Privacy statement of the Insta GmbH
The use of our website is possible without the provision of personal data as a rule. If personal data are collected when you visit our websites, we will process these data exclusively in compliance with the stipulations of the General Data Protection Regulation (VO (EU) 2016/679; GDPR) and the German Federal Data Protection Act (BDSG), as well as the German Telemedia Act (TMG). Personal data are processed solely in compliance with this privacy statement. This privacy statement is valid for the use of the website at the address: http://www.insta.en, as well as the various sub-domains. For the linked contents of other providers, the privacy statement deposited on the linked website is relevant.
The following company is responsible for the processing of personal data in the scope of the use of this website:
Hohe Steinert 10
Tel.: + 49 2351 936-0
Dipl.-Ing. Alexander Burgbacher
Data protection officer
We have appointed the following person as data protection officer:
Dr. Gregor Scheja
Data protection officer
Phone: +49 (0) 228-227 226-0
Fax: +49 (0) 228-227 226-26
When you visit our website, automated data are collected and stored in log files on the server of our hosting provider. These data can indicate references to persons. The collected data include:
– name of the website called up
– date and time of call up
– IP addresses (anonymised)
The legal basis for the processing of data is Art. 6(1)(f) GDPR.
We process the collected data to operate the website and to ensure IT security. If necessary, the log files are subsequently analysed in case of concrete indications.
The data are automatically deleted after 7 days.
Google Tag Manager
This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags using a single interface. The tool itself (that implements the tags) is a cookie-less domain and does not store any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access these data. If a deactivation has been made at domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager. The legal basis for the processing of data is Art. 6(1)(f) GDPR.
Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. So-called standard contractual clauses in accordance with Art. 46 GDPR have been concluded with this service provider as suitable guarantees. You will find further information here
We use Google Analytics on our website. The service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”). If necessary, Google will save cookies on your end device for the provision of the service. Cookies are small text files, which enable the recognition of your device. Google stores the following data as part of your website usage: Beside the IP address, the time, place, duration and frequency of your visits to the website are stored. The legal basis for the processing of data is your consent in accordance with Art. 6(1)(a) GDPR. We have set up Google Analytics in such a way that your IP address is anonymised. The IP address is shortened for this purpose. Google uses the data to compile reports about the usage of our website for us. By these means, we identify user flows on our website and optimise our website on the basis of these findings. Google passes on the information to third parties if this is legally prescribed. Under no circumstances will Google merge your IP address with other Google data. As part of the processing by Google Analytics, personal data is transferred to the USA. In this case, the anonymisation of your IP address is always be carried out prior to the transfer to the USA on servers within the member states of the European Union.
Objection to the data collection. You can object to the collection of data by Google Analytics as shown below: Google provides a deactivation add-on that you can install in your browser. As long as this is properly installed in your browser, data collection by Google as part of the Analytics program does not take place. The objection option as part of the Analytics program has no impacts on a possible data transfer to other web services. The deactivation add-on can be downloaded from the Google web pages under this link: https://tools.google.com/dlpage/gaoptout?hl=de
Alternatively, you can click on the following link and set a so-called “opt-out cookie” for the browser used:
Disable data collection via Google Analytics
When you visit this website, no more data will then be passed on to Google Analytics in the future. Please note that the opt-out cookie can be deleted if necessary. The deletion of the opt-out cookie is dependent on your individual browser settings. If the cookie is deleted, it must be set again by re-clicking the link indicated above. In the case of an objection to the data collection by Google Analytics, it is possible that not all services provided by us can be used properly.
This website uses the so-called “Facebook Pixel” of the social network “Facebook” (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) for the following purposes:
- Facebook (Website) Custom Audiences
We use the Facebook Pixel for remarketing purposes in order to be able to address you again within 180 days. This means that users of the website as part of visits to the social network “Facebook” or other websites that use this method can be shown adverts related to their interests (“Facebook ads”). We therefore pursue our interest to show you adverts that could interest you in order to design our website or offers to be more interesting for you.
- Facebook Conversion
Furthermore, with the help of the Facebook Pixel, we want to ensure that our Facebook ads match the interests of the user and do not annoy the user. With the help of the Facebook Pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes, being able to see whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
HTTP-HEADER: HTTP headers contain a sequence of information that is sent via a standard web log between an arbitrary browser enquiry and an arbitrary server in the internet. HTTP headers contain information such as IP addresses (which can only be evaluated at general federal level in Germany), information on the web browser, page storage location, document, URI reference and user agent of the web browser.
PIXELSPEZIFISCHE DATEN: This comprises the Pixel ID and Facebook cookie data, which are used to link events with a specific Facebook advertising account and to assign the data to a person who is known to Facebook.
OPTIONALE WERTE: Developers and marketers can send additional information about your visit via standard and user-defined data events. The following user-defined data events are recorded on this website:
- Clicking on a partner shop
- Opening a data sheet/operating instructions
- Clicking on an app download badge
- 75% scroll depth
- Starting a chat
Data sent to Facebook through the use of the Facebook Pixel are stored there for 180 days, according to Facebook. After this period, the data are encrypted and anonymised.
By integrating the Facebook Pixel, Facebook receives the information that you have accessed the corresponding web page of our website or clicked on one of our ads. If you are registered with a service from Facebook, Facebook can assign your visit to your account. The legal basis for the processing of data is your consent in accordance with Art. 6(1)(a) GDPR.
Recipient (mutual responsibility):
Together with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook), we are mutually responsible for the collection and transfer of the data as part of this process. This is valid for the following purposes:
- The creation of individualised or matching advertisements and their optimisation
- Delivery of commercial and transaction-related messages (e.g. per messenger)
The mutual processing therefore does not comprise the following processing:
- The processing that follows the collection and transfer is subject to the sole responsibility of Facebook.
- The creation of reports and analyses in aggregated and anonymised form is carried out as part of a commissioned data processing and is therefore in our area of responsibility.
For the mutual responsibility, we have concluded a corresponding agreement with Facebook, which can be retrieved here: https://www.facebook.com/legal/controller_addendum. The respective responsibilities for the fulfilment of obligation in accordance with the GDPR in terms of mutual responsibility are defined in this agreement.
The contact data of the controller as well as the data protection officer of Facebook can be retrieved here: https://www.facebook.com/about/privacy
We have an agreement with Facebook that Facebook can be approached for the enforcement of rights of the data subject. This does not affect the responsibility for the rights of the data subject.
You can find further information on how Facebook processes personal data, including their legal basis and further information concerning the rights of data subjects here: https://www.facebook.com/about/privacy
You can find information on the data security conditions here: https://www.facebook.com/legal/terms/data_security_terms and concerning the processing on the basis of standard contractual clauses here: https://www.facebook.com/legal/EU_data_transfer_addendum.
This website uses the so-called “LinkedIn Insight-Tag” dof the social network „LinkedIn“ (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland).
With reference to this service, we have concluded an agreement with LinkedIn Ireland Unlimited Company, which you can view here. You can retrieve the privacy notices of LinkedIn Ireland Unlimited Company here: Datenschutzrichtlinie
The legal basis for the processing of data is your consent in accordance with Art. 6(1)(a) GDPR.
The LinkedIn Insight Tag enables the collection of data regarding members’ visits to this website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp.
The IP addresses are truncated or hashed (when used for reaching members across devices). Members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 90 days.
LinkedIn does not share the personal data of members with the owner of this website, but only provides reports and alerts (which do not identify members) about this website audience and ad performance. LinkeIn also provides retargeting for website visitors, enabling us to show personalized ads off our website by using this data, but without identifying the member. We also use data that doesn’t identify members to improve ad relevance and reach members across devices. LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
Use of Vimeo
On our website we use components of the provider Vimeo. The service is provided by Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA. Every time you call up our web pages that are linked with such a component, this component causes the browser you use to download a corresponding display of the component from Vimeo. If you call up such a Vimeo component on our web pages and are logged in to Vimeo during this process, Vimeo recognises through the information collected by the component which specific page you are visiting and assigns this information to your personal account with Vimeo. If you press the “Play” button or make corresponding comments, this information will be transmitted to your personal Vimeo member account, where it will be stored. Moreover, the information that you have visited our web pages is passed on to Vimeo. This happens regardless of whether you click the components and issue comments or not.
You can prevent this by logging out of your Vimeo member account before visiting our website.
The legal basis for the processing of data is your consent in accordance with Art. 6(1)(a) GDPR.
Further information on data protection, especially on the collection and use of the data by Vimeo, is provided by Vimeo under the following link: https://vimeo.com/privacy
On our pages we use the Chat service from tawk.to inc., 187 East Warm Springs Rd, SB298, Las Vegas, NV, 89119, USA, to be able to offer you additional support options if needed. With this option we want to increase your satisfaction and optimise our offer in the form of the website. You can influence the local storage on your computer with the usual settings in your browser or in advance via the cookie banner for cookie control. We will only store the data from the chat history and add your customer master data (name, address), if necessary, once the chat window has been opened and you have inserted your entries. As long as you do not disclose any personal information (e. g. your real name, e-mail address, telephone number etc.), we cannot draw any conclusion to your person. The data that are stored by tawk.to include: chat history, entered name, IP address at the time of the chat and the country of origin. These data are not passed on to third parties and are only for protection and internal statistics. . Here you will find further information on tawk.to: https://www.tawk.to/data-protection/. Please note that to provide the quality of advice we offer, it could be necessary to transfer contents of the communication with the consultant to other consultants of Insta GmbH or have these contents viewed by supervisors. The legal basis for the processing of data is your consent in accordance with Art. 6(1)(a) GDPR.
Tawk.to agiert als Auftragsverarbeiter und wird die Daten nur zu den von uns vorgegebenen Zwecken erheben, verarbeiten oder nutzen und die Daten auf keinen Fall an Dritte übermitteln. Hierzu haben wir mit tawk.to eine entsprechende Vereinbarung abgeschlossen, die hier abrufbar ist:Please note that to provide the quality of advice we offer, it could be necessary to transfer contents of the communication with the consultant to other consultants of Insta GmbH or have these contents viewed by supervisors. The legal basis for the processing of data is your consent in accordance with Art. 6(1)(a) GDPR.
Tawk.to acts as a commissioned data processor and will collect, process or use the data only for purposes specified by us and will never transmit the data to third parties under any circumstances. For this purpose, we have concluded a corresponding agreement with tawk.to, which can be retrieved here:
As part of the use of the chat service, personal data is transferred to the USA. Concerning this matter, we have concluded so-called standard contractual clauses of the EU Commission with tawk.to inc.
Data for the service of tawk.to are stored via the local storage or cookies (see “Statement on cookies”) on your computer. Data are only stored on tawk.to servers if you start a communication process with our consultant. You can influence the local storage on your computer with the usual settings in your browser or in advance via the cookie banner for cookie control. We will only store the data from the chat history and add your customer master data (name, address), if necessary, once the chat window has been opened and you have inserted your entries. The communication history is stored for the purpose of quality improvement for your future consultation and for the further optimisation of our website and our services. A specific storage duration is not intended. You can demand the deletion of your chat history at email@example.com at any time. Please note for the chat communication that the consultant sees your entries live and not once you have finished making your entries.
This website uses Smartlook, provider is Smartlook.com, s.r.o., Šumavská 524/31, 602 00 Brno., Czech Republic. Smartlook is a tool to analyse your user behaviour on this website. The legal basis for the processing of data is your consent in accordance with Art. 6(1)(a) GDPR. You can influence the data collection by Smartlook in advance via the cookie banner for cookie control. You can find more detailed information about Smartlook and the collected data in the privacy statement of Smartlook under the following link: https://help.smartlook.com/en/articles/3470398-what-can-smartlook-record
With Smartlook, we can record your mouse and scroll movements and clicks. Based on this information, Smartlook creates so-called heatmaps that are used to determine which website sectors are preferentially viewed by website visitors. Moreover, we can establish how long you remain on a page and when you have exited the page. We can also determine at which point you have cancelled your entries in a contact form (so-called conversion funnels). In addition, Smartlook can be used to obtain direct feedback from website visitors. This function serves to improve the web offers of the website owner. Smartlook uses technologies that enable the recognition of the user for the purpose of analysing of the user behaviour (e.g. cookies or the use of device fingerprinting). The collected data are stored for a period of 180 days and then deleted.
Contact possibilities (form / e-mail)
There is a possibility to contact us per e-mail / contact form on our website. In this connection, your personal data are stored and processed for the purpose of communication. The data collected for this purpose (name, address, telephone number, e-mail address) are not passed on to third parties. The data are not merged with other data collected on this website. If required, the data are stored as part of the Customer Relations Management (CRM) if you are already a customer of our company. The legal basis for data collection in accordance with Art. 6(1)(1) GDPR is: the consent you have given (lit. a); if necessary, the processing of information for the contractual performance or contract initiation (lit. b), if necessary, the fulfilment of a legal obligation (lit. b) as well as the justified interest of our company in the communication you initiated (lit. f). The data are deleted as soon as the objective of the communication has been achieved.
On our website you have the possibility to subscribe for a newsletter that is sent per e-mail. The newsletter is sent to your e-mail address on the basis of your personal registration with subsequent confirmation (double opt-in), where you consent to receiving the newsletter. The legal basis for the processing of the data is Art. 6(1)(a) GDPR.
To send the newsletter we save your e-mail address as well as your first name and surname and the lists you have subscribed to. The data is not passed on to third parties.
Our newsletter system has a function that allows us to track at what time which recipients have opened the newsletter. These data are stored and used for an evaluation of the reach of individual campaigns.
The data are passed on to our service provider MailChimp to send the newsletter.
MailChimp is a service of:
The Rocket Science Group, LLC
675 Ponce de Leon Ave NE
Suite 5000, Atlanta, GA 30308 USA
With regard to this service, we have concluded an agreement with MailChimp, which you can view here.
Revocation of consent: You can revoke your consent to the processing of your data for sending the newsletter at any time with effect for the future. You will find a possibility to unsubscribe from the newsletter at the end of every newsletter mail or at this link: »Einwilligung widerrufen«
Your rights and assertion of rights
You are entitled to the rights stated below. You may assert these rights against us. To assert your rights, please use the details given above under “Controller” or write us an e-mail to: firstname.lastname@example.org.
Right to information: You have the right to obtain information on whether we process your personal data, for which purpose we process the data, which categories of your personal data we process, to whom the data are passed on, how long the data are stored and what your rights are.
Right to rectification: You are entitled to have any inaccurate personal data relating to you that is stored by us corrected. You also have the right to have an incomplete data record stored with us completed by us.
Erasure: You can demand that we delete personal data concerning you if (1) the data has been processed unlawfully, (2) the purpose for which the data were collected has been achieved, (3) you have revoked your consent to data processing and there is no other legal basis prevailing for the processing, (4) we are subject to a legal obligation to delete the data, (5) you are under the age of 16 or (6) you have objected to the processing and there are no primarily justified reasons prevailing for the processing on our part.
Right to restriction of processing: You can demand the restriction of processing in the following cases. In these cases, we will mark the data with a non-disclosure notice and discontinue the processing. (1) If you dispute the correctness of the personal data for the duration of our investigation. (2) If you have demanded deletion and we cannot or may not delete the data. (3) If you need the data for the assertion of claims, but we would be obligated to deletion because the purpose of the processing has been achieved. (4) If you have objected to the processing and a final decision has not yet been made.
Objection to the processing
If the processing of personal data concerning you is based on legitimate interests on our part, you can object to the processing for reasons resulting from your particular situation.
Right to data portability: You have the right to request data from us that you have provided as part of a contract or on the basis of consent and that is processed automatically in a common machine-readable format (data record).
Revocation of consent: If you have given your consent for the processing of personal data, you may revoke your consent at any time with effect for the future. Please address your revocation to the details given above under “Controller” or send us an e-mail to: email@example.com
Right to complain to the data protection supervisory authority: You have the right to submit a complaint, based on data protection regulations to the relevant supervisory authorities. The supervisory authority responsible for us is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Officer for Data Protection and Freedom of Information North-Rhine Westphalia). The complaint can submitted to every supervisory authority regardless of responsibility.
Last review: October 2022