KuboWeb is iubenda's gold partner

Find out how we can help you adapt your site or app to regulatory compliance

Websites and apps must always comply with certain obligations imposed by law. Failure to comply with the rules, in fact, entails the risk of substantial penalties.

This is why we have chosen to rely on iubenda , a company made up of both legal and technical figures, specialized in this sector. Together with iubenda, of which we are Certified Partners, we have developed a proposal to offer all our customers a simple and safe solution to the need for legal compliance.

The main legal requirements for website and app owners

Privacy and Cookie Policy

The law obliges every site / app that collects data to inform users through a privacy and cookie policy .

The privacy policy must contain some fundamental elements, including:

  • the types of personal data processed;
  • the legal bases of the processing;
  • the purposes and methods of the processing;
  • the subjects to whom the personal data may be disclosed;
  • any transfer of data outside the European Union;
  • the rights of the interested party;
  • the identification details of the owner.

The cookie policy describes in particular the different types of cookies installed through the site, any third parties to which these cookies refer – including a link to the respective documents and opt-out forms – and the purposes of the processing.

Can’t we use a generic document?
It is not possible to use generic documents as the information must describe in detail the data processing carried out by your site / app, also listing all the third-party technologies used (eg Facebook Like buttons or Google Maps maps).

What if my site does not process any data?
It is very difficult for your site to not process any data. In fact, a simple contact form or a traffic analysis system such as Google Analytics is enough to trigger the obligation to prepare and display an information notice.

Cookie Law

In addition to setting up a cookie policy, to adapt a website to cookie law it is also necessary to show a cookie banner at the first visit of each user and to obtain consent for the installation of cookies . Some types of cookies, such as those issued by tools such as social sharing buttons, should in fact be released only after obtaining valid consent from the user.

What is a cookie?
Cookies are used to store some information on the user’s browser while browsing the site. Cookies are now essential to allow the proper functioning of a site. In addition, many third-party technologies that we usually integrate into our sites, as well as a simple YouTube video widget, also use cookies.

Consent pursuant to the GDPR and the LGPD

Pursuant to the GDPR, if the user has the possibility to directly enter personal data on the site / app, for example by filling out a contact form, registering for the service or subscribing to the newsletter, it is necessary to collect a free, specific and informed consent , as well as record unequivocal proof of consent .

Similarly to the GDPR, also for the Brazilian LGPD the data controller must demonstrate, by archiving a proof, that he has correctly collected the user’s consent.

What is meant by free, specific and informed consent?
It is necessary to collect a consent for each specific processing purpose – for example, a consent to send newsletters and another consent for send promotional material on behalf of third parties. Consents can be requested by setting up one or more non-pre-selected, non-mandatory checkboxes accompanied by information texts that make it clear to the user how his data will be used.

How is it possible to demonstrate consent unequivocally?
It is necessary to collect a series of information every time a user fills out a form on their site / app. This information includes a unique user identification code, the content of the accepted privacy policy and a copy of the form presented to the user.

Is the email I receive from the user after completing the form not sufficient proof of consent?
Unfortunately it is not sufficient, as some information necessary to reconstruct the suitability of the consent collection procedure, such as a copy of the form actually completed by the user.

Do I have to comply with the LGPD even if my organization is not based in Brazil?
Do you fall within the scope of the LGPD if you process data from people who are located within the territory Brazilian, regardless of nationality (even though they were only in Brazil at the time of the data collection, and have since moved).


The CCPA (California Consumer Privacy Act) requires that Californian users be given information on how and why their data is used, their rights in this regard and how they can exercise them, including the right to exercise the opt-out . If you fall within the scope of the CCPA, you will need to provide this information both in your privacy policy and in a data collection notice shown on the user’s first visit (where necessary).

To facilitate opt-out requests from Californian users, a “Do Not Sell My Personal Information” (DNSMPI) link must be inserted both in the data collection notice shown on the user’s first visit , which in another part of the site easily accessible by the user (a best practice is to include the link in the footer of the site).

My organization is not based in California, do I still have to comply with the CCPA?
The CCPA may apply to any organization that handles or could potentially handle personal information of California users, regardless whether the organization is located in California or not. Since IP addresses are considered personal information, any website that receives at least 50,000 unique visits per year from California is likely to fall within the scope of the CCPA.

Terms and Conditions

In some cases it may be appropriate to protect your online business from any liability by preparing a Terms and Conditions document. The Terms and Conditions usually include clauses relating to the use of content (copyright), limitation of liability, conditions of sale, allow you to list the mandatory conditions provided for by the regulations on consumer protection and much more.

The Terms and Conditions should at least include this information:

  • the identification data of the activity;
  • a description of the service offered by the site / app;
  • information on risk allocation, liability and disclaimers;
  • guarantees (if applicable);
  • right of withdrawal (if applicable);
  • safety information;
  • rights of use (if applicable);
  • conditions of use or purchase (such as age requirements or country restrictions);
  • refund / replacement / service suspension policies;
  • information on payment methods.

When is it mandatory to prepare a Terms and Conditions document?
The Terms and Conditions can be useful in any scenario, from e-commerce to the marketplace, from SaaS to the mobile app and the blog. In the case of e-commerce, not only is it advisable, but it is often mandatory to prepare this document.

Can I copy and use a Terms and Conditions document from another site?
The Terms and Conditions document is essentially a legally binding agreement, and therefore not only is it important to have one , but it is also necessary to ensure that it complies with the legal requirements, that it correctly describes your business processes and your business model, and that it remains up-to-date with respect to the relevant regulations. Copying the Terms and Conditions from other sites is very risky as it could make the document null or void.

How can we help you with iubenda’s solutions

Thanks to our partnership with iubenda, we can help you configure everything you need to make your site / app compliant. iubenda is in fact the simplest, most complete and professional solution to comply with regulations .

Privacy and Cookie Policy Generator

With the iubenda Privacy Generator and Cookie Policy we can prepare a personalized information notice for your website or app for you. Iubenda’s policies are generated by drawing on a database of clauses drawn up and continuously reviewed by an international team of lawyers.

Cookie Solution

The iubenda Cookie Solution is a complete system to comply with the Cookie Law through the display of a cookie banner at the first visit of each user, the preparation of a system for preventing profiling cookies and the collection of valid consent the installation of cookies by the user. The Cookie Solution also allows you to comply with the CCPA, showing Californian users a data collection notice containing a link “Do not sell my personal information” and facilitating opt-out requests.

Consent Solution

The iubenda Consent Solution allows the collection and storage of unequivocal proof of consent under the GDPR and the Brazilian LGPD whenever a user fills out a form – such as a contact or newsletter subscription form – present on your website or app, and to document Californian users’ opt-out requests in accordance with the CCPA.

Terms and Conditions Generator

With the iubenda Terms and Conditions Generator we can prepare a customized Terms and Conditions document for your website or app for you. Iubenda’s Terms and Conditions are generated by drawing on a database of clauses drawn up and continuously reviewed by an international team of lawyers.

Contact us to receive a personalized proposal →

Inizia a Chattare
Hai bisogno di aiuto?
Ciao! 👋
hai bisogno di un nuovo sito internet o di un nostro servizio e non vuoi perdere tempo? ⏲

⚡Scrivici e ti aiuteremo subito! 🚀