Find out how we can help you bring your site or app into compliance with regulations

Websites and apps must always comply with certain obligations imposed by law. In fact, failure to comply carries the risk of substantial penalties.

This is why we have chosen to rely on iubenda, a company composed of both legal and technical figures who specialize in this area. Together with iubenda, of which we are Certified Partners, we have developed a proposal to offer all our clients a simple and safe solution to the need for legal compliance.

The main legal requirements for website and app owners

Privacy and Cookie Policy

The law requires every site/app that collects data to inform users through a privacy and cookie policy.

The privacy policy must contain some basic elements, including:

  • The types of personal data processed;
  • The legal bases of processing;
  • The purposes and methods of processing;
  • The subjects to whom personal data may be disclosed;
  • The possible transfer of data outside the European Union;
  • the rights of the data subject;
  • The identifying details of the holder.

The cookie policy specifically describes the different types of cookies installed through the site, any third parties to which these cookies refer-including a link to their respective documents and opt-out forms-and the purposes of processing.

Can't we use a generic document?

You cannot use generic documents because the disclosure must describe in detail the data processing carried out by your site/app, including listing all third-party technologies used (e.g. Facebook Like buttons or Google Maps).

What if my site does not process any data?

It isvery difficult for your site not to process any data. In fact, it only takes a simple contact form or a traffic analysis system such as Google Analytics to trigger the obligation to prepare and display a disclosure.

Cookie Law

In addition to preparing a cookie policy, adapting a website to the cookie law also requires displaying a cookie banner on each user's first visit and acquiring consent to the installation of cookies. In fact, some types of cookies, such as those issued by tools such as share buttons on social media, should only be issued after valid consent has been obtained from the user.

What is a cookie?

Cookies areused to store certain information on the user's browser as they browse the site. Cookies are now essential to allow a site to function properly. In addition, many third-party technologies that we are used to integrate into our sites, such as even a simple YouTube video widget, also make use of cookies.

Consent in accordance with the GDPR and LGPD

Under the GDPR, if you have the option of directly entering personal data on the site/app, such as by filling out a contact form, service registration or newsletter subscription, you must collect free, specific and informed consent and record unambiguous evidence of consent.

Similar to the GDPR, under the Brazilian LGPD, the data controller must demonstrate, through the filing of proof, that it has properly collected the user's consent.

What is meant by free, specific and informed consent?

Consent must becollected for each specific processing purpose-for example, one consent to send newsletters and another consent to send promotional material on behalf of a third party. Consents can be requested by preparing one or more checkboxes that are not pre-selected, not mandatory, and accompanied by informational text that makes it clear to the user how their data will be used.

How can consent be demonstrated unequivocally?

It isnecessary to collect a variety of information whenever a user completes a form on your site/app. This information includes a unique user identification code, the contents of the accepted privacy policy, and a copy of the form presented to the user.

Isn't the email I receive from the user as a result of filling out the form sufficient proof of consent?

Unfortunately, this is not sufficient, as it lacks some information necessary to reconstruct the suitability of the consent collection procedure, such as a copy of the form actually filled out by the user.

Do I have to comply with LGPD even if my organization is not based in Brazil?

You fallwithin the scope of the LGPD if you process data from people within Brazilian territory, regardless of nationality (even if they were only in Brazil at the time of data collection, and have since moved).


The California Consumer Privacy Act (CCPA) requires that California users be given information about how and why their data is being used, their rights regarding it, and how they can exercise them, including the right to opt-out. If you fall under the scope of the CCPA, you will need to provide this information both in your privacy policy and in a data collection notice displayed on the user's first visit (where required).

To facilitate opt-out requests from California users, a "Do Not Sell My Personal Information"(DNSMPI) link should be included either within the data collection notice shown on the user's first visit or elsewhere on the site that is easily accessible by the user (a best practice is to include the link in the footer of the site).

My organization is not based in California, do I still have to comply with the CCPA?

The CCPA may apply to any organization that processes or could potentially process personal information of California users, whether or not the organization is located in California. Because IP addresses are considered personal information, any website that receives at least 50 thousand unique visits per year from California is likely to fall within the scope of the CCPA.

Terms and Conditions

In some cases it may be appropriate to protect your online business from liability by preparing a Terms and Conditions document. Terms and Conditions usually include clauses related to the use of content (copyright), limitation of liability, conditions of sale, allow you to list mandatory conditions under consumer protection regulations, and more.Terms and Conditions should include at least this information:

  • The identifying data of the activity;
  • A description of the service offered by the site/app;
  • The information on risk allocation, liability, and disclaimers;
  • guarantees (if applicable);
  • right of withdrawal (if applicable);
  • safety information;
  • rights of use (if applicable);
  • conditions of use or purchase (such as age requirements or country-related restrictions);
  • Refund/replacement/suspension of service policies;
  • information on payment methods.

When is it mandatory to prepare a Terms and Conditions document?

Terms and Conditions can be useful in any scenario, from e-commerce to marketplace, SaaS to mobile app and blog. In the case of e-commerce, it is not only advisable but often mandatory to prepare this document.

Can I copy and use a Terms and Conditions document from another site?

The Terms and Conditions document is essentially a legally binding agreement, and therefore it is not only important to have one, but also to make sure that it complies with legal requirements, that it correctly describes your business processes and business model, and that it remains up-to-date with respect to relevant regulations. Copying the Terms and Conditions from other sites is very risky as it could render the document null and void or invalid.

How we can help you with iubenda solutions

Thanks to our partnership with iubenda, we can help you set up everything you need to bring your site/app into compliance. iubenda is in fact the simplest, most comprehensive and professional solution for complying with regulations.

Privacy and Cookie Policy Generator

With iubenda's Privacy and Cookie Policy Generator, we can prepare a customized policy for you for your website or app. iubenda policies are generated by drawing from a database of clauses drafted and continually reviewed by an international team of lawyers.

Cookie Solution

iubenda's Cookie Solution is a comprehensive system for complying with the Cookie Law by displaying a cookie banner on each user's first visit, setting up a system for preemptively blocking profiling cookies, and collecting valid consent to the user's installation of cookies. The Cookie Solution also enables compliance with the CCPA by showing California users a data collection notice containing a "Do not sell my personal information" link and facilitating opt-out requests.

Consent Solution

iubenda's Consent Solution enables the collection and storage of unambiguous proof of consent under the GDPR and the Brazilian LGPD whenever a user fills out a form-such as a contact form or newsletter sign-up-that is on your website or app, and to document California users' opt-out requests in accordance with the CCPA.

Terms and Conditions Generator

With iubenda's Terms and Conditions Generator, we can prepare for you a customized Terms and Conditions document for your website or app. The iubenda Terms and Conditions are generated by drawing from a database of clauses drafted and continuously reviewed by an international team of lawyers.

Contact us to receive a customized proposal →