Websites and apps must always comply with certain obligations imposed by law. Failure to comply with the rules carries the risk of substantial penalties.
This is why we chose to rely on iubenda, a company made up of both legal and technical figures, specialised in this field. Together with iubenda, our Certified Partner, we have developed a proposal to offer all our customers a simple and secure solution to the need for legal compliance.
The main legal requirements for owners of websites and apps
- the types of personal data processed;
- the legal bases of the processing;
- the purposes and methods of processing;
- the subjects to whom the personal data may be communicated;
- any transfer of data outside the European Union;
- the rights of the data subject;
- the identification details of the holder.
Can’t we use a generic document?
It is not possible to use generic documents, as the information notice must describe in detail the data processing carried out by your website/app, also listing all third-party technologies used (e.g. Facebook Like buttons or Google Maps).
What if my site does not process any data?
It is very difficult for your site not to process any data. A simple contact form or a traffic analysis system such as Google Analytics is enough to trigger the obligation to prepare and display a statement.
What is a cookie?
Consent in accordance with GDPR and LGPD
Pursuant to the GDPR, if you have the opportunity to directly enter personal data on the website/app, e.g. by filling in a contact form, service registration or newsletter subscription, you must collect free, specific and informed consent, as well as record unambiguous proof of consent .
Similarly to the GDPR, under the Brazilian LGPD, the data controller must demonstrate, through the filing of evidence, that it has correctly collected the user’s consent.
What is meant by free, specific and informed consent?
Consent must be obtained for each specific processing purpose – for example, one consent to send newsletters and another consent to send promotional material on behalf of a third party. Consents may be requested by setting up one or more checkboxes that are not pre-selected, not mandatory and accompanied by informative texts that make it clear to the user how their data will be used.
How can consent be unequivocally demonstrated?
Isn’t the email I receive from the user following completion of the form sufficient proof of consent?
Unfortunately, this is not sufficient, as there is a lack of information necessary to reconstruct the suitability of the consent collection procedure, such as a copy of the form actually completed by the user.
Terms and conditions of use
In some cases it may be appropriate to protect your online activity from liability by preparing a Terms and Conditions document. Terms and Conditions usually include clauses on the use of content (copyright), limitation of liability, conditions of sale, list mandatory conditions under consumer protection law and much more.
The Terms and Conditions should at least include this information:
- the identification data of the activity;
- a description of the service offered by the site/app;
- information on risk allocation, liability and disclaimers;
- guarantees (if applicable);
- right of withdrawal (if applicable);
- safety information;
- rights of use (if applicable);
- conditions of use or purchase (such as age requirements or country restrictions);
- refund/replacement/suspension policies;
- information on payment methods.
When is a Terms and Conditions document mandatory?
Terms and conditions can be useful in any scenario, from e-commerce to marketplace, from SaaS to mobile apps and blogs. In the case of e-commerce, it is not only advisable but often mandatory to prepare this type of document.
Can I copy and use a Terms and Conditions document from another site?
The Terms and Conditions document is essentially a legally binding agreement, and therefore it is not only important to have one, but it is also important to ensure that it complies with legal requirements, that it correctly describes your business processes and business model, and that it remains up-to-date with relevant legislation. Copying the Terms and Conditions from other sites is very risky as it may render the document null and void.
How we can help you with iubenda solutions
Thanks to our partnership with iubenda, we can help you set up everything you need to bring your website/app up to standard. iubenda is the simplest, most comprehensive and professional solution for complying with regulations.
Iubenda’s Cookie Solution is a complete system for complying with the Cookie Law by displaying a cookie banner on each user’s first visit, setting up a system for blocking profiling cookies in advance, and collecting valid consent for the installation of cookies from the user. The Cookie Solution also enables compliance with the CCPA by showing Californian users a data collection notice containing a link reading ‘Do not sell my personal information’ and facilitating opt-out requests.
Iubenda’s Consent Solution enables the collection and storage of unambiguous proof of consent under the GDPR and Brazilian LGPD whenever a user fills out a form – such as a contact form or newsletter sign-up form – on your website or app, and documents Californian users’ opt-out requests in accordance with the CCPA.
Terms and Conditions Generator
With iubenda’s Terms and Conditions Generator, we can prepare a customised Terms and Conditions document for your website or app. The iubenda Terms and Conditions are generated from a database of clauses drafted and continuously reviewed by an international team of lawyers.