power2Cloud becomes iubenda Gold Partner

Power2Cloud has become an Iubenda Gold Partner. We chose this partnership to make apps and websites compliant with regulations just a few years ago and we are extremely pleased. We say this both as users-our site uses iubenda-and as a technical team in the daily support provided to our clients.

We are not surprised to learn that iubenda is implemented every day on the websites, apps and eCommerce of so many organizations in Italy and around the world in very different sectors ranging from information to the arts, from health and wellness, to online sales of services and products.

As a certified Iubenda partner, our team can help you comply with current regulations, which as you know are constantly changing.

We understand that these are technical topics, so we want to improve awareness of these issues and streamline and simplify online compliance management with your DPO and in-house team, if you have one.

In addition to the nimble management of all aspects required by the Privacy Guarantor, we appreciate the constant and automatic updates offered by this platform. iubenda, for example, periodically scans online content to flag any anomalies present in data collection, which therefore have not been integrated into policies.

Find out now how we can help your organization meet its legal obligations to be compliant with data processing regulations.

iubenda what is it?

iubenda is a useful compliance platform for websites and apps. Legal parameters must be monitored and updated over time, performing these tasks manually or with multiple plug-ins is cumbersome and errors are around the corner.

Thanks to iubenda power2Cloud generate from a single platform Privacy and Cookie Policy, Banner Cookie and Terms and Conditions and whatever is necessary to bring your organization in line with regulations and mention the technologies you use to profile your users and undertake email marketing and promotion initiatives. These services are also provided in multiple languages, taking into account the users you target.

The services of an iubenda Gold Partner

Power2Cloud has become a Gold Partner of iubenda. We have gained the experience needed to adapt the regulations for your site or eCommerce in the easiest, most complete and professional way. 

Our team also works closely with DPOs and IT managers, if they are part of your team, to best optimize the iubenda installation and make your website, App or eCommerce compliant in a short time.

As an iubenda partner we can offer you:

• Privacy Policy and Cookie Policy in all languages on your site
• continually updating the Policy as regulations evolve
• consulting on technical adjustments needed for compliance
• Banner Cookies according to regulations required as of Jan. 10
• Terms and Conditions, if you are, for example, also involved in online sales

Are you following the new GDPR updates?

The General Data Protection Regulation 2016/679 (General Data Protection Regulation or GDPR) identifies itself as the main European legislation on personal data protection. The GDPR defines "personal data" as any information that can be traced back to an identified or identifiable natural person.

Since the regulations are constantly being updated we want to recap what are the must-have aspects to make your organization compliant, so here is a brief recap:

Cookie banner

• The "Accept" and "Reject" buttons (or an "X" command with a reject function) are mandatory
• users must be able to make granular choices about the functionality, third parties, and categories of cookies
• users must be able to update their preferences at any time 

Collection of Consent

• Consent via simple scrolling is no longer valid
• Cookie walls are not allowed

Statistical cookies (such as Google Analytics) 

• First-party statistical cookies can be installed without user consent (and without prior blocking)
• Third-party statistical cookies can be installed without user consent only under certain conditions

Validity of preferences

After seeking consent the first time, at least 6 months must pass before consent can be sought again.

Proof of consent

You need a Cookie preference log to be able to prove that you have obtained valid consent according to GDPR standards

Legal Basis

Legitimate interest is no longer a valid legal basis for the installation of cookies.

The rights of users

It is important to adapt sites and eCommerce to regulations to avoid unpleasant penalties and protect users' rights.

All organizations must provide information about their data-processing activities as early as when they collect data, when users fill out a form, typically through a privacy policy.

The information must be concise, transparent, understandable, easily accessible, written in clear and simple language, and free.

As we said if the data is collected from the user to whom it relates, it is necessary to provide the privacy notice when it is collected, but if it is obtained from a source other than the individual user to whom it relates, the user must be provided with the privacy notice within a "reasonable period" of acquiring the data. This period cannot exceed one month in general.

Let's see together what users' rights are:

1. right of access. Users have the right to access their personal data and information about how it is processed. If the user requests it, the data controller must provide an overview of the categories of data being processed, a copy of the actual data, and details about the processing. Details should include the purpose, how it was acquired, and with whom it was shared.
2. right to rectification. Users have the right to rectification of their personal data if inaccurate or incomplete. This right also implies that rectification must be communicated to all third-party recipients involved in the processing of the data in question, unless this is impossible or difficult. If requested by the user, the organization must also inform the user of the third-party recipients.
3. right to object. According to the GDPR, users may object to the processing of their data when the processing is based on the legitimate interest of the data controller, or the performance of a task of public interest/exercise of public authority, or for scientific/historical research and statistical purposes. The user is required to give reasons for his or her objection, unless the processing is carried out for direct marketing purposes, in which case no reasons are required to exercise this right.
4. right to data portability. Users have the right to obtain their personal data in order to transfer them from one controller to another, without being prevented from doing so by the controller. Both "provided" and "observed" data are included in this rule. This right applies only to personal data and not to anonymous data (data that cannot be traced back to the person).
5. right to erasure. When data are no longer relevant to the original purpose, if users have revoked consent, or personal data have been unlawfully processed, users have the right to request their deletion and prohibit their dissemination. Requests must be complied with no later than one month after receipt of the request.
6. right to restrict processing. Users have the right to restrict the processing of their personal data in cases where:

• they disputed its accuracy;
• the user has objected to the processing and the organization is considering whether there is a legitimate reason that overrides that right;
• the processing is unlawful but the user is requesting restriction rather than deletion;
• the data is no longer needed but the user needs it to establish, exercise, or defend a legal claim;

The restriction must be communicated to all third-party recipients involved in data processing, unless this is impossible or difficult. If requested by the user, the organization must also inform the user of third-party recipients.

Rights related to automated decision making and profiling. Users have the right not to be subject to a decision when it is based on automated processing or profiling and produces a legal or similarly significant effect on the user.

It is possible to make automated decisions on the basis of special category data only with the explicit consent of the user or for reasons of significant public interest.

There are so many aspects to comply with. Contact our team and find out how we can help you bring your site or app into compliance easily and immediately.