Websites and mobile apps must always comply with strict legal obligations. Failure to adhere to these privacy regulations, in fact, carries the serious risk of heavy financial penalties.

This is why Studio Up has chosen to partner with Iubenda, a leading tech company composed of both legal and technical experts specialized in the digital compliance sector. Together with Iubenda, of which we are proudly Certified Partners (Silver Partner), we have developed a structured proposal to offer all our clients a simple, secure, and turnkey solution for their website legal compliance needs.

Main Legal Requirements for Website and App Owners

Privacy and Cookie Policy

The law requires every website or app that collects user data to transparently inform users through a comprehensive Privacy and Cookie Policy.

A GDPR-compliant privacy policy must contain specific fundamental elements, including:

  • The exact types of personal data processed;
  • The legal basis for the data processing;
  • The specific purposes and methods of processing;
  • The third parties to whom personal data may be communicated;
  • Any potential transfer of data to servers outside the European Union;
  • The rights of the data subject (user);
  • The full identification details of the Data Controller.

The Cookie Policy specifically describes the different types of tracking cookies installed through the website, the third parties to which these cookies refer—including direct links to their respective legal documents and opt-out forms—and the technical or marketing purposes of the processing.

Can't we just use a generic document?
It is not legally possible to use generic, pre-written documents. Your policy must accurately detail the specific data processing carried out by your custom website or app, listing all third-party technologies utilized (e.g., Facebook Like buttons, analytics scripts, or Google Maps widgets).

What if my website doesn't process any data?
It is highly unlikely that your website doesn't process any technical data. A simple contact form or a basic web traffic analysis system like Google Analytics is enough to trigger the legal obligation to prepare and display a valid privacy notice.

Cookie Law and Prior Blocking

In addition to preparing a written cookie policy, to ensure a website complies with the Cookie Law, it is mandatory to display a custom cookie banner upon each user's first visit and explicitly acquire their active consent before installing tracking cookies. Certain types of cookies, such as those released by marketing tools or social sharing buttons, must only be fired (via prior blocking) after obtaining valid consent from the user.

What exactly is a cookie?
Cookies are small text files used to store specific information on the user's browser during their site navigation. They are now essential for the proper technical functioning of a modern website. Furthermore, many third-party technologies we regularly integrate into our websites, such as a simple embedded YouTube video widget, rely on their own tracking cookies.

User Consent Management

If the user has the ability to directly input personal data into the website or app—for example, by filling out a contact form, registering for a service, or subscribing to a newsletter—it is necessary to collect free, specific, and informed consent, as well as securely record an unequivocal proof of that consent.

What is meant by free, specific, and informed consent?
You must collect separate consent for each specific processing purpose: for example, one consent checkbox for sending the newsletter, and a different consent checkbox for sending third-party promotional material. Consents must be requested using non-pre-selected, non-mandatory checkboxes, accompanied by clear informative text explaining exactly how their data will be used.

How can we unequivocally prove consent?
It is mandatory to collect a series of digital logs whenever a user submits a form on your site or app. This information includes a unique user identification code, the exact textual content of the privacy policy accepted at that moment, and a technical copy of the form presented to the user.

Isn't the email I receive from the user after they fill out the form sufficient proof?
Unfortunately, an email is not legally sufficient, as it lacks the necessary technical information to reconstruct the validity of the consent collection procedure, such as a copy of the specific form the user actually filled out.

How We Can Help with Iubenda Solutions

Thanks to our technical partnership with Iubenda, we can help you configure and seamlessly integrate everything needed to ensure your website or app is fully legally compliant. Iubenda is, in fact, the simplest, most comprehensive, and highly professional solution for digital regulatory compliance.

Privacy and Cookie Policy Generator

Using Iubenda's Generator, we can prepare and maintain a fully customized legal notice for your website or app. Iubenda's policies are dynamically generated by drawing from a cloud database of clauses drafted and continuously reviewed by an international team of specialized tech lawyers.

Iubenda Cookie Solution

The Cookie Solution is a comprehensive system designed to manage the correct display of a cookie banner on the first visit, execute the prior blocking of profiling cookies, and securely collect the user's consent preferences for cookie installation.

Iubenda Consent Solution

The Consent Solution enables the certified collection and secure storage of unequivocal proof of consent every single time a user fills out an electronic form—such as a contact or newsletter subscription form—on your digital platforms.