Websites and apps must always comply with certain obligations imposed by law. Failure to comply with the rules carries the risk of substantial penalties.

This is why we chose to rely on iubenda, a company made up of both legal and technical figures, specialised in this field. Together with iubenda, our Certified Partner, we have developed a proposal to offer all our customers a simple and secure solution to the need for legal compliance.

The main legal requirements for owners of websites and apps

Privacy and Cookie Policy

The law obliges any site/app that collects data to inform users through a privacy and cookie policy.

The privacy policy must contain some basic elements, including:

  • the types of personal data processed;
  • the legal bases of the processing;
  • the purposes and methods of processing;
  • the subjects to whom the personal data may be communicated;
  • any transfer of data outside the European Union;
  • the rights of the data subject;
  • the identification details of the holder.

The cookie policy describes in particular the different types of cookies installed through the site, any third parties to which these cookies refer – including a link to their respective documents and opt-out forms – and the purposes of their processing.

Can’t we use a generic document?
It is not possible to use generic documents, as the information notice must describe in detail the data processing carried out by your website/app, also listing all third-party technologies used (e.g. Facebook Like buttons or Google Maps).

What if my site does not process any data?
It is very difficult for your site not to process any data. A simple contact form or a traffic analysis system such as Google Analytics is enough to trigger the obligation to prepare and display a statement.

Cookie Law

In addition to setting up a cookie policy, in order for a website to comply with the cookie law it is also necessary to display a cookie banner on each user’s first visit and to obtain consent to the installation of cookies. Certain types of cookies, such as those issued by tools such as share buttons on social networking sites, should only be issued after valid consent has been obtained from the user.

What is a cookie?
Cookies are used to store certain information on the user’s browser while they are browsing the site. Cookies have become indispensable for a site to function properly. In addition, many of the third-party technologies that we integrate on our sites, such as a simple YouTube video widget, also use cookies.

Talk to an expert

Consent in accordance with GDPR and LGPD

Pursuant to the GDPR, if you have the opportunity to directly enter personal data on the website/app, e.g. by filling in a contact form, service registration or newsletter subscription, you must collect free, specific and informed consent, as well as record unambiguous proof of consent .

Similarly to the GDPR, under the Brazilian LGPD, the data controller must demonstrate, through the filing of evidence, that it has correctly collected the user’s consent.

What is meant by free, specific and informed consent?
Consent must be obtained for each specific processing purpose – for example, one consent to send newsletters and another consent to send promotional material on behalf of a third party. Consents may be requested by setting up one or more checkboxes that are not pre-selected, not mandatory and accompanied by informative texts that make it clear to the user how their data will be used.

How can consent be unequivocally demonstrated?
It is necessary to collect a range of information whenever a user fills in a form on your site/app. This information includes a unique identifier of the user, the content of the accepted privacy policy and a copy of the form submitted to the user.

Isn’t the email I receive from the user following completion of the form sufficient proof of consent?
Unfortunately, this is not sufficient, as there is a lack of information necessary to reconstruct the suitability of the consent collection procedure, such as a copy of the form actually completed by the user.

Terms and conditions of use

In some cases it may be appropriate to protect your online activity from liability by preparing a Terms and Conditions document. Terms and Conditions usually include clauses on the use of content (copyright), limitation of liability, conditions of sale, list mandatory conditions under consumer protection law and much more.

The Terms and Conditions should at least include this information:

  • the identification data of the activity;
  • a description of the service offered by the site/app;
  • information on risk allocation, liability and disclaimers;
  • guarantees (if applicable);
  • right of withdrawal (if applicable);
  • safety information;
  • rights of use (if applicable);
  • conditions of use or purchase (such as age requirements or country restrictions);
  • refund/replacement/suspension policies;
  • information on payment methods.

When is a Terms and Conditions document mandatory?
Terms and conditions can be useful in any scenario, from e-commerce to marketplace, from SaaS to mobile apps and blogs. In the case of e-commerce, it is not only advisable but often mandatory to prepare this type of document.

Can I copy and use a Terms and Conditions document from another site?
The Terms and Conditions document is essentially a legally binding agreement, and therefore it is not only important to have one, but it is also important to ensure that it complies with legal requirements, that it correctly describes your business processes and business model, and that it remains up-to-date with relevant legislation. Copying the Terms and Conditions from other sites is very risky as it may render the document null and void.

More information

How we can help you with iubenda solutions

Thanks to our partnership with iubenda, we can help you set up everything you need to bring your website/app up to standard. iubenda is the simplest, most comprehensive and professional solution for complying with regulations.

Privacy and Cookie Policy Generator

With the iubenda Privacy and Cookie Policy Generator, we can set up a personalised privacy policy for your website or app. The iubenda policies are generated from a database of clauses drafted and continuously reviewed by an international team of lawyers.

Cookie Solution

Iubenda’s Cookie Solution is a complete system for complying with the Cookie Law by displaying a cookie banner on each user’s first visit, setting up a system for blocking profiling cookies in advance, and collecting valid consent for the installation of cookies from the user. The Cookie Solution also enables compliance with the CCPA by showing Californian users a data collection notice containing a link reading ‘Do not sell my personal information’ and facilitating opt-out requests.

Consent Solution

Iubenda’s Consent Solution enables the collection and storage of unambiguous proof of consent under the GDPR and Brazilian LGPD whenever a user fills out a form – such as a contact form or newsletter sign-up form – on your website or app, and documents Californian users’ opt-out requests in accordance with the CCPA.

Terms and Conditions Generator

With iubenda’s Terms and Conditions Generator, we can prepare a customised Terms and Conditions document for your website or app. The iubenda Terms and Conditions are generated from a database of clauses drafted and continuously reviewed by an international team of lawyers.