If you use ChiliDataWarehouse to store or back up CRM data from HubSpot, you must ensure the following actions are taken to comply with the GDPR
1. Define Purpose and Legal Basis
-
Document why you store customer data in ChiliDataWarehouse (e.g. reporting, backup).
-
Use a valid legal basis (usually legitimate interest or contract performance).
📝 2. Update Your Privacy Notice
-
Inform your customers that their data may be stored in a data warehouse.
-
Mention the purpose, type of data, storage location (e.g. Switzerland/EU), and retention period.
🤝 3. Ensure a Valid Data Processing Agreement (DPA)
-
With the activation of ChiliDataWarehouse in the HubSpot marketplace, you agree and sign the DPA with ChiliDigital AG, the provider of ChiliDataWarehouse.
-
On you side, you have to list ChiliDataWarehouse as a sub-processor in your own DPA (if applicable).
🌐 4. Data Location and Transfer
-
Make sure your GDPR documents mention where the data is hosted (e.g. Switzerland, EU).
-
No additional safeguards are needed if the hosting is in the EU or Switzerland (which has adequacy status).
🔐 5. Implement Security & Retention Policies
-
Ensure your internal documentation reflects:
-
Encryption and access controls used in ChiliDataWarehouse.
-
Retention and deletion policies (especially how data can be removed if a customer requests it).
-
📄 6. Keep Records of Processing (RoPA)
-
Update your processing records to include ChiliDataWarehouse as a storage or backup system for customer data.