At InstaWP Inc, (“we”) understand the importance of protecting your personal data and take this responsibility seriously. In compliance with our data protection obligations, we are committed to informing you about data privacy in our company. The EU General Data Protection Regulation (“GDPR”) has further obligated us to ensure the protection of your personal data as the data subject (“you”).
As controllers, we hold the responsibility of deciding, either alone or with others, the purpose and means of processing personal data. We are obligated under Articles 13 and 14 of the DSGVO to provide transparent information to you about the nature, scope, purpose, duration, and legal basis of data processing. In compliance with this duty, we present our (“data protection declaration”).
Our declaration is modular in structure, comprising a general part for all personal data processing situations (A. General) and special parts that relate to specific processing situations. These include data processing when using our website and social media presences (B.) and processing of applicant data (C.).
- “Personal data” (Article 4 No. 1 DSGVO) refers to any information that pertains to an identified or identifiable natural person (“data subject”). A person is deemed identifiable if they can be directly or indirectly identified, especially through an identifier such as a name, an identification number, an online identifier, location data, or through characteristics of their physical, physiological, genetic, mental, economic, cultural, or social identity. Such identifiability can also result from the combination of this information with additional knowledge. The origin, form, or embodiment of the information is immaterial (including photographs, video, or audio recordings that may contain personal data).
- “Processing” (Article 4 No. 2 GDPR) refers to any operation involving personal data, regardless of whether it is automated (technology-based) or not. This includes, among other things, collection (obtaining), recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction of personal data, as well as the alteration of a purpose or intended purpose on which a data processing was originally based.
- “Controller” (Article 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body that alone or jointly with others determines the purposes and means of the processing of personal data.
- “Third party” (Article 4 No. 10 GDPR) refers to any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorized to process the personal data, including other legal entities which are members of a group.
- “Processor” (Article 4 No. 8 GDPR) is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, particularly in accordance with the controller’s instructions (e.g. IT service provider). For data protection purposes, a processor is not considered a third party.
- “Consent” (Article 4 No. 11 GDPR) refers to any specific, informed, freely given, and unambiguous indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act, by which the data subject signifies their agreement to the processing of personal data related to them.
(2) Name and address of the controller
The controller for the processing of your personal data within the meaning of Article 4 No.7 DSGVO is:
3911 Concord Pike,
Vikas Singhal (CEO)
+1 609 836 0453
If you require more information about our company, please consult the imprint section on our website.
(3) Contact details of the data protection officer
At any time, our data protection officer is available to answer your queries and act as your point of contact regarding data protection matters within our company. You may contact our data protection officer at [email protected]
(4) Legal basis for data processing
The GDPR prohibits the processing of personal data unless there is a specific legal basis for doing so. In the following, we will present the different legal bases for data processing. We will then explain, in the context of each individual data processing, the specific legal basis on which we rely (note that a processing may also be based on several legal bases).
The following cases are considered lawful for the processing of personal data according to the GDPR:
- Consent (Article 6 para. 1 p. 1 lit. a GDPR, see definition above under A.(1)).
- Necessity for the performance of a contract (Article 6 para. 1 p. 1 lit. b GDPR): If the processing is necessary for the performance of a contract to which the data subject is a party, or for the performance of pre-contractual measures taken at the data subject’s request.
- Fulfilment of a legal obligation (Article 6 para 1 p. 1 lit. c GDPR): Where processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to keep records).
- Necessity to protect vital interests (Article 6 para 1 p. 1 lit. d GPPR): If the processing is necessary to protect the vital interests of the data subject or another natural person.
- Public interests / Public authority (Article 6 para.1 p.1 lit. e GPPR): Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Legitimate interests (Article 6 para.1 p.1 lit. f GDPR): If the processing is necessary to protect the legitimate (in particular legal or economic) interests of the controller or a third party unless the interests or fundamental rights and freedoms of the data subject override those interests.
(5) Data deletion and storage period
We will inform you below regarding the storage duration and deletion or blocking of your personal data for each processing operation carried out by us. If no explicit storage period is stated, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to exist. Your data will generally be stored only on our servers located in Germany, except for any transfer as permitted by the regulations in this data protection declaration.
However, in the event of a (potential) legal dispute or other legal proceedings, or if a longer storage period is required by legal regulations applicable to us as the responsible party (e.g. § 257 HGB, §147 AO), storage may occur beyond the specified time. Upon expiry of the storage period prescribed by law, your personal data will be blocked or deleted, unless we require further storage based on a legal basis.
6) Data security
We take the protection of your data seriously and have implemented appropriate technical and organizational measures to prevent accidental or intentional manipulation, loss, or destruction of your data, as well as unauthorized access by third parties. These measures include SSL encryption for our website, which prevents third parties from accessing the data transmitted to us when you access our website. We consider the current state of technology, implementation costs, as well as the nature, scope, context, and purpose of the processing, and the risk of data breaches (including their likelihood and potential impact) for data subjects.
We continuously improve our security measures in line with technological advancements, and upon request, we can provide you with further information on our measures. For more information, please contact our data protection officer (see A. (3)).
(7) Cooperation with processors
In some instances of data processing, such as web analytics, we enlist the services of third-party processors. These processors operate solely on our behalf and have been handpicked in accordance with Article 28 of the GDPR. Furthermore, they are contractually obligated to adhere to data protection regulations to the same degree as we do.
(8) Conditions for the transfer of personal data to third countries
When using external services, data may be transferred to third countries outside of the European Union. If the data protection level in these countries is lower than in the EU, and no adequacy decision has been made by the European Commission under Article 45 of the GDPR for these countries, we implement internal agreements and regulations to ensure an adequate level of protection for your data. We also utilize standard contractual clauses of the EU to achieve this goal. If these measures are not possible or sufficient, your consent under Article 49 of the GDPR is required for the transfer of your data to third countries, which is obtained through our Consent Tool. However, please note that in these cases, the protection of your data may not be guaranteed to the same extent as within the EU. Particularly in the USA, security authorities have easier access to personal data. In such cases, you may not be able to exercise your data subject rights with the same effectiveness as within the EU.
(9) No automated decision-making (including profiling)
We refrain from employing any automated decision-making process (including profiling) based on the personal data collected from you.
(10) No obligation to provide personal data
You are not legally or contractually obliged to provide us with your personal data, but certain offers may only be available to a limited extent or not at all if you do not provide the necessary data. If this is the case for any of the products we offer, we will inform you separately.
(11) Your Rights
You have the right to assert your rights as a data subject at any time by contacting us using the contact details provided at the beginning of section A. (2). As a data subject, you have the following rights:
- You have the right to request information about your personal data processed by us in accordance with Article 15 of the GDPR. This includes the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged storage period, the origin of the personal data if not collected from you, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved.
- You have the right to request the correction of inaccurate or incomplete personal data stored by us without undue delay in accordance with Article 16 of the GDPR.
- You have the right to request the erasure of your personal data stored by us in accordance with Article 17 of the GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
- You have the right to request the restriction of the processing of your personal data in accordance with Article 18 of the GDPR, if you contest the accuracy of the personal data or the processing is unlawful.
- You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller, without hindrance from us, in accordance with Article 20 of the GDPR.
- You have the right to object to the processing of your personal data pursuant to Article 21 of the GDPR, if the processing is based on Article 6(1)(f) GDPR, on grounds relating to your particular situation. If you object to direct marketing, we will stop processing your personal data for this purpose. If you object to other processing activities, we will assess your request and either stop or adjust the processing of your data, or provide compelling legitimate reasons for the continued processing.
- You have the right to withdraw your consent to the processing of your personal data at any time in accordance with Article 7(3) of the GDPR. This will not affect the lawfulness of processing based on consent before its withdrawal.
- You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.
B. Visiting websites and social media presences
(1) Explanation of the function
When visiting our websites at https://instapwp.com/, you can access information about our company and services. It is possible that your personal data will be processed during your visit.
(2) Personal data processed
a) Use of the website for information purposes
When you visit our website for information purposes, a log data record (server log files) is temporarily and anonymously stored on our web server. This includes:
- The referrer URL (the page from which the page was requested)
- The name and URL of the requested page
- The date and time of the request
- The type, language, and version of the web browser used
- The shortened IP address of the requesting computer, to prevent personal identification
- The amount of data transferred
- The operating system
- The access status/HTTP status code
- The GMT time zone difference.
b) Contact requests and contact form data
If you use our contact forms, the data you transmit (such as your name, email address, and the content of your message) will be processed. We will store this data to be able to respond to your inquiry and to contact you personally, if necessary. We follow the same procedure if you contact us via email or text message.
(3) Purpose and legal basis for processing personal data
We process personal data as described above in accordance with the GDPR and other applicable data protection regulations only to the extent necessary. Where the processing of personal data is based on Article 6(1)(f) of the GDPR, the purposes mentioned above also represent our legitimate interests.
The processing of log data serves statistical purposes and aims to improve the quality of our website, in particular its stability and security. The legal basis for this processing is Article 6(1)(f) of the GDPR.
Contact form data and email inquiries are processed for the purpose of handling requests from potential customers and other interested parties. The legal basis for this processing is Article 6(1)(a) and (b) of the GDPR. By submitting your request, you provide your voluntary consent, and your request may also serve to establish a contractual relationship if you are a potential customer.
(4) Duration of data processing
(5) Transfer of personal data to other recipients; legal basis
We may share your personal data with the following recipients:
- Service providers who help us operate our website and process data, such as data center services, payment processors, and IT security providers. The legal basis for such sharing is Article 6(1)(b) or (f) of the GDPR, unless it involves data processors.
- Government agencies/authorities if necessary to fulfill a legal obligation. The legal basis for such sharing is Article 6(1)(c) of the GDPR.
- Third parties involved in our business operations, such as auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures. The legal basis for such sharing is Article 6(1)(b) or (f) of the GDPR.
We will only share your personal data with third parties if you have given us your explicit consent to do so, as provided under Article 6(1)(a) of the GDPR.
For information about data transfers to third countries and the measures we take to ensure an adequate level of data protection, please refer to A (8).
(6) Google Analytics (including Google Optimize)
a) Types of Cookies Explained
Cookies are small text files that are stored on your computer or device when you visit a website. They are designed to make your online experience more user-friendly and effective. There are two types of cookies: session cookies and permanent cookies. Session cookies are deleted when you close your browser, while permanent cookies are stored beyond the individual session.
In terms of their function, cookies can be classified into four categories: technical cookies, performance cookies, advertising and targeting cookies, and sharing cookies. Technical cookies are essential for navigating the website, using basic functions, and ensuring the security of the website. They do not collect any personal information about you.
Performance cookies collect information about how you use the website, which pages you visit, and whether any errors occur during website use. They do not collect any information that can identify you and are only used to improve the website and understand user interests.
Advertising and targeting cookies are used to provide tailored advertising to users on the website or third-party offers. They also measure the effectiveness of these offers. These cookies are stored for a maximum of 13 months.
Sharing cookies are used to improve the interactivity of the website with other services, such as social networks. They are stored for a maximum of 13 months.
(8) Social media presences
We have public profiles on social networks where your personal data is collected, used, and stored by us and the social network operators. The extent and processing of this data varies by platform and is not always traceable by us. The data may be transferred to third countries, and we cannot guarantee how it will be used. When you access our profiles, your IP address is transmitted and logged by the social network. If you want to avoid this, log out or delete cookies on your device.
b) Our social media profiles
below provide information about how we process data when you use our social media profiles.
c) Communication and data subject rights:
When you reach out to us through our social media profiles (such as by creating your own posts, responding to one of our posts, or sending us private messages), we will process the information you provide us (such as your username and email address) solely for the purpose of contacting you. The legal basis for collecting this data is Article 6 para. 1 (a) of the GDPR (and (b) if there is a connection to a contract). We will delete any stored data after 30 days, once its storage is no longer necessary, or upon your request.
If you wish to exercise your data subject rights, you may contact either us or the social media platform provider. If one party is not responsible for responding or needs to receive information from the other party, we or the provider will forward your request to the other party. If you have questions about the profiling or processing of your data while using the social media platform, please contact the operator directly. For questions regarding the processing of your interaction with us on our website, please reach out to us using the contact information we have provided above.