Is your company in good standing?
We’ll help you!
GDPR compliance : need to configure your marketing efforts according to the current European regulations on privacy and data management? Get help from Fuel LAB.
Why is it necessary to comply with the GDPR?
Websites and apps must always comply with certain obligations imposed by law. Lack of GDPR compliance , in fact, entails the risk of huge penalties.
For this reason we have chosen to rely on iubenda, acompany composed of both legal and technical figures, specialized in this sector. Together with iubenda, of which we are Certified Partners, we have developed a proposal to offer all our customers a simple and safe solution to the need for legal adjustment.
It’s really very easy, with Iubenda. If you want, by clicking on the button below you can access the 10% discount reserved for Fuel LAB referrals, and you can do everything yourself.
The main legal requirements for website and app owners
Privacy and Cookie Policy
The law obliges every site / app that collects data to inform users through a privacy and cookie policy.
The privacy policy must contain some fundamental elements, including:
- the types of personal data processed;
- the legal bases of the processing;
- the purposes and methods of processing;
- the subjects to whom the personal data may be communicated;
- any transfer of data outside the European Union;
- the rights of the interested party;
- the identification details of the owner.
The cookie policy describes in particular the different types of cookies installed through the site, any third parties to which these cookies refer – including a link to the respective documents and opt-out forms – and the purposes of the processing.
Can’t we use a generic document?
It is not possible to use generic documents as the information must describe in detail the data processing carried out by your site / app, also listing all the third-party technologies used (e.g. Facebook Like buttons or Google Maps maps).
What if my site doesn’t process any data?
It is very difficult for your site not to process any data. In fact, a simple contact form or a traffic analysis system such as Google Analytics are enough to trigger the obligation to prepare and show an information.
In addition to preparing a cookie policy, to adapt a website to the cookie law it is also necessary to show a cookie banner on the first visit of each user and acquire consent to the installation of cookies. Some types of cookies, such as those issued by tools such as sharing buttons on social media, must in fact be released only after obtaining a valid consent from the user.
What is a cookie?
Cookies are used to store some information on the user’s browser during his navigation on the site. Cookies are now essential to allow the proper functioning of a site. In addition, many third-party technologies that we usually integrate into our sites, as well as a simple YouTube video widget, also use cookies.
Cookie Law, Consent under GDPR, CPPA, Terms and Conditions
Cookie Law
Consent under the GDPR
Pursuant to the GDPR, if the user has the possibility to directly enter personal data on the site / app, for example by filling out a contact form, registration to the service or subscription to the newsletter, it is necessary to collect a free, specific and informed consent,as well as record an unequivocal proof of consent.
What is meant by free, specific and informed consent?
You must collect consent for each specific processing purpose – for example, a consent to send newsletters and another consent to send promotional material on behalf of third parties. Consents can be requested by preparing one or more checkboxes not pre-selected, not mandatory and accompanied by informative texts that make it clear to the user how his data will be used.
How can consent be demonstrated unequivocally?
It is necessary to collect a series of information whenever a user fills out a form on their site / app. This information includes a unique identification code of the user, the content of the accepted privacy policy and a copy of the form submitted to the user.
Is the email I receive from the user after filling out the form not sufficient proof of consent?
Unfortunately it is not enough, as it lacks some information necessary to reconstruct the suitability of the consent collection procedure, such as the copy of the form actually completed by the user.
The California Consumer Privacy Act (CCPA) requires that California users be given information about how and why their data is used, their rights in this regard, and how they can exercise it, including the right to opt-out. If you fall within the scope of the CCPA, you will need to provide this information both in your privacy policy and in a data collection notice shown on the user’s first visit (where necessary).
To facilitate opt-out requests from California users, a %22Do Not Sell My Personal Information%22 (DNSMPI) link must be placed both within the data collection notice shown on the user’s first visit, and in another place on the site that is easily accessible by the user (a best practice is to include the link in the footer of the site).
My organization isn’t based in California, do I still have to comply with the CCPA?
The CCPA may apply to any organization that processes or could potentially process personal information of California users, whether or not the organization is located in California. Because IP addresses are considered personal information, any website that receives at least 50,000 unique visits per year from California is likely to fall within the scope of the CCPA.
CCPA
Terms & Conditions
In some cases it may be appropriate to protect your online activity from possible liability by preparing a Terms and Conditions document. The Terms and Conditions usually include clauses relating to the use of content (copyright), limitation of liability, conditions of sale, allow you to list the mandatory conditions provided for by the consumer protection regulations and much more.
The Terms and Conditions should include at least this information:
- the identification data of the activity;
- a description of the service offered by the site/app;
- information on risk allocation, liability and discharges;
- warranties (if applicable);
- right of withdrawal (if applicable);
- safety information;
- rights of use (if applicable);
- conditions of use or purchase (such as age requirements or country-related restrictions);
- refund/replacement/suspension of service policies;
- information about payment methods.
When is it mandatory to prepare a Terms and Conditions document?
The Terms and Conditions can be useful in any scenario, from e-commerce to the marketplace, from SaaS to the mobile app and blog. In the case of e-commerce, not only is it advisable, but it is often mandatory to prepare this document.
Can I copy and use a Terms and Conditions document from another site?
The Terms and Conditions document is essentially a legally binding agreement, and therefore it is not only important to have one, but it is also necessary to ensure that it complies with legal requirements, that it correctly describes your business processes and your business model, and that it remains up to date with the relevant regulations. Copying the Terms and Conditions from other sites is very risky as it may render the document null or void.
How we can help you
(or as you can do on your own, with
Iubenda
).
Thanks to our partnership with iubenda, we can help you configure everything you need to bring your site/app up to standard. iubenda is in fact the simplest, most complete and professional solution to comply with regulations.
Why entrust your Compliance with privacy obligations to us?
With Fuel Lab, you have a helpful and reliable partner who will take care of nurturing your business strategy and your Data Science. We follow our customers step by step, and aim to create solid relationships.
Privacy and Cookie Policy Generator
With the iubenda Privacy and Cookie Policy Generator we can prepare for you a personalized information for your website or app. iubenda’s policies are generated by drawing on a database of clauses drafted and continuously reviewed by an international team of lawyers.
Cookie Solution
The Cookie Solution is a complete system to comply with the Cookie Law through the display of a cookie banner on the first visit of each user, the preparation of a preventive blocking system for profiling cookies and the collection of a valid consent to the installation of cookies by the user.
Consent Solution
The Consent Solution allows the collection and storage of unequivocal evidence of consent under the GDPR whenever a user fills out a form on your website or app, and to document California users’ opt-out requests in accordance with the CCPA.
Terms and Conditions Generator
With the iubenda Terms and Conditions Generator we can prepare for you a customized Terms and Conditions document for your website or app. iubenda’s Terms and Conditions are generated from a database of clauses drafted and continuously reviewed by an international team of lawyers.
Free Consultation
Write to us to receive detailed information on your case, and if you need help, remember that we are also available to bring your Apps, subdomains and any web properties up to standard.