Data Protection Notice

Data Protection Notice
Updated: October 2021
1. Who is responsible for data processing and who do you contact if you have any questions?
The controller responsible for data processing is:
InstaSolutions GmbH
Feringastrasse 6
85774 Munich
Germany
(hereinafter referred to as ‘InstaSolutions’, ‘we’ and ‘us’)
If you have any questions regarding data protection, please contact: <privacy@instalogin.me> at any
time.
The protection of the data of our customers is a cornerstone of our business. We are therefore
committed to data protection and transparency. We attach great importance to compliance with all
legal regulations and exclusively process your personal data as prescribed in the General Data
Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz,
BDSG) and all other relevant laws. All data is securely stored and limited to the data points necessary
for the provision of the service. You are our focus and that is why we give you full control over your
data.
This Data Protection Notice describes how we collect, store, process, pass on and transmit your
personal data when you are a customer of ours or are interested in the services we offer, as well as
when you are our supplier or business partner. In addition, this Data Protection Notice describes data
processing in connection with the use of the <instalogin.me> website operated by us.
2. Which data do we process?
Administration/handling of customer relationships
– Description. As part of our business relationship with you, your employer or your company,
your data will be processed for various detailed processes for the purpose of administration
and handling customer relationships.
– Data categories. Customer number, first name, last name, date of birth, gender, email
address, company address, (mobile) telephone number, sales tax ID, account data, assigned
company, position within the company, related orders, information on payments made or not
made, customer care data that relates to you (such as telephone calls made with you, your
employer or your company [summarised in writing, no records or recordings], internal
communication on the customer relationship, incoming and outgoing
documents/communication), correspondence in this context.
– Purpose. Administration and processing of the customer relationship; maintaining contacts;
appointment management; invoicing; accounting; sending information about our new offers.
– Legal basis. Fulfilment of contractual obligations or implementation of corresponding
pre-contractual measures pursuant to Article 6(1) lit. b GDPR; fulfilment of legal obligations
according to Article 6(1) lit. c GDPR; legitimate interest according to Article 6(1) lit. f
GDPR: Sending information about our own offers.
– Storage duration. At least for the duration of the business relationship and beyond that in
accordance with the statutory retention and documentation obligations; beyond this, until the
end of any pending legal dispute.
Orders via the webshop
– Description. When purchasing through our webshop, we collect all the information that you
provide us with during the ordering process.
– Data categories. First name, last name, company name, country/region, postal address,
telephone number, email address, order number, additional comments regarding the order,
ordered products, associated subscriptions (information on the subscription such as start date,
end date or recurring total amount), total amount of the order, payment method, voucher
code, invoice address, delivery address, payment details, sales tax ID.
– Purpose. Handling of the order process.
– Legal basis. Fulfilment of contractual obligations or implementation of corresponding
pre-contractual measures pursuant to Article 6(1) lit. b GDPR.
– Storage duration. At least for the duration of the business relationship and beyond that in
accordance with the statutory retention and documentation obligations; beyond this, until the
end of any pending legal dispute.
Administration of customer accounts on the website
– Description. If you create a customer account on our website, we process the information
that we receive from you in this context.
– Data categories. First name, last name, display name, email address, password, standard
currency, invoice address and delivery address (first name, last name, country/region, postal
address, telephone number, email address), related orders, subscription data (name/ID of the
subscription, start date, end date, last order date, next payment date, information about
payments made, subscription amounts, related orders, invoice address).
– Purpose. Administration of the customer account.
– Legal basis. Fulfilment of contractual obligations or implementation of corresponding
pre-contractual measures pursuant to Article 6(1) lit. b GDPR.
– Storage duration. At least for the duration of the business relationship and beyond that in
accordance with the statutory retention and documentation obligations; beyond this, until the
end of any pending legal dispute.
Use of the Instalogin App
– Description. The Instalogin App (‘App’) enables users to log into websites that offer
Instalogin without entering a password. With the App, users always have an overview of their
current logins and manage their accounts within the App.
– Data categories. Email address, assigned ID, device name(s), connected accounts (including
the date of the last login).
– Purpose. Operation and execution of the App.
– Legal basis. Fulfilment of contractual obligations or implementation of corresponding
pre-contractual measures pursuant to Article 6(1) lit. b GDPR.
– Storage duration. At least as long as the App is installed on the user’s end devices and
beyond that in accordance with the statutory retention and documentation obligations; beyond
this, until the end of any pending legal dispute.
Inquiries via the contact form
– Description. You can use the contact form to contact us and send us inquiries.
– Data categories. Name, email address, subject and content of the request, further
correspondence in this context.
– Purpose. Processing and answering your inquiries.
– Legal basis. Fulfilment of contractual obligations or implementation of corresponding
pre-contractual measures pursuant to Article 6(1) lit. b GDPR; legitimate interest according
to Article 6(1) lit. f GDPR: Processing and answering inquiries from data subjects who do not
have an existing contractual relationship with us.
– Storage duration. At least for the duration of the business relationship and beyond that in
accordance with the statutory retention and documentation obligations; beyond this, until the
end of any pending legal dispute.
Supplier and business partner management
– Description. In the course of our business relationship with you or your employer, we
process your data to initiate, maintain and process our contracts for goods and services with
you or your employer.
– Data categories. Name, gender, contact details (telephone number, email address, other
electronic contact details), current company and position(s), further correspondence in this
context. If you are a sole proprietor, also: company or other business name, sales tax ID,
commercial register number, bank and transfer data, invoicing, payment and booking data,
data on creditworthiness/solvency, dunning data, data on the opening of insolvency,
commercial register data.
– Purpose. Initiation, maintenance and processing of our contracts for goods and services with
suppliers and business partners.
– Legal basis. If you are a sole proprietor: fulfilment of contractual obligations or
implementation of corresponding pre-contractual measures pursuant to Article 6(1) lit. b
GDPR. If you are not a sole proprietor and we maintain the appropriate business relationship
with your employer: legitimate interest according to Article 6(1) lit. f GDPR: Initiation,
maintenance and processing of our contracts for goods and services with suppliers and
business partners.
– Storage duration. At least for the duration of the business relationship and beyond that in
accordance with the statutory retention and documentation obligations; beyond this, until the
end of any legal dispute.
Corporate transactions
– Description. If a corporate transaction or a change in the corporate owner is imminent, the
data necessary for the preparation, processing and transfer of the company shall be
transmitted to potential interested parties as well as the new corporate owner and their
advisors.
– Data categories. All data categories of the other data processing activities mentioned in this
section 2.
– Purpose. Preparation and processing of a corporate transaction.
– Legal basis. Fulfilment of contractual obligations pursuant to Article 6(1) lit. b GDPR;
fulfilment of legal obligations according to Article 6(1) lit. c GDPR; legitimate interest
according to Article 6(1) lit. f GDPR: Ensuring a smooth business transfer.
– Storage duration. Until the conclusion or termination of the transaction and beyond that
until the conclusion of any proceedings or legal dispute that may exist on the basis or the
occasion of the transaction.
Internal investigations
– Description. If an internal investigation occurs, the data necessary for the investigation is
processed and, if necessary, transmitted to third parties (e.g. auditors and consultants).
– Data categories. All data categories of the other data processing activities mentioned in this
section 2.
– Purpose. Prosecution of legal claims; defence of rights and obligations; clarification of
internal company matters, legal and other judicial violations as well as other grievances.
– Justification. Fulfilment of contractual obligations pursuant to Article 6(1) lit. b GDPR;
fulfilment of legal obligations (e.g. criminal laws, money laundering and combating
terrorism) according to Article 6(1) lit. c GDPR; legitimate interest according to Article 6(1)
lit. f GDPR: Prosecution of legal claims; defence of rights and obligations; clarification of
internal company matters, legal and other judicial violations as well as other grievances.
– Storage duration. Until the conclusion of the investigation and beyond that until the
conclusion of any pending proceedings (criminal proceedings or other proceedings) or legal
dispute that may exist on the basis or the occasion of the internal investigation.
Website
– Description. In principle, we do not actively collect any data on our website. However,
certain data is automatically processed so that you can view our website and access to our site
is automatically logged in the server log files. For example, your IP address must be
processed so that a technical connection to our website can be established and in order for
you to view its content. External sources of content that we may include on our website will
also receive your IP address (otherwise it would not be possible to download a specific font
to your device). We process certain data to optimise this website in terms of system
performance.
– Data categories. Connection data (including IP address, information on the website from
which the request came, information on the browser used, operating system used, referrer
URL, your Internet service provider, date/time) to establish an Internet connection between
(i) your device and (ii) our website or the external content that we may have integrated into
our website.
– Purpose. Enabling our website to be technically viewed on the user’s device and ensuring the
stability and security of our website; traceability of technical or other problems with the use
and operation of the website from the server log files.
– Legal basis. Legitimate interest pursuant to Article 6(1) lit. f GDPR: Enabling our website to
be technically viewed on the user’s device and ensuring the stability and security of our
website; traceability of technical or other problems with the use and operation of the website
from the server log files.
– Storage duration. This data is only processed for the duration of the connection for the
transmission of data packages that are technically necessary for the display of our website on
your device and is not stored permanently (apart from certain connection data in the server
log files which is stored until the server is restarted).
3. Who is data transmitted to?
The data relevant in each individual case is transmitted to the following bodies on the basis of the
statutory provisions or contractual arrangements:
– service providers (IT service providers, agencies, etc.);
– lawyers, tax consultants, auditors, other consultants;
– participating contractual and business partners or companies within the Group;
– authorities and credit agencies in connection with the prevention of money laundering and
terrorist financing;
– banks, payment service providers, debt collection service providers;
– public authorities and courts.
Some of the recipients named above are located outside the European Union or the European
Economic Area or process your personal data there. The level of data protection in other countries
may not correspond to that within the European Union or the European Economic Area. However, we
only transfer your personal data to countries where either the EU Commission has decided that they
have an adequate level of data protection, or we take measures to ensure that the recipients have an
adequate level of data protection. To this end, for example, we conclude Standard Contractual
Clauses issued by the EU Commission.
4. Your rights
Taking into account the legal requirements, you may have the following rights:
– Right to information. You can request confirmation as to whether and to what extent data
about you is being processed.
– Right to rectification. If we process incomplete or incorrect data received from you, you can
request that it be corrected or completed at any time.
– Right to erasure. You can request the erasure of your data if the purpose for which it was
collected no longer applies, if unlawful processing has taken place, if you object to data
processing because it interferes in an inadmissible and disproportionate manner with your
legitimate protection interests, or if the data processing is based on your consent and you
have revoked such. It should be noted here that there may be other reasons that may prevent
your data from being immediately erased, e.g. statutory retention requirements, pending
proceedings, the assertion, exercise or defence of legal claims, etc.
– Right to restriction of processing. You have the right to request the restriction of processing
of your data if:
-you dispute the accuracy of your data for a period of time that enables us to verify the
accuracy of the data;
-the processing of your data is unlawful, but you refuse to have it erased and instead
request a restriction of its use;
-we no longer require the data for the intended purpose, but you still require this data
for the assertion, exercise or defence of legal claims; or
-you have lodged an objection to the processing of the data until it has been
determined whether our legitimate grounds outweigh yours.
– Right to data portability. You can ask us to provide you with the data you have provided us
with in a structured, common and machine-readable format or to transmit this data to another
controller without hindrance from us, provided that we process the data on the basis of your
consent or to fulfil a contract between us and the processing is carried out using automated
procedures.
– Right to object. If we process your data to carry out tasks that are in the public interest, in
the exercise of official authority, or if we invoke the need to safeguard our legitimate interest
during processing, you can object to this data processing provided that an overriding interest
in protecting your data exists.
To exercise these rights, please use the contact details stated above in section 1.
Rights in the context of consent granted to us. You can withdraw declarations of consent granted to
us at any time without stating reasons, whereby you can withdraw each individual declaration of
consent independently of other declarations of consent granted to us.
We expressly point out that a withdrawal has no direct or indirect negative consequences for your
contractual relationship with us. The only consequence of a withdrawal of consent is that, from that
point in time, we will no longer process your data for the purposes stated in the respective declaration
of consent and any rights and/or advantages (if any) associated with the processing of the specific
data can no longer be claimed.
To withdraw your consent, please use the contact details stated above in section 1.
Right to lodge a complaint. If you believe that the processing of your data violates data protection
law or that your data protection claims have been violated in any other way, please contact us directly
(for contact details, see Section 1 above). Of course, you can also lodge a complaint with the
responsible data protection authority (for further information, see: <lda.bayern.de>).
5. Cookies
We use so-called cookies in order to make our website user-friendly and to enable the use of certain
functions. These are small text files that are stored on your device with the help of your browser.
Some of the cookies we use are erased after the end of the browser session, i.e. after you close your
browser (so-called session cookies). Other cookies remain stored on your device until you erase them.
These enable us to recognise your browser the next time you visit our website (persistent cookies).
If you do not want this to happen, you can set up your browser to inform you about cookies being
saved to your computer and only allow such in individual cases by giving your consent. You can find
more information in this regard in the help function of your browser. You can also remove cookies
stored on your device at any time by erasing the temporary Internet files. Deactivating or erasing
cookies may, however, limit the functionality of our website.
Different types of cookies exist, for example, so-called essential cookies and other cookies. Essential
cookies are required to ensure basic functions of the website. For example, these cookies are required
when a user puts a product in the shopping basket, then accesses other websites and only later
continues the ordering process and wants to pay for the product. These cookies ensure the shopping
basket is not emptied, even if the user closes their browser window. Even when using a cookie
consent management system (“cookie banner”), a cookie is required that permanently saves the user’s
decision (whether or which cookies are accepted) so that the query does not appear again every time
the website is accessed.
We only process non-essential cookies with your consent. Using the “cookie banner” that appears the
first time you visit the website, you can decide which cookies you want to allow and which you do
not. You have the right and the option to withdraw your consent to the use of such cookies at any
time; for example, by managing, deactivating or erasing the relevant cookies in your browser.
Specifically, we process the following non-essential cookies (provided you have given your consent):
– Google Analytics
We use Google Analytics on our website, a web analysis service provided by Google Inc.
(‘Google’). Google Analytics uses cookies. The information generated by the cookie about the
use of the online offering by the user is usually transmitted to a Google server in the US and
stored there.
We only use Google Analytics with activated IP anonymisation. This means that the IP
address of the user is truncated by Google within the member states of the European Union or
in other contracting states to the Agreement on the European Economic Area. The full IP
address will only be sent to a Google server in the US and truncated there in exceptional
circumstances. The IP address transmitted by the user’s browser will not be merged with
other Google data.
Google will use this information on our behalf to evaluate the use of our online offering by
users, to compile reports on activities carried out within this online offering, and to provide us
with other services related to the use of this online offering and the Internet. In doing so,
pseudonymous user profiles can be created from the processed data.
Google Analytics uses the following cookies: _ga (storage period 2 years), _gid (storage
period 24 hours), _gat (storage period 24 hours)