Data Protection Declaration

der

Insta Communications GmbH
Münzgrabenstraße 92/4, A-8010 Graz, Austria

for the use of the
Instahelp platform (https://instahelp.me)

Status: [May 2021]

Contents

I. What are personal data in general?
II. Which of your personal data do we process and where do we get these data from?
III. What services process personal data on our website?
IV. Who receives your personal data?
V. How long do we store your data?
VI. For what purposes and on what legal basis are the data processed?
VII. What rights do you have with regard to data processing?
VIII. How can you revoke your consent?
IX. What complaint options do you have?
X. How can you contact us?

General

For Insta Communications GmbH, Münzgrabenstrasse 92/4, A-8010 Graz, Austria (hereinafter “we”, “us”), as the responsible entity with regard to the General Data Protection Regulation (“GDPR”), the security and protection of your data are very important.

In this Data Protection Declaration you will find all of the information about how we collect, store, process and protect your data in accordance with the GDPR.

We have made it our objective to provide you with this information in as clear and understandable a manner as possible. However, if you have any questions about any of the points, you can reach us at any time via the contacts named in “How can you contact us?” and listed on https://instahelp.me/imprint.

I. What are personal data in general?

Personal data consist of information about a person that identifies them or allows them to be identified. Examples include name, email address etc. Previously visited websites can also constitute personal data.

II. Which of your personal data do we process and where do we get these data from?

We only collect personal data about you to the extent necessary to provide our website with our content and services and if you make these data available to us voluntarily, e.g. by agreeing to our cookie banner, when you create a user profile, register for the newsletter or use the contact form on the website. The following data are processed:

When you access our website, instahelp.me
  • your IP address
  • your browser language

In the context of psychologist-matching and registration on https://web.instahelp.me/
  • arbitrary display name
  • your email address
  • your password (passwords are stored on our database exclusively in double-hashed form, rendering them illegible in the event of unauthorised third-party access)
  • date and time of registration
  • type of registration (user or psychologist)
  • pseudonymised payment data of third-party providers (amount paid, date of payment, method of payment)
  • optional: vouchers & access codes used
  • optional: agreement to delivery of Instahelp newsletters
  • optionally given data regarding gender, age range, preferred counselling times, desired method of communication and counselling topic area
  • optional: your telephone number for carrying out payment via Drei mobile phone billing (Austria)

When using online counselling
  • counselling records (please see notice below)
  • pseudonymised payment data of third-party providers

Important notice
The protection of your data and the confidentiality of your counselling are of the highest priority for us. (Conversation) content or other data you share with your counsellor during counselling are also subject to the legal duty of confidentiality binding your counsellor and are end-to-end encrypted by us, rendering them legible only by you and your corresponding counsellor. As the platform provider we have no access at all to the unencrypted content of your conversation, so it is therefore not possible for us or other third parties to read your messages.

You can inspect the data that are collected through visiting our website in the next section under „What services process personal data on our website?“. We receive these data either directly from you or they are made available to us by third parties, e.g. during payment processing.

III. What services process personal data on our website?

Cookies
We use cookies on our website. However, they are only used if you have given express consent to this (Art 6 Para 1 lit a GDPR). You can inspect a precise list of cookies used and their purposes in the data protection information – Cookies.

Server Log Files
Each time you access our website, the following data and information are automatically collected from your device. These data are technically necessary for us to be able to display our website to you and to guarantee the stability and security of our website.

(1) information about the browser (“user agent”)
(2) IP (“Internet Protocol”) address
(3) date and time of access
(4) precise address of the requested page (“request path” and “request type”)
(5) status of the requested page response (“response status”)

These data are stored as log files in our system for a maximum of 30 days. After this period they are automatically deleted. The complete IP address of the user is also stored in the log file. Storage of these data together with other personal data of the user does not take place. The legal basis for this processing is the necessity to protect our legitimate interests in accordance with Art 6 Para 1 lit f GDPR.

Newsletter
On our website there is the option to subscribe to free newsletters. When registering for the newsletter, the data from the input form are transmitted to us:
(1) display name (pseudonym)
(2) email address
(3) forename (only for registration as a psychologist)
(4) surname (only for registration as a psychologist)

Your consent to processing the data in accordance with Art 6 Para 1 lit a GDPR is obtained during the process of registration with reference to this Data Protection Declaration, in particular to the point “How can you revoke your consent?”.

Use of the chatbot / messenger service
This website uses a chatbot (digital messenger service) and the content of your messages is processed when it is used. This processing takes place only on the basis of express consent in accordance with Art 6 Para 1 lit a GDPR. This consent can be revoked at any time (see details under “How can you revoke your consent?”).

Embedding of third-party services and content
In order to display such things as videos, maps, fonts etc., our website and webapp use content and services from third-party providers. Accessing and displaying this content on your Web browser involves the automatic transmission of your IP address to these providers. We take care to use only content for which the corresponding provider uses the IP address solely to deliver the content.

Furthermore, third-party providers can use so-called pixel tags (invisible graphics, also called “Web beacons”) for statistical or marketing purposes. The “pixel tags” make it possible to analyse information about page visit traffic on this website. Moreover, the pseudonymous information can be stored in cookies on the user’s device, including technical information about the browser and operating system, referring websites, time of access and other details about the use of our online provision, as well as linking with such information from other sources.

The following description provides an overview of third-party providers and their content, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases, options for objection (so-called “opt-out”):

a) If you make use of third-party payment services (e.g. Klarna, PayPal, etc.) during the process of paying on our website, the terms of business and data protection notices of the corresponding third-party providers apply and can be inspected on the corresponding websites or payment applications.

b) External fonts from Adobe Typekit (https://typekit.com/)
We use various fonts from Adobe in the USA on our website. When you access our website, your device automatically connects to this company’s server and calls up the corresponding font, which involves your IP address being transmitted. You can find more detailed information about this at: https://www.adobe.com/privacy/policies/adobe-fonts.html The legal basis for processing is our legitimate interest (i.e. interest in the analysis, optimisation and commercial operation of our online offering in accordance with Art 6 Para 1 lit f GDPR).

IV. Who receives your personal data?

We will only transmit your data to third parties, in accordance with this Data Protection Declaration, if this transmission is necessary to fulfil our service, if you have consented to transmission of the data or if transmission is permissible or we are legally obligated to do so because of statutory provisions.

We will never sell your data to third parties

Within our company, your data will be passed on to those departments and employees who need it to fulfil their contractual and/or legal obligations. Furthermore, we transfer your data within our group of companies, Up to Eleven Digital Solutions GmbH, located at Münzgrabenstrasse 92/4, A-8010 Graz, Austria, insofar as this is necessary for the fulfilment of contractual and/or legal obligations (e.g. for accounting purposes or similar).
In addition, we also transfer your data to external service providers (processors) used by us for support according to the required purposes. External service providers support us, among other things, in the processing of payments, such as the company Mollie B.V. (located at Keizersgracht 126, NL-1015 CW Amsterdam, The Netherlands) or the operation and technical support of the website (1&1 Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany as cloud provider).
In all cases we have entered into processor agreements with these processors in accordance with Art 28 GDPR. As processors we only use external service providers who provide us with sufficient guarantees that the processing of your personal data is carried out in accordance with the GDPR and the protection of your rights is guaranteed. The external service providers process your data only on the basis of our instructions and we remain responsible for the protection of your data.
Finally, your data may also be transferred to legal representatives, security authorities, competent courts or authorities for the purpose of legal prosecution, for the fulfilment of our legal obligations (legal basis Art 6 Para 1 lit c GDPR).

V. How long do we store your data?

We will only store your data for as long as necessary for the purpose for which we collected your data. Data that we process exclusively on the basis of your consent will be stored until your consent is revoked and then will be deleted or anonymised immediately. Unless otherwise stated, we will store your personal data in any case for as long as statutory retention obligations (including UGB, BAO, etc.) exist or the limitation periods for potential legal claims (written consultation content, e.g. 10 years) have not yet expired.

VI. For what purposes and on what legal basis are the data processed?

The purpose for which we process your data essentially depends on which parts of our website you visit and which services you use. Depending on this, one of the following 4 legal bases of the GDPR applies.
We process your data because,
  • it is necessary in order for us to be able to make our service available to you, e.g. to create a customer account (legal basis Art 6 Para 1 lit b GDPR);
    or
  • because you have given us your express consent to this, e.g. when ordering our newsletter (legal basis Art 6 Para 1 lit a GDPR / Art 9 Para 2 lit a GDPR);
    or
  • because processing of the data is technically necessary for us to display our website to you, to guarantee stability and security, for statistical purposes or to combat fraud. Nevertheless, only to the extent that such processing is necessary and your fundamental freedoms and rights do not outweigh it (legal basis Art 6 Para 1 lit f GDPR);
    or
  • because it is necessary for us to be able to fulfil our legal obligations (legal basis Art 6 Para 1 lit c GDPR).

In order to provide our services, we require certain data, which are marked accordingly on the web form, such as your email address. If you do not wish to provide us with these data, unfortunately we will not be able to conclude a contract with you. However, you are under no obligation whatsoever to provide us with any additional data that is not necessary for the performance of the contract.
As a matter of principle, we do not use automated decision-making according to Art 22 GDPR to conduct our business relationship.

VII. What rights do you have with regard to data processing?

At all times you have the right,
  • to obtain information about your personal data (Art 15 GDPR);
  • to request the correction, amendment or deletion of personal data that is inaccurate or not processed in accordance with the law (Art 16, 17 GDPR); if you have exercised the right to correction, deletion or restriction, we are obliged to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of data or restriction of processing, unless this proves impossible or involves a disproportionate effort;
  • to require us to restrict the processing of personal data (e.g. if you believe that the personal data held by us about you is inaccurate or unlawful) (Art 18 GDPR);
  • to object to the processing of your personal data, if this is based on Art 6 Para 1 lit e or f GDPR, in accordance with Art 21 GDPR;
  • to require data portability (Art 20 GDPR);

If we process your data on the basis of your consent, you have the right to revoke this consent at any time by email or post (for details, please see the following section “How can you revoke your consent?”).

VIII. How can you revoke your consent?

Your consent is necessary for specific data processing in accordance with Art 6 Para 1 lit a GDPR (e.g. processing of health data). In such cases we will always seek your consent in advance. In addition, we will also explain to you precisely the purpose for which we need your data, what data we will be processing exactly and what we do with them (purpose). Your consent to such data processing is always voluntary.

If you grant us your consent, you can nevertheless revoke it at any time and without giving a reason (by email or letter to our contact addresses – given in this Data Protection Declaration under “How can you contact us?” and on our website at instahelp.me/en). Such revocation applies to the future. The data processing we have carried out up until the time of your revocation therefore remains lawful and is not affected by the revocation.

IX. What complaint options do you have?

To enforce your data protection rights you can contact us at any time (see contact details under “How can you contact us?” and at www.instahelp.me).

In addition, you have the right to lodge a complaint with the Austrian Data Protection Authority (Wickenburggasse 8, A-1080 Vienna, Austria, Tel +43 1 52 1 52 0, email: dsb@dsb.gv.at) or with a different data protection monitoring authority in the EU, particularly where you reside or work.

X. How can you contact us?

Insta Communications GmbH
Münzgrabenstraße 92/4, A-8010 Graz – Austria
Tel.: +43 316 22 84 09
email: support@instahelp.me
website: https://instahelp.me

You can contact our data protection officer via:
Tel.: +43 316 22 84 09
email: privacy@ut11.net