HUG PRIVACY GUIDELINES

 

As a HUG Leader, we're counting on your to follow the guidelines set forth on this page. Failure to comply with the guidance below can result in termination of your HUG Leader Portal, and removal from the HubSpot User Groups program.

Please note, these guidelines are for HUG leaders and not general customer guidance. For general customers, please reference our GDPR Product Playbook

Basic Requirements

Requirements you must meet as a HUG Leader

As a HUG Leader, we require that you do the following:

  • Turn the GDPR toggle on in your HUG portal… and leave it on
  • Provide appropriate notice on all forms or data acquisition points
  • Allow for opt-out in all communications
  • Communicate with HubSpot about any data subject requests (e.g., requests for access, deletion, etc.)
  • Links to HubSpot's Privacy Policy on your site 

Storing and Managing HUG Data

Learn how to use your portal to manage HUG contacts

Who owns HUG user data?

As stated in the HUG Leader Guidelines: “While we might make a HubSpot Marketing portal available to you to use in accordance with these HUG Guidelines, this portal and all intellectual property related to it belong to and are the property of us or our licensors (if any).” This means that all user data housed in the HUG portal ultimately belongs to HubSpot.

Where should I store HUG data?

All HUGs should be managed in a way that is compliant with GDPR - meaning that you are only contacting people who have opted into communications, and for whom you have a lawful basis for processing. Assuming you are following these guidelines, all of your HUG data should be stored within your program portal.

Am I allowed to import users into my HUG portal?

It is ok to import contacts into your portal, so long as that information as been collected in a way that is GDPR compliant. This means you need to ensure you have a lawful basis to process the data you add to a HUG portal. Follow these steps to assign lawful basis of processing.

Am I allowed to send user data to HubSpot (e.g. post-event form list uploads)?

Yes - provided that all information is being gathered in a GDPR compliant fashion, you are allowed to send HubSpot data from your portal.  

Building Forms and Landing Pages

How to ask for information - and what information to ask for.

How can I ensure my HUG registration pages are GDPR compliant?

To ensure your HUG registration pages are GDPR compliant - please review the “Ana fills out a form on Acme's site” section of The HubSpot GDPR Playbook.

What data am I allowed to ask people for when they register for a HUG event?

Under GDPR, you should be asking for ONLY the information that you need from someone in order for them to attend an event. Asking for information that you intend to use for purposes beyond why your registrant is filling out a form is a breach of your lawful basis to process their data.

What if I manage my event via Eventbrite? Can I have someone sign up for a HUG on Eventbrite and then import that info into my portal?

Yes - you may use Eventbrite or other third party registration systems to gather applicant data. Should you chose to do so, you are still responsible for ensuring the process is GDPR compliant. This means that you should be displaying notice on all forms on third party sites.

Assorted Answers

A few more questions that we've received.

Should I use a cookie notice on my site?

Yes! Please turn-on the built-in cookie warning provided for you with the HubSpot software.  

Am I allowed to contact HUG users from my personal/agency portal or about topics unrelated to my HUG?

No - per our legal guidelines, this action is prohibited: “One important restriction – you can use the contact information of your HUG attendees for HUG-related activities only.” Contacting attendees from another portal is also prohibited.

If we inherited our portal from someone else, do we need to do anything about the contacts that are already in there?

HUG portals belong to HubSpot and are transferred between leaders when leadership changes. All users who are already in that portal have opted in to HUG communication, not communication from that previous leader, and so they are ok to remain in that portal. You - of course - must always give people the option to opt-out of communication should they want to.

How long should I maintain the data in my HUG portal?

So long as someone continues to engage with your event or your emails, they can remain in your portal. A safe time period to use is one year. For anyone who has not engaged with you in over a year -you should delete them from your portal.

Can I share attendee data with anyone?

No - attendee data should not be shared with anyone. This includes but is not limited to, Sales Reps, “Sponsors”, etc...

Do HUG leaders need a notification that their site uses cookies?

Yes -  Please follow the steps on this knowledge base article to set up a cookie notification for your HUG site.

What if I get a data subject access request, or a deletion request from a contact?

Email privacy@hubspot.com and our team will take care of it.

Something We Didn't Answer?

#

Submit a Question

We're happy to answer any additional questions. Simply submit them to us and we'll get you more information as soon as we can.

Submit Here
#

Review Our GDPR Product Playbook

The team at HubSpot has put together an in-depth guide on how to use the HubSpot product in a way that is GDPR compliant.

See Here
#

Review the HUG Leader Legal Guidelines

Take a look at the standard program guidelines to understand the general rules set forth for HUG Leaders.

Review Here