Iubenda Partner | Image Name

Iubenda Partners

Find out how we can help you adapt your site or app to regulations

Websites and apps must always comply with certain obligations imposed by law. Failure to comply carries the risk of heavy penalties.

For this we chose to rely on iubendaa company consisting of both legal and technical figures, specialising in this field. Together with iubenda, of which we are Certified Partners, we have developed a proposal to offer all our customers a simple and secure solution to the need for legal compliance.
Iubenda Partner | Doozy Iubenda Partner
Iubenda Partner | Doozy Service Web Development Agency, We Doozy We Doo
Iubenda Partner | Image Name

The main legal requirements for website and app owners

Privacy and Cookie Policy

The law obliges any site/app that collects data to inform users through a privacy and cookie policy.

The privacy policy must contain some basic elements, including:

  • the types of personal data processed;
  • the legal bases of the processing;
  • the purposes and modalities of the processing;
  • the persons to whom personal data may be disclosed;
  • the possible transfer of data outside the European Union;
  • the rights of the data subject;
  • the identification details of the holder.

The cookie policy describes in particular the different types of cookies installed through the site, any third parties to which these cookies refer - including a link to the respective documents and opt-out forms - and the purposes of processing.

Can we not use a generic document?
It is not possible to use generic documents as the information notice must describe in detail the data processing carried out by one's own site/app, also listing all third-party technologies used (e.g. Facebook Like buttons or Google Maps).

What if my site does not process any data?
It is very difficult for your site not to process any data. In fact, a simple contact form or a traffic analysis system such as Google Analytics is enough to trigger the obligation to prepare and display a disclosure.

Cookie Law

In addition to setting up a cookie policy, in order to adapt a website to the cookie law, it is also necessary to display a cookie banner on each user's first visit and to obtain consent to the installation of cookies. Certain types of cookies, such as those issued by tools such as share buttons on social networking sites, should only be issued after obtaining valid consent from the user.
What is a cookie?
Cookies serve to store certain information on the user's browser while he or she is browsing the site. Cookies are now indispensable for a site to function properly. In addition, many third-party technologies that we usually integrate into our sites, such as a simple YouTube video widget, also make use of cookies.

Consent pursuant to GDPR and LGPD

Pursuant to the GDPR, if the user has the option of directly entering personal data on the site/app, e.g. by filling in a contact form, registering for the service or subscribing to the newsletter, it is necessary to collect free, specific and informed consentas well as registering a unequivocal proof of consent.
Similarly to the GDPR, under the Brazilian LGPD the data controller must prove, by filing proof, that it has correctly collected the user's consent.

What is meant by free, specific and informed consent?
Consent must be obtained for each specific processing purpose - for example, one consent to send newsletters and another consent to send promotional material on behalf of a third party. Consents may be requested by setting up one or more checkboxes that are not pre-selected, are not mandatory and are accompanied by informative text that makes it clear to the user how his or her data will be used.

How can consent be demonstrated unequivocally?
It is necessary to collect a range of information whenever a user fills in a form on its site/app. This information includes a unique user identification code, the content of the accepted privacy policy and a copy of the form submitted to the user.

Isn't the email I receive from the user after filling in the form sufficient proof of consent?
Unfortunately, this is not sufficient, as some of the information needed to reconstruct the suitability of the consent procedure, such as a copy of the form actually filled out by the user, is missing.

Do I have to comply with the LGPD even if my organisation is not based in Brazil?
You fall within the scope of the LGPD if you process data of persons located within Brazilian territory, regardless of their nationality (even if they were only in Brazil at the time of data collection, and have since moved).

CCPA

The California Consumer Privacy Act (CCPA) requires that California users be given information about how and why their information is being used, their rights with respect to it, and how they can exercise them, including the right to opt-out. If you fall within the scope of the CCPA, you will need to provide this information both in your privacy policy and in a data collection notice displayed on your first visit (where required).

To facilitate opt-out requests by Californian users, a 'Do Not Sell My Personal Information'(DNSMPI) link should be included either within the data collection notice displayed on the user's first visit, or elsewhere on the site that is easily accessible by the user (a best practice is to include the link in the footer of the site).

My organisation is not based in California, do I still have to comply with the CCPA?
The CCPA may apply to any organisation that processes or could potentially process personal information of California users, whether or not the organisation is located in California. Because IP addresses are considered personal information, any website that receives at least 50 thousand unique visits per year from California is likely to fall within the scope of the CCPA.

Terms and Conditions

In some cases it may be appropriate to protect one's online activity from liability by preparing a Terms and Conditions document. Terms and Conditions usually include clauses on the use of content (copyright), limitation of liability, conditions of sale, list mandatory conditions under consumer protection law and much more.

The Terms and Conditions should at least include this information:

  • the identification data of the activity;
  • a description of the service offered by the site/app;
  • information on risk allocation, liability and disclaimers;
  • guarantees (if applicable);
  • right of withdrawal (if applicable);
  • safety information;
  • rights of use (if applicable);
  • conditions of use or purchase (such as age requirements or country restrictions);
  • refund/replacement/suspension policies;
  • information on payment methods.

When is a Terms and Conditions document mandatory?
Terms and Conditions can be useful in any scenario, from e-commerce to marketplace, from SaaS to mobile app and blog. In the case of e-commerce, it is not only advisable, but often mandatory to have this document in place.

Can I copy and use a Terms and Conditions document from another site?
The Terms and Conditions document is essentially a legally binding agreement, and therefore it is not only important to have one, but also to make sure that it complies with legal requirements, that it correctly describes your business processes and business model, and that it remains up-to-date with relevant regulations. Copying Terms and Conditions from other sites is very risky as it may render the document null and void.

How we can help you with iubenda solutions

Thanks to our partnership with iubenda, we can help you set up everything you need to get your site/app up to standard. iubenda is in fact the simplest, most complete and professional solution to comply with regulations.

Privacy and Cookie Policy Generator

With iubenda's Privacy and Cookie Policy Generator we can prepare a customised privacy policy for you for your website or app. The iubenda policies are generated from a database of clauses drafted and continuously reviewed by an international team of lawyers.

Cookie Solution

iubenda's Cookie Solution is a comprehensive system for complying with the Cookie Law by displaying a cookie banner on each user's first visit, setting up a system for blocking profiling cookies in advance and collecting valid consent for the installation of cookies from the user. The Cookie Solution also enables compliance with the CCPA by displaying a data collection notice containing a 'Do not sell my personal information' link and facilitating opt-out requests.

Consent Solution

iubenda's Consent Solution allows for the collection and storage of unambiguous proof of consent under the GDPR and the Brazilian LGPD each time a user fills out a form - such as a contact form or newsletter subscription - on your website or app, and to document Californian users' opt-out requests in accordance with the CCPA.

Terms and Conditions Generator

With the iubenda Terms and Conditions Generator, we can prepare a customised Terms and Conditions document for your website or app. The iubenda Terms and Conditions are generated from a database of clauses drafted and continuously reviewed by an international team of lawyers.