Privacy and data protection notice

We use Fathom Analytics (privacy policy), software built with privacy at the core, for website analytics. Your IP address (which we can't see) is only processed briefly and no data is stored over time. The lawful basis is our legitimate interest to continually improve our websites and business.

This processing applies to the following websites:

• noties.consulting
• dpohub.eu
• join.dpohub.eu
• community.dpohub.eu

This website is built with Ghost CMS (privacy policy), hosted on Digital Ocean with data stored in the EEA. We aim to limit third-country transfers and don't use marketing or ads cookies. We use Fathom Analytics for website analytics, as described above.

The join.dpohub.eu website is built on Kajabi CMS (privacy policy), with data stored in the US. We aim to limit third-country transfers and don't use marketing or ads cookies. We use Fathom Analytics for website analytics, as described above. Read the cookie notice here.

When you submit a contact form, it’s stored in Kajabi, and we receive an email copy. Personal data includes what you submit, plus the date and time. This is to facilitate communication based on our legitimate interest in replying to your inquiry. We delete data regularly, within a year. You can also subscribe to our free newsletter—details in the next section. 👇

On our website join.dpohub.eu/yes you can sign up for our free newsletter, sent 1-2 times a month. You must provide an email address and can share your name. The lawful basis is your consent.

The newsletter includes Rie's privacy and data protection musings, handy tips on being an Effective DPO, tidbits related to the Grumpy GDPR podcast (not shared elsewhere!), and we sometimes promote our services.

Kajabi's newsletter analytics (opens/clicks) can't be disabled. As consent doesn't seem right in this scenario, we base this processing on our legitimate interest to run our business effectively. If this processing concerns you, don't subscribe—follow Rie's LinkedIn posts instead.

If you subscribe and then change your mind, you can object or withdraw consent by unsubscribing via the link in any newsletter, and we'll delete this data within a month.

PS: We used an EEA-based service before but switched to a US one for several reasons. First, however, we redid a complete GDPR due diligence and risk assessment of Kajabi, including all six forms (vendor, system, privacy policy, DPAg, and more)! Listen to our Grumpy GDPR podcast discussion for more details.

If you subscribe to the DPO Hub, you're effectively becoming a customer so please refer to the section below. You can read the full privacy notice here.

As a DPO Hub Founding Member, you get free access to the DPO Hub Community (community.dpohub.eu), hosted on Kajabi CMS (privacy policy), with data stored in the US. We aim to limit third-country transfers and don't use marketing or ads cookies. We use Fathom Analytics for website analytics, as described above, and Kajabi shows join date, logins and last activity date. Read the cookie notice here.

The purpose of the Community is to exchange thoughts, ideas and interact with other members, meaning you’ll share plenty of personal data. To get access, you need an account and must share your email address and name, and create a password. The legal basis for this is contract, which you enter into by submitting the form, simultaneously accepting the terms.

If you leave the Community, your account will be removed from the platform, but your profile will only show as inactive, and your interactions remain visible. You can change your profile name before you leave. 

There is, however, currently no way to delete all your data automatically, so if you want your contributions removed, you must do it yourself manually. When you join the Community, you agree to this as per the Community terms; the legal basis otherwise is our legitimate interest to facilitate a dynamic and lively community and maintain a complete history of conversations for all members. 

PS: We're in dialogue with Kajabi to try to get a better erasure process in place.

If you're one of our awesome podcast guests, we'll process your personal data such as name, email, correspondence, calendar invites and everything related to the actual recording, including audio.

The purpose is to facilitate the dialogue around the podcast episode, record, and share the final audio. After you have initially agreed to be a podcast guest, our lawful basis for publishing it is f), where our legitimate interest is to share the audio with our privacy and data protection community to contribute to everyone's continued learning. As a general rule, we don't delete episodes so the recording will exist for as long as the podcast does (which is hopefully for a long time!). If you for any reason want to request deletion of your contribution, please reach out to discuss.

PS: Note that the controllers for this particular processing are your hosts Miloš Novovic and Rie Aleksandra Walle.

When you contact us through our website (contact form, blog comments, chat), email, phone (call, text message), social media and/or give us your business card, we process personal data. Depending on where and how you contact us, this may include your name, contact details, IP address and other information you choose to send to us.

The purpose is to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims. The lawful basis is f), where the legitimate interests are to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims. We review this data at our regular GDPR review day and delete personal data as appropriate. Due to the nature of our business, we can keep this type of personal data up to three years, or five years if we have a legal obligation in accordance with Norwegian accounting and bookkeeping rules.

When you purchase products and services from us, we process personal data such as your name, contact details, order and payment details as well as purchase history. If your purchase includes digital delivery, for example over video (recorded or not), either one to one between us and you, or one to many between us and a group of people, we also process personal data such as profile picture, video (picture and sound), messages (chat) and IP address. Depending on the type of purchase, we may share the content from or the recording, or the entire recording, with other people, e.g. where the service is structured as a group program (for example mentorship). The recording will not be shared with unauthorized people. For services where we use a webinar system, please read more below.

The purpose is to be able to fulfil our obligation to deliver products and services you have purchased and to manage the customer relationship. The lawful bases are b) contract and c) legal obligation related to accounting, tax and other business rules and regulations we are required to abide by.

We process the data for as long as we have a legal obligation as per any applicable rules and regulations we are bound by. For example, we are required by law to store business records, which could include personal data, for a minimum of five years for accounting and tax purposes as per Norwegian regulations. In addition, we store data from customer projects/engagements, for up to five years following the end of the customer relationship, where the purpose and our legitimate interest (cf. the GDPR Article 6(1)(f)) is to be able to document deliverables and defend against legal claims.

When you attend our events that are free of charge, we process personal data such as your name and contact details. For paid events, we also collect order and payment information. The purpose is to be able to process your registration and attendance, and, if applicable, your payment. The lawful basis is a) consent, or, for paid events, b) contract and c) legal obligation related to accounting, tax and other business rules and regulations we are required to abide by. If we collect any information about dietary and/or access requirements, we also need your consent under GDPR Article 9(2)(a).

We may also use your data to send you an evaluation of the event you attended, to invite you to other relevant events and/or to offer relevant products and services. The lawful basis is f), where our legitimate interest is to offer you relevant products and services, we think you will be interested in. If you do not wish to receive such messages, you will have an easy way to opt out, for example through an unsubscribe link in our emails. The data is kept for up to two years after you requested access to the content unless you subscribe to e.g. our newsletter and/or are a customer of ours.

Responding to our evaluations and surveys are voluntary. We process personal data such as your name, contact details and other information you choose to share with us. Some evaluations or surveys may be anonymous, and in such cases, we do not process any personal data.

The purpose is to gather your feedback so that we can continuously improve our products and services, as well as provide you with better customer service in the future. The lawful basis is a) consent. We keep this data until you ask us to delete them, or at the latest up to two years after you responded to the survey.

When you enter into an agreement with us either as a vendor, partner or processor, we process personal data such as your name, contact details and correspondence. The purpose is to be able to enter into this agreement and to respond to your inquiries and the lawful basis is b) contract. We review this data at our regular GDPR review day and delete personal data as appropriate, however no later than five years after the contract has been terminated. We process other communication data as per the first paragraph in this chapter, please see above.