- GDPR: A Brief Overview
- Our GDPR Compliance
- Compliance for Customers
- Managing Your Data
GDPR, or the General Data Protection Regulation, is a directive of the European Union on privacy and the treatment of personal data approved in 2016. Its full effect comes in to play on May 25, 2018. It replaces all previous privacy directives dating back to 1995. The GDPR regulates how individuals and organizations may obtain, use, store, and eliminate personal data and allows you to explicitly accept or decline such use.
The GDPR extends consumer privacy consent and protection for European citizens and governs how organizations handle their personal information.
Organizations must be compliant with the seven rights of EU/EEA citizens and what those rights mean.
1. Right to transparent communication - to communicate where personal data goes
2. Right to basic information - to provide reasons why and how personal data is used
3. Right to access - to provide access to your own personal data
4. Right to be forgotten - to delete personal data by request
5. Right to restrict processing - to restrict usage of personal data by request
6. Right to data portability - to transfer personal data between platforms
7. Right to object to processing - to restrict processing and usage of personal data
Instapage takes your privacy seriously and wants to build and maintain trust with all our customers. As a result, we are committed to complying fully with the GDPR. We want to be transparent about why we collect personal information and how it’s used to improve the user experience and our site’s performance.
Instapage is excited about the GDPR and the strong data privacy and security principles it emphasizes. We remain committed to achieving compliance with the GDPR before May 25th, 2018. As part of the compliance process, we are reviewing and updating our internal documentation, data systems, processes, and procedures to ensure we are ready when the GDPR comes into effect.
- Audited all third-party vendors we work with and update our third-party vendor contracts to meet the requirements of the GDPR.
- Updated our product workflows to include GDPR provisions for EU/EEA customers.
- Provided a data processing addendum in-app that customers can download and sign. In addition, added more granular opt-in/opt-out settings of personal data collected through the Instapage platform.
- Address any requests made by Instapage customers related to their expanded individual rights under the GDPR, including deletion of personal data, updating personal data, and transferring personal data to another platform.
- Continue to encrypt our customers’ personal information, lead, and billing data. We do not have any access to our customers’ lead data.
- Secured customer support troubleshooting.
We collect a variety of information so that you can use our platform.
Primary information like your full name and email address is necessary so you can use and have an account with Instapage. You may choose to share more information such as company name and phone number.
We also ask your consent on a range of other information including, but not limited to, IP address; approximate location; in-app usage around features; page use, design, and content; login information; browser type and version; time zone setting; device information; operating system and version; cookie data; and payment transactions.
Finally, we also collect Third Party information. For example, if you connect with a Google account, we receive the information necessary to authenticate that it’s you. Other Third Party information may also include demographic data or fraud detection information. Another type of information we get may relate to your experiences and interactions from our partner ad networks.
We ensure all data is safely encrypted and meets the standards laid out by the GDPR so that any personal information we collect is safely warehoused according the articles laid out in the GDPR Chapter 5.
Disclaimer: The information we provide here is informational purposes only and should not be taken as legal advice. We strongly advise that in order to assure complete compliance to seek out professional legal advice or refer to the appropriate data supervisory authority for more details on how to comply.
Below are a few great resources to help you prepare:
General Data Protection Regulation, Simplified (Intersoft Consulting)
Understanding GDPR (IAB)
GDPR Compliance Primer (IAB)
GDPR : A Primer for U.S.-Based Organizations That Handle EU Personal Data (NYU School of Law)
The GDPR extends coverage to all of the European Union, including the United Kingdom since it will still be a part of the EU when the GDPR goes into effect. If you do or plan to do business in Europe, reach European customers, or process EU personal data, then the GDPR will apply to you, regardless of your physical operational location.
You will be responsible for ensuring that your landing pages and any lead data you collect are compliant with the GDPR. This will include honoring the regulation’s new expanded rights, updating your consent and processing requirements, and updating your data processing policies
Here are some of the areas where Instapage can help you prepare for the GDPR:
Expanded personal rights:
1. Right to be forgotten - You may delete individual leads upon request at any time from your Instapage account. We will delete and remove any customer personal data upon request.
2. Right to restrict processing - You may incorporate opt-in functionality on your landing pages so your leads can opt-out of inclusion in a variety of marketing initiatives.
4. Right to portability - You may export leads’ personal data in order to provide portability of data to your landing page visitors at any time through your Instapage account. If you would like to pull your own personal data, please reach out to us. We will run the query and pull your data.
Consent and processing requirements:
2. Instapage has updated our sign-up flow to include an opt-in box for consent to use the product. Users who prefer not to consent to the collection of their personal data will unfortunately not be able to use Instapage as this information is necessary to provide services and operate the product. We offer a separate opt-in box for marketing and communications. For those who opt in we may use your information to offer products or services that may be of interest based on your preferences.
3. We will provide a notice of how personal data is used within the Instapage app, as well as the ability to change opt-in and opt-out settings. We will also provide a Global Unsubscribe button if you would like to opt-out of all non-transactional emails.
4. As Instapage has no access to the personal data of your leads, it is your responsibility to ensure that you obtain consent from your leads/visitors to collect their personal data and send that data to your Instapage account for processing. Please ensure that all your pop-ups, forms, etc. include language to provide this consent. One way that you can do this is via an opt-in box on your forms — functionality provided by Instapage.
5. Your leads’ personal data may be collected and transferred to your Instapage account using functionality like pop-up and embedded forms. These forms are one of the most important Instapage tools you can use to gain compliance with the GDPR. Carefully design each of your forms to make sure the language in the body and/or footer is clear, specific, and covers all possible reasons for using the data collected.
6. Keep accurate records and update any information requested by your leads. Instapage helps by providing you with a record of the email address, name, and timestamp associated with every lead signup who completes and submits a form to demonstrate easy-to-access proof of consent.
7. If you integrate Instapage with external tools and platforms, please consider the ramifications of sending your leads’ personal data into those tools and platforms. Find out if you need to take any additional action to ensure your compliance with the GDPR.
8. Keep in mind that any existing consent already obtained can continue to be relied on, as long as it meets the GDPR standards for consent. It’s not necessary to re-request consent from your existing leads when the GDPR goes into effect if this has been done.
Data processing documentation:
1. We have added a Data Processing Addendum (DPA) in-app for all customers who have personal data on our customers. This agreement will ensure that you are compliant with the end visitor data you have collected.
Not exactly. There are a few extra steps you need to take to ensure your site is compliant.
Be sure to:
- Add a check box to opt-in. On any forms you use, you'll need to take an extra step to ask for consent too. Use plain language to request consent and explain why you need this information. Learn more in this Help Center article on how to add a checkbox to allow users to opt-in on your forms.
- Don't forget to update your cookie consent message either. Read more here on how to add one to your landing pages.
Absolutely. The GDPR does not prohibit the collection of data; instead, the GDPR lays out that consent to the use of personal data is a fundamental right. You need to clearly explain why and how personal data is being collected, and get explicit consent from EU/EEA users to use their personal information in this way.
Instapage is committed to your privacy rights. GDPR stipulates that users have the right to decide how their information is shared and used.
Instapage uses your personal information to ensure the best experience possible on our website and products.
Your data helps us focus on our mission and achieve our goals so we can:
- Run our business (and help you run yours.) From log in to authentication and account management to payment processing you provide us with essential information to keep teams productive, innovate new products and features so you grow your post-click experience.
- Deliver a delightful site experience. We collect anonymous information that we analyze to understand site behavior. Your visits and clicks help us learn what we're doing well and also where we can improve your Instapage experience.
- Support and communicate with customers. We want you to be able to easily contact our Support team through our Live Chat or other support channels.
- Keep you in the know. We want to connect you to marketing materials like emails and messages so you know about our latest features, products, services, and content. Instapage may combine the information that we have with information we obtain from business partners or other companies.
Instapage endeavors to handle responsibly your personal information and will answer your questions and concerns. We have named Marek Dajnowski as our Data Privacy Officer and he and our Privacy Team are here to help.
Attn: Data Privacy Officer
118 King St. Ste. 450
San Francisco, CA 94107
If you would like to change your consent, you may contact us via email here.
We will respond to any requests regarding your data if you contact our Data Privacy Officer by email email@example.com. If you prefer you may send us a letter please use this address:
Attn: Data Privacy Officer
118 King St. Ste. 450
San Francisco, CA 94107
Additional questions regarding your expanded individual rights under the GDPR, including deletion of personal data, updating personal data, and transferring personal data to another platform may also be directed to our privacy officer above. We may require additional information in order to process this request.
Cookies are small data files (alphanumeric identifiers) sent to your computer’s hard drive through your web browser. Cookies enable websites to remember your browser settings and the preferences you have set such as login, language, font size, and other display preferences.
They can also provide useful information like how and when pages in a website are visited and by how many people. Instapage cookies do not collect personal information. Instapage does not use cookie information with other personal information to tell us your screen name, email address, or who you are.
There are several types of cookies. Some come directly from our website and others come from third parties that have placed them on our site.
Cookies can be stored for varying amounts of time on your browser or device. A session cookie is deleted after you close your web browser. A persistent cookie will remain on your device until they expire or are deleted.
There are 4 types of cookies we use on our site:
- Essential cookies
- Optimization cookies
- Preference based cookies
- Targeting cookies
Essential cookies enable the basic functionality of a website like page navigation, site security, and integrity. Without these cookies you can’t access Instapage and its services.
Optimization cookies are able to provide insights, statistics and analytics to help us understand how you use the site so we can optimize pages, build new experiences and improve content. For example, these cookies count the number of visitors to our site, the pages you visit, and how long you stay on the site. Our goal with analytics is to make sure all users find what they are looking for as quickly and as easily as possible. This data is collected anonymously, meaning there is no personally identifiable information collected.
Preference cookies enable a website to access preferences that change how we visualize or interact with a website like remembering your regional location or preferred language.
Targeting cookies (aka advertising or marketing cookies) track visitors across various sites to serve and track the effectiveness of ad content and campaigns used on third party sites. These cookies deliver digital content that is relevant to your online behavior and designed to be more contextual helping to users and marketers to better connect. Third party service providers place them on our website to remember your browsing activity to gain insight into contextual demographics and categories such as age and gender or hobbies and interests. This information is anonymized in an effort to deliver contextually relevant advertising.
We place cookies from the following third parties. More information on what they and their privacy policies can be found below and, in some cases, you may be able to alter your ad settings through their own sites.
Optimization- and Preference-based cookies
We use the following companies to help us improve the Instapage experience on site and in our app. The data we collect from these cookies helps us understand user behavior and engagement such as what web pages users visit or links they click as well as how to optimize our product. The data we collect is anonymous and does not contain Personally Identifiable Information (PII) unless expressly described in our Terms of Service in order for you to use our products. You can learn more about their privacy and/or cookie policies below.
- Google Analytics
- Heap Analytics
- Hello Bar
The following are advertising cookies that allow the major ad platforms to serve relevant content to you in a contextual manner. It allows us to place advertising content onto these platforms which is relevant to you based on the information which your web browsing patterns allow these advertising platforms to infer contextually relevant advertising categories. This information is never connected to your profile, and it is always anonymous.
Within your browser settings you can decide your own cookie preferences. As every browser is different, the settings may vary. In general you can set your browser to accept, block or delete cookies as well as any third party cookies or from specific websites.
To know more about how to delete cookies from your browser settings, click here.
By blocking cookies from our website you may encounter access issues and be unable to access certain features and functions. We highly recommend allowing cookies for optimal performance.
You can control and opt-out of Google adverts and other third party cookies here:
By email: firstname.lastname@example.org
Attn: Data Privacy Officer
118 King St. Ste. 450
San Francisco, CA 94107