Website privacy and cookie policies - a look at iubenda.com

Recently some client partners have asked for help with creating privacy policies. These policies need legal guidance. Not our area of expertise. In the past our response would be to recommend engaging a lawyer and offering our support them as needed.

This past year a colleague recommended iubenda.com. This service provides “Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations”. They offer a host of tools for all things privacy and cookies.

There is a growing need to help make privacy compliance and being transparent easier and more affordable. This is a good thing, in particular for nonprofits. While iubenda is not the only service out there, it came recommended by a trusted colleague. So, we decided to dive in and create a cookie and privacy policy for our website at mod-lab.com. In this article, we cover why privacy and cookie policies should be on your radar as well as our experience using iubenda for our site.

Why Your Nonprofit Should Have a Good Privacy and Cookie Policy

A privacy policy lets website visitors know what information you are gathering about them. It is a legal document. It is required for organizations to be compliant with a growing number of laws focused on privacy.

The European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are two notable privacy laws. They outline a host of requirements for compliance for certain organizations. Their goal is to ensure that people have awareness of and say about their data. Notable fines can result if organizations deemed required to comply do not.

Because compliance to these laws can be quite involved, services like iubenda and and others have emerged to help.

These laws have an impact for those organizations who have to be compliant. They have helped to raise awareness about the amount and use of website visitor data. It is now common for organizations to adopt many of the best practices these laws suggest, even if not bound to do so.

Assessing Compliance Requirements

We had done some research when GDPR first hit the scene to learn the impact on our small U.S.-based business. We had to do our own research, as well as consult our lawyer. We revised our Work Agreement to include some language inspired by GDPR, but that was the extent of it.

iubenda has a lot of information and questionnaires to help assess compliance requirements. We completed these to make sure we were addressing the requirements we need to. We pressed on driven to improve our current privacy policy and add a cookie policy.

Know the Ways Your Website Gathers Data

Creating a good privacy policy involves knowing the ways your website gathers data about your visitors. We know our website very well. Even still, we learned that some services we use have a privacy implication that we did not expect.

What are the categories of data collection services a website might have? A typical nonprofit website has the following.

• Analytics and Tracking

• Contact and Volunteer Forms

• Email Subscribe Forms

• Donation Forms

For our website we knew to consider analytics, contact forms, and email subscribe forms.

When we explored iubenda further, we found a lot of data collection cases that are not as obvious. One for us is our use of Adobe Typekit fonts. Another was our use of Google’s reCAPTCHA to manage spam on form submissions. Some we don’t have that you may have are Tweet or Like buttons. Do you have a comment system on your blog? These services all collect data and have a privacy and/or cookie implication.

When you build a privacy policy in iubenda you select from a robust library of services to choose from.

The process of selecting the services or creating a custom one is how you build the privacy policy. Each service includes appropriate legal and informative details for site visitors. When we finished with our service selection, our privacy policy was complete. Next was thinking about cookies.

The Privacy and Cookie Policy Connection

A cookie policy details the cookies set on a website, what data they track, and why. In many ways it is a more specific version of your privacy policy focused on cookie usage.

What is a cookie? A cookie is a small package of data, set and read by a website’s code, and stored on a person’s web browser for a period of time. They track activity and power certain website functionality. Cookies serve to help with functionality that happens over time. Such as across pages when browsing a website or across more than one visit to a website.

The cookie policy is tightly integrated with the privacy policy in iubenda. Selection of your services dictates what cookies are in use. This said, it is not uncommon for content management systems and various plugins to have cookies of their own. To make sure we didn't miss anything, we did a little research to review the cookies installed by on our site using a web browser.

We found one cookie set by our content management system, Craft CMS. It is a technical cookie used when logging in to the site to manage content.

Displaying Your Privacy and Cookie Policy

There are a a few ways iubenda offers to publish a privacy and cookie policy. For mod-lab.com we opted to use the simplest solution they offer. A snippet of code for a link that, when clicked, opens a hosted policy in a modal window. It displays a nice looking summary listing the tools and services and their privacy implications. A link towards the bottom allows visitors to review the full legal policy with details. Other options include an embedded widget of the full policy. This has a little more styling capability to match a website. We preferred the modal version as it is the only way to get their very nice and user friendly privacy summary.

Cookie Banners

The final step in our privacy and cookie policy implementation is to put in place a cookie banner. These are the slide in, pop-up, splash screens designed that get your attention and address cookie consent. Depending on the level of compliance you might need to adhere to, these banners can get quite complex. For our site, we wanted to make sure our site visitors know that their privacy means something to us. We show a banner to be transparent about the cookies our website setup employs.

Among many options, we opted for a simple banner revealed at the bottom of the browser window.

Keeping Up to Date

Once a policy is live, it is easy to make certain adjustments. For example, we recently removed reCAPTCHA and contact forms from our website. iubenda makes adjusting our policy to remove these services easy. Changes take place immediately on save.

Privacy laws continue to change and new legislation passes. Having a dedicated service with a robust team of lawyers to keep on changes is helpful. How they evolve their product to address changes will make it easier for us to keep up.

When building sites, we often leverage the work of others to offer greater value in the work we do. It is great to have services like iubenda rise to help achieve privacy compliance and to inform for your website visitors out of care. They make meeting good standards of web privacy easier and more affordable.

If you decide to sign up to iubenda you can get 10% off your first month/year using this referral link - https://bit.ly/3ilWP2Z