Ist meine Nutzung von HubSpot mit der DSGVO und dem CCPA konform? (2023)

FAQs

Is HubSpot CCPA compliant? ›

The CCPA imposes obligations for companies that sell a consumer's personal information and/or the data of children. However, this blog post will not cover those exceptions because HubSpot customers are not allowed to use our products to sell data or collect childrens' data.

The CCPA is an American state law that focuses exclusively on protecting the privacy of California residents. The GDPR is a European Union (EU) regulation that protects the personal data of those living in the EU by imposing strict data protection requirements and strict penalties for non-compliance.

The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law.

A: CCPA stands for the California Consumer Privacy Act. It is a new data privacy law that provides privacy rights to California residents.

Even though HubSpot offers the security measures necessary to protect PHI, they clearly state on their website that they are not a HIPAA compliant solution. This is because they don't currently sign BAAs with their clients. HubSpot is a popular name among businesses, developers, and marketers.

Consequently, any passage of PHI through the HubSpot platform – even when collected by a third party extension – is a violation of HubSpot´s Terms of Service. Note: It is not the case that HubSpot is not HIPAA compliant because the company will not sign a Business Associate Agreement.

CCPA requires companies to comply with user requests for: All data collected and stored. Each category of sources where data is collected (e.g., financial, contact, medical). The business purpose for collecting and selling user data.

The CCPA requires that businesses provide specific information to consumers and establishes delivery requirements. Third parties must also give consumers explicit notice and an opportunity to opt out before re-selling personal information that the third party acquired from another business.

CCPA does not specify what security measures need to be implemented to protect the personal data of California residents; however, businesses do have a duty to implement reasonable security measures based on the level of risk, in accordance with other state laws.

What is not considered personal information under the CCPA? ›

The categories of personal information includes but is not restricted to: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.

The CCPA only applies to for-profit businesses that meet the criteria listed above. “Business,” as defined by the law, is a sole proprietorship, LLC, corporation, association, or other legal entity organized or operated for the profit or financial benefit of its shareholders or other owners.

All companies that serve California residents and have at least $25 million in annual revenue must comply with the law. In addition, companies of any size that have personal data on at least 50,000 people or that collect more than half of their revenues from the sale of personal data, also fall under the law.

CCPA personal information definition

A list of what is defined under the CCPA as personal information includes: Direct identifiers such as real name, alias, postal address, social security numbers, driver's license, passport information and signature.

The CCPA requires businesses to provide consumers with certain rights regarding their personal data. These rights include the right to know what personal data is being collected about them, the right to have their personal data deleted, and the right to opt out of the sale of their personal data.

Companies using Hubspot CRM for CRM include: Mitsubishi Heavy Industries, a Japan based Manufacturing organisation with 77991 employees and revenues of $3860.28 billion, Walmart, a United States based Retail organisation with 2300000 employees and revenues of $611.29 billion, Shell, a United Kingdom based Oil, Gas and ...

The HubSpot CRM will only read and store the email body for email threads that have been previously logged in the CRM or sent from the CRM.

Data you store in HubSpot products is yours -- we put our security program in place to protect it, and use it only as permitted in our Customer Terms of Service and Privacy Policy. We never share your data across customers and never sell it.

Yes, HubSpot uses SQL (Structured Query Language) databases. If you've ever done any sort of research online, chances are good that you've come across terms like MySQL or PostgreSQL before.

Does my CRM need to be HIPAA compliant? ›

All CRM software used in healthcare must comply with HIPAA, because the law applies to all patient data with which healthcare providers interact.

The CCPA empowers California residents with the right to opt out of third-party data sales, the right to be informed of data collection and rights, the right to have collected data disclosed, the right to have collected data deleted, and the right to equal services and prices.

A business cannot discriminate against a consumer because the consumer exercised a right given to them under the CCPA. For example, if a consumer exercises their right to opt-out of the selling of their personal information, the business cannot offer substandard service or substandard products to the consumer.

Data Mapping. Data mapping is the first step to becoming CCPA compliant, and generally the most labor-intensive one as well. During this process, businesses must precisely determine what personal information they are collecting, who they are collecting it from, and who they are sharing it with.

If one (or more than one) of the following is true, your business will require CCPA certification: You earn 50% or more of your revenue from selling consumers' personal information. You are a for profit business making at least $25 million gross annual revenue. You hold more than 50,000 users' or devices' data.

The CCPA exempts information collected as part of a clinical trial or other biomedical research study that is subject to the Federal Policy for the Protection of Human Subjects, also known as the Common Rule.

As of January 1, 2023, California residents have the following rights: The right to delete personal information businesses have collected from them (subject to some exceptions);

If a consumer opts out of the sale of personal information, the business must refrain from selling the personal information collected by the business and respect the decision to opt out for at least 12 months before requesting that the consumer opt-in to the sale of their personal information.

CCPA Overview

It will give consumers ownership, control, and security over their personal information – and consumers will have the ability to request that any business disclose (and delete) the personal information that it collects, and request that their data not be sold to third parties.

What are CCPA violations examples? ›

A business must maintain records of consumer requests made pursuant to the CCPA and how the business responded to such requests for at least 24 months. The business must implement and maintain reasonable security procedures and practices in maintaining these records.

an individual's name, signature, address, phone number or date of birth. sensitive information. credit information. employee record information.

The CCPA defines personal data as "information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household." These regulations give consumers power over their data and what companies do with it.

Sharing sensitive information such as your address, phone number, family members' names, car information, passwords, work history, credit status, social security numbers, birth date, school names, passport information, driver's license numbers, insurance policy numbers, loan numbers, credit/ debit card numbers, PIN ...

Generally, the CCPA is interpreted to not cover colleges and universities because they are often considered not-for-profit entities. However, the CCPA offers no guidance on how to determine whether a business is indeed for “profit” or not.

The CCPA protects California consumers' rights when dealing with businesses that collect, store, and sell their sensitive data. It defines a consumer as any natural person who is a resident of the State of California. Businesses should also take note that the CCPA applies even when residents are traveling out of state.

But the CCPA goes beyond these existing requirements and requires employers to disclose and deliver, free of charge, the personal information the business has collected, the sources from which it is collected, the business or commercial purpose for collecting the information, and the categories of third parties with ...

The CCPA prohibits an administrative action from being commenced more than 5 years after the date on which a violation occurred. The CCPA also subjects a violator of its provisions to a civil penalty, as specified, to be assessed and recovered in a civil action brought by the Attorney General.

California: CalOPPA

The California Online Privacy Protection Act (CalOPPA) calls personal information "personally identifiable information." Helpfully, CalOPPA lists the types of information it considers personally identifiable information: First and last name.

Which people benefit from the rights granted by the CCPA? ›

It greatly enhances the consumer rights available to Californian citizens, and it is designed to give Californians similar rights as European Union (EU) citizens have over their personal data under the General Data Protection Regulation (GDPR).

Under California law, the damages for CCPA violations may include the following: $100 to $750 per consumer per incident, or actual damages, whichever is greater; Injunctive or declaratory relief; Any other relief the court deems proper.

The CCPA gives Californians several basic rights: the right to know what personal information is being collected about them, the right to access that data, the right to know who it's being sold to, and the right to opt out of those sales.

At HubSpot, our entire organization is hard at work ensuring that our own practices are GDPR-compliant. But equally important to us is helping you, our partners and customers, understand what the GDPR means for your businesses and build compliant processes of your own.

In relation to our customers, Salesforce qualifies as a Service Provider under the CCPA and is dedicated to helping our customers comply with the CCPA when using our services.

Yes. Google Analytics uses Client IDs to measure each individual user and their behavior in order to aggregate and present data about your website's performance. Client IDs fall under the CCPA's definition of personal information because they can be used to recognize a consumer over time and across different services.

We collect Personal Data when you sign-up for a HubSpot account, create or modify user information, set preferences, or provide any other related information to access or utilize our Subscription Service. We collect payment and billing information when you register for paid products or services.

What is HubSpot? HubSpot is a CRM platform that's designed to scale with your business. From a one-person business to a 2,000+ employee enterprise, The HubSpot CRM platform has the marketing, sales, customer service, operations, and content management features you need to build the best experience for your customers.

CCPA personal information definition

A list of what is defined under the CCPA as personal information includes: Direct identifiers such as real name, alias, postal address, social security numbers, driver's license, passport information and signature.

The CCPA statute of limitations refers to two things, broadly: the timeframe within which legal action may be brought against an organization for violating CCPA rights and the duration for which such an organization is allowed to retain data pertaining to a California consumer.

Does CCPA apply to all states? ›

It applies to companies that "do business" in California, regardless of where they are based. The "consumers" the CCPA protects are California residents.

The CCPA was written for the protection of California consumers, and it exempted anyone who wasn't acting in a business context. The CPRA now also covers company employees, owners, directors, officers, and contractors as well as job applicants and B2B contacts.

Microsoft and the CCPA

As set out in the OST, Microsoft complies with all laws and regulations applicable to its provision of the Online Services, which would include the CCPA.

The CCPA privacy policy notice requirement is two-tiered: It must appear in a business' online privacy policy (if it has one). It must be included in any California-specific description of consumer's privacy rights.