Since the use of CDN Hubspot can potentially transfer data to a third country without an adequacy decision, processing requires the user's consent (Art. 49(1) a GDPR), whereby the risks of data transfer must be pointed out so that the user can make a well-informed decision.

Data Transfer

The documents contained on https://legal.hubspot.com/dpa must be checked to ensure that all the criteria of Art. 28 GDPR are met and that the technical and organizational measures specified by the service provider represent protection appropriate to the risk.
The documents must be archived so that they can be proven to the supervisory authority if necessary.

Privacy Statement for the Service CDN Hubspot

When accessing some sub-services of our website, additional personal services are processed. Processed data categories: technical connection data of the server access (IP address, date, time, requested page, browser information). Purpose of processing: Delivery and provision of the website. The legal basis for processing: a legitimate interest that overrides the rights and freedoms of the data subject (Art. 6 (1) f GDPR). Legitimate interests: strong economic interest in safe and functioning operation of the technical systems. Data is transmitted: to the data processor HubSpot, Inc., Two Canal Park, Cambridge, MA 02141-1814, USA (https://www.hubspot.com). This may also mean a transfer of personal data to a country outside the European Union. The data is transferred to the USA on the basis of Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, since the data recipient has committed to comply with the data processing principles of the Data Privacy Framework (DPF).

Integrate CDN Hubspot GDPR compliant with legal web Privacy Cloud

With legal web Privacy Cloud, the service CDN Hubspot can be easily integrated in a legally compliant manner. Legally compliant cookie popup and complete data protection declaration included.

More information

Additional Information

In addition to the above information, the data protection information must also contain the mandatory information from Art. 13 or 14 GDPR: Name and contact details of the controller, if necessary the contact details of the data protection officer, the purposes for which the personal data are to be processed, the legitimate interests, if the processing is based on Article 6 (1) f GDPR, the duration of the processing, information on the rights of the data subjects including the right to lodge a complaint with a supervisory authority, the possibility of simply revoking consent given, and information as to whether the Provision of the data is required by law or contract or what the possible consequences of non-provision would be. In the event that the data is used for automated decision-making, including profiling, meaningful information about the logic involved and the scope and impact on the data subject must be provided. The processing of the data must also be documented in the list of processing activities in accordance with Art. 30 GDPR. The information required for this can already be found in the privacy statement, which can be created from the previous information.

Preconfigured services & integrations

Individually expandable

Privacy
The controller (legal web GmbH, Austria) would like to use the following services in order to process your personal data. Technologies such as cookies, localStorage, etc. can be used for personalization. This is not necessary for the use of the website, but allows us to interact with you more closely. If you wish, you can adjust or revoke your consent at any time via our privacy policy.