Last revised: October 17 2023
Deel Inc., a Delaware corporation with its principal offices at 425 1st San Francisco, CA 94105 United States, ("Deel", "us", "we", or "our") operates the www.deel.com website (the “Site”) and provides international payroll and related services (the "Services"), which is available through the Site.
Deel has developed a global privacy program under which we offer the same high standards of privacy protection regardless of where you are in the world. When we refer to Deel, we mean the Deel entity with which you have an agreement, if applicable.
Scope of Application
- Visitors of the Site with whom Deel does not have a contractual relationship
- Clients who use our Services, including client UBOs or representatives
- Independent Contractors who use our Services
- Deel community platform users
- Suppliers who provide products or services to Deel
- Participants of webinars, conferences, trade events, surveys, etc.
Deel collects and stores certain information about you. This information can be used on its own or in combination with other information to identify you ("Personal Information"). Below is a list of types of Personal Information that we may collect and use about you.
|Categories of Personal Information||Description|
|Contact||Information we use to contact you including physical addresses, e-mail addresses, and phone numbers|
|Identification||Information we use to identify you including full name, government ID, passport, DoB, and selfie|
|Financial||Information about an individual's financial account including bank account details, payment card details|
|Transactional||Information about the transactions you carry out and the payments to and from your accounts with us including amounts and dates|
|Contractual||Information about the products or services we provide to you|
|Locational||Information we get about where you are, including country and IP address. This may come from your mobile phone or the place where you connect a computer to the internet. It may also include locations where you used your card.|
|Usage||Information about the usage of our Services and Site including metadata|
|Technical||Information on the devices and technology you use including IP address, login data, browser type and version, timezone, operating system, browser type|
|Communications||Information from communications between us including any personal data you may share with us in your messages, communication metadata|
|Professional||Information about professional career and educational background including current and old job positions, degrees, qualifications|
|Public and third-party records||Information about you that is in public records and information about you that is publicly available on the internet. We also collect information about you which we receive from other companies, such as (without limitation) credit reference or fraud protection agencies (see below for more information).|
|Consents||Any permissions, consents or preferences that you give us|
|Deel Community Platform Content||The Deel Community allows you to post or transmit comments, computer files, messages, and other materials. This content may include personal data|
|Other Information||Any other information you choose to provide to us through all available channels, participating in user/customer surveys or otherwise visiting and interacting with our Site and/or Services.|
For the avoidance of doubt, Personal Information shall not include any personal information which is anonymised, after which the identifiable data is destroyed. Deel may also collect and use non-Personal Information to analyze the effectiveness of our Services and to improve our Services. We may collect non-Personal Information through the Services, the Site and through cookies.
Sources of Your Personal Information
We may collect Personal Information about you or your businesses from any of these sources:
- Directly for you when you use our Services, complete a contact form, request marketing communications, participate in surveys or contact us.
- Deel collects profile and usage data when you interact with our Site and/or Services, including, without limitation, your security details, app or your web browser settings, marketing choices and data from the devices you use to connect to our platform so we can provide you with our products or services.
- From third parties:
- Companies, business partners or individuals that introduce you to us
- Business partners, service providers, sub-contractors, advertising networks, analytics providers, search information providers, fraud protection services, Payment Service Providers (PSPs) who help us authenticate your identity, improve the quality of our Services, promote our Services and protect our business. We may also receive Personal Information about you from providers that help prevent, detect and prosecute unlawful acts, money laundering, and fraudulent behavior.
- Social networks and other technology providers (for instance, when you click on one of our Facebook or Google adverts)
- Public information sources such as (without limitation) national company registries
- Market researchers
- Government, law enforcement agencies, authorities and regulatory bodies
Below is a list of the ways that we may use your Personal Information together with the legal basis of processing, where applicable under data protection law.
|Purposes for which we use your Personal Information||Legal basis||Our reasons|
|Management of the contractual relationship with you to provide you with our Services||
Improving our business by
Our legitimate interest is centered around enhancing the quality of our Services, optimizing operational efficiency, and maintaining a competitive edge in the market
|Secure access to our Services, including but not limited to performing the necessary identification and verification of our users prior to granting access to our Services||
Our legitimate interest is to safeguard access to our Services to authorized only users who have gone through identification and verification processes
|Marketing and events-related communications, including but not limited to inviting you to participate in events, surveys or otherwise communicating with you for marketing purposes to promote our Services||
|Protect the security or integrity of us, our Site and our Services||
|Communicate with you about our Site and Services, such as to notify of changes and updates and to provide you with customer support and troubleshooting||
|To manage our business operations including but not limited to delivering||
|Deel’s products and services, making and managing payments, managing fees and charges due on user accounts and debt collection||Our legitimate interests to manage our business operations efficiently, deliver our products and services, and ensure the financial stability of our company|
|Meet our legal, regulatory, and tax reporting obligations||
|To provide and maintain the Deel Community Platform||
|Aggregating pseudonymised personal data and reporting anonymised salary data for the purpose of compensation benchmarking in various industries and geographies as well as for academic research purposes||
In cases where we need to process personal data for the performance of the contract with you or as required by law and you refuse to provide your information, we may not be able to perform the contract with you and consequently, we may not be able to provide certain services to you.
We may contact you with newsletters and other marketing information that may be of interest to you. You may opt out of receiving any, or all, of these marketing communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us. Please note that we may still send you transactional or administrative messages related to the Service even after you have opted out of receiving marketing communications.
Information Sharing with Third Parties
We will only share your information with the third parties listed below for the purposes described above in the “Information Use” Section unless otherwise noted at the point of collection:
- Our clients to whom you provide your services
- Trusted third-party agents, partners, suppliers, and service providers who assist us in providing the Services to you and are only permitted to use your information according to the purposes specified in their agreement with us. These third parties include website hosts, data hosts, cloud software providers, IT providers, identification verification providers, customer support providers, payment processors, financial institutions, financial advisors, legal advisors, auditors, and insurance companies. These partners are required under law and contract to keep your Personal Information confidential
- Government or public agencies, law enforcement authorities, regulators or any other entity having appropriate legal authority for receipt of you Personal Information, if required or permitted by law or legal process or if we believe that such action is necessary to comply with the law, to protect the security or integrity of our business, our Site and/or Services and to protect the safety of the users of our Services or the public
- We may disclose your Personal Information to a third party who acquires any part of our business, whether such acquisition is by way of merger, consolidation, divestiture, spin-off, or purchase of all or a substantial portion of our assets
- We may share de-identified Personal Information with academic institutions to perform research, under controls that are designed to protect your privacy—including requiring such institutions to operate under confidentiality agreements and mandating that published findings contain only de-identified and aggregated data
- From time to time, we may share reports with the public that contain anonymized, aggregate, de-identified information and statistics, and
- When you provide your consent to us to share your information
Retention of Your Personal Information
We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, consistent with applicable law. This retention period allows us to comply with our legal obligations, resolve disputes, enforce our agreements and study customer data as part of our own research. We will not retain your data for longer than is necessary to fulfill the purpose for which it is being processed.
To determine the appropriate retention period, we take into consideration the amount, nature, and sensitivity of the personal data, as well as the purposes for which we process it. We also assess whether we can achieve those purposes through other means. For the data retention period related to the Services provided to you, please refer to the Data Processing Addendum.
The security of your Personal Information is important to us. We implement suitable measures to safeguard the information you entrust to us, preventing its loss, misuse, unauthorized access or disclosure, alteration, and destruction, addressing threats from both external and internal sources. Furthermore, we restrict access to your personal data to individuals such as employees, agents, contractors, and other third parties, but only those who require such access for legitimate business purposes. These authorized individuals will process your personal data solely based on our explicit instructions and are bound by a confidentiality obligation.
If you have selected a password or other login credentials that grant access to the Deel platform, it is your responsibility to take all reasonable measures to maintain the confidentiality of this information. You should not share your password or login credentials with any other individual.
Please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of the Personal Information we have collected from you. Therefore, you are also a key stakeholder in making sure that your Personal Information is protected. If you become aware of any breach of security or privacy, please contact us immediately at firstname.lastname@example.org.
Information collected while you use the Site and/or Service, including your Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we will transfer the information, including your Personal Information, to the United States and process it there. In order to provide adequate protection for the data transfer, we have in place contractual arrangements with our subsidiaries, affiliates and business partners in respect of such transfers. By utilizing our Sites and/or services, you authorize the international transfer of your data, to the United States, where we are based, and to other locations where we and/or our service providers operate. Note that the Deel Platform is maintained and owned by Deel Inc., a United States entity, however Deel stores all Deel Platform data in Ireland (EU) only.
Link To Other Sites
We do not knowingly collect Personal Information from children under the age of 18. Our Site and Services are not addressed to minors. If you are a parent or guardian and you learn that your children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child under the age of 18 without verifiable parental consent, we will take steps to remove that information from our servers.
Under applicable privacy regulation, you may have some or all of the following rights in respect of your Personal Information:
- to obtain a copy of your Personal Information together with information about how your Personal Information is processed;
- to rectify inaccurate Personal Information;
- to erase your Personal Information in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed;
- to restrict processing of your Personal Information
- to object to the processing of your Personal Information where we're relying on a legitimate interest;
- to object to decisions that are based solely on automated processing or profiling;
- to obtain a portable copy of your Personal Information, or to have a copy transferred to a third party controller; or
- to withdraw your consent, at any time, where you may have provided it for the collection, processing and transfer of your Personal Information for a specific purpose;
In addition to the above, you have the right to lodge a complaint with a supervisory authority for data protection.
To exercise these rights you may contact us either by emailing email@example.com or addressing it to the Head of Data Privacy Manager Service, Bouaziz & Partners, 45 Quai de la Seine, 75019, Paris, France.
We may ask you for additional data to confirm your identity and for security purposes, before disclosing the information requested to you. If you would like to submit a request on behalf of another individual, you may do so by providing proof of authorization by the individual to submit such a request on their behalf. We reserve the right to charge a fee where permitted by law. We may also decline to process requests that jeopardize the privacy of others, are excessive, or would cause us to take any action that is not permissible under applicable laws. Additionally, as permitted by applicable laws, we may need to retain certain Personal Information for a limited period of time for record-keeping, accounting and fraud prevention purposes. Please note also that you may be able to exercise some of these rights without our intervention. For example, if you are a registered Deel platform user, you can access and update your personal data.
If you have questions or concerns regarding privacy using our Service, please contact us at: firstname.lastname@example.org.
Region-Specific Privacy Terms
This section applies to the processing of Personal Information about US residents using our Site and/or Services and addresses the specific requirements under the California Consumer Privacy Act 2018 (CCPA), Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act.
Categories, Sources and Recipients of Personal Information
- Deel Community platform content
Sale of Personal Information
We do not offer an opt-out from the sale of Personal Information because we do not sell Personal Information as defined by the CCPA (and have not done so in the last 12 months). We also do not sell any Personal Information of consumers under the age of 16.
Sensitive Personal Information
Your CCPA rights
California residents have the following rights:
- the right to know how their information is used
- the right to delete their information
- the right to correct their information
- the right to opt-out from sale (if applicable)
- the right to limit the use or disclosure of sensitive information, and
- the right not to be discriminated against because they exercise any of their rights under the California Consumer Privacy Act in violation of Cal. Civ. Code §1798.125.
Colorado, Connecticut, Utah, Virginia
The Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act and the Utah Consumer Privacy Act, provide consumers with specific rights regarding their Personal Information. If you are a resident of one of these states, this section describes your rights under these laws.
Your Virginia, Colorado, Connecticut and Utah Rights
|Right of access||X||X||X||X|
|Right to data portability||X||X||X||X|
|Right to opt out of having their personal data collected or processed for the purposes of targeted advertising, sale, or profiling||X||X||X||Opt out of sale and targeted advertising (Not profiling)|
|Right to correct||X||X||X||X|
|Right to non-discrimination. You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights||X||X||X|
|Right to delete||X||X||X||X|
|Right to Appeal||X||X||X|
Your Right to Appeal
If we decline to take action regarding a request that you have submitted, we will inform you of our reason for declining to take action and provide instructions for how to appeal the decision. In the event that we do not respond to a request that you make pursuant to one of the privacy rights set forth in this section, you have the right to appeal our refusal to take action within a reasonable period of time after you receive our decision. Within 60 days (45 for residents of Colorado) of our receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied you may contact your state attorney general’s office to submit a complaint.
This section applies to residents of the EEA, Switzerland and the UK, using our Site and/or Services and addresses the specific requirements under the General Data Protection Regulation (GDPR), the UK GDPR and the Swiss Federal Data Protection Act (FADP).
When transferring data from the European Union, the European Economic Area, the UK, and Switzerland, Deel relies upon the Standard Contractual Clauses as included in our Data Processing Addendum. Deel also complies with the EU-U.S. Data Privacy Framework (the “EU-U.S. DPS”), the UK Extension to the EU-U.S. DPF (the “UK Extension”), and the Swiss-U.S. Data Privacy Framework (the “Swiss-U.S. DPS”), as set forth by the U.S. Department of Commerce.
Deel is responsible for the processing of personal data it receives, under each DPF, and subsequently transfers to a third party acting as an agent on its behalf. Deel complies with the DPF Principles for all onward transfers of personal data we receive from the European Union, the UK and Switzerland in reliance on the EU-U.S. DPF Principles, the UK Extension and/or the Swiss-U.S. DPF Principles, including the onward transfer liability provisions. In particular, where we have received your personal information in the United States in reliance upon the EU-U.S. DPF Principles, the UK Extension and/or the Swiss-U.S. DPF Principles and we subsequently transfer that information to a third party acting as an agent, and such third party agent processes your personal information in a manner inconsistent with those Principles, we will remain responsible unless we can prove we are not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Deel commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Deel at email@example.com.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Deel commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
With respect to personal data processed pursuant to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Deel is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Deel may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions that are fully described on the Data Privacy Framework website at, https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Your GDPR rights
Your PIPL rights
Transfer of information outside of China
This section applies to individuals who are located in Brazil, according to the "Lei Geral de Proteção de Dados" (LGPD).
Your Brazilian privacy rights