GDPR: A Brief Overview
What is GDPR?
What are my rights under the GDPR?
Organizations must be compliant with the seven rights of EU/EEA citizens and what those rights mean.
1. Right to transparent communication - to communicate where personal data goes
2. Right to basic information - to provide reasons why and how personal data is used
3. Right to access - to provide access to your own personal data
4. Right to be forgotten - to delete personal data by request
5. Right to restrict processing - to restrict usage of personal data by request
6. Right to data portability - to transfer personal data between platforms
7. Right to object to processing - to restrict processing and usage of personal data
Our GDPR Compliance
How does the GDPR affect Instapage?
What is Instapage doing to be in compliance with the GDPR?
- Audited all third-party vendors we work with and updated our third-party vendor contracts to meet the requirements of the GDPR.
- Updated our product workflows to include GDPR provisions for EU/EEA customers.
- Provided a data processing addendum in-app that customers can download and sign. In addition, added more granular opt-in/opt-out settings of personal data collected through the Instapage platform.
- Address any requests made by Instapage customers related to their expanded individual rights under the GDPR, including deletion of personal data, updating personal data, and transferring personal data to another platform.
- Continue to encrypt our customers’ personal information, lead, and billing data. We do not have any access to our customers’ lead data.
- Secured customer support troubleshooting.
What data does Instapage collect?
Primary information like your full name and email address is necessary so you can use and have an account with Instapage. You may choose to share more information such as company name and phone number.
We also ask your consent on a range of other information including, but not limited to, IP address; approximate location; in-app usage around features; page use, design, and content; login information; browser type and version; time zone setting; device information; operating system and version; cookie data; and payment transactions.
Finally, we also collect Third Party information. For example, if you connect with a Google account, we receive the information necessary to authenticate that it’s you. Other Third Party information may also include demographic data or fraud detection information. Another type of information we get may relate to your experiences and interactions from our partner ad networks.
We ensure all data is safely encrypted and meets the standards laid out by the GDPR so that any personal information we collect is safely warehoused according to the articles laid out in the GDPR Chapter 5.
Compliance for Customers
How do I become compliant?
Disclaimer: The information we provide here is informational purposes only and should not be taken as legal advice. We strongly advise that in order to assure complete compliance to seek out professional legal advice or refer to the appropriate data supervisory authority for more details on how to comply.
Below are a few great resources to help you prepare:
General Data Protection Regulation, Simplified (Intersoft Consulting)
Understanding GDPR (IAB)
GDPR Compliance Primer (IAB)
GDPR : A Primer for U.S.-Based Organizations That Handle EU Personal Data (NYU School of Law)
Does the GDPR apply to me if I am located outside Europe?
Do I need to handle data differently as a result of the GDPR?
Here are some of the areas where Instapage can help you become compliant with the GDPR:
Expanded personal rights:
1. Right to be forgotten - You may delete individual leads upon request at any time from your Instapage account. We will delete and remove any customer personal data upon request.
2. Right to restrict processing - You may incorporate opt-in functionality on your landing pages so your leads can opt-out of inclusion in a variety of marketing initiatives.
4. Right to portability - You may export leads’ personal data in order to provide portability of data to your landing page visitors at any time through your Instapage account. If you would like to pull your own personal data, please reach out to us. We will run the query and pull your data.
Consent and processing requirements:
2. Instapage has updated our sign-up flow to include an opt-in box for consent to use the product. Users who prefer not to consent to the collection of their personal data will unfortunately not be able to use Instapage as this information is necessary to provide services and operate the product. We offer a separate opt-in box for marketing and communications. For those who opt-in, we may use your information to offer products or services that may be of interest based on your preferences.
3. We will provide notice of how personal data is used within the Instapage app, as well as the ability to change opt-in and opt-out settings. We will also provide a Global Unsubscribe button if you would like to opt-out of all non-transactional emails.
4. As Instapage has no access to the personal data of your leads, it is your responsibility to ensure that you obtain consent from your leads/visitors to collect their personal data and send that data to your Instapage account for processing. Please ensure that all your pop-ups, forms, etc. include language to provide this consent. One way that you can do this is via an opt-in box on your forms — functionality provided by Instapage.
5. Your leads’ personal data may be collected and transferred to your Instapage account using functionality like pop-up and embedded forms. These forms are one of the most important Instapage tools you can use to gain compliance with the GDPR. Carefully design each of your forms to make sure the language in the body and/or footer is clear, specific, and covers all possible reasons for using the data collected.
6. Keep accurate records and update any information requested by your leads. Instapage helps by providing you with a record of the email address, name, and timestamp associated with every lead signup who completes and submits a form to demonstrate easy-to-access proof of consent.
7. If you integrate Instapage with external tools and platforms, please consider the ramifications of sending your leads’ personal data into those tools and platforms. Find out if you need to take any additional action to ensure your compliance with the GDPR.
8. Keep in mind that any existing consent already obtained can continue to be relied on, as long as it meets the GDPR standards for consent. It’s not necessary to re-request consent from your existing leads when the GDPR goes into effect if this has been done.
Data processing documentation:
1. We have added a Data Processing Addendum (DPA) in-app for all customers who have personal data on our customers. This agreement will ensure that you are compliant with the end visitor data you have collected.
Are my landing pages automatically compliant?
Be sure to:
- Add a check box to opt-in. On any forms you use, you'll need to take an extra step to ask for consent too. Use plain language to request consent and explain why you need this information. Learn more in this Help Center article on how to add a checkbox to allow users to opt-in on your forms.
- Don't forget to update your cookie consent message either. Read more here on how to add one to your landing pages.
Will I still be able to collect user data once I am GDPR compliant?
Managing Your Data
Why do I need to opt in?
How do I benefit from sharing my information?
How do we use your data?
Your data helps us focus on our mission and achieve our goals so we can:
- Run our business (and help you run yours.) From log in to authentication and account management to payment processing you provide us with essential information to keep teams productive, innovate new products and features so you grow your post-click experience.
- Deliver a delightful site experience. We collect anonymous information that we analyze to understand site behavior. Your visits and clicks help us learn what we're doing well and also where we can improve your Instapage experience.
- Support and communicate with customers. We want you to be able to easily contact our Support team through our Live Chat or other support channels.
- Keep you in the know. We want to connect you to marketing materials like emails and messages so you know about our latest features, products, services, and content. Instapage may combine the information that we have with information we obtain from business partners or other companies.
Who is responsible for my data?
Attn: Data Privacy Officer
118 King St. Ste. 450
San Francisco, CA 94107
Can I change my consent?
How can I make requests about my data?
Attn: Data Privacy Officer
118 King St. Ste. 450
San Francisco, CA 94107
Additional questions regarding your expanded individual rights under the GDPR, including deletion of personal data, updating personal data, and transferring personal data to another platform may also be directed to our privacy officer above. We may require additional information in order to process this request.