Personal data processing (privacy notice)

Hey there, fellow DPO/privacy & data protection enthusiast! ๐Ÿ‘‹

This notice is kept intentionally brief because of who's reading this, so don't use it as a template for your customers.

Since you're GDPR savvy and already overwhelmed with limited time, I'll simply state that you're entitled to all GDPR rights, including access. Just reach out if you have any questions: your controller here is me, Rie Aleksandra Walle at dpohub[at]

This notice is for the DPO Hub and the DPO Hub Community. For general business operations, please see the company notice at


When you sign up for the DPO Hub you must share your email address, payment details, name, billing address and, if you're purchasing as a business, Tax ID number (for VAT purposes). The purpose is to give you access to the DPO Hub and the data is required if you want to subscribe. The legal basis is contract. This data is kept for as long as you subscribe, and then for 3,5 years for accounting obligations. I use Stripe to process your payment securely and they retain certain personal data to comply with legal obligations, such as anti-terrorism and anti-money laundering laws.

If you're a Founding Member and would like to receive the carefully put together welcome gift, you must also share your address. I'll then keep this for as long as I might send you something-something in snail mail. This is based on your consent and you can withdraw this at any time, after which I'll delete the data promptly, at the latest within two weeks.

Your email address is required to log in to the DPO Hub and to receive news alerts, but you can unsubscribe from the latter. You can also add your name.

The platform I've built the DPO Hub on allows for newsletter analytics, but this is disabled. Statistics showing when a member signed up, logged in and emails received can't be disabled, however, and is as such considered as part of the contract (where the purpose is to fulfill the contract). If you cancel your subscription, your profile, and all related data, is usually deleted immediately, at the latest within a week.

Finally, I use Fathom Analytics for website analytics; software that was built with privacy at the very core. Your IP address and User Agent are only processed in pseudonomised form for 24-48 hours (read more here). The purpose is to assess the use of the DPO Hub in the most privacy-friendly way as possible, for example which pages are the most visited. The legal basis is f), where my legitimate interest is to continually improve the DPO Hub.

DPO Hub Community

If you pay to join the DPO Hub Community, the same processing described for Stripe above applies. As a Founding Member, you get free access and only need to share your email address and name to create an account. The legal basis for this is contract. I also use Fathom Analytics in the same way as described above.

The purpose of the community is to exchange thoughts, ideas and interact with other members, meaning youโ€™ll share plenty of personal data. If you leave the Community, your account will be removed from the platform, but your profile will only show as inactive, and your interactions remain visible. You can change your profile name before you leave. There is, however, currently no way to delete all your data automatically, so if you want your contributions removed, you must do it yourself manually. When you join the Community, you agree to this as per the Community terms; the legal basis otherwise is f), where my legitimate interest is to facilitate a dynamic and lively community and maintain a complete history of conversations for all members. (And please note that I'm in dialogue with Kajabi to try to change the clunky erasure process!)

Processors and third-country transfers

DPO Hub is built on a platform by Ghost Foundation Ltd, a "proud non-profit organisation building open source technology for journalism". Ghost confirms they store "all data in the EU." I use Stripe as described above and Zapier to automatically create your membership after payment. The DPO Hub Community is built on a platform by Kajabi.

The transfer tool for processors in third countries is either an adequacy decision, the EU Standard Contractual Clauses or your explicit consent. Stripe, Zapier and Kajabi are based in the US and certified under the EU-US Data Privacy Framework. Fathom Analytics is based in Canada and falls under their adequacy decision.

For all other processing which typically takes place in a business, please see my company privacy notice at

Again, if you have any questions or concerns, just email me!

This is Version 1.1. 22 May 2024

Great! Next, complete checkout for full access to DPO Hub.
Welcome back! You've successfully signed in.
You've successfully subscribed to DPO Hub.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.