GDPR: A Brief Overview
What is GDPR?
GDPR, or the General Data Protection Regulation, is a directive of the European Union on privacy and the treatment of personal data approved in 2016. It went into full effect on May 25, 2018. It replaced all previous privacy directives dating back to 1995. The GDPR regulates how individuals and organizations may obtain, use, store, and eliminate personal data and allows you to explicitly accept or decline such use.
What are my rights under the GDPR?
The GDPR extends consumer privacy consent and protection for European citizens and governs how organizations handle their personal information.
Organizations must be compliant with the seven rights of EU/EEA citizens and what those rights mean.
1. Right to transparent communication - to communicate where personal data goes
2. Right to basic information - to provide reasons why and how personal data is used
3. Right to access - to provide access to your own personal data
4. Right to be forgotten - to delete personal data by request
5. Right to restrict processing - to restrict usage of personal data by request
6. Right to data portability - to transfer personal data between platforms
7. Right to object to processing - to restrict processing and usage of personal data
Organizations must be compliant with the seven rights of EU/EEA citizens and what those rights mean.
1. Right to transparent communication - to communicate where personal data goes
2. Right to basic information - to provide reasons why and how personal data is used
3. Right to access - to provide access to your own personal data
4. Right to be forgotten - to delete personal data by request
5. Right to restrict processing - to restrict usage of personal data by request
6. Right to data portability - to transfer personal data between platforms
7. Right to object to processing - to restrict processing and usage of personal data
Check our Privacy Notice for details.
Our GDPR Compliance
How does the GDPR affect Instapage?
Instapage takes your privacy seriously and wants to build and maintain trust with all our customers. As a result, we are committed to comply fully with GDPR. We are transparent about why we collect personal information and how it’s used to improve the user experience and our site’s performance.
What is Instapage doing to be in compliance with the GDPR?
Instapage is excited about the GDPR and the strong data privacy and security principles it emphasizes. As part of the compliance process, we are continuously improving our internal documentation, data systems, processes, and procedures to ensure compliance on an ongoing basis.
Specifically, we:
Specifically, we:
- Updated our Terms of Service and Privacy Policy to describe what data we collect and how we use it. This includes the communication of any data used in the maintenance, improvement, research, support and management of our tools necessary for your account to function correctly.
- Participate in the EU-U.S Data Privacy Framework program to ensure a compliant transfer of personal data from the EU to the U.S.
- Audited all third-party vendors we work with and updated our third-party vendor contracts to meet the requirements of the GDPR.
- Updated our product workflows to include GDPR provisions for EU/EEA customers.
- Provided a data processing addendum that customers can download and sign. In addition, added more granular opt-in/opt-out settings of personal data collected through the Instapage platform.
- Address any requests made by Instapage customers related to their expanded individual rights under the GDPR, including deletion of personal data, updating personal data, and transferring personal data to another platform.
- Encrypt our customers’ personal information, lead, and billing data. We do not have any access to our customers’ lead data.
- Secured customer support troubleshooting.
What data does Instapage collect?
We collect a variety of information so that you can use our platform.
Primary information like your full name and email address is necessary so you can use and have an account with Instapage. You may choose to share more information such as company name and phone number.
We also ask your consent on a range of other information including, but not limited to, IP address; approximate location; in-app usage around features; page use, design, and content; login information; browser type and version; time zone setting; device information; operating system and version; cookie data; and payment transactions.
Finally, we also collect third-party information. For example, if you connect with a Google account, we receive the information necessary to authenticate that it’s you. Other third-party information may also include demographic data or fraud detection information. Another type of information we get may relate to your experiences and interactions from our partner ad networks.
We ensure all data is safely encrypted and meets the standards laid out by the GDPR so that any personal information we collect is safely warehoused according to the articles laid out in the GDPR Chapter 5.
For full details please visit our Privacy Policy.
Primary information like your full name and email address is necessary so you can use and have an account with Instapage. You may choose to share more information such as company name and phone number.
We also ask your consent on a range of other information including, but not limited to, IP address; approximate location; in-app usage around features; page use, design, and content; login information; browser type and version; time zone setting; device information; operating system and version; cookie data; and payment transactions.
Finally, we also collect third-party information. For example, if you connect with a Google account, we receive the information necessary to authenticate that it’s you. Other third-party information may also include demographic data or fraud detection information. Another type of information we get may relate to your experiences and interactions from our partner ad networks.
We ensure all data is safely encrypted and meets the standards laid out by the GDPR so that any personal information we collect is safely warehoused according to the articles laid out in the GDPR Chapter 5.
For full details please visit our Privacy Policy.
Compliance for Customers
How do I become compliant?
The essence of the GDPR is about increasing transparency and adding consumer privacy protections. This means explaining in plain language how you collect and use any personal data. The GDPR also means ensuring that you can manage and securely store their data. Just as we have updated our policies, we recommend that you update your privacy policy to clearly lay out the use of personal data. Users also have the right to consent to these uses so you must include the ability to opt-in to gathering lead data and cookies. For cookie management we suggest presenting customers with a cookie solution to manage opting in to tracking cookies.
Disclaimer: The information we provide here is informational purposes only and should not be taken as legal advice. We strongly advise that in order to assure complete compliance to seek out professional legal advice or refer to the appropriate data supervisory authority for more details on how to comply.
Below are a few great resources to help you prepare:
General Data Protection Regulation, Simplified (Intersoft Consulting)
read more
Understanding GDPR (IAB)
read more
GDPR Compliance Primer (IAB)
read more
GDPR : A Primer for U.S.-Based Organizations That Handle EU Personal Data (NYU School of Law)
read more
Disclaimer: The information we provide here is informational purposes only and should not be taken as legal advice. We strongly advise that in order to assure complete compliance to seek out professional legal advice or refer to the appropriate data supervisory authority for more details on how to comply.
Below are a few great resources to help you prepare:
General Data Protection Regulation, Simplified (Intersoft Consulting)
read more
Understanding GDPR (IAB)
read more
GDPR Compliance Primer (IAB)
read more
GDPR : A Primer for U.S.-Based Organizations That Handle EU Personal Data (NYU School of Law)
read more
Does the GDPR apply to me if I am located outside Europe?
The GDPR extends coverage to all of the European Union. Also, Switzerland and the United Kingdom have adopted their own analogies of GDPR. If you do or plan to do business, reach customers, or process personal data from these jurisdictions, then the GDPR will apply to you, regardless of your physical operational location.
Do I need to handle data differently as a result of the GDPR?
You will be responsible for ensuring that your landing pages and any lead data you collect are compliant with the GDPR. This will include honoring the regulation’s new expanded rights, updating your consent and processing requirements, and updating your data processing policies and documentation.
Here are some of the areas where Instapage can help you become compliant with the GDPR:
Expanded personal rights:
1. Right to be forgotten - You may delete individual leads upon request at any time from your Instapage account. We will delete and remove any customer personal data upon request.
2. Right to restrict processing - You may incorporate opt-in functionality on your landing pages so your leads can opt-out of inclusion in a variety of marketing initiatives.
3. Right to access - You must update your Terms of Use and Privacy Policy to describe what data you collect and how you use it. You may also contact Instapage directly to request access to your personal data. We do not have access to your leads’ data. While we will endeavor to provide some guidance we recommend the use of a specialized agency or legal office to ensure you are properly observing the new regulations.
4. Right to portability - You may export leads’ personal data in order to provide portability of data to your landing page visitors at any time through your Instapage account. If you would like to pull your own personal data, please reach out to us. We will run the query and pull your data.
Consent and processing requirements:
1. We have updated our Terms of Service and Privacy Policy.
2. Instapage has updated our sign-up flow to include an opt-in box for consent to use the product. Users who prefer not to consent to the collection of their personal data will unfortunately not be able to use Instapage as this information is necessary to provide services and operate the product. We offer a separate opt-in box for marketing and communications. For those who opt-in, we may use your information to offer products or services that may be of interest based on your preferences.
3. We will provide notice of how personal data is used within the Instapage app, as well as the ability to change opt-in and opt-out settings. We will also provide a Global Unsubscribe button if you would like to opt-out of all non-transactional emails.
4. As Instapage has no access to the personal data of your leads, it is your responsibility to ensure that you obtain consent from your leads/visitors to collect their personal data and send that data to your Instapage account for processing. Please ensure that all your pop-ups, forms, etc. include language to provide this consent. One way that you can do this is via an opt-in box on your forms — functionality provided by Instapage.
5. Your leads’ personal data may be collected and transferred to your Instapage account using functionality like pop-up and embedded forms. These forms are one of the most important Instapage tools you can use to gain compliance with the GDPR. Carefully design each of your forms to make sure the language in the body and/or footer is clear, specific, and covers all possible reasons for using the data collected.
6. Keep accurate records and update any information requested by your leads. Instapage helps by providing you with a record of the email address, name, and timestamp associated with every lead signup who completes and submits a form to demonstrate easy-to-access proof of consent.
7. If you integrate Instapage with external tools and platforms, please consider the ramifications of sending your leads’ personal data into those tools and platforms. Find out if you need to take any additional action to ensure your compliance with the GDPR.
8. Keep in mind that any existing consent already obtained can continue to be relied on, as long as it meets the GDPR standards for consent. It’s not necessary to re-request consent from your existing leads when the GDPR goes into effect if this has been done.
Data processing documentation:
1. We have added a Data Processing Addendum (DPA) in-app for all customers who have personal data on our customers. This agreement will ensure that you are compliant with the end visitor data you have collected.
You should review the privacy statement and practices applicable to your organization and ensure that they provide proper notice that your leads’ personal data will be transferred to Instapage. For example, you may want to consider updating your privacy statement to include language that identifies Instapage as one of your processors. Delineate the applicable processing activities performed by Instapage, such as the collection (e.g. via sign-up forms) and storage of personal data (e.g. lead data in your Instapage account), and the transfer of personal data to certain sub-processors by Instapage (who, as described in our Terms of Use and Privacy Policy, perform some critical services such as research and development and customer support).
Here are some of the areas where Instapage can help you become compliant with the GDPR:
Expanded personal rights:
1. Right to be forgotten - You may delete individual leads upon request at any time from your Instapage account. We will delete and remove any customer personal data upon request.
2. Right to restrict processing - You may incorporate opt-in functionality on your landing pages so your leads can opt-out of inclusion in a variety of marketing initiatives.
3. Right to access - You must update your Terms of Use and Privacy Policy to describe what data you collect and how you use it. You may also contact Instapage directly to request access to your personal data. We do not have access to your leads’ data. While we will endeavor to provide some guidance we recommend the use of a specialized agency or legal office to ensure you are properly observing the new regulations.
4. Right to portability - You may export leads’ personal data in order to provide portability of data to your landing page visitors at any time through your Instapage account. If you would like to pull your own personal data, please reach out to us. We will run the query and pull your data.
Consent and processing requirements:
1. We have updated our Terms of Service and Privacy Policy.
2. Instapage has updated our sign-up flow to include an opt-in box for consent to use the product. Users who prefer not to consent to the collection of their personal data will unfortunately not be able to use Instapage as this information is necessary to provide services and operate the product. We offer a separate opt-in box for marketing and communications. For those who opt-in, we may use your information to offer products or services that may be of interest based on your preferences.
3. We will provide notice of how personal data is used within the Instapage app, as well as the ability to change opt-in and opt-out settings. We will also provide a Global Unsubscribe button if you would like to opt-out of all non-transactional emails.
4. As Instapage has no access to the personal data of your leads, it is your responsibility to ensure that you obtain consent from your leads/visitors to collect their personal data and send that data to your Instapage account for processing. Please ensure that all your pop-ups, forms, etc. include language to provide this consent. One way that you can do this is via an opt-in box on your forms — functionality provided by Instapage.
5. Your leads’ personal data may be collected and transferred to your Instapage account using functionality like pop-up and embedded forms. These forms are one of the most important Instapage tools you can use to gain compliance with the GDPR. Carefully design each of your forms to make sure the language in the body and/or footer is clear, specific, and covers all possible reasons for using the data collected.
6. Keep accurate records and update any information requested by your leads. Instapage helps by providing you with a record of the email address, name, and timestamp associated with every lead signup who completes and submits a form to demonstrate easy-to-access proof of consent.
7. If you integrate Instapage with external tools and platforms, please consider the ramifications of sending your leads’ personal data into those tools and platforms. Find out if you need to take any additional action to ensure your compliance with the GDPR.
8. Keep in mind that any existing consent already obtained can continue to be relied on, as long as it meets the GDPR standards for consent. It’s not necessary to re-request consent from your existing leads when the GDPR goes into effect if this has been done.
Data processing documentation:
1. We have added a Data Processing Addendum (DPA) in-app for all customers who have personal data on our customers. This agreement will ensure that you are compliant with the end visitor data you have collected.
You should review the privacy statement and practices applicable to your organization and ensure that they provide proper notice that your leads’ personal data will be transferred to Instapage. For example, you may want to consider updating your privacy statement to include language that identifies Instapage as one of your processors. Delineate the applicable processing activities performed by Instapage, such as the collection (e.g. via sign-up forms) and storage of personal data (e.g. lead data in your Instapage account), and the transfer of personal data to certain sub-processors by Instapage (who, as described in our Terms of Use and Privacy Policy, perform some critical services such as research and development and customer support).
Are my landing pages automatically compliant?
Not exactly. There are a few extra steps you need to take to ensure your site is compliant.
Be sure to:
Be sure to:
- Update your Privacy Policy and Terms of Service so they meet the GDPR guidelines. You may want to seek legal advice in this process. We highly recommend that you add a link to your Privacy Policy and Terms of Service on landing pages.
- Add a check box to opt-in. On any forms you use, you'll need to take an extra step to ask for consent too. Use plain language to request consent and explain why you need this information. Learn more in this Help Center article on how to add a checkbox to allow users to opt-in on your forms.
- Don't forget to update your cookie consent message. Read more here on how to add one to your landing pages.
Will I still be able to collect user data once I am GDPR compliant?
Absolutely. The GDPR does not prohibit the collection of data; instead, the GDPR lays out that consent to the use of personal data is a fundamental right. You need to clearly explain why and how personal data is being collected and have a legal basis for processing personal information of the EU/EEA user.
Managing Your Data
Why do I need to opt in?
Instapage is committed to your privacy rights. GDPR stipulates that users have the right to decide how their information is shared and used.
How do I benefit from sharing my information?
When you allow Instapage access to your personal information, we are able to learn how to improve website functionality and performance. It also allows us to use cookies to create a better browsing experience by maintaining consistency between web pages you already visit. Cookies do this by remembering things like login information and preferred language and font settings. They can also make advertising more relevant and specific to your interests.
How do we use your data?
Instapage uses your personal information to ensure the best experience possible on our website and products.
Your data helps us focus on our mission and achieve our goals so we can:
Your data helps us focus on our mission and achieve our goals so we can:
- Run our business (and help you run yours.) From log in to authentication and account management to payment processing you provide us with essential information to keep teams productive, innovate new products and features so you grow your post-click landing page.
- Deliver a delightful site experience. We collect anonymous information that we analyze to understand site behavior. Your visits and clicks help us learn what we're doing well and also where we can improve your Instapage experience.
- Support and communicate with customers. We want you to be able to easily contact our Support team through our Live Chat or other support channels.
- Keep you in the know. We want to connect you to marketing materials like emails and messages so you know about our latest features, products, services, and content. Instapage may combine the information that we have with information we obtain from business partners or other companies.
Who is responsible for my data?
Instapage endeavors to handle responsibly your personal information and will answer your questions and concerns. Check our Privacy Notice for contact details.
Can I change my consent?
If you would like to change your consent, you may contact us via email here.
How can I make requests about my data?
We will respond to any requests regarding your data if you contact us in this regard. Check our Privacy Notice for contact details.
Cookie Policy
About this Cookie Policy
This Cookie Policy supplements our Privacy Policy and explains what cookies are and provides information on how and why we use them.
What are cookies?
Cookies are small data files (alphanumeric identifiers) stored on your device through your web browser.
Cookies have a wide variety of functions such as enabling websites to remember your browser settings and the preferences you have set such as login, language, font size, and other display preferences.
Cookies can also provide useful information like how and when pages in a website are visited and by how many people.
There are several types of cookies. Some are “first-party cookies” that come directly from our website and others are “third-party cookies” which third parties have placed on our site at our request.
Cookies can be stored for varying amounts of time on your browser. A session cookie is deleted after you close your web browser. A persistent cookie will remain on your browser until it expires or is deleted.
Our use of cookies falls into the following four general categories:
Cookies have a wide variety of functions such as enabling websites to remember your browser settings and the preferences you have set such as login, language, font size, and other display preferences.
Cookies can also provide useful information like how and when pages in a website are visited and by how many people.
There are several types of cookies. Some are “first-party cookies” that come directly from our website and others are “third-party cookies” which third parties have placed on our site at our request.
Cookies can be stored for varying amounts of time on your browser. A session cookie is deleted after you close your web browser. A persistent cookie will remain on your browser until it expires or is deleted.
Our use of cookies falls into the following four general categories:
- Essential cookies
- Optimization cookies
- Preference based cookies
- Targeting cookies
What are essential cookies?
Essential cookies are necessary to enable the basic functionality of a website like page navigation, website security, and integrity. Without these cookies, you can’t properly access Instapage or use our services.
What are optimization cookies?
Optimization cookies are able to provide insights, statistics, and analytics to help us understand how you use our services, so we can optimize pages, build new experiences, and improve content. For example, these cookies count the number of visitors to our services, the pages you visit, and how long you stay on our services. Our goal with analytics is to make sure all users find what they are looking for as quickly and as easily as possible.
What are preference based cookies?
Preference-based cookies enable Instapage to remember web browsing preferences which changes how we visualize or interact with a user. For example, preference-based cookies allow us to remember your regional location or preferred language when using our services.
What are targeting cookies?
Targeting cookies (aka advertising or marketing cookies) can track visitors across various sites to tailor and serve advertisements. They can also help measure the effectiveness of ad content and campaigns used on third-party sites Targeting cookies are placed on websites by third-party cookie providers. These third-party cookie providers may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.”
What third party cookies do we use?
As of the effective date of this Cookie Policy, we place cookies from the third-party cookie providers listed below. More information on the privacy practices of these third-party cookie providers can be found below. In some cases, you may be able to manage your cookie preferences through the third-party cookie provider’s website.
Optimization- and preference-based cookies
We use the following companies to help us improve the Instapage experience on our websites and on websites that we host on behalf of our customers. The data we collect from these cookies help us and our customers understand analytics, user behavior, and engagement such as what web pages users visit or links they click as well as how to optimize our product.
Advertising-based cookies
The following are advertising cookies. These cookies may be used for purposes of “interest-based advertising” or “personalized advertising.”
Optimization- and preference-based cookies
We use the following companies to help us improve the Instapage experience on our websites and on websites that we host on behalf of our customers. The data we collect from these cookies help us and our customers understand analytics, user behavior, and engagement such as what web pages users visit or links they click as well as how to optimize our product.
- Attribution
- Autopilot
- Capterra
- Drift
- Madkudu
- Google Analytics. To learn more about how to opt-out of Google Analytics’ use of your information, please click here.
- Heap Analytics
- Hello Bar
- Qualaroo
- Webhook
- Wistia
- Zendesk
Advertising-based cookies
The following are advertising cookies. These cookies may be used for purposes of “interest-based advertising” or “personalized advertising.”
- Bing
- Facebook To learn more about how to opt-out of Facebook’s use of your information, please click here while logged in to your Facebook account.
- Google Ad Settings
How do you change cookie preferences or block cookies?
Within your browser settings you can decide your own cookie preferences. As every browser is different, the settings may vary. In general, you can set your browser to accept, block, or delete cookies from third-parties or from specific websites.
To know more about how to delete cookies from your browser settings, click here.
By blocking cookies from our website you may encounter access issues and be unable to access certain features and functions. We highly recommend allowing cookies for optimal performance.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from companies that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising, Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.
Please note you must separately opt out in each browser and on each device.
Contact Us
If you have any questions about this Cookie Policy please contact us at dpc@instapage.com.
This Cookie Policy was last updated on January 16, 2023
To know more about how to delete cookies from your browser settings, click here.
By blocking cookies from our website you may encounter access issues and be unable to access certain features and functions. We highly recommend allowing cookies for optimal performance.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from companies that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising, Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.
Please note you must separately opt out in each browser and on each device.
Contact Us
If you have any questions about this Cookie Policy please contact us at dpc@instapage.com.
This Cookie Policy was last updated on January 16, 2023