In general, you should ensure that you only request personal data that is absolutely necessary for your company's associated services. Furthermore, there are certain types of personal data that must not be collected under any circumstances due to a special need for protection. This includes, for example, information on health status, biometric data, and any data that allows an assessment of ethnic origin or is linked to religious, political, or ideological views. Furthermore, you must provide your website visitors with the opportunity to learn about the use of their personal data as part of your privacy policy. Another key aspect is that you may not send a newsletter without business owner data consent. To avoid illegal advertising emails that unreasonably annoy consumers, the so-called double opt-in is the only GDPR-compliant newsletter registration process that may be used. After completing the newsletter registration form, the interested party receives an email with a confirmation link. A newsletter may only be sent to the consumer once this link has been clicked. In general, every newsletter should contain a link that allows recipients to unsubscribe from the newsletter at any time.
Digital image of woman's eye. Security concept
Hubspost and the GDPR: Are HubSpot and data protection compatible?
To determine whether HubSpot and the GDPR are compatible, let's first consider why the EU considers the US data protection level to be inadequate. For many years, the EU-US Privacy Shield ensured that data was transferred legally between Europe and the United States. However, with the passage of the so-called "CLOUD Act" in 2018, US authorities gained access to the data of American companies and thus also to the data of their non-US customers. According to the European Court of Justice, this fact conflicts with the European General Data Protection Regulation. However, it should be added at this point that US authorities cannot access customer data arbitrarily. Instead, access is only permitted with the customer's consent or a warrant or court order. As a result of the repeal of the EU-US Privacy Shield, HubSpot has offered its users the option since July 2021 to choose whether their data should be stored on servers in Europe (more specifically, a data center in Germany with a backup in Ireland) or in the USA. However, the transfer of personal data to third countries, including the USA, is not generally prohibited under the GDPR. However, the process is more complicated because certain conditions must be met, which are listed in Articles 44 to 50 of the GDPR. HubSpot has incorporated these conditions into its data protection agreement.
- Board index
- All times are UTC
- Delete cookies
- Contact us