Take control of your data now: review and tighten your privacy settings in DeepL to minimize collection and exposure. The DeepL Privacy Policy clearly outlines the principles of personal data protection, including how we handle e-mailová addresses and other identifiers, how její rights operate, and how vyskakovacího notices appear to help you stay informed, especially when encountering neznámé sources.
analyzujeme data to improve translations and services, while applying smluvní safeguards. Data from zákazníků is processed within německo and other compliant regions, with access limited to oprávněným personnel. All actions are logged for accountability. We do not share data with dragonara or other third parties without consent, unless required by law or with explicit user approval.
Practical steps you can take today include reviewing žádosti and nových žádostí for data deletion or amendment, enabling minimal data sharing, and turning on two-factor authentication. Ensure every operation is performed by oprávněným staff, and use the zoom feature to control data visibility in real-time translations. This approach supports spokojenosti customers and gives you clear options to manage vašeho data.
Identify personal data DeepL collects and the sources of that data
Turn off data used to improve translations in your privacy settings and delete session data after use to retain control over your content and privacy.
DeepL collects personal data from several sources to operate, secure, and improve services. The main sources are:
- User-provided data: text you input for translation, documents you upload when using paid features, profile information, and privacy preferences you set in your account.
- Usage and device data: timestamps, language pairs, feature usage, error messages, device type, browser, operating system, IP address, time zone, and approximate location derived from IP.
- Content and interaction data: content of conversations with chatbots, feedback you submit, and support requests; metadata about those interactions, including context and purpose.
- Account and security data: email address, name, and security settings when you create or update an account, as well as authentication activity and access attempts.
- Derived and analytics data: aggregated or anonymized analytics that help improve accuracy, reliability, and security, while applying privacy controls and legal requirements.
In practice, use of the chatbot and translation features may involve storing inputs, outputs, and interaction metadata to maintain service quality, detect anomalies, and support features like language detection and personalization. You can adjust retention preferences and request deletion or export of your data where supported by your plan.
To manage data, navigate to your Privacy settings, review the data categories listed above, and remove specific items or opt out where available. If you interact with a chatbot, be aware that chat content and metadata may be processed to generate responses and improve services. DeepL applies access controls and data minimization principles, ensuring that only authorized personnel can view your data and that data handling aligns with stated purposes and user choices.
Special terms used in notes and policy references:
- kontextidpopistechnologievypršenímajitelka
- webinářů
- odhlásí
- důvodů
- uživaté
- identifikované
- příslušná
- našimi
- dojít
- chatbota
- používány
- využívá
- odstraní
- vaší
- autorizovanému
- rozhraní
- detekce
- tímto
- plán
- účel
- zásady
- mimo
- napiťte
Clarify the purposes and legal bases for processing personal data
We clearly define the purposes and legal bases used by our gmbh to process personal data across services. The primary purposes are providing the service, enabling translations (překladu), and running analytics (analýze) to improve accuracy and reliability. We process data you provide (poskytované) and data generated by usage (používání). Each purpose ties to a defined data set (soubory) and a retention window (platnost) aligned with těchto důvodů. The oddíl explains which data elements are involved, how long they are kept, and when they are deleted or anonymized; probíhá under strict controls. We avoid závistlosti on unnecessary third parties and limit processing to the minimum necessary. Tomuto framework ensures that every processing activity has a clear justification and a planned end.
Legal bases in practice
We rely on consent for data processing where you have given explicit permission; on contract performance when you request a service; on compliance with legal obligations; and on legitimate interests in improving the product and maintaining security. You may odvolat consent at any time via nastavení in your account; turning off consent stops future processing based on that basis. We retain data only as long as needed for the purposes and as permitted by law; when the basis ends, we delete or anonymize the data. For operations based on legitimate interests, we conduct balance testing and implement safeguards to protect your rights. The minimal data required for each purpose is described in the data categories (soubory) and the retention policy.
We předáme data only to trusted sub-processors under uzavřené agreements. This includes providers of services for překladu and analytics; all transfers are subject to Data Processing Agreements and dozorového oversight. When possible, we apply data minimization and pseudonymization. In napíklad cases, we may use tools like Clarendon and xing to enrich language features; handling of such data occurs under strict controls and with revocation options. If you request access or deletion, we respond within 30 days and prepare a data export in a portable format.
Explain user rights and practical steps to exercise them
Submit a data access request today to review what we store about you and how we use it. We confirm your jazyka preference and respond within 30 days with a concise summary describing the data categories such as překladatelských records, chatbota logs, and koncovým uživatelům interactions, the purposes of jednání, and the retention terms (uchovávání) described in the system. If you communicate in a language other than English, we provide essential information in that jazyka and, where appropriate, a translation of key sections (překladatelských notes) to help you understand your rights. We also outline steps to protect soukromí and prevent zneužitím of data.
Your rights at a glance
You may exercise rights to access, rectify, delete, restrict processing, object to processing, and data portability where permitted (platí). You can ask to stop processing for a given purpose, or to have data erased, especially if the data is no longer needed for the plan (plán) or if it was collected without proper consent. These rights cover klientská data and data shared with customers (zákazníkům) when you interact with our services, including chatbota interactions.
How to exercise these rights
To begin, reach us via emailovou adresu listed in our policy or submit a request from your account. In your message, specify the right you are exercising and the data categories involved, such as jazyka preferences, komunikujete with us or with zákazníkům, and records tied to koncovým uživatelům or chatbota. Include your identity verification details to prevent zneužitím, and a preferred směrování textu for the response. We will acknowledge the request, verify your identity, and respond within the system’s stated timeframe, typically 30 days. You will receive clear information about what data we hold, where it is stored (ukládat), how it is used (jednání), and the exact steps to take for access, correction, deletion, or data portability. If you need a longer-retention plan or future changes (budoucna), we will popsáno explain how it affects uchovávání and processing.
Define data retention, deletion procedures, and how to request data removal
Store data only as long as needed for the stated purpose and delete when that purpose ends. Data from průzkumech, sociálních interactions, and navštěvujete stránku activity is kept according to a clear schedule and is subject to regular review. We use diagnostické data collected through používané technologie to monitor performance and security, recording datum and dotazů to trace incidents. Access to personal data is restricted to zaměstnanci with přihlášení and the minimum necessary přístupů. Identifikované data stay linked to your account for legitimate operations, while záznamy support troubleshooting, product improvements, and compliance. We store verzi of the software you used and důvodů for data collection in our records and audit trail, and we remove data that is no longer needed. Our approach emphasizes data minimization and transparent handling to protect your privacy across prázdnin and day-to-day use of the service.
Retention timelines and deletion rules
Data categories have defined timeframes: account data and preferences are retained for 24 months after last navštěvujete stránku activity; usage data including pages visited, dotazů, and přístupy is kept for 12 months; diagnostické data from používané technologie stay for 18 months; logs and security events remain for 6 months, with backups pruned on a rotating schedule. After the period ends, we either delete the data or render it anonymous so it cannot be tied back to you. If legal obligations require longer storage, we suspend processing or extend retention only for the minimum necessary duration. We zaznamenáváme deletion events in the audit trail and update the status visible to you in your preferences, ensuring any změny to your formulář settings are reflected across související systems.
How to request data removal
To request removal, open the formulář on the Data Rights page and specify the data categories you want deleted (for example account data, usage data, preferences). Provide a concise důvodů and indicate whether you want partial deletion or complete removal. We verify your identity through the standard přihlášení flow and may require additional verification if needed. Once verified, we process deletion or anonymization within 30 days and confirm the outcome by email. If you request data export, we provide a copy before deletion where feasible. We remove stored data from all související systems and prune datum from logs while preserving non-identifiable aggregates for operational integrity. You can review the current state of the request in your account, and we record the action as zaznamenáváme for accountability and compliance with your preferences. If some data must be retained for legal reasons, we clearly specify the reason and scope in the response.
Describe security controls, third-party sharing, international transfers, and breach response
Enable encryption in transit and at rest by default, and enforce MFA for all access to deeplcom systems. Apply least-privilege access and automatic revocation on role changes to minimize risk.
Security controls include robust identity management, network segmentation, and data protections. Data at rest uses AES-256; data in transit uses TLS 1.2+; keys are managed by a centralized KMS with automatic rotation. We maintain immutable audit logs, monitor for anomalies around the clock, and run quarterly vulnerability assessments and annual penetration tests. Documentation, including a glosáře, clarifies terms and controls, and popsáno procedures explain how we protect data; usnadňují compliance for administrators and customers. Before processing (před) and during integration with aplikací, we ensure controls are aligned and tested.
Third-party sharing follows data-minimization principles and formal agreements. We share only with subprocessors under DPAs and Standard Contractual Clauses, restrict access to necessary data, and require incident reporting and data deletion or return on termination. We conduct vendor risk assessments prior to onboarding, monitor ongoing security posture, and restrict cross-border sharing to approved destinations. Any data transfers to external services, including google, are governed by contractual protections and DPIA requirements. We document purposes and limit data access to trusted processors. This includes ensuring platbách data and customer jméno stay in minimized, controlled contexts, and that námitky are addressed promptly.
International transfers rely on SCCs or adequacy decisions and are limited to essential purposes. We map data categories, perform DPIA, and implement data-localization options when clients request it. Transfers outside the EU are monitored and recorded in a transfer ledger with data type, destination, purpose, and retention. We also maintain localization for regions such as německo to meet local requirements, and Unie data-protection standards are followed where applicable.
Breach response includes a prepared incident response plan with defined roles, runbooks, and escalation paths. We detect breaches quickly, contain impact, preserve evidence, and begin root-cause analysis. Customers receive timely notifications detailing data types involved and remediation steps, typically within 72 hours where required by law. We provide ongoing updates and implement technická preventivní opatření to reduce recurrence. Our team sami reviews the response, and we provide support for námitky related to breach handling.
| Topic | Управление | Data scope | Transfers | Breach actions |
|---|---|---|---|---|
| Security controls | RBAC, MFA, AES-256, TLS 1.2+, immutable logs | PII, credentials, content | Intra-EEA; cross-border with SCCs | Containment, forensics, remediation |
| Third-party sharing | DPAs, SCCs, data minimization | Minimum necessary | Controlled, documented | Post-termination data handling |
| International transfers | SCCs, DPIA, localization | Personal data | Approved destinations only | Regulatory reporting |
| Breach response | IR plan, runbooks, escalation | Impact scope | Lawful cooperation | 72-hour notification standard |
