Instapage is GDPR compliant

Categories

GDPR: A Brief Overview

What is GDPR?

What is GDPR?

accordian-arrow
GDPR, or the General Data Protection Regulation, is a directive of the European Union on privacy and the treatment of personal data approved in 2016. It went into full effect on May 25, 2018. It replaced all previous privacy directives dating back to 1995. The GDPR regulates how individuals and organizations may obtain, use, store, and eliminate personal data and allows you to explicitly accept or decline such use.
What are my rights under the GDPR?

What are my rights under the GDPR?

accordian-arrow
The GDPR extends consumer privacy consent and protection for European citizens and governs how organizations handle their personal information.

Organizations must be compliant with the seven rights of EU/EEA citizens and what those rights mean.

1. Right to transparent communication - to communicate where personal data goes

2. Right to basic information - to provide reasons why and how personal data is used

3. Right to access - to provide access to your own personal data

4. Right to be forgotten - to delete personal data by request

5. Right to restrict processing - to restrict usage of personal data by request

6. Right to data portability - to transfer personal data between platforms

7. Right to object to processing - to restrict processing and usage of personal data

Check our Privacy Notice for details.

Our GDPR Compliance

How does the GDPR affect Instapage?

How does the GDPR affect Instapage?

accordian-arrow
Instapage takes your privacy seriously and wants to build and maintain trust with all our customers. As a result, we are committed to comply fully with GDPR. We are transparent about why we collect personal information and how it’s used to improve the user experience and our site’s performance.
What is Instapage doing to be in compliance with the GDPR?

What is Instapage doing to be in compliance with the GDPR?

accordian-arrow
Instapage is excited about the GDPR and the strong data privacy and security principles it emphasizes. As part of the compliance process, we are continuously improving our internal documentation, data systems, processes, and procedures to ensure compliance on an ongoing basis.

Specifically, we:

  • Updated our Terms of Service and Privacy Policy to describe what data we collect and how we use it. This includes the communication of any data used in the maintenance, improvement, research, support and management of our tools necessary for your account to function correctly.

  • Participate in the EU-U.S Data Privacy Framework program to ensure a compliant transfer of personal data from the EU to the U.S.

  • Audited all third-party vendors we work with and updated our third-party vendor contracts to meet the requirements of the GDPR.

  • Updated our product workflows to include GDPR provisions for EU/EEA customers.

  • Provided a data processing addendum that customers can download and sign. In addition, added more granular opt-in/opt-out settings of personal data collected through the Instapage platform.

  • Address any requests made by Instapage customers related to their expanded individual rights under the GDPR, including deletion of personal data, updating personal data, and transferring personal data to another platform.

  • Encrypt our customers’ personal information, lead, and billing data. We do not have any access to our customers’ lead data.

  • Secured customer support troubleshooting.

What data does Instapage collect?

What data does Instapage collect?

accordian-arrow
We collect a variety of information so that you can use our platform.

Primary information like your full name and email address is necessary so you can use and have an account with Instapage. You may choose to share more information such as company name and phone number.

We also ask your consent on a range of other information including, but not limited to, IP address; approximate location; in-app usage around features; page use, design, and content; login information; browser type and version; time zone setting; device information; operating system and version; cookie data; and payment transactions.

Finally, we also collect third-party information. For example, if you connect with a Google account, we receive the information necessary to authenticate that it’s you. Other third-party information may also include demographic data or fraud detection information. Another type of information we get may relate to your experiences and interactions from our partner ad networks.

We ensure all data is safely encrypted and meets the standards laid out by the GDPR so that any personal information we collect is safely warehoused according to the articles laid out in the GDPR Chapter 5.

For full details please visit our Privacy Policy.

Compliance for Customers

How do I become compliant?

How do I become compliant?

accordian-arrow
The essence of the GDPR is about increasing transparency and adding consumer privacy protections. This means explaining in plain language how you collect and use any personal data. The GDPR also means ensuring that you can manage and securely store their data. Just as we have updated our policies, we recommend that you update your privacy policy to clearly lay out the use of personal data. Users also have the right to consent to these uses so you must include the ability to opt-in to gathering lead data and cookies. For cookie management we suggest presenting customers with a cookie solution to manage opting in to tracking cookies.

Disclaimer: The information we provide here is informational purposes only and should not be taken as legal advice. We strongly advise that in order to assure complete compliance to seek out professional legal advice or refer to the appropriate data supervisory authority for more details on how to comply.

Below are a few great resources to help you prepare:

General Data Protection Regulation, Simplified (Intersoft Consulting)
read more
Understanding GDPR (IAB)
read more
GDPR Compliance Primer (IAB)
read more
GDPR : A Primer for U.S.-Based Organizations That Handle EU Personal Data (NYU School of Law)
read more
Does the GDPR apply to me if I am located outside Europe?

Does the GDPR apply to me if I am located outside Europe?

accordian-arrow
The GDPR extends coverage to all of the European Union. Also, Switzerland and the United Kingdom have adopted their own analogies of GDPR. If you do or plan to do business, reach customers, or process personal data from these jurisdictions, then the GDPR will apply to you, regardless of your physical operational location.
Do I need to handle data differently as a result of the GDPR?

Do I need to handle data differently as a result of the GDPR?

accordian-arrow
You will be responsible for ensuring that your landing pages and any lead data you collect are compliant with the GDPR. This will include honoring the regulation’s new expanded rights, updating your consent and processing requirements, and updating your data processing policies and documentation.

Here are some of the areas where Instapage can help you become compliant with the GDPR:

Expanded personal rights:
1. Right to be forgotten - You may delete individual leads upon request at any time from your Instapage account. We will delete and remove any customer personal data upon request.

2. Right to restrict processing - You may incorporate opt-in functionality on your landing pages so your leads can opt-out of inclusion in a variety of marketing initiatives.

3. Right to access - You must update your Terms of Use and Privacy Policy to describe what data you collect and how you use it. You may also contact Instapage directly to request access to your personal data. We do not have access to your leads’ data. While we will endeavor to provide some guidance we recommend the use of a specialized agency or legal office to ensure you are properly observing the new regulations.

4. Right to portability - You may export leads’ personal data in order to provide portability of data to your landing page visitors at any time through your Instapage account. If you would like to pull your own personal data, please reach out to us. We will run the query and pull your data.

Consent and processing requirements:

1. We have updated our Terms of Service and Privacy Policy.

2. Instapage has updated our sign-up flow to include an opt-in box for consent to use the product. Users who prefer not to consent to the collection of their personal data will unfortunately not be able to use Instapage as this information is necessary to provide services and operate the product. We offer a separate opt-in box for marketing and communications. For those who opt-in, we may use your information to offer products or services that may be of interest based on your preferences.

3. We will provide notice of how personal data is used within the Instapage app, as well as the ability to change opt-in and opt-out settings. We will also provide a Global Unsubscribe button if you would like to opt-out of all non-transactional emails.

4. As Instapage has no access to the personal data of your leads, it is your responsibility to ensure that you obtain consent from your leads/visitors to collect their personal data and send that data to your Instapage account for processing. Please ensure that all your pop-ups, forms, etc. include language to provide this consent. One way that you can do this is via an opt-in box on your forms — functionality provided by Instapage.

5. Your leads’ personal data may be collected and transferred to your Instapage account using functionality like pop-up and embedded forms. These forms are one of the most important Instapage tools you can use to gain compliance with the GDPR. Carefully design each of your forms to make sure the language in the body and/or footer is clear, specific, and covers all possible reasons for using the data collected.

6. Keep accurate records and update any information requested by your leads. Instapage helps by providing you with a record of the email address, name, and timestamp associated with every lead signup who completes and submits a form to demonstrate easy-to-access proof of consent.

7. If you integrate Instapage with external tools and platforms, please consider the ramifications of sending your leads’ personal data into those tools and platforms. Find out if you need to take any additional action to ensure your compliance with the GDPR.

8. Keep in mind that any existing consent already obtained can continue to be relied on, as long as it meets the GDPR standards for consent. It’s not necessary to re-request consent from your existing leads when the GDPR goes into effect if this has been done.

Data processing documentation:
1. We have added a Data Processing Addendum (DPA) in-app for all customers who have personal data on our customers. This agreement will ensure that you are compliant with the end visitor data you have collected.

You should review the privacy statement and practices applicable to your organization and ensure that they provide proper notice that your leads’ personal data will be transferred to Instapage. For example, you may want to consider updating your privacy statement to include language that identifies Instapage as one of your processors. Delineate the applicable processing activities performed by Instapage, such as the collection (e.g. via sign-up forms) and storage of personal data (e.g. lead data in your Instapage account), and the transfer of personal data to certain sub-processors by Instapage (who, as described in our Terms of Use and Privacy Policy, perform some critical services such as research and development and customer support).
Are my landing pages automatically compliant?

Are my landing pages automatically compliant?

accordian-arrow
Not exactly. There are a few extra steps you need to take to ensure your site is compliant.
Be sure to:


  • Update your Privacy Policy and Terms of Service so they meet the GDPR guidelines. You may want to seek legal advice in this process. We highly recommend that you add a link to your Privacy Policy and Terms of Service on landing pages.


  • Add a check box to opt-in. On any forms you use, you'll need to take an extra step to ask for consent too. Use plain language to request consent and explain why you need this information. Learn more in this Help Center article on how to add a checkbox to allow users to opt-in on your forms.


  • Don't forget to update your cookie consent message. Read more here on how to add one to your landing pages.
Will I still be able to collect user data once I am GDPR compliant?

Will I still be able to collect user data once I am GDPR compliant?

accordian-arrow
Absolutely. The GDPR does not prohibit the collection of data; instead, the GDPR lays out that consent to the use of personal data is a fundamental right. You need to clearly explain why and how personal data is being collected and have a legal basis for processing personal information of the EU/EEA user.

Managing Your Data

Why do I need to opt in?

Why do I need to opt in?

accordian-arrow
Instapage is committed to your privacy rights. GDPR stipulates that users have the right to decide how their information is shared and used.
How do I benefit from sharing my information?

How do I benefit from sharing my information?

accordian-arrow
When you allow Instapage access to your personal information, we are able to learn how to improve website functionality and performance. It also allows us to use cookies to create a better browsing experience by maintaining consistency between web pages you already visit. Cookies do this by remembering things like login information and preferred language and font settings. They can also make advertising more relevant and specific to your interests.
How do we use your data?

How do we use your data?

accordian-arrow
Instapage uses your personal information to ensure the best experience possible on our website and products.

Your data helps us focus on our mission and achieve our goals so we can:

  • Run our business (and help you run yours.) From log in to authentication and account management to payment processing you provide us with essential information to keep teams productive, innovate new products and features so you grow your post-click landing page.


  • Deliver a delightful site experience. We collect anonymous information that we analyze to understand site behavior. Your visits and clicks help us learn what we're doing well and also where we can improve your Instapage experience.


  • Support and communicate with customers. We want you to be able to easily contact our Support team through our Live Chat or other support channels.


  • Keep you in the know. We want to connect you to marketing materials like emails and messages so you know about our latest features, products, services, and content. Instapage may combine the information that we have with information we obtain from business partners or other companies.


Who is responsible for my data?

Who is responsible for my data?

accordian-arrow
Instapage endeavors to handle responsibly your personal information and will answer your questions and concerns. Check our Privacy Notice for contact details.
How can I make requests about my data?

How can I make requests about my data?

accordian-arrow
We will respond to any requests regarding your data if you contact us in this regard. Check our Privacy Notice for contact details.

Ready to turn more ad clicks into conversions?

Try the world’s most advanced landing page platform today

We use cookies to give you the best experience on our website, deliver our services, personalize content, and to analyze traffic. By continuing to use our website you agree to allow our use of cookies. To know more please refer to our Cookie Policy.
close