API Pro plan, we also offer a limited free version of our API (DeepL API Free). For further information, please see our DeepL Pro Terms and Conditions and section 3 on using the free version of DeepL.

In order to use DeepL API Free, it is necessary to create a DeepL account (please see section 6.1). If you select the API Free option during the checkout process, further data, as specified in section 6.2, will be collected. Although no costs are incurred when using DeepL API Free - subject to a (possible) upgrade - your payment data is collected in order to prevent improper use of API Free. Solely for this purpose, payment information is also passed on, in accordance with section 6.3, to the payment service provider we have commissioned, Stripe Payments Europe Ltd.

We process your data in order to perform the free-of-charge usage contract concluded between you and us on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR and on the basis of our legitimate interest in preventing misuse of the API Free, Art. 6 para. 1 sentence lit. f) GDPR.

13. Connecting with our Customer Team, including via our ChatBot

You have various possibilities to connect with us, including via contact forms on our website, having calls with our customer team as well as by using our chatbot. You can also contact us directly by email.

We will process your personal data that you provide to us as part of these communications. This may include your name, email address and any other personal data you disclose to us.

13.1 Recording of dialer and Zoom calls

Our customer team is conducting dialer and Zoom calls with prospects and customers to provide them with general information about DeepL's services and to advise them according to their needs. In order to continue to provide excellent customer service and to continuously improve it, we may record and transcribe the dialer and zoom calls with prospects and customers in certain countries with their consent, using the Salesloft platform provided by Salesloft, Inc., 1180 West Peachtree St NW Suite 2400, Atlanta, GA 30309. We have concluded a data processing agreement with Salesloft and Salesloft is therefore only allowed to process the data according to our instructions and not for its own purposes.

Recordings of the calls, including transcriptions of these, are used for internal training and coaching as well as for documentation purposes. At the beginning of each dialer call, an automated message will inform the called party that the call is being recorded. If you do not wish to participate in a recorded call, you can end the call at any time. For Zoom calls, the Zoom invitation will inform you that the call is being recorded and that you can opt out when you join the call.

All recorded calls, including transcriptions, will be securely stored for a period of two years from the date of the call. After this period, the recordings will be automatically deleted from our systems. You also have the rights mentioned in section 20.

13.2 Sales and Support Requests

If you would like to send us a sales enquiry in order to receive further information about our products and subscription plans or to start contract negotiations, you are welcome to use our sales contact forms. In addition to your email address, you are required to provide your name and telephone number; all other information is optional. For the provision of our contact forms, we use the HubSpot service (see section 14).

We also use the Customer Relationship Management System (CRM) of Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 München, Deutschland (“Salesforce CRM”) to manage our customer database, which includes our existing and potential customers, and to organize sales and communication processes. Furthermore, Salesforce CRM enables us to analyse our customer-related processes. We have concluded a data processing agreement with Salesforce and Salesforce is therefore only allowed to process the data according to our instructions and not for its own purposes. The customer data is stored on servers in the EU.

If you contact our support team with questions about your subscription, for example via our contact form, it is necessary to provide a valid email address so that we know who the inquiry comes from and can respond to it. We use the ticket system provided by Zendesk Inc. ("Zendesk"), 1019 Market Street, San Francisco, CA 94103, USA We have entered into a data processing agreement with Zendesk and Zendesk may therefore only process the data in accordance with our instructions and not for its own purposes. Further information on the handling of personal data at Zendesk can be found here.

For both support and sales enquiries including any subsequent correspondence, Art. 6 para. 1 sentence 1 lit. b) GDPR serves as the legal basis for the processing of your personal data, as the processing is necessary for the initiation of the contract or the conclusion and performance of our contract. Art. 6 para. 1 sentence 1 lit. b) GDPR also provides justification for the processing of personal data that may be contained in documents sent to our Support team. We will store your data for the duration of our business relationship and subsequently for the duration of the legal retention periods where this is required. The processing of your personal data as part of our customer database and the analyses of our customer-related processes is based on Art. 6 para. 1 sentence 1 lit. f) GDPR, as this is in our legitimate interest.

If you have contacted our Support team via the contact form, it is possible that we will subsequently inquire by email about your satisfaction with our customer service. In this case, we will process your data on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR in order to determine customer satisfaction and to continuously improve our service.

13.3 Privacy Requests

You also have the option of contacting privacy(at)deepl.com with questions or concerns about data protection at DeepL. We process your data in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR on the basis of your voluntarily given consent. We also use the Zendesk ticket system to respond to privacy enquiries, so please also note the above explanations in this regard under section 13.1.

14. DeepL Newsletter

14.1 Product Newsletter

If you have signed up for a DeepL account, for DeepL Pro or DeepL API Free, we will occasionally send you emails with news on our products, such as the launch of new languages and new features as well as on related products and services. This will also include information and tips on how to get the most out of DeepL Pro. We are entitled to use the email address you provided when signing up for a DeepL account, for a DeepL Pro/DeepL Free API subscription in this way under the legal conditions of § 7 para. 3 of the German Act against Unfair Competition (UWG). Given our existing contractual relationship, it is also in our legitimate interest to inform you as set out above (Art. 6 para. 1 sentence 1 lit. f) GDPR). If you do not wish to receive such emails from us, you can object to the use of your email address for this purpose at any time by sending an email to support(at)deepl.com. Of course, each of our emails contain an unsubscribe link at the end. For sending the newsletter, we use a service provided by HubSpot, Inc. ("HubSpot"), for more information see 14.3.

14.2 Marketing Newsletter and other marketing communication

If you would like to receive more detailed information about our company, products, services and promotions, you can sign up for our marketing newsletter or you can agree to receiving marketing communication in certain other contexts. We may send you information, within the scope of your consent, about offers, special offers, promotions and marketing campaigns and other news from DeepL from time to time or get in touch with you to discuss specific products and services. The processing of your data is based on your consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). You can withdraw your consent at any time with effect for the future by sending an email to support(at)deepl.com. Of course, our emails each contain an unsubscribe link at the end. We also use the HubSpot service to send the marketing emails, for more information please see 14.3.

Note to US Individuals: We may also send you marketing communications and newsletters and offers and promotions if you have agreed to send your information to DeepL, such as via Quora. In such a case, we rely on your agreement to send us your information as establishing a relationship with us and your consent to such marketing. You can withdraw your consent at any time with effect for the future by using the unsubscribe link at the end of our emails.

14.3 Email Service Provider HubSpot

For sending the newsletters and other marketing emails, we use a service provided by HubSpot, Inc. with headquarters at 25 First Street, 2nd Floor, Cambridge, MA 02141 USA. As part of this, your data may also be transferred to the USA. We have concluded a data processing agreement with HubSpot and therefore HubSpot may only process the data according to our instructions and not for its own purposes. You can find more information on HubSpot’s handling of personal data here and here.

We also statistically record, among other things via HubSpot, which emails you open and which links you click on in our emails (opening and click rates). This allows us to understand which content is of interest to our users and to optimize the newsletter and our email communication, which corresponds to our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.

15. User research and surveys

15.1 User surveys

Users are given the opportunity to participate in surveys via the web and app interface of our services. Participation in the surveys is voluntary and can be achieved, for example, via a pop-up found on the interface. The user may be redirected to a third party website (e.g. Qualtrics) to complete the survey.

In order for us to properly analyse the survey results, we match your survey results with data on how you interact with and use our services using parameters that are appended to the survey link such as your accountID. This helps us to get better insights on how our users respond to our services, which help us to improve our DeepL product offering and services based on the collected survey information. We will only do this where you have provided us with your consent to do so, which we will collect when you submit the survey form. You may withdraw your consent for the cookie at any time with effect for the future by sending an email to privacy(at)deepl.com.

Your survey results will be stored and processed collectively by DeepL for up to 5 years.

Please note, that we process data on how you interact with and use our services as necessary for our legitimate interests to understand how our customers use our products.

15.2 Customer Surveys

We want to encourage customers to share their experiences with using our products. DeepL may therefore reach out to you occasionally, via email or other communication channels, to ask about your experience and/or satisfaction with our products. Participation in these surveys is voluntary, and most surveys can be answered anonymously. However, in some instances you may be asked to provide your name and/or email address, either optionally or as a requirement for completing the survey. If you provide us with your email, we may contact you afterwards (e.g., to invite you to participate in research studies or to share your experience in a call with our team).

The processing of your data corresponds to our legitimate interests according to Art. 6 para. 1 sentence 1 lit. f) GDPR to improve our products and to further develop them according to our customer’s wishes. If you provide your name and/or email address in the survey, we justify the processing of your data via your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR. You can revoke this consent at any time with effect for the future. 

15.3 Typeform

To conduct the customer satisfaction surveys, we use a service of Typeform SL, Carrer Bac de Roda, 163, local, 08018 Barcelona, Spain ("Typeform"), on whose platform the surveys are stored. Typeform uses different subcontractors, which are also partly located in third countries outside the EU. Therefore, in certain cases, there may be a transfer of your data to the USA. We have concluded a data processing agreement with Typeform and Typeform only processes the data in accordance with our instructions and not for its own purposes. You can find more information about Typeform's handling of personal data here.

15.4 Qualtrics

For the surveys we use a service of Qualtrics Ireland Limited, Costello House, 1 Clarendon Row, Dublin 2, DO2 TA43, Ireland ("Qualtrics"), on whose platform the surveys are stored. Access to the surveys is placed on the website by DeepL so that each user can freely decide whether to participate in the survey. Qualtrics uses different subcontractors, which are also partly located in third countries outside the EU. Therefore, in certain cases, there may be a transfer of your data to the USA. We have concluded a data processing agreement with Qualtrics and therefore Qualtrics may only process the data according to our instructions and not for its own purposes. Further information on the handling of personal data at Qualtrics can be found here and here.

15.5 Hotjar

Furthermore, we use a survey tool of Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta ("Hotjar"), on whose platform the surveys are stored. Hotjar uses different subcontractors, which are also partly located in third countries outside the EU.Therefore, in certain cases, there may be a transfer of your data to the USA. We have concluded a data processing agreement with Hotjar and Hotjar only processes the data in accordance with our instructions and not for its own purposes. You can find more information about Hotjar's handling of personal data here.

15.6 UserTesting

We also use a service provided by UserTesting, Inc. 144 Townsend Street, San Francisco, CA 94107 USA to conduct interviews with you. As a user (Contributor) of UserTesting, you can register for our interviews on UserTesting's platform. We also contact selected customers to make them aware of the interviews and invite them to attend. The interviews are recorded with images and sound and stored by us for two years on the UserTesting platform. We process your data on the basis of your given consent, Art. 6 para. 1 sentence 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future by sending an email to privacy(at)deepl.com. Please state the exact day and, if possible, the time of the interview. We have concluded a data processing agreement with UserTesting and UserTesting may only process the data according to our instructions and not for its own purposes. UserTesting uses different subcontractors - such as Zoom - which are also partly located in third countries outside the EU. Therefore, in certain cases, there may be a transfer of your data to the USA. Further information on the handling of personal data at UserTesting can be found here and here.

15.7 Ethnio

We use a service provided by Ethnio Inc, 1909 Roselia Ave, Los Angeles CA 90027, USA, ("Ethnio") to store contact details of participants who signed up to our internal panel for the purpose of inviting them to participate in studies and to incentivize our research studies. Ethnio uses different subcontractors, which are also located in the USA. We have concluded a data processing agreement with Ethnio and Ethnio only processes the data in accordance with our instructions and not for its own purposes. You can find more information about Ethnio's handling of personal data here.

16. DeepL’s Social Media Pages

DeepL operates several social media profiles (also called “pages”) on various social networks e.g., Facebook, Instagram, Twitter, LinkedIn and Xing. There we regularly publish posts about our products, new product features as well as new job offers. If you interact with our pages or contact us via them and are a member of the respective social network, we may receive and process data that identify you. As operator of the pages, we also have the option of viewing anonymous statistics on the interaction of visitors with our pages (insight function). For this purpose, the operators of the social networks record your interactions with our pages using cookies and similar technologies. You can find more information on this kind of data processing by Facebook, Instagram and LinkedIn here, here and here.

The legal basis for the operation of our social media profiles and the insights function is our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f) GDPR in using the pages as an information channel for our company. With regard to the insights function, we have a legitimate interest in understanding the visits and interactions with our page in order to be able to respond to them and to further improve our presence. Insofar as your consent given to the social network justifies the data processing within the framework of the respective social platform, processing is carried out on the basis of this consent.

In addition, we use the LinkedIn image pixel to record and evaluate conversions from our LinkedIn advertising campaigns. Conversions mean whether a user is successfully led to our website via our LinkedIn advertising campaign. Furthermore, user interactions - i.e., individual steps taken by the user on our website - are to be recorded and tracked via conversions. The LinkedIn image pixel is embedded on certain pages of our website and provides feedback to LinkedIn if a conversion has taken place. In doing so, LinkedIn processes the user’s IP address as well as the presence of a cookie set by LinkedIn, which provides conclusions about the conversion. The processing of your personal data is based on your consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). The consent is given via the cookie settings. You can revoke your consent at any time with effect for the future by revoking the consent for the “Marketing” cookie category or deleting your browser cache.

Please note that we together with the operator of the respective social network are jointly responsible for the data processing operations triggered when you visit our page. However, the operators of the social networks may also process your data for their own purposes, which are not depicted in this privacy policy. It is also possible that data collected about you will be transferred to third countries, in particular the USA. We have no influence on this data processing and refer to the privacy policies of the respective social networks e.g., for Facebook here, for Instagram here, for Twitter here, for LinkedIn here and for Xing here.

In principle, you can assert your rights (see section 20 below) both against us and against the operator of the respective social platform. However, we would like to point out that despite the joint controllership, you can most effectively assert your rights with the operators of the social networks. If you need help, you can contact us.

17. Webinars

We offer webinars for our users and existing or prospective customers. The webinars are interactive events on the products we offer, conducted by our staff. External speakers may also be invited to the webinars. We point this out accordingly before registration.

We use a service provided by Zoom Video Communications, Inc. ("Zoom"), 55 Almaden Blvd. Suite 600, San Jose, CA 95113, USA, on whose platform the webinars are held. Registration for our webinars takes place via a corresponding landing page of Zoom. We have concluded a data processing agreement with Zoom and Zoom may only process personal data according to our instructions and not for its own purposes. We would like to point out that if you access Zoom's website, Zoom is responsible for the personal data processed through your use of the website. If you have entered into a contractual relationship with Zoom, we have no influence on the personal data collected and processed in this context as part of our webinars. Further information on the handling of personal data at Zoom - in particular also in relation to webinars - can be found here.

In the event of registration for a webinar on a landing page provided by Zoom, we collect and process all personal data that you provide when registering for one of our webinars (first and last name, email address, company (optional), position (optional)). We process your data to fulfil the free participation contract concluded between you and us on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. We store your data on this basis for the duration of the existence of our contractual relationship, i.e. until the conclusion of the webinar, and subsequently for the duration of the statutory retention periods where this is required. If you have a DeepL account and it is possible for us to assign the webinar registration to this account, the processing of your personal data in the context of our customer database and the analyses of our customer-related processes until the end of the webinar is based on Art. 6 para. 1 sentence 1 lit. f) GDPR, as this is in our legitimate interest to record the demand for webinars and in this context to improve the services for our customers. After completion of the webinar, we note in our customer database under your account that you participated in the webinar. The name and e-mail address given during registration will not be noted and - if they do not match the details in the DeepL account created - will be deleted by us after the webinar has ended. Should personal data be processed at all in this note in the customer database beyond the webinar, we base this on Art. 6 para. 1 sentence 1 lit. f) GDPR, as this is in our legitimate interest to specifically identify whether customers understand our products in order to provide them with support more quickly in individual cases, or in order to provide certain customers with extended webinars and training.

When participating in a webinar and using Zoom, the following additional personal data is processed:

• User information (This is data associated with the Zoom account and its authentication, e.g. first name, last name, display name, email address, password (unless Single Sign On (SSO) is used), profile picture, Zoom unique user ID);
• Communication data (This is data that you independently enter, upload or share as part of the webinar and associated Zoom usage);
• Meeting metadata and telemetry data (This technical data is, among other things, data relating to the use of the service, including when and how sessions were conducted (IP address, event logs, session information, etc.), as well as device and hardware information that Zoom needs to access in order for features such as camera, microphone, etc. to be operational in the context of participation).

Please note that it is also possible to participate in the webinar without having a Zoom account. In this case, the collection and processing of data is limited to the minimum necessary to be able to maintain the service for you. We have chosen settings so that the collection and processing of the communication content generally takes place on servers in the European Union. As Zoom is based in the USA, we cannot exclude the possibility that data processing (in particular meeting metadata) may also take place in the USA when using the service. A collection and processing of your data through the use of Zoom takes place on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR (participation contract). We store the data collected and processed by Zoom on our behalf for the duration of the Zoom webinar and subsequently for the duration of the statutory retention periods, if this is required. We have no influence on the duration of the data processed by Zoom under its own responsibility. Please contact Zoom directly for information in this regard.

Automated decision-making pursuant to Art. 22 GDPR does not take place.

Please note that we may record Zoom webinars and publish them afterwards on our website or social media channels. Participants will not be visible or identifiable in these recordings. As participants can only ask written questions, they will not appear visually in the recording. The answer to the participant's question will be part of the webinar recording. If, contrary to expectations, personal data of the participants is visible during the recording, it will be made unrecognisable before publication. The recording and storage of the webinar is based on Art. 6 para. 1 sentence 1 lit. f) GDPR, as these processing operations are in our legitimate interest to improve the quality of our webinars. When the webinars are published, no further processing of personal data will take place, as we will make them unrecognisable beforehand - if they can be viewed at all.

18. Job Applications

We offer you the opportunity to apply for a position at DeepL via our career page. Please find further information on how we process candidate personal data in our privacy notice for candidates.

19. Data Security

Your connections to our website and our apps are protected with encryption techniques in line with the current state of the art. The level of protection also depends on which encryption your Internet browser and/or mobile device supports. You can tell whether an individual page of our website is transmitted in encrypted form by looking at the closed key or lock symbol in the status bar of your browser. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

20. Your Rights

The following rights are granted by European Union directives and regulations. If you wish to exercise any of the rights listed below, please contact us at the above address.

• Right to confirmation and right of access - We will gladly confirm whether we are processing any of your personal data, which data we are processing, and for what purpose we are processing it.
• Right to rectification - If any of the data we have stored is incorrect, we would certainly be happy to correct it.
• Right to erasure - Should you wish your personal data to be deleted, we will comply with your request as far as legally possible.
• Right to restriction of processing - Should you wish to restrict use, we will comply with your request as far as legally possible.
• Right to withdraw your consent - Should you wish to revoke any previously granted consent, we will comply with your request. Revocation does not affect the permissibility of the processing of your data up to now.

In addition, you can object to the further processing of your data if we process your data based on our legitimate interest (Art. 6 para. 1 sentence 1 lit. f), Art. 21 GDPR). If we process your data for the purpose of direct advertising, you have a general right to object. If we do not process your data for advertising purposes, the objection must be based on your particular situation.

You also have the right to lodge a complaint regarding the processing of your personal data with a supervisory authority, such as the data protection supervisory authority responsible for us: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2 - 4, 40213 Düsseldorf, email: poststelle(at)ldi.nrw.de.

21. Special provisions for users from South Korea

21.1 Contact and DeepL Chief Privacy Office (CPO)

If you have any specific questions or concerns about privacy and data protection in South Korea, also with regard to previous versions of this privacy policy, please contact the privacy team of DeepL at privacy(at)deepl.com.

21.2 Additional information for usage of DeepL's free service

In addition to section 3, please note that if you enter personal data when using DeepL Translator / Write in the free version contrary to the terms of use, this data may be checked by a human.

21.3 Data Deletion and Retention Periods 

As described above, we will process your data for as long as is necessary for the stated purpose and if applicable, to the extent that you have consented to. Subsequently, we will delete your personal data without undue delay. We will permanently destroy any personal data saved in electronic format in a way that it cannot be restored and recovered. Personal information printed on paper will be destroyed by shredding thereof.

However, as outlined above in section 6.2, DeepL is obliged to retain certain personal data of users as required by applicable laws. Relevant laws under Korean law include, in particular, the Act on the Consumer Protection in Electronic Commerce (Article 6) which provides for the retention of data on contract as well as withdrawals and revocations thereof for 5 years, data on the provision of services for 5 years and data on consumer complaints or consumer disputes for 3 years. The Protection of Communications Secrets Act provides in Article 15-2 to retain records of computer communication or internet log and trace data of access point for 3 months.

21.4 Data Security and Pseudonymisation

In addition to the measures set out in section 19 of this privacy policy, under the Korean Personal Information Protection Act we take various technical, administrative and physical measures to ensure data security and the security of personal data. For example, we manage access rights to our systems that contain personal data as well as pseudonymized data in a traceable manner; we take various measures to prevent unauthorised access to personal and pseudonymized data, including maintaining a VPN network; we regularly train our employees in the handling of personal data, including pseudonymized data and data security. We regularly evaluate our data processing procedures and modify them as necessary. In addition, we work with strict physical access controls to e.g. our IT infrastructure and data storage systems as well as to documents that contain personal data. 

As outlined above in section 9.2, we analyze pseudonymized data about our customers' use of DeepL Pro products to understand general usage habits and derive different target and user groups. Pseudonymized data is used only until the purpose of data analysis is fulfilled and is destroyed thereafter.

21.5 Rights of Data Subject and Legal Representative

As outlined above in section 19, you have the right to exercise your rights as a data subject by contacting us at privacy(at)deepl.com. DeepL Pro-customers can also reach out to support(at)deepl.com for assistance.

You may exercise your rights through a legal representative or an authorized agent. In such cases, the legal representative or agent must present a signed power of attorney in writing to act on your behalf.

21.6 Children’s Privacy 

Our service is not intended for children under the age of 14, and DeepL does not knowingly collect personal data from children under the age of 14. If you have any reason to believe that a child under the age of 14 has provided personal data to DeepL through the service, please contact us at privacy(at)deepl.com. We will investigate any such notification and if appropriate, delete the personal data from our systems.

21.7 Overseas Transfer and Delegation of Personal Data Processing

We may transfer personal data to the overseas delegatees listed below in order to provide services and enhance customer convenience. In order to deliver our services, we may store your personal data on DeepL servers located within the EEA and transfer it to the delegatees located abroad. The overseas transfer is conducted through telecommunication network from time to time as needed. The transferred data will be retained and used in accordance with our privacy policy's retention periods. This overseas transfer is essential for the provision of our services. Therefore, if you refuse the overseas transfer, it may restrict your access to our services.

• Process payments: We forward the necessary payment data to our authorized payment service provider Stripe Payments Europe Ltd., Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Where necessary, Stripe will transfer the data to Stripe, Inc., located in the USA. You can contact the company through duo(at)stripe.com.
• Secure the use of website: Our website uses services of Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA ("Cloudflare"). To protect our website, the data transfer between your browser and our servers is routed through Cloudflare's infrastructure in order to analyze whether it is an abusive attack. However, since your translation requests and other customer data are encrypted between your end device and the DeepL servers, Cloudflare does not have any access to this data, but only to meta-data (such as your IP address). You can contact the company through privacyquestions(at)cloudflare.com.
• Support enquires: If you send us a support enquiry, your request is forwarded to the ticket system of the provider Zendesk Inc. ("Zendesk"), 1019 Market Street, San Francisco, CA 94103, USA. We use Zendesk to process your enquiry and your further communication with us, we also use the service to manage our customer database. You can contact the company through privacy(at)zendesk.com.
• Manage customer database: We use the Customer Relationship Management System (CRM) of Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 München, Deutschland (“Salesforce CRM”) to manage our customer database, which includes our existing and potential customers, and to organize sales and communication processes. You can contact the company through privacy(at)salesforce.com.
• Send newsletters and other marketing emails: For sending the newsletters and other marketing emails, we use a service provided by HubSpot, Inc. with headquarters at 25 First Street, 2nd Floor, Cambridge, MA 02141 USA. As part of this, your data may also be transferred to the USA. You can contact the company through privacy(at)hubspot.com.
• Conduct the customer satisfaction surveys: To conduct the customer satisfaction surveys, we use a service of Typeform SL, Carrer Bac de Roda, 163, local, 08018 Barcelona, Spain ("Typeform"), on whose platform the surveys are stored. Typeform uses different subcontractors, which are also partly located in third countries outside the EU. Therefore, in certain cases, there may be a transfer of your data to the USA. You can contact the company through GDPR(at)typeform.com.
• Conduct surveys: For the surveys we use a service of Qualtrics Ireland Limited, Costello House, 1 Clarendon Row, Dublin 2, DO2 TA43, Ireland ("Qualtrics"), on whose platform the surveys are stored. Qualtrics uses different subcontractors, which are also partly located in third countries outside the EU. Therefore, in certain cases, there may be a transfer of your data to the USA. You can contact the company through [email protected].
• Conduct surveys: We use a survey tool of Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta ("Hotjar"), on whose platform the surveys are stored. Hotjar uses different subcontractors, which are also partly located in third countries outside the EU.Therefore, in certain cases, there may be a transfer of your data to the USA. You can contact the company through [email protected]
• Conduct interviews: We use a service provided by UserTesting, Inc. 144 Townsend Street, San Francisco, CA 94107 USA to conduct interviews with you. UserTesting uses different subcontractors - such as Zoom - which are also partly located in third countries outside the EU. Therefore, in certain cases, there may be a transfer of your data to the USA. You can contact the company through [email protected].
• Host Webinars: We use a service provided by Zoom Video Communications, Inc. ("Zoom"), 55 Almaden Blvd. Suite 600, San Jose, CA 95113, USA, on whose platform the webinars are held. You can contact the company through [email protected].
• Job applications: In order to process your application data, it will be forwarded to the service provider Localyze UG (haftungsbeschränkt), Bäckerbreitergang 28, 20355 Hamburg, which carries out the Pre-Check on behalf of DeepL. You can contact the company through [email protected].
• Job applications: In order to process your application data, it will be forwarded to the service provider Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, The Netherlands, which operates the application system. You can contact the company through [email protected].
• Job applications: In particular applications for developer positions, the applicant's name and email address may be forwarded to the service provider Codesse Ltd., FF28, Kao Hockham Building, Edinburgh Way, Harlow, Essex, CM20 2NQ, United Kingdom, which provides services regarding the provision and review of coding challenges during an application. You can contact the company through [email protected]

22. Changes to the Privacy Policy

We reserve the right to amend this privacy policy. The current version of the privacy policy can be accessed at any time on our website.