1. Scope

These data protection information serve to clarify the processing of personal data in accordance with Art. 13 GDPR and § 32 BDSG when using the Instagram platform. These regulations have been valid since April 2022 and are published at this link.

Changes to the platform or legal adjustments may require an update of this document. The current version will be made available here.

2. Definitions

2.1. Processor

Third parties that process personal data on behalf of a controller.

2.2. Cookies

Data stored in a browser containing information about user interactions.

2.3. GDPR

General Data Protection Regulation (EU) 2016/679. (Full text available at this link.)

2.4. Personal Data

All information that can directly or indirectly identify a person. This includes, among others, name, email address, usage behavior, and interaction data.

2.5. Platform

The services and offerings available through Instagram.

2.6. Controller

The person or organization that decides on the processing of personal data (Art. 4 No. 7 GDPR).

2.7. Web Storage

Local or session-based storage of data in the web browser.

3. Controllers for Data Processing

3.1. Responsibility of Meta (Instagram)

  • Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (for users from the EEA and Switzerland).
  • Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (for all other users).
  • Responsible for the technical operation of the platform and processing personal data for its own purposes, particularly for providing and optimizing its services.

3.2. Responsibility of DEGELER

  • DEGELER GmbH & Co. KG, Frankfurter Str. 63 A, 63322 Rödermark (Impressum).
  • Responsible for processing personal data related to the company’s presence on Instagram, including interactions with users and reach analysis.

3.3. Joint Responsibility of Meta and DEGELER

For collecting and analyzing statistics on user interactions, there is joint responsibility under Art. 26 GDPR. The relevant agreement can be viewed here: Meta Controller Addendum.

4. Data Protection Officer

4.1. Contacting Meta

Meta provides the following contact form for data protection inquiries: Click here.

4.2. Data Protection Officer of DEGELER

DEGELER has not appointed a data protection officer.

5. Data Processing by Instagram

Instagram processes personal data whenever profiles are accessed, regardless of whether the user is logged in.

Further details are available in Instagram's Data Policy.

Legal bases for data processing by Instagram can be viewed here: Instagram Legal Bases.

6. Cookies and Web Storage

Instagram uses cookies and web storage technologies, over which DEGELER has no control.

Further information is available here: Instagram Cookie Policy.

7. Data Processing by DEGELER

7.1. Processing Purposes

  • Providing and maintaining the Instagram profile.
  • Interacting with users (e.g., comments, direct messages, likes, shares).
  • Analyzing user behavior to optimize content.

7.2. Legal Bases

  • Art. 6 (1) lit. b GDPR – Contract with Instagram users.
  • Art. 6 (1) lit. f GDPR – Legitimate interests in optimizing content.

8. Joint Data Processing with Instagram Insights

Instagram provides aggregated usage statistics that DEGELER uses to optimize its social media presence. These include:

  • Number of interactions (likes, comments, shares).
  • Visitor statistics (page views, demographic data).
  • Reach of posts and engagement rate.

DEGELER does not have access to individual user data. Further details are available under Instagram Insights.

9. Data Sharing

9.1. Data Sharing by Instagram

Recipients of personal data are explained in Instagram's Data Policy.

9.2. Data Sharing by DEGELER

Internally:

  • Data is shared only with responsible employees.

Externally:

  • Shared with external service providers (e.g., social media agencies) under a data processing agreement (Art. 28 GDPR).

9.3. Legal Bases for Data Sharing

  • Art. 6 (1) lit. a GDPR – Consent.
  • Art. 6 (1) lit. c GDPR – Legal obligation.
  • Art. 6 (1) lit. f GDPR – Legitimate interests (e.g., legal enforcement).

10. Data Subject Rights

10.1. Rights Against Instagram

Instagram provides information on data protection rights and privacy settings at this link.

10.2. Rights Against DEGELER

Users have the right to:

  • Access their data (Art. 15 GDPR).
  • Rectify incorrect data (Art. 16 GDPR).
  • Request deletion of data (Art. 17 GDPR).
  • Restrict processing (Art. 18 GDPR).
  • Receive data portability (Art. 20 GDPR).
  • Withdraw consent at any time (Art. 7 (3) GDPR).
  • Object to processing (Art. 21 GDPR).

Complaints can be submitted to the relevant Data Protection Authority: List of Data Protection Supervisory Authorities.

11. Storage Duration

11.1. Storage Principles

  • Data is stored only as long as necessary for the respective purpose.
  • Consent-based data processing: stored until withdrawal.
  • Contractual purposes: stored until contract termination.
  • Legitimate interests: stored until the right to object is exercised.

12. Sources of Personal Data

Personal data is:

  1. Provided by users themselves.
  2. Collected by the Instagram platform.