Find out how we can help you make your website or app compliant with regulations
Websites and apps must always comply with certain obligations imposed by law. Failure to comply with the rules, in fact, involves the risk of significant fines.
For this reason, we have chosen to rely on iubenda , a company composed of both legal and technical figures, specialized in this sector. Together with iubenda, of which we are Certified Partners, we have developed a proposal to offer all our customers a simple and secure solution to the need for legal compliance.
The main legal requirements for website and app owners
PRIVACY AND COOKIE POLICY
The law requires every site/app that collects data to inform users through a privacy and cookie policy .
The privacy policy must contain some fundamental elements, including:
- the types of personal data processed;
- the legal bases of the processing;
- the purposes and methods of processing;
- the subjects to whom the personal data may be communicated;
- the possible transfer of data outside the European Union;
- the rights of the interested party;
- the owner's identifying details.
The cookie policy describes in particular the different types of cookies installed through the site, any third parties to which these cookies refer – including a link to the respective documents and opt-out forms – and the purposes of the processing.
Can't we use a generic document?
It is not possible to use generic documents as the information must describe in detail the data processing carried out by your site/app, also listing all third-party technologies used (e.g. Facebook Like buttons or Google Maps maps).
What if my site doesn't process any data?
It is very difficult for your site not to process any data. In fact, a simple contact form or a traffic analysis system like Google Analytics are enough to trigger the obligation to prepare and display an information notice.
COOKIE LAW
In addition to preparing a cookie policy, to adapt a website to the cookie law it is also necessary to show a cookie banner at the first visit of each user and acquire consent to the installation of cookies . Some types of cookies, such as those released by tools such as social sharing buttons, must in fact be released only after obtaining valid consent from the user.
What is a cookie?
Cookies are used to store some information on the user's browser while browsing the site. Cookies are now essential to allow the correct functioning of a site. In addition, many third-party technologies that we usually integrate into our sites, such as a simple YouTube video widget, also use cookies.
SPACE
CONSENT ACCORDING TO GDPR AND LGPD
Pursuant to the GDPR, if the user has the possibility to directly enter personal data on the site/app, for example by filling out a contact form, service registration form or newsletter subscription form, it is necessary to collect free, specific and informed consent , as well as record unequivocal proof of consent .
Similar to the GDPR, the Brazilian LGPD also requires the data controller to demonstrate, through the storage of evidence, that the user's consent has been correctly collected.
What is meant by free, specific and informed consent?
It is necessary to collect a consent for each specific processing purpose – for example, a consent to send newsletters and another consent to send promotional material on behalf of third parties. Consents can be requested by providing one or more non-pre-selected, non-mandatory checkboxes accompanied by informative texts that make it clear to the user how his/her data will be used.
How can consent be demonstrated unequivocally?
You need to collect a set of information whenever a user fills out a form on your site/app. This information includes a unique user identifier, the content of the privacy policy accepted, and a copy of the form presented to the user.
Is the email I receive from the user after completing the form not sufficient proof of consent?
Unfortunately, this is not sufficient, as some information necessary to reconstruct the suitability of the consent collection procedure is missing, such as a copy of the form actually filled out by the user.
Do I need to comply with the LGPD even if my organization is not based in Brazil?
You fall within the scope of the LGPD if you process data of people who are within Brazilian territory, regardless of their nationality (even if they were only in Brazil at the time of data collection, and have since moved).
SPACE
CCPA
The CCPA (California Consumer Privacy Act) requires that California users be provided with information about how and why their data is being used, their rights in relation to that data, and how they can exercise those rights, including the right to opt out. If you fall under the CCPA, you must provide this information both in your privacy policy and in a notice of data collection displayed on the user's first visit (where applicable).
To facilitate opt-out requests by California users, you should include a “Do Not Sell My Personal Information” (DNSMPI) link both within the data collection notice displayed on the user’s first visit and elsewhere on the site that is easily accessible to the user (a best practice is to include the link in the footer of the site).
My organization is not based in California, do I still need to comply with CCPA?
The CCPA may apply to any organization that processes or could potentially process personal information of California users, regardless of whether the organization is located in California. Since IP addresses are considered personal information, any website that receives at least 50,000 unique visits per year from California is likely to fall under the CCPA.
SPACE
TERMS AND CONDITIONS
In some cases, it may be appropriate to protect your online business from liability by preparing a Terms and Conditions document. Terms and Conditions usually include clauses regarding the use of content (copyright), limitation of liability, conditions of sale, allow you to list the mandatory conditions required by consumer protection legislation and much more.
The Terms and Conditions should include at least this information:
- the identification data of the activity;
- a description of the service offered by the site/app;
- information on risk allocation, liability and disclaimers;
- warranties (if applicable);
- right of withdrawal (if applicable);
- safety information;
- usage rights (if applicable);
- conditions of use or purchase (such as age requirements or country restrictions);
- refund/replacement/suspension of service policies;
- information on payment methods.
When is it mandatory to prepare a Terms and Conditions document?
Terms and Conditions can be useful in any scenario, from e-commerce to marketplace, from SaaS to mobile app and blog. In the case of e-commerce, it is not only advisable, but often mandatory to prepare this document.
Can I copy and use a Terms and Conditions document from another site?
The Terms and Conditions document is essentially a legally binding agreement, and therefore it is not only important to have one, but you also need to ensure that it complies with legal requirements, that it correctly describes your business processes and model, and that it remains up to date with relevant regulations. Copying Terms and Conditions from other sites is very risky as it may render the document null and void.
How we can help you with iubenda solutions
Thanks to our partnership with iubenda, we can help you configure everything you need to make your site/app compliant. iubenda is in fact the simplest, most complete and professional solution to comply with the regulations .
PRIVACY AND COOKIE POLICY GENERATOR
With iubenda's Privacy and Cookie Policy Generator we can create a custom privacy policy for your website or app. iubenda's policies are generated by drawing on a database of clauses drafted and continuously reviewed by an international team of lawyers.
SPACE
COOKIE SOLUTION
iubenda’s Cookie Solution is a comprehensive system for complying with the Cookie Law by displaying a cookie banner on each user’s first visit, providing a system for prior blocking of profiling cookies and collecting valid consent to the installation of cookies by the user. The Cookie Solution also allows you to comply with the CCPA, by showing Californian users a data collection notice containing a “Do Not Sell My Personal Information” link and facilitating opt-out requests.
SPACE
CONSENT SOLUTION
iubenda’s Consent Solution allows you to collect and store unambiguous proof of consent under the GDPR and the Brazilian LGPD whenever a user fills out a form – such as a contact form or a newsletter subscription – on your website or app, and to document opt-out requests from Californian users in accordance with the CCPA.
SPACE
TERMS AND CONDITIONS GENERATOR
With iubenda's Terms and Conditions Generator, we can create a customized Terms and Conditions document for your website or app. iubenda's Terms and Conditions are generated from a database of clauses drafted and continuously reviewed by an international team of lawyers.