How to comply with GDPR
Find out how we can help you adapt your site or app to the regulations
Websites and apps must always comply with certain requirements imposed by law. Failure to comply with the legal requirements, can result in serious penalties including substantial fines, audits and potential litigation.
For this reason we have chosen to rely on iubenda, a company built on both legal and technical expertise, that specializes in this sector. Together with iubenda, of which we are Certified Partners, we have developed a proposal to offer all our customers a simple and safe solution to their compliance needs.
Overview of the main legal requirements for websites and apps owners
The law obliges each site/app that collects personal data to disclose relevant details to users via dedicated privacy and cookie notices.
Privacy policies must contain certain fundamental elements specific to your particular processing activities, including:
- the contact and identifying details of the data controller;
- which personal data is being processed;
- the purposes and methods of processing;
- the categories of sources from which consumers’ data is being collected;
- the legal bases of processing (e.g., consent);
- the third-parties that may also access the data — this includes any third-party tools (e.g., Google Analytics);
- details relating to the transfer of data outside the European Union (where it applies);
- the rights of the user;
Can’t we use a generic document?
It’s not possible to use generic documents as your policy must ‘describe in detail the specific data processing carried out by your site/app’, and must also include the particular details of any third-party technologies (e.g., facebook Like buttons or Google Maps) specifically used by you.
What if my site does not process any data?
EU Cookie Law
Furthermore, many third-party vendor networks may limit ad reach if you do not have a cookie management system that meets industry standards in place — potentially reducing your ability to generate ad revenue.
What is a cookie?
The process which allows the user to opt-out should be facilitated via a “Do Not Sell My Personal Information” (DNSMPI) link which should be accessible from your notice of collection and elsewhere on your site (best practice would be to also include the link in the footer).
My business is not based in California, do I need to comply with CCPA?
The CCPA applies to most businesses that collect or could potentially collect Californian customers personal information, whether or not the business itself is geographically located in California. Since IP addresses are considered personal information, this likely applies to any website with at least 50,000 unique visits per year from California.
How we can help you using iubenda’s solutions
Thanks to our partnership with iubenda, we can help you configure everything you need to make your site/app compliant. *iubenda is in fact the simplest, most complete and professional solution to comply with regulations*.
The iubenda Cookie Solution is a comprehensive solution to meet EU Cookie Law, CCPA and any other third-party requirements by facilitating the display of a GDPR-compliant cookie banner or a CCPA notice of collection at each user’s first visit, the preventive blocking of the profiling cookies and the collection of users’ consent to the installation of cookies. It also supports opt-out from sale for Californian users via a “Do Not Sell My Personal Information” link.
iubenda’s Consent Solution allows the collection and storage of an unambiguous proof of consent whenever a user fills out a form – such as a contact form or newsletter subscription – on your website or app.
Terms and Conditions Generator
With iubenda’s Terms and Conditions Generator we can prepare a fully customized, self-updating T&C document for your site/app. iubenda’s Terms and Conditions are generated starting from a database of clauses drafted and continuously reviewed by an international team of lawyers.