Can anyone enlighten me on how I need to incorporate bubbles DPA into my own privacy policy to comply with GDPR? Is it enough to link to the DPA from our policy page, or do we need a signed document between ourselves and bubble? Or is it enough to list bubble as a sup-processor, implying that the user needs to locate the DPA themselves.
Or am I far off target here assuming that the DPA has relevance to the end-user?
Thanks in advance!
Hi Tom,
This is no legal advice: I’m not a lawyer but I’m working on a similar topic right now. As far as I know you need to have a DPA with bubble and your company. (I’m not quite sure yet if it is automatically existing after you created your bubble account). As far as my lawyer said the DPA doesn’t have to be implemented into the privacy policy, however you have to have it in case somebody asks. If you’re not sure, it’s best to contact a lawyer.
Cheers
Philipp
Thanks Philipp.
After sniffing through dozens of other websites that is very aligned with my conclusion 
I know that Stripe has a standardized process of getting the DPA’s signed, so assumably that is beneficial.
Hi @tom6 did you manage to receive a signed DPA by Bubble? What was to process to get it? Thanks
I love how so many potentially useful threads in the forum just die with no resolution.
I would also like to know how to handle this properly.
