DeepL Privacy Policy

Protecting your privacy and personal data is very important to us. We therefore only use your personal data within the scope of legal regulations, in particular the General Data Protection Regulation ("GDPR") and the German Federal Data Protection Act ("BDSG"). This privacy policy provides you with information about the nature, scope and purpose of the collection and use of your personal data. You can access this information at any time on our website.

1. Data controller / Contact / Data protection officer

The data controller responsible for data processing pursuant to the GDPR, BDSG, other data protection laws applicable in the member states of the European Union, and other regulations relating to data protection is:

DeepL GmbH
Maarweg 165
50825 Köln

If you have any questions or concerns about privacy, please contact privacy(at)deepl.com.

In accordance with Art. 6 Para. 1 S. 1 lit. a) GDPR, data processing for the purpose of contacting us is based on your voluntary consent. To process inquiries sent to this e-mail address, we use a ticketing system provided by Zendesk Inc. ("Zendesk"), 989 Market Street 300, San Francisco, CA 94102, USA. During this process, your data may also be transferred to the USA. We have concluded an agreement with Zendesk on the processing of such information which specifies that Zendesk may only process the data in accordance with our instructions and not for its own purposes. For more information on how personal data is handled by Zendesk and how Zendesk complies with the requirements of Art. 44 GDPR (particularly after the EU-US Privacy Shield has been declared invalid), please click here.

DeepL's corporate Data Protection Officer, Dr. Christian Lenz, can be contacted at the following address: dhpg IT-Services GmbH, Bunsenstr. 10a, 51647 Gummersbach, via e-mail to privacy(at)deepl.com, or by telephone on +49 2261 8195 0.

2. Scope of data protection

Data protection applies to personal data as defined by the GDPR, i.e. all information relating to an identified or identifiable natural person. An identifiable natural person is deemed to be a natural person who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific attributes.

3. Texts and Translations — DeepL translator (free version)

When using our translation service, please only enter texts that you wish to transfer to our servers. This is necessary in order for us to produce the translation and offer you our service. The transfer of these texts is necessary for us to carry out the translation and offer you our service. We process your texts and the translation for a limited period of time to train and improve our neural networks and translation algorithms.

If you make corrections to our proposed translations, these corrections are also forwarded to our servers to verify the accuracy of the corrections and, if necessary, to update the translated text to reflect your changes. We also store your corrections for a limited period of time to train and improve our translation algorithm.

Please note that our translation service may not be used for texts containing personal data of any kind.

4. Texts and Translations — DeepL Pro

When using DeepL Pro, the texts or documents you submit will not be permanently stored and will only be kept temporarily, to the extent necessary for the production and transmission of the translation. Once you have received the translation, all submitted texts or documents and their translations will be deleted. When using DeepL Pro, your texts will not be used to improve the quality of our services. For further information, please see our DeepL Pro Terms and Conditions.

Please note that DeepL Pro should only be used for texts containing personal data of any kind if you have concluded a data processing agreement with us (see section 8.1.3 of DeepL Pro Terms and Conditions).

5. Automatic Collection of Data via Website Access

When you access our website www.deepl.com, for technical reasons your device will automatically transmit certain data. The following data is stored separately from all other data that you may send us:

  • Date and time of access
  • Browser type and version
  • Operating system
  • URL of the website previously visited
  • Volume of data transmitted
  • Requested domain
  • Notification of successful data retrieval
  • Search term when using a web browser
  • Abbreviated/anonymised IP
  • Full IP address (for a maximum of 14 days).

Processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is stored for purely technical reasons and is not associated with a specific person. Website access data is used for error analysis, ensuring system security, logging access to paid services (e.g. DeepL Pro) and to improve our translation service. The storage of the full IP address for a maximum period of 14 days corresponds with our legitimate interest to achieve the listed purposes in accordance with Art. 6 Par. 1 S. 1 lit. f) GDPR.

6. Temporary Storage of Metadata when translating Documents

When translating documents, particularly the following data is stored for each translation process:

  • Status / progress of the translation process
  • Document file type
  • Selected language pair for translation
  • Estimates of time needed for the translation
  • References to the applied glossary (when using DeepL Pro)
  • Content of the applied glossary (when using the free translator)
  • Number of characters calculated
  • Errors that occurred during the translation process.

This information is processed in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR based on our legitimate interest in improving the functionality of our products, as this makes it easier to identify any sources of error related to the translation process. The data is stored in a database that can only be accessed by selected employees and is automatically deleted after 14 days. There is no storage of the submitted documents or their translations in this context.

7. Cookies and Web Storage

We use "cookies" and web storage objects to provide you with a variety of features and improve your user experience. Cookies and web storage objects are small text files that are temporarily stored on your computer via your browser.

If you do not want us to use cookies or web storage objects, you can change your browser settings accordingly. Please note that if you completely disable the use of cookies or web storage objects, the functionality and scope of the website may be impaired.

We specifically use cookies or web storage objects in the following categories:

  • Necessary: These cookies or web storage objects are necessary for our website to work properly, for you to be able to navigate smoothly, and for you to be able to use the most important functions. This includes security features, features that allow easy access, and settings such as the display language of the website and the translation language. We use these cookies or web storage objects on account of our legitimate interest in the presentation of our services and our company as a whole. Processing is based on Art. 6 para. 1 sentence 1 lit. f) GDPR.
  • Performance: In order to continuously improve our website, we collect data for statistical and analytical purposes. We use these cookies or web storage objects to measure, for example, how often users return, and which features they use. In accordance with Art. 6 para 1 sentence 1 lit. a) GDPR, we only use these cookies or web storage objects with your explicit consent.
  • Comfort: We use these cookies or web storage objects to make using our website more comfortable for you. For example, we remember which areas of the website you have already visited and help you to use the website in the best possible way. In accordance with Art. 6 para 1 sentence 1 lit. a) GDPR, we only use these cookies or web storage objects with your explicit consent.

The following table lists the different types of cookies and web storage objects that may be used on our website. Our cookies or web storage objects are stored in your browser until they are deleted or, if it is a session cookie, until the session has expired. You can withdraw your consent for the use of cookies or web storage objects in the categories "Performance" and "Comfort" in each of these categories directly.

With the exception of the third-party cookies from our payment service provider Stripe (see explanatory notes, section 10) and the marketing software from HubSpot (see explanatory notes, section 12) the information generated by cookies and web storage objects, relating to the use of this website, is transmitted to our servers within the EU; this is the only place it is stored. This information is not disclosed to third parties.

Overview of the cookies and web storage objects used by DeepL:

Necessary

Context ID Description Technology Expiry Owner
Site localization IDil DescriptionStores the interface language selected by the user. TechnologyCookie Expiry1 month OwnerDeepL
Site localization IDi18nextLng DescriptionStores the interface language selected by the user. TechnologyLocal Storage ExpiryPersistent Data OwnerDeepL
Privacy Settings IDprivacySettings DescriptionStores the user's cookie-banner decision. You can change the settings here. TechnologyCookie Expiry12 months OwnerDeepL
Translator IDLMTBID DescriptionUsed to guarantee the origin of a request to the translator and protect from malicious visitors. This ensures that the service is not compromised for the remaining visitors. TechnologyCookie Expiry6 months OwnerDeepL
Translator IDLMT DescriptionStores settings made explicitly by the user. E.g. preferred translation language or entries in the glossary. TechnologyLocal Storage Expiry1 month OwnerDeepL
Discovery and Onboarding IDclickOnWordHint, LMT_MessageBox, onboardingData, showAppOnboarding, AppOnboardingInfo DescriptionStores if the user has on-boarded with features to ensure that onboarding prompts are only displayed once. TechnologyLocal Storage Expiry1 to 6 months OwnerDeepL
Checkout Process IDFurther details about Stripe 3rd party cookies can be found under https://stripe.com/cookies-policy/legal. DescriptionFraud detection and security for check-out and payments. This cookie is only set if you enter the checkout process or view your account payment information. TechnologyCookie (3rd party) ExpirySession to 2 years OwnerStripe
Checkout Process IDuserCountry DescriptionStores the user's selected country during the checkout process. TechnologyLocal Storage ExpirySession OwnerDeepL
Checkout Process IDnewpro-checkout DescriptionStores the user's selected DeepL Pro plan during the checkout process. TechnologyLocal Storage Expiry7 days OwnerDeepL
DeepL Pro-User Login/Session IDdl_session DescriptionStores users login token to keep the user logged in on the site. Permanently stored when "remember me" is selected during the login, or expires after 30 minutes of inactivity if not. TechnologyCookie Expiry100 years OwnerDeepL
DeepL Pro-User Login/Session IDdl_logoutReason DescriptionWhen you get logged out accidentally, we will help you with an error message. We use this cookie to deliver this message to you so you can prevent this problem in the future. TechnologyCookie ExpirySession OwnerDeepL
DeepL Pro-User Login/Session IDep DescriptionIp-Based Enterprise Account login token. Checked once per session and deleted afterwards. TechnologyLocal Storage ExpirySession OwnerDeepL
DeepL Pro-User Login/Session IDuser DescriptionStores the display name of logged-in users to display their name. Deleted if the user logs out. TechnologyLocal Storage Expiry7 days OwnerDeepL
Release process IDreleaseGroupId, releaseGroupMemberships DescriptionUsed for gradual, controlled releases to ensure stability, quality and performance of our service and infrastructure. TechnologyLocal Storage Expiry1 month OwnerDeepL
Session ID IDdap.sid, dap.sid_updated DescriptionSession ID and timestamp. Automatically deleted after 30 minutes of inactivity. TechnologySession Storage ExpirySession OwnerDeepL
App Usage Statistics - only for DeepL Apps IDappUsageStats DescriptionRemembers when the user last used the app. TechnologyLocal Storage ExpiryPersistent Data OwnerDeepL

Performance

Context ID Description Technology Expiry Owner
User Tracking IDuid DescriptionFirst-party user identifier. TechnologyLocal Storage Expiry12 months OwnerDeepL
Visit Count IDdap.vn DescriptionStores how many times the user has visited the site. TechnologyLocal Storage Expiry12 months OwnerDeepL

Comfort

Context ID Description Technology Expiry Owner
Product information IDapiDocsVisited DescriptionStores whether API documentation has been visited to help users select the correct package at checkout. TechnologyLocal Storage ExpiryPersistent Data OwnerDeepL

8. DeepL Apps

We offer text translation Apps for the Windows and Mac operating systems. These Apps use the same interfaces for creating translations as the web-based service. Therefore, sections 3, 4, 6, and 7 of this privacy policy also apply to the use of the Apps. If you translate texts with one of the apps, for technical reasons your device will automatically transmit certain data. The following data is stored separately from all other data you may transmit to us:

  • Date and time of access
  • Version of the App
  • Operating system
  • Volume of data transmitted
  • Notification of successful data retrieval
  • Abbreviated/anonymised IP
  • Full IP address (for a maximum duration of 14 days)
  • Diagnostic information in event of errors.

The processing of this data is based on our legitimate interest in improving the stability and functionality of our website, Art. 6 para. 1 sentence 1 lit. f) GDPR. This data is stored solely for technical reasons and is not linked to a specific person. Data relating to access is used for error analysis, ensuring system security, logging access to paid services (e.g. DeepL Pro), and to improve our translation service. Due to a legitimate interest in achieving the listed purposes, the full IP address will be stored for a short period of time, not exceeding 14 days.

We use cookies and web storage objects in our Apps for Windows and Mac. Further information on can be found in section 7, “Cookies and web storage”. For technical reasons, the use of cookies and web storage objects in our Apps cannot be deactivated. If you do not agree with their use in the App, you can delete the App and instead use the web-based service where you can manage these settings.

Your texts will be sent to DeepL for translation. This, however, only takes place when you explicitly request a translation in the App. This data is processed for the purpose of fulfilling the contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR.

9. Registering with DeepL

You have the possibility to register with DeepL. In order to ensure that you can log in, the following personal data will be stored:

  • E-mail address
  • Password
  • IP address

If you entered the following data, this information will also be stored:

  • First name, surname, and company name
  • Address
  • Tax numbers
  • Payment details

We process this data in order to initiate or fulfil a contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR.

If, following registration, no order is placed, we will store your data for one month, following which it will be deleted. If an order is placed, we will store the data for the duration of the contract period and subsequently, if necessary, for the duration of any statutory retention periods.

10. Processing of Payments for DeepL Pro Subscriptions

When signing up for a DeepL Pro subscription, the following personal information is stored and processed for the purposes of billing and contract fulfilment:

  • E-mail address
  • First name, surname, and company name
  • Address
  • Tax numbers
  • Payment details
  • Password
  • Additional information you may provide during the registration process

In order to process payments, we forward the necessary payment data to our authorized payment service provider: Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Where necessary, Stripe will also transfer the data to Stripe, Inc. in the USA. Further information on Stripe's data protection and compliance with the requirements of Art. 44 GDPR (particularly after the EU-US Privacy Shield has been declared invalid) can be found here. We have concluded a data processing agreement with Stripe, which allows Stripe to only process the data in accordance with our instructions and not for its own purposes.

We process this data for the purpose of contract fulfilment pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR. The data will be stored for the duration of the contract period and subsequently, if necessary, for the duration of any statutory retention periods.

11. Contact with our Sales or Support Team

We offer you the possibility to contact our sales or support team via a form provided on the website or by e-mail. A valid e-mail address and your name are required so that we know who the enquiry comes from and can respond to it. Your telephone number and the company name can be provided voluntarily.

If your enquiry is aimed at the conclusion of a contract, Art. 6 para. 1 sentence 1 lit. b) DSGVO serves as the legal basis. In this case we will store your data for the duration of the statutory retention periods. If you contact us for other purposes, the data will be processed in accordance with Art. 6 para. 1 sentence 1 lit. a) DSGVO on the basis of your voluntarily given consent. We store the data for the duration of the statutory retention periods.

If you have contacted our support team via the contact form, it is possible that we will subsequently inquire by e-mail about your satisfaction with our customer service. In this case, we process your data on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) DSGVO in order to determine the satisfaction of our customers and to continuously improve our service.

We use the ticket system of the provider Zendesk Inc. for the processing of your enquiries and the satisfaction survey. ("Zendesk"), 1019 Market Street, San Francisco, CA 94103, USA. This may also involve the transfer of your data to the USA. We have entered into an agreement with Zendesk for the processing of orders and Zendesk may therefore only process the data in accordance with our instructions and not for its own purposes. For further information on how Zendesk handles personal data and how Zendesk complies with the requirements of Art. 44 of the Data Protection Act (especially after the EU-U.S. Privacy Shield has been removed), please click here.

12. E-mail Marketing

We use software from HubSpot, Inc., located at 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, for marketing activities, lead generation and customer communication. HubSpot uses cookies to help the website analyze how you use the site. HubSpot may use the information collected (e.g., IP address, geographic location, browser type, length of visit and pages viewed) on our behalf to provide information about your visit to our site and the pages viewed. This may also involve a transfer of your data to the USA.

We process your data, provided that you have given your consent to do so, in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. We have concluded a data processing agreement with HubSpot and therefore HubSpot may only process the data under our instructions and not for its own purposes. For more information on how personal data is handled at HubSpot and how HubSpot complies with the requirements of Art. 44 GDPR (particularly after the EU-US Privacy Shield has been declared invalid), please click here.

Under the legal requirements of section 7 para. 3 UWG (German Act against Unfair Competition), we are authorized to use the e-mail address you provided when signing up for a DeepL Pro subscription for direct advertising for our own similar goods or services. In such cases, we process your data on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.

If you do not wish us to send you such recommendations by e-mail, you can object to the use of your address for this purpose at any time, without incurring any costs other than the transmission costs specified in the basic tariffs. A message in text form is sufficient for this purpose. Each e-mail will of course always contain an unsubscribe link.

13. Job Applications

We offer you the opportunity to apply for a position at DeepL via our career page, the integrated career portal, or by e-mail. This digital recruitment process means that in order complete the application procedure, your application data is collected and processed electronically. The personal data you provide will be used exclusively for processing your job application. Your personal data will only be passed on or otherwise transferred to persons involved in the recruitment process.

If, following the recruitment process, an employment contract is concluded, we will store your personal data as part of your personnel file for the purpose of standard organizational and administrative procedures, in compliance with the more extensive legal obligations.

In the event that we reject an application, we will automatically delete the data transmitted to us six months after notification of rejection. The data will not be deleted, however, if legal regulations require that the data is stored for a longer period.

Your applicant data is processed in accordance with Art. 88 para. 1 GDPR in conjunction with section  https://legal.hubspot.com/product-privacy-policy 26 para. 1, 8 p. 2 BDSG.

If you expressly agree to a longer storage of your data, e.g. for your inclusion in our internal applicant pool, the data will be further processed based on your consent. The legal basis in this case is Art. 6 para. 1 p. 1 lit a) GDPR. You can, of course, let us know that you would like to revoke your consent at any time, with effect for the future.

In order to process the applicant and application data, your data will be forwarded to the service provider Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, The Netherlands, which operates the application system. Further information on data protection at Recruitee can be found here. We have concluded a data processing agreement with Recruitee, which means that Recruitee may only process the data in accordance with our instructions and not for its own purposes.

14. Data Security

Your connections to our website are protected with encryption techniques in line with the current state of the art. The level of protection also depends on which encryption your Internet browser supports. You can tell whether an individual page of our website is transmitted in encrypted form by looking at the closed key or lock symbol in the status bar of your browser. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

15. Your Rights

The following rights are granted by European Union directives and regulations. If you wish to exercise any of the rights listed below, please contact us at the above address.

  • Right to confirmation and right of access - We will gladly confirm whether we are processing any of your personal data, which data we are processing, and for what purpose we are processing it.
  • Right to rectification - If any of the data we have stored is incorrect, we would certainly be happy to correct it.
  • Right to erasure - Should you wish your personal data to be deleted, we will comply with your request as far as legally possible. If data must be stored for legal reasons, it will be blocked. The data is then no longer available for further use.
  • Right to restriction of processing - Should you wish to restrict use, we will comply with your request as far as legally possible.
  • Right of revocation - Should you wish to revoke any previously granted consent, we will comply with your request. Revocation does not affect the permissibility of the processing of your data up to now.
  • Right to object - If your personal data is being processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, you have the right to object to the processing of your personal data if there are reasons for doing so arising from your particular situation or if the objection is directed against direct marketing, pursuant to Art. 21 GDPR. If the latter is the case, you have the general right to object, which we will implement without any further specification of a specific situation.

You also have the right to lodge a complaint regarding the processing of your personal data with a supervisory authority, such as the data protection supervisory authority responsible for us:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2 - 4, 40213 Düsseldorf, E-Mail: poststelle@ldi.nrw.de.

16. Changes to the privacy policy

We reserve the right to amend this privacy policy. The current version of the privacy policy can be accessed at any time on our website.

Last update: November 2020