September 2020 Revisions to our Customer Terms of Service
Sep 1, 2020 6:54 AM
Master Terms Updates
HubSpot recently updated the April 7, 2020 version of the Master Terms, which form part of the HubSpot Customer Terms of Service and we wanted to give you some info on what's changed. Archived versions of the TOS are available here for your reference.
We’ve updated the Definition of ‘Personal Data’ to clarify that the term ‘Data Protection Laws’ is defined in the Data Processing Agreement (a.k.a. the DPA).
We’ve added a new definition for ‘Add-Ons’ for clarification purposes only.
We’ve also updated the definition of ‘Sensitive Information’ to make it easier for customers to understand the types of information that are captured under this definition.
We’ve moved some of the restrictions listed in the ‘Prohibited and Unauthorized Use’ section of the Master Terms over to our Acceptable Use Policy because it makes sense for these restrictions to live there. We haven’t made any changes to the restrictions themselves.
For transparency purposes, we’ve now listed the ways in which your fees can increase in the Master Terms (we had previously just referred you to the Product Specific Terms a.k.a. The PST). You’ll still find the full details regarding fee increases in the PST.
We’ve updated the Withholding Tax clause that we added last April to clarify that it applies only to withholding tax. You'll find this clause at section 3.7 in the Master Terms.
We’ve updated the ‘Customer Data’ section of our Master Terms (section 5) in light of the recent Schrems ruling, to clarify that we no longer rely on EU-US Privacy Shield as a transfer mechanism.
We’ve updated the ‘Amendment/No Waiver’ section of our Master Terms (section 11.1). This section deals with what happens when we update our Customer Terms of Service. You can still notify us if you have an objection to an update and we’ve clarified the remedies available if you do have an objection. In most cases we allow you to continue on the previous version of the terms, but if we can no longer reasonably provide the subscription to you under those terms (for example, if the modifications are required by law or result from general product changes) and you’re not comfortable agreeing to them, we’ve provided an option to terminate.
We’ve updated the ‘Insurance’ section of our Master Terms (section 11.13) to specify that cyber insurance is included in our insurance policy. We’ve also increased the coverage amount for Professional Liability Insurance (cyber/errors and omissions liability insurance) to US $5,000,000.
We’ve clarified that our U.S. Government Customer Additional Terms at Appendix 2 to the Master Terms apply to public higher institutions of education.
Finally, as we usually do when we update the TOS, we’ve made some drafting clean-ups, clarifications and formatting improvements. Some of these updates were made to help provide a clearer description of the intent of the terms or to make the terms easier to review.
Acceptable Use Policy (AUP) Updates
We haven’t made any substantive changes to the AUP this time round. But as we outline above, we did move some restrictions from the Master Terms over to section 5 of the AUP.
Data Processing Agreement (DPA) Updates
In light of the recent Schrems ruling, we’ve updated the DPA, specifically the definitions of ‘Privacy Shield’, ‘Privacy Shield Principles’ and ‘Standard Contractual Clauses’; the ‘Transfer Mechanisms for Data Transfer’ section and Appendix 3 to the Standard Contractual Clauses. We clarify that we no longer rely on EU-US Privacy Shield as a transfer mechanism but that we will continue to apply the Privacy Shield principles to all data transferred from HubSpot’s EU customers to the US.
We’ve also updated the ‘Responsibilities’ section of the DPA to reflect how we process California Personal Information as a Service Provider under the CCPA and to further disclose our data practices.
We’ve updated our list of Sub-Processors in Annex 4 of our DPA to include one of our subsidiaries, HubSpot France SAS, and to add the purpose and location of each sub-processor listed in Annex 4.
Finally, as we usually do when we update the DPA, we’ve made some drafting clean-ups, clarifications and formatting improvements. Some of these updates were made to help provide a clearer description of the intent of the terms or to make the terms easier to review.
We have also updated the ‘How We Transfer Data We Collect Internationally’ section in light of the Schrems ruling, to clarify that we no longer rely on EU-US Privacy Shield as a transfer mechanism.
In the California Privacy Rights section we have clarified that we do not not sell Personal Data for the purpose of the CCPA.
We’ve also revised the definition of “Sensitive Information” to align with the changes we made to the language in this definition in the Master Terms (as outlined above).
We updated the ‘How We Transfer Data We Collect Internationally’ section in light of the Schrems ruling to clarify that we no longer rely on EU-US Privacy Shield as a transfer mechanism.
And that’s it! Please remember that this is just an informal, high-level summary of the most recent changes to these documents, and that you should always make sure you’ve read and understood the complete TOS, including the new Master Terms, Product Specific Terms, Jurisdiction Specific Terms, DPA, AUP and Privacy Policies before you use our software or services.
Questions? Let us know!