Updates to the Hubspot Business Partner Data Processing Agreement
September 1, 2023
We have updated our Business Partner DPA, which is incorporated in our HubSpot Solutions Partner Program Agreement and the HubSpot App Partner Program Agreement, to reflect HubSpot’s participation in the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework self-certification programs (collectively the Data Privacy Framework).
To the extent that HubSpot, Inc. receives European Data in the United States, we will comply with the Data Privacy Framework to lawfully receive that data. Should European Data Protection Laws require that appropriate safeguards be put in place (for example, if the Data Privacy Framework does not cover the data transfer and/or the Data Privacy Framework is invalidated), we will continue to rely upon the Standard Contractual Clauses (SCCs) for the transfer of data.
In addition to relying upon the Data Privacy Framework, we have also:
Added terms to the ‘Data Transfers’ section to include updates that reflect the introduction of, and obligations under the Data Privacy Framework for both HubSpot and Partners
Updated the terminology within the DPA to ensure the application of the Controller and Processor obligations to apply to all personal data, not just European Data.
Included reference to the amendments made to the California Consumer Privacy Act of 2018 (CCPA) by the California Privacy Rights Act of 2020 (CPRA)
Added CPRA terms to the ‘Additional Provisions for California Personal Information’
Please remember that this is just an informal, high-level summary of the most recent changes to our terms and that you should always make sure you’ve read and understood the complete partner agreements before you partner with us.