Under the General Data Protection Regulation (GDPR) and other data privacy laws, companies need a legal reason to use and process contact data and must keep records of consent and evidence of other legal purposes of processing.
The contact property Legal basis for processing contact's data helps you collect, track, and store legal basis of processing via contract, legitimate interest, and/or consent for your HubSpot contacts. According to GDPR, businesses are required to have at least one of six legal bases as a valid reason for processing data. There may be more than one legal basis that fits each situation.
Please note: while HubSpot provides this feature, your legal team is the best resource to give you compliance advice for your specific situation.
View the property and understand each legal basis
In your HubSpot account, click the settingssettings icon in the main navigation bar.
In the left sidebar menu, navigate to Properties.
Search for and click the property Legal basis for processing contact's data.
In the property, you can view six default property options. The first three options are different types of legitimate interests. A legitimate interest is when businesses have a necessary and legal business reason to process a contact's personal data in a way the contact would expect.
Legitimate interest - prospect/lead: When processing data from a prospect or lead to communicate about potential business. For example, processing a prospect's name and email after they've signed up to receive a newsletter. A prospect or lead is a contact that has expressed interest in a business but hasn't bought any goods or services.
Legitimate interest - customer: When processing data for a customer is necessary to support the ongoing business relationship. For example, updating a customer's address or sending them information about a new store opening. A customer is someone who has bought goods or services from a business.
Legitimate interest - other:When there's a legal reason for processing a contact's data in a way the contact would expect from the business, but the type of contact or business relationship doesn't match any of the other HubSpot categories given.
Performance of a contract: When processing contact data is needed to complete tasks under a contract or before formally starting a business relationship. For example, processing a contact's email addresses after they've requested a quote through email.
Freely given consent from contact: When a contact has given direct consent to process their personal data, for example when a contact creates an account profile with a business and agrees to communication. Consent should be specific, informed, and unambiguous.
Not applicable: When a legal reason to process contact data is not required. For example, the contact is not an EU citizen covered under GDPR privacy laws.
Please note: by selecting Legal basis for processing contact's data as Not applicable the contact will be eligible to receive emails from your account if they are included in the recipient list.
Grant legal basis
You can add consent and legal basis to contacts when you: