Home / Ucraft How To's

How to Apply Compliant Data Privacy Laws to your Webpage

Customer Success Team

Last updated on Dec 25, 2023

Data Privacy Policies are some of the most important documents on any website. It details your company's views and procedures on the information collected from visitors. It’s important to be as transparent as possible with your users.

\ Apply Privacy and Cookie Policy/Terms and Conditions code to your webpage by following these simple step:

  1. Go to 'Dashboard'.

  2. Open the 'Pages App' and go to 'System Pages'.

  3. Drag and drop the Custom HTML element to your crafting area for the page you want to insert the code for**; 'Privacy Policy', 'Terms & Conditions' or 'Cookie Solution'.**

  4. Insert the code provided by iubenda.

Below you will find more information on why it is important to make your webpage legally compliant and how to do it easily through iubenda.

For better understanding, you need to start from identifying your laws of reference.

\ ​Identify your Laws of Reference

The laws of the country in which you base your operations, as well as those of the country your site targets typically apply.

For example, if you’re based in the EU, and also have site visitors from California, you’ll need to comply with EU laws like the GDPR and extend its protections to both your EU and your non-EU site visitors where necessary under the law. You may also need to comply with Californian laws like CalOPPA and the CCPA.

Any legal documents on your site (eg. privacy & cookie policies or terms and conditions) must be written in the same language as your site so your users can understand them. If your site is available in multiple languages, then you should make your documents available in those languages, too.

A couple of words on GDPR! When it comes to consent, the first question you should ask yourself is, “where are my site visitors based?”\ ​\ If you have EU-based page visitors:

  • The ePrivacy (Cookie Law) mandates that informed, freely given consent should be collected before cookies or similar trackers are run by your site. Cookies are small pieces of data that are sent from a website or app and are often stored on a visitor’s computer via their web browser. Cookies can either be produced by your website (first party) or they can be produced by third-party services you run on your site like widgets, analytics programs, social logins, scripts etc. (third-party). Before user consent is collected, cookie scripts must be blocked from running.

  • Under the GDPR, if you have data collection forms on your website (e.g. contact or newsletter forms), you must be sure to collect informed, verifiable, freely given consent before adding users to your mailing list, and you must keep valid records or proofs of each consent – failure to keep valid consent proofs can make your collected consents invalid in the eyes of the law.

For US-based page visitors:

  • The Federal CAN-SPAM Act is a regulation that sets the rules for commercial messages, including email. While opt-in consent is not required under the Act, you must provide a visible opt-out or unsubscribe option in all such communications. Furthermore, CAN-SPAM rules state that you must provide valid identification information and mark promotional emails as an ad.

  • If you could have California-based users on your site, the California Consumer Privacy Act (CCPA) might apply to you. Under CCPA rules, you must make various privacy policy disclosures in regards to your data processing activities, inform users if you share their data with third-parties and give them the option to opt-out via a do not sell my personal information (DNSMPI) link. Valid opt-in consent must be collected before processing the personal information of children. Also, the CCPA grants additional rights to California-based users.

Clarify your Privacy Policy

Your privacy policy should be comprehensive, accurate and up-to-date in order to be considered valid. It should also be easily accessible from all pages of your site – linking to it from your site footer is a good way to achieve this.

\ At their most basic, privacy policies should include:

  • Identity details of the site owner (whether a person or legal company).

  • What data you’re collecting and why.

  • The intended use of the data.

  • How the data is stored.

  • Who the data is shared with (third-parties, sub-contractors etc.).

  • The rights of the user (this can differ depending on your law of reference).

  • The legal basis for processing user data (mainly EU users).

You can produce a valid privacy policy by using a lawyer or, alternatively, by using software solutions like iubenda’s Privacy & Cookie Policy generator.

If you have any questions or concerns, contact us directly via the live chat box, located in the lower right corner. Our Support Team will provide you with top-notch quality support, 24/7.