Last Updated: 27 NOVEMBER 2019
Thank you for using Instapage!
Instapage complies with the requirements of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively “Privacy Shield”), as set forth by the U.S. Department of Commerce and the Federal Trade Commission (“FTC”), regarding the collection, use, and retention of Personal Information transferred from the European Economic Area and Switzerland to the United States. Instapage has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and Supplemental Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Instapage’s certification, please visit Privacy Shield. Additionally, Instapage may protect information through other legally valid methods, including international data transfer agreements.
This Policy applies to all Instapage’s operating divisions, subsidiaries, affiliates, and branches, including its U.S. affiliates certified under the Privacy Shield and any additional subsidiary, affiliate, or branch of Instapage that we may subsequently form.
“Agent” means any Third Party that processes Personal Information pursuant to the instructions of, and solely for, Instapage or to which Instapage discloses Personal Information for use on its behalf.
“Customer Data” means any Personal Data that Instapage processes on behalf of Customer as a Data Processor in the course of providing Services, as more particularly described our DPA.
“Data Controller” means an entity that determines the purposes and means of the processing of Personal Data.
“Data Processor” means an entity that processes Personal Data on behalf of a Data Controller.
“Privacy Shield” means the seven (7) principles of the Privacy Shield Framework: (1) notice, (2), choice, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access, and (7) recourse, enforcement, and liability. Additionally, it includes the fourteen (14) supplemental principles described in the Privacy Shield: (1) sensitive data, (2) journalistic exceptions, (3) secondary liability, (4) performing due diligence and conducting audits, (5) self-certification, (6) verification, (7) access, (8) obligatory contracts for onward transfers, (9) dispute resolution and enforcement, (10) choice – timing of opt-out, (11) travel information, (12) pharmaceutical and medical products, (13) public record and publicly available information, and (14) access requests by public authorities.
“Process” or “Processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.
There are three general categories of information we collect.
We ask for and collect the following personal information about you when you use the Instapage Platform. This information is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with all the requested services.
You may choose to provide us with additional personal information in order to obtain a better user experience when using Instapage Platform. This additional information will be processed based on your consent.
Instapage may collect information, including personal information, that others provide about you when they use the Instapage Platform and the Payment Services, or obtain information from other sources and combine that with information we collect through the Instapage Platform and the Payment Services. We do not control, supervise or respond for how the third parties providing your information process your personal data, and any information request regarding the disclosure of your personal information to us should be directed to such third parties. For more information on third parties used, see the Instapage GDPR webpage at instapage.com/gdpr.
We use, store, and process information, including personal information, about you to provide, understand, improve, and develop the Instapage Platform, create and maintain a trusted and safer environment and comply with our legal obligations.
We process this information given our legitimate interest in improving the Instapage Platform and our Users’ experience with it, and where it is necessary for the adequate performance of the contract with you.
We process this information given our legitimate interest in protecting the Instapage Platform, to measure the adequate performance of our contract with you, and to comply with applicable laws.
We will process your personal information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you products or services that may be of your interest. You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications or changing your notification settings within your Instapage Account.
The Payments Data Controller processes this information given its legitimate interest in improving the Payment Services and its users’ experience with it, and where it is necessary for the adequate performance of the contract with you and to comply with applicable laws.
Where you have provided consent, we share your information, including personal information, as described at the time of consent, such as when you authorize a third-party application or website to access your Instapage Account or when you participate in promotional activities conducted by Instapage partners or third parties.
Instapage may disclose your information, including personal information, to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary: (i) comply with our legal obligations, (ii) to comply with legal process and to respond to claims asserted against Instapage, (iii) to respond to verified requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability, (iv) to enforce and administer our Terms of Service, or other agreements with Users, or (v) to protect the rights, property or personal safety of Instapage, its employees, its Users, or members of the public.
Where appropriate, we may notify Users about legal requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon Instapage’s property, its Users and the Instapage Platform. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that User about the request after the fact where appropriate and where we determine in good faith that we are no longer prevented from doing so.
Instapage uses a variety of third party service providers to help us provide services related to the Instapage Platform and the Payment Services. Service providers may be located inside or outside of the European Economic Area (“EEA”). In particular, our service providers are based in Europe, India, Asia Pacific and North and South America.
the service providers that prohibit them from using or sharing Personal Information except as necessary to perform the contracted services on our behalf or to comply with applicable legal requirements. Click here to view our list of subprocessors.
Instapage will need to share your information, including personal information, in order to ensure the adequate performance of our contract with you.
To enable or support us in providing the Instapage Platform, we may share your information, including personal information, within our corporate family of companies that are related by common ownership or control.
• Sharing with Instapage, Inc. even if your Country of Residence is not the United States, your information may be shared with Instapage, Inc. which provides the technical infrastructure for the Instapage Platform, product development and maintenance, customer support, trust and safety and other business operation services to other Instapage entities. The data sharing is necessary for the performance of the contract between you and us and is based on our legitimate interests in providing the Instapage Platform globally.
Additionally, we share your information, including personal information, with our corporate affiliates in order to support and integrate, promote, and to improve the Instapage Platform and our affiliates’ services.
Where permissible according to applicable law we may use certain limited personal information about you, such as your email address, to hash it and to share it with social media platforms, such as Facebook or Google, to generate leads, drive traffic to our websites or otherwise promote our products and services or the Instapage Platform. These processing activities are based on our legitimate interest in undertaking marketing activities to offer you products or services that may be if your interest.
The social media platforms with which we may share your personal data are not controlled or supervised by Instapage. Therefore, any questions regarding how your social media platform service provider processes your personal data should be directed to such provider.
Please note that you may, at any time ask Instapage to cease processing your data for these direct marketing purposes by sending an e-mail to [email protected].
With respect to onward transfers to Agents under Privacy Shield, Privacy Shield requires that Instapage remain liable should its Agents process Personal Information in a manner inconsistent with the Privacy Shield Principles.
We may also share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other anonymized information for regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.
We may use technologies considered automated decision making or profiling. We will not make automated decisions about you that would significantly affect you, unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are required by law to use such technology.
We may review, scan, or analyze your communications on the Instapage Platform for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research, and customer support purposes.
For example, as part of our fraud prevention efforts, we scan and analyze messages to mask contact information and references to other websites.
In some cases, we may also scan, review, or analyze messages to debug, improve, and expand product offerings.
We use automated methods where reasonably possible. However, occasionally we may need to manually review some communications, such as for fraud investigations and customer support, or to assess and improve the functionality of these automated tools.
We will not review, scan, or analyze your communications to send third party marketing messages to you, and we will not sell reviews or analyses of these communications.
These activities are carried out based on Instapage’s legitimate interest in ensuring compliance with applicable laws and our Terms of Service, preventing fraud, promoting safety, and improving and ensuring the adequate performance of our services.
You may link your Instapage Account with your account at a third party social networking service. When you create this link:
We only collect your information from linked third party accounts to the extent necessary to ensure the adequate performance of our contract with you, or to ensure that we comply with applicable laws, or with your consent.
The Instapage Platform may contain links to third party websites or services, such as third-party integrations, co-branded services, or third party-branded services (“Third Party Partners”). Instapage doesn’t own or control these Third-Party Partners and when you interact with them, you may be providing information directly to the Third-Party Partner, Instapage, or both. These Third-Party Partners will have their own rules about the collection, use, and disclosure of information. We encourage you to review the privacy policies of the other websites you visit.
Under Privacy Shield, you may exercise any of the rights described in this section by sending an email to [email protected] Please note that we may ask you to verify your identity before taking further action on your request.
You may access and update some of your information through your Account settings. If you have chosen to connect your Instapage Account to a third-party application, like Facebook or Google, you can change your settings and remove permission for the app by changing your Account settings. You are responsible for keeping your personal information up-to-date.
You have the right to ask us to correct personal information concerning you that is inaccurate, incomplete, or has been processed in violation of the Privacy Shield Principles.
In some jurisdictions, applicable law may entitle you to request copies of your personal information held by us. You may also be entitled to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
We generally retain your personal information for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. If you no longer want us to use your information to provide the Instapage Platform to you, you can request that we erase your personal information and close your Instapage Account. Please note that if you request the erasure of your personal information:
Where you have provided your consent to the processing of your personal information by Instapage you may withdraw your consent at any time by changing your Account settings or by sending a communication to [email protected] specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. Additionally, in some jurisdictions, applicable law may give you the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defense of legal claims; or (iv) you have objected to the processing pursuant to Section 6.6 and pending the verification whether the legitimate grounds of Instapage override your own.
In some jurisdictions, applicable law may entitle you to require Instapage and Instapage Payments not to process your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest. If you object to such processing Instapage and/or Instapage Payments will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise or defense of legal claims.
Where your personal information is processed for direct marketing purposes, you may, at any time ask Instapage to cease processing your data for these direct marketing purposes by opting out from your account settings.
If your information is shared with corporate affiliates or third-party service providers outside the EEA, we have – prior to sharing your information with such corporate affiliate or third-party service provider – established the necessary means to ensure an adequate level of data protection. This may be an adequacy decision of the European Commission confirming an adequate level of data protection in the respective non-EEA country or an agreement on the basis of the EU Model Clauses (a set of clauses issued by the European Commission). For more information, please see our Information Security Policy by sending a request to [email protected] or at instapage.com/security.
Instapage Payments will not share information it collects about you with its affiliates or third parties (both financial and non-financial), except as required or permitted by your state’s law.
California law permits Users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those third parties. See Section 12 “Contact Us” for where to send such requests. Instapage and Instapage Payments do not share personal information with third parties for their own direct marketing purposes without your prior consent. Accordingly, you can prevent disclosure of your personal information to third parties for their direct marketing purposes by withholding consent.
We are continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction, or alteration. Some of the safeguards we use to protect your information are firewalls and data encryption, and information access controls. If you know or have reason to believe that your Instapage Account credentials have been lost, stolen, misappropriated, or otherwise compromised or in case of any actual or suspected unauthorized use of your Instapage Account, please contact us following the instructions in Section 12 below.
This Policy shall be implemented by Instapage and all its operating divisions, subsidiaries and affiliates. Instapage has put in place mechanisms to verify ongoing compliance with Privacy Shield Principles and this Policy. Any Employee that violates these privacy principles will be subject to disciplinary procedures. If you are an EU or Swiss citizen and feel that Instapage is not abiding by the terms of this Policy, or is not in compliance with the Privacy Shield Principles, please contact Instapage at the information provided in Section 12 “Contact Us” section below.
In addition, Instapage has agreed to refer unresolved complaints related to Personal Information to JAMS Privacy Shield Dispute Resolution Program. For more information and to submit a complaint regarding Individual data to JAMS, a dispute resolution provider which has locations in the United States and EU, visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.
You may also have a right, under certain conditions, to invoke binding arbitration under Privacy Shield; for additional information, see https://www.privacyshield.gov/article?id=ANNEX-I-introduction. The FTC has jurisdiction over Instapage’s compliance with the Privacy Shield.
303 Second Street, Suite 901 South Tower San Francisco, CA 94107
should be addressed to: [email protected]
303 2nd St. Suite 901
San Francisco, CA 94107