DeepL Privacy Policy
Protecting your privacy and personal data is very important to us. We therefore only use your personal data within the scope of legal regulations, in particular the General Data Protection Regulation ("GDPR") and the (German) Federal Data Protection Act ("BDSG"). This Privacy Policy provides you with information about the personal data we collect when you use our website or services.
DeepL GmbH ("DeepL") collects and uses your personal data strictly in compliance with the provisions of GDPR and BDSG. We would like to inform you in the following about the nature, scope and purposes of the collection and use of personal data. This information can be accessed at any time on our website at www.deepl.com.
1. Data controller / Contact / Data protection officer
The data controller responsible for data processing pursuant to the GDPR, BDSG, other data protection laws applicable in the member states of the European Union, and other regulations relating to data protection is:
DeepL GmbH
Maarweg 165
50825 Köln
If you have any questions or concerns about privacy, please contact privacy(at)deepl.com.
DeepL's Data Protection Officer can be contacted at dhpg IT-Services GmbH, Bunsenstr. 10a, 51647 Gummersbach, attn. Dr. Christian Lenz, via e-mail to privacy(at)deepl.com or by telephone at +49 2261 8195 0.
2. Scope of data protection
Data protection applies to personal data as defined by the GDPR, i.e. all information relating to an identified or identifiable natural person. An identifiable natural person is deemed to be a natural person who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific attributes. Usage data is data that is necessary in order to use our website, such as the start, end and extent of the user's website usage.
3. Automatic data collection via website access
When you visit our website, www.deepl.com, your device automatically transmits certain data for technical reasons. The following data is stored separately from all other data you may send us:
- Date and time of access
- Browser type and version
- Operating system
- URL of the website previously visited
- Volume of data transmitted
- Requested domain
- Notification of successful data retrieval
- Search term when using a web browser
- Abbreviated/anonymised IP
- Full IP address (for a maximum of 14 days).
This data is stored for purely technical reasons and is not linked to a specific person. The data relating to website access are used for error analysis, ensuring the security of the systems, logging access to paid services (e.g. DeepL Pro), and to improve our translation service. The full IP address is stored for a maximum period of 14 days in order to achieve the specified purposes.
4. Texts and Translations — DeepL translator (free version)
When using our translation service, please only enter texts that you wish to transfer to our servers. This is necessary in order for us to produce the translation and offer you our service. We store your texts and the translation for a limited period of time to train and improve our translation algorithm.
If you make corrections to our proposed translations, these corrections are also forwarded to our servers to verify the accuracy of the corrections and, if necessary, to update the translated text to reflect your changes. We also store your corrections for a limited period of time to train and improve our translation algorithm.
Please note that our translation service may not be used for texts containing personal data of any kind.
5. Texts and Translations — DeepL Pro
When using DeepL Pro, the texts or documents you submit will not be permanently stored and will only be kept temporarily, to the extent necessary for the production and transmission of the translation. Once you have received the translation, all submitted texts or documents and their translations will be deleted. When using DeepL Pro, your texts will not be used to improve the quality of our services. For further details, please see our DeepL Pro General Terms and Conditions.
Please note that DeepL Pro may generally not be used for texts containing personal data of any kind. If, when using our products, you wish to transmit personal data to DeepL, please refer to section 8.1.3 of the DeepL Pro General Terms and Conditions.
6. Use of our Sales Contact Form
If you have any questions for our Sales Team, we offer you the opportunity to contact us using a form provided on the website. This form requires you to provide a valid e-mail address and your name so that we know from whom the inquiry originated and so that we can respond accordingly. Your telephone number and the company name can be provided voluntarily.
If your inquiry is aimed at the conclusion of a contract, Art. 6 para. 1 sentence 1 lit. b) GDPR provides the legal basis. In this case we will store your data for the duration of the statutory retention periods.
The processing of data used to contact us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR on the basis of your voluntary consent. This personal data will be deleted automatically no later than 90 days after your request has been processed.
7. Registration at DeepL
You have the option to register at DeepL. In order to ensure that you can log in, the following personal data will be stored:
- E-mail address
- Password
- IP address.
If you entered the data, the following information will also be stored:
- First name, surname, and company name
- Address
- Tax numbers
- Payment details.
We process this data in order to initiate or fulfil a contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR.
If, following registration, no order is placed, we will store your data for one month and then delete it. If an order is placed, we will store the data for the duration of the contract period and subsequently, if necessary, for the duration of any statutory retention periods.
8. Fulfilment of contract DeepL Pro subscription
When signing up for DeepL Pro, the following personal information is stored and processed for purposes of billing and contract fulfilment:
- E-mail address
- First name, surname, and company name
- Address
- Tax numbers
- Payment details
- Password
- possibly additional information you may provide during the registration process.
In order to process payments, we forward the necessary payment data to our authorized bank and payment service provider: Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Further information on Stripe's data protection policy can be found at: https://stripe.com/de/privacy#translation. Where necessary, Stripe will also transfer the data to Stripe, Inc. in the USA. Stripe, Inc. is certified under the EU-US Privacy Shield.
We process this data for the purpose of contract fulfilment pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR. The data will be stored for the duration of the contract period and subsequently, if necessary, for the duration of any statutory retention periods.
9. Cookies
We use "cookies" to provide you with a variety of functionalities and to improve your user experience. Cookies are small text files that are stored on your computer via your browser. If you do not wish to receive cookies, you can disable the storage of cookies on your computer by changing the browser settings accordingly. Please note that if you disable cookies, website functionality and the range of website features may be impaired.
In particular, we use the following categories of cookies:
- Necessary: These cookies are necessary for our website to work properly, allowing you to use the most important functions and navigate smoothly. This also includes essential security and accessibility features, and your preferences in terms of interface and translator language. We place these cookies due to our legitimate interest in the website presentation of our services and our company as a whole. The legal basis for processing this data is Art. 6 para. 1 sentence 1 lit. f) GDPR.
- Performance: These cookies help us to determine how our site is used. We use this information to improve both our website and our services. With these cookies, we can note, for example, how often users return and which features they use. We only use these cookies with your explicit consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR.
- Comfort: These cookies enable the website to provide improved functionality and personalization, for example, by personalizing your experience based on which pages you previously visited. We only use these cookies with your explicit consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR.
The following table lists the different types of cookies and similar technologies that may be used on our website. Our cookies are stored in your browser until they are deleted or, if it is a session cookie, until the session has expired. You have the option to revoke your consent for the use of "Performance" and "Comfort" cookies directly in each respective category.
With the exception of the third-party cookies from our payment service provider Stripe (see explanatory notes in section 8), the information generated by cookies relating to the use of this website is transmitted to our servers within the EU; this is the only place it is stored. This information is not disclosed to third parties.
Overview of the cookies used by DeepL:
Necessary
| Context | ID | Description | Technology | Expiry | Owner | Privacy |
|---|---|---|---|---|---|---|
| Site localization | IDil | DescriptionStores the interface language selected by the user. | TechnologyCookie | Expiry1 month | OwnerDeepL | |
| Site localization | IDi18nextLng | DescriptionStores the interface language selected by the user. | TechnologyLocal Storage | ExpiryPersistent Data | OwnerDeepL | |
| Privacy Settings | IDprivacySettings | DescriptionStores the user's cookie-banner decision. You can change the settings here. | TechnologyCookie | Expiry12 months | OwnerDeepL | |
| Translator | IDLMTBID | DescriptionUsed to guarantee the origin of a request to the translator and protect from malicious visitors. This ensures that the service is not compromised for the remaining visitors. | TechnologyCookie | Expiry6 months | OwnerDeepL | |
| Translator | IDLMT | DescriptionStores settings made explicitly by the user. E.g. preferred translation language or entries in the glossary. | TechnologyLocal Storage | Expiry1 month | OwnerDeepL | |
| Discovery and Onboarding | IDclickOnWordHint, LMT_MessageBox, onboardingData, showAppOnboarding, AppOnboardingInfo | DescriptionStores if the user has on-boarded with features to ensure that onboarding prompts are only displayed once. | TechnologyLocal Storage | Expiry1 to 6 months | OwnerDeepL | |
| Checkout Process | IDFurther details about Stripe 3rd party cookies can be found under https://stripe.com/cookies-policy/legal. | DescriptionFraud detection and security for check-out and payments. This cookie is only set if you enter the checkout process or view your account payment information. | TechnologyCookie (3rd party) | ExpirySession to 2 years | OwnerStripe | Privacyhttps://stripe.com/privacy |
| Checkout Process | IDuserCountry | DescriptionStores the user's selected country during the checkout process. | TechnologyLocal Storage | ExpirySession | OwnerDeepL | |
| Checkout Process | IDnewpro-checkout | DescriptionStores the user's selected DeepL Pro plan during the checkout process. | TechnologyLocal Storage | Expiry7 days | OwnerDeepL | |
| DeepL Pro-User Login/Session | IDdl_session | DescriptionStores users login token to keep the user logged in on the site. Permanently stored when "remember me" is selected during the login, or expires after 30 minutes of inactivity if not. | TechnologyCookie | Expiry100 years | OwnerDeepL | |
| DeepL Pro-User Login/Session | IDdl_logoutReason | DescriptionWhen you get logged out accidentally, we will help you with an error message. We use this cookie to deliver this message to you so you can prevent this problem in the future. | TechnologyCookie | ExpirySession | OwnerDeepL | |
| DeepL Pro-User Login/Session | IDep | DescriptionIp-Based Enterprise Account login token. Checked once per session and deleted afterwards. | TechnologyLocal Storage | ExpirySession | OwnerDeepL | |
| DeepL Pro-User Login/Session | IDuser | DescriptionStores the display name of logged-in users to display their name. Deleted if the user logs out. | TechnologyLocal Storage | Expiry7 days | OwnerDeepL | |
| Release process | IDreleaseGroupId, releaseGroupMemberships | DescriptionUsed for gradual, controlled releases to ensure stability, quality and performance of our service and infrastructure. | TechnologyLocal Storage | Expiry1 month | OwnerDeepL | |
| Session ID | IDdap.sid, dap.sid_updated | DescriptionSession ID and timestamp. Automatically deleted after 30 minutes of inactivity. | TechnologySession Storage | ExpirySession | OwnerDeepL | |
| App Privacy - only for DeepL Apps | IDappPrivacy | DescriptionSaves the user's decision not to save the translation texts. | TechnologyLocal Storage | ExpiryPersistent Data | OwnerDeepL | |
| App Privacy - only for DeepL Apps | IDdata-use-prohibited | DescriptionThis cookie is used to completely disable tracking in the app if the user has enabled this option in the app. | TechnologyCookie | Expiry20 years | OwnerDeepL | |
| App Usage Statistics - only for DeepL Apps | IDappUsageStats | DescriptionRemembers when the user last used the app. | TechnologyLocal Storage | ExpiryPersistent Data | OwnerDeepL |
Performance
| Context | ID | Description | Technology | Expiry | Owner | Privacy |
|---|---|---|---|---|---|---|
| User Tracking | IDuid | DescriptionFirst-party user identifier. | TechnologyLocal Storage | Expiry12 months | OwnerDeepL |
Comfort
| Context | ID | Description | Technology | Expiry | Owner | Privacy |
|---|---|---|---|---|---|---|
| Product information | IDapiDocsVisited | DescriptionStores whether API documentation has been visited to help users select the correct package at checkout. | TechnologyLocal Storage | ExpiryPersistent Data | OwnerDeepL |
10. DeepL Apps
We offer text translation Apps for the Windows and Mac operating systems. These Apps use the same interfaces for creating translations as the web-based service. Therefore, sections 4, 5 and 9 of this privacy policy also apply to the use of the Apps. For technical reasons, when you translate texts with one of the Apps, your device automatically transmits certain data. The following data is stored separately from any other data you may send us:
- Date and time of access
- Version of the App
- Operating system
- Volume of data transmitted
- Notification of successful data retrieval
- Abbreviated/anonymised IP
- Full IP address (for a maximum duration of 14 days)
- Diagnostic information in event of errors.
This data is stored for purely technical reasons and is not linked to a specific person. Data relating to access is used for error analysis, ensuring system security, logging access to paid services (e.g. DeepL Pro), and to improve our translation service. Due to a legitimate interest in achieving the listed purposes, the full IP address will be stored for a short period of time, not exceeding 14 days.
We use cookies in our Apps for Windows and Mac. For further information, please refer to section 9. Due to technical reasons, the use of cookies in our Apps cannot be disabled. If you do not agree with the use of cookies in the App, please use the web-based service.
Your texts will be sent to DeepL for translation. This, however, only takes place when you explicitly request a translation in the App.
The data is processed for the purpose of fulfilling the contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR.
11. Job applications
We offer you the opportunity to apply for a position at DeepL via our career page, the integrated career portal or by e-mail. This digital recruitment process means that your application data is collected and processed electronically in order to complete the application procedure. The personal data you provide will be used exclusively for processing your job application. Your personal data will only be passed on or otherwise transferred to persons involved in the recruitment process.
If, following the recruitment process, an employment contract is concluded, we will store your personal data as part of your personnel file for the purpose of standard organisational and administrative procedures, in compliance with the more extensive legal obligations.
In the event that we reject an application, we will automatically delete the data transmitted to us three months after notification of rejection. The data will not be deleted, however, if legal regulations, e.g. due to the burden of proof under the (German) General Act on Equal Treatment (AGG), require that the data is stored for a longer period of up to four months or until the conclusion of legal proceedings.
The legal basis for the processing of your application data is Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 BDSG.
If you expressly agree that your data may be stored for an extended period of time, e.g. for inclusion in our internal applicant pool, the data will be continue to be processed subject to your consent. The legal basis in this case is Art. 6 para. 1 sentence 1 lit a) GDPR. However, you may of course revoke your consent at any time with effect for the future.
In order to process candidate and application data, the data will be passed on to the service provider Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, The Netherlands, which is responsible for operating the application system. For more information on data protection at Recruitee, please visit: https://recruitee.com/de/privacy.
12. Data security
All connections to our website are protected with state-of-the-art encryption technology. The level of protection always depends on the encryption supported by your Internet browser. You can tell whether an individual page of our website is transmitted in encrypted form when the key or lock symbol in the lower status bar of your browser is locked. We also use suitable technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, and destruction or unauthorised access by third parties. Our security measures are continuously improved in line with the latest technological developments.
13. Your rights
The following rights have been granted by European Union directives and regulations. If you wish to exercise any of the rights listed below, please contact us at the above address.
- Right to confirmation and right of access - We will gladly confirm whether we are processing any of your personal data, which data we are processing, and for what purpose we are processing it.
- Right to rectification - If any of the data we have stored is incorrect, we would certainly be happy to correct it.
- Right to erasure - Should you wish your personal data to be deleted, we will comply with your request as far as legally possible. If data must be stored for legal reasons, it will be blocked. The data is then no longer available for further use.
- Right to restriction of processing - Should you wish to restrict use, we will comply with your request as far as legally possible.
- Right of withdrawal - Should you wish to revoke any consent already given, we will comply with your request.
- Right to object - if your personal data is being processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, you have the right to object to the processing of your personal data if there are reasons for doing so arising from your particular situation or if the objection is directed against direct marketing, pursuant to Art. 21 GDPR. In the latter case, you have a general right to object. We will implement this right without you specifying a particular situation and you will be able to exercise this right without incurring any costs other than the costs of transmission under the base rate. If you wish to exercise your right of withdrawal or right to object, please send an e-mail to privacy@deepl.com.
You also have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data, such as the supervisory authority for data protection that is responsible for us: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2 - 4, 40213 Düsseldorf, E-mail: poststelle@ldi.nrw.de.
14. Changes to the privacy policy
We reserve the right to amend this privacy policy. The current version of the privacy policy can be accessed at any time at www.deepl.com/privacy.html.
Last update: June 2020