IUBENDA Lifetime Deal - Get GDPR, CCPA, LGPD compliant now!

2»

Comments

  • bikegremlinbikegremlin ModeratorOGContent Writer

    @frog said:

    @mfs said:

    @frog said: Reporting a company to the authorities is free,

    Here you're forced to use PEC if you don't want to do that personally or via registered mail with return receipt, I'd say it would be generally perceived to be quite a hassle. No "anonymous tips"; in general I believe most PMSers would just yell at the phone about the morality of someone's ancestors rather than snitching about something that may or may not happen on some 5+ yo database, this attitude may have helped reducing the chances for a proceeding to actually start

    It is easy to file a complaint in Denmark. All you have to do is to fill out a form or send an email. You can't do it anonymously, but it only takes a couple of minutes.
    https://www.datatilsynet.dk/english/file-a-complaint

    Couldn't find THEIR privacy policy about the data given to them. :)

    It's nonsense - but I expect it all to go even crazier, more complicated, more expensive and more difficult to avoid even if you are not in the EU.

    Thanked by (1)Ympker

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • @bikegremlin said:

    @frog said:

    @mfs said:

    @frog said: Reporting a company to the authorities is free,

    Here you're forced to use PEC if you don't want to do that personally or via registered mail with return receipt, I'd say it would be generally perceived to be quite a hassle. No "anonymous tips"; in general I believe most PMSers would just yell at the phone about the morality of someone's ancestors rather than snitching about something that may or may not happen on some 5+ yo database, this attitude may have helped reducing the chances for a proceeding to actually start

    It is easy to file a complaint in Denmark. All you have to do is to fill out a form or send an email. You can't do it anonymously, but it only takes a couple of minutes.
    https://www.datatilsynet.dk/english/file-a-complaint

    Couldn't find THEIR privacy policy about the data given to them. :)

    It is in Danish.
    https://www.datatilsynet.dk/kontakt/skriv-til-os/naar-du-skriver-til-os

    It's nonsense - but I expect it all to go even crazier, more complicated, more expensive and more difficult to avoid even if you are not in the EU.

    The idea behind GDPR (consumer protection) is good. But, you are right, it is too expensive for micro-enterprises to implement it.

    Thanked by (1)bikegremlin
  • @webcraft said:
    How does it work with their "licenses"? Can I use two and sell the other three on eBay?

    Just got an answer:

    Can I resell iubenda?
    Of course! Choose one of our plans, take advantage of a discount on bulk purchases and resell our services to your clients applying your markup.

    If anybody is willing to give me two or three of his licenses for the respectable fraction of the cost, please hit me up.

  • edited December 2021

    It's no good quality. Have tested them, they include a lot of services, it's easy to use/create but formatting and language is rather low quality. Feels like some free generators deliver better quality. Though I'm no lawyer to judge on content quality, it reads like it's somewhat simpler (translated by Google?).
    In the end I decided to not use the two license slices I rented.

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer
    edited December 2021

    @webcraft said:
    It's no good quality. Have tested them, they include a lot of services, it's easy to use/create but formatting and language is rather low quality. Feels like some free generators deliver better quality. Though I'm no lawyer to judge on content quality, it reads like it's somewhat simpler (translated by Google?).
    In the end I decided to not use the two license slices I rented.

    I have only had a short look at them the other day and quickly generated a standard privacy policy (basically without many extra services). One thing that stood out to me (raised a ticket already) is that they basically offer 3 implementation methods, all of which encourage embedding the legal text via their servers (and/or Akamai CDN) to keep them updated. However, in the generated privacy policy, I couldn't (quick search ctrl+F) find anything where they mention the PP is hosted on Iubenda or Akamai CDN, even though in that case, clearly, personal data (such as IP address of visitors) is transmitted to Iubenda and/or Akamai. If I used them, I'd need to remember adding a custom clause mentioning that. I will give their generator a deeper look and then decide whether it's gonna be of use to me. While they have apparently 1600 integrations, I only found Cloudflare CDN, while others have Stackpath, BootstrapCDN and others.

    In comparison: This is a free german privacy policy generator, including BootstrapCDN and other viable clauses with an optionally paid plan for english translation and about 13 more integrations: https://www.adsimple.de/datenschutz-generator/

    Thanked by (1)bikegremlin
  • @Ympker said: However, in the generated privacy policy, I couldn't (quick search ctrl+F) find anything where they mention the PP is hosted on Iubenda or Akamai CDN, even though in that case, clearly, personal data (such as IP address of visitors) is transmitted to Iubenda and/or Akamai.

    It's at the end


    The link leads to the very own iubenda's privacy policy and there's mention of the whole infra (AWS, DO, Akamai)

  • YmpkerYmpker OGContent Writer

    @mfs said:

    @Ympker said: However, in the generated privacy policy, I couldn't (quick search ctrl+F) find anything where they mention the PP is hosted on Iubenda or Akamai CDN, even though in that case, clearly, personal data (such as IP address of visitors) is transmitted to Iubenda and/or Akamai.

    It's at the end


    The link leads to the very own iubenda's privacy policy and there's mention of the whole infra (AWS, DO, Akamai)

    This is just the "short privacy policy", though. I'd like to show the "complete" one (bottom right) which is where I couldn't find it. According to some law you need to view the full pp with 1 or two clicks (1st click is opening the website www.domaim.com second is clicking on the PP button, third would be "show complete pp" which would be too much).

    Thanked by (1)bikegremlin
  • bikegremlinbikegremlin ModeratorOGContent Writer

    @Ympker said:

    @mfs said:

    @Ympker said: However, in the generated privacy policy, I couldn't (quick search ctrl+F) find anything where they mention the PP is hosted on Iubenda or Akamai CDN, even though in that case, clearly, personal data (such as IP address of visitors) is transmitted to Iubenda and/or Akamai.

    It's at the end


    The link leads to the very own iubenda's privacy policy and there's mention of the whole infra (AWS, DO, Akamai)

    This is just the "short privacy policy", though. I'd like to show the "complete" one (bottom right) which is where I couldn't find it. According to some law you need to view the full pp with 1 or two clicks (1st click is opening the website www.domaim.com second is clicking on the PP button, third would be "show complete pp" which would be too much).

    I'll... I'll stick to bicycles. :)

    Thanked by (1)Ympker

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • YmpkerYmpker OGContent Writer

    @bikegremlin said:

    @Ympker said:

    @mfs said:

    @Ympker said: However, in the generated privacy policy, I couldn't (quick search ctrl+F) find anything where they mention the PP is hosted on Iubenda or Akamai CDN, even though in that case, clearly, personal data (such as IP address of visitors) is transmitted to Iubenda and/or Akamai.

    It's at the end


    The link leads to the very own iubenda's privacy policy and there's mention of the whole infra (AWS, DO, Akamai)

    This is just the "short privacy policy", though. I'd like to show the "complete" one (bottom right) which is where I couldn't find it. According to some law you need to view the full pp with 1 or two clicks (1st click is opening the website www.domaim.com second is clicking on the PP button, third would be "show complete pp" which would be too much).

    I'll... I'll stick to bicycles. :)

    Believe me when I say, you are not missing out😂

    Thanked by (1)bikegremlin
  • YmpkerYmpker OGContent Writer

    Update: Seems like, once actually embedded, it shows a note at the end of the privacy policy stating the "hosted by Iubenda: See Privacy Policy" kinda message. I guess that's good enough, then. Although it would imho still be better to have Iubenda included in the actual privacy policy (not just at the bottom of the policy). Will play a bit more around to see how it fares with various clauses/integrations. The fact that BootstrapCDN, Stackpath, KeyCDN and other rather important integrations seem to be missing, I will have to see whether that's gonna be enough for me.

    Thanked by (1)bikegremlin
  • YmpkerYmpker OGContent Writer
    edited December 2021

    I know, I know, yet another german service, but even if you are non-german (e.g. @bikegremlin ): If you skim through the clauses included for free in https://www.einfach-abmahnsicher.de/drittdienste , you will find many important key clauses.

    Includes e.g.:

    • IONOS
    • Adobe Fonts
    • Akamai CDN
    • Adyen Payment
    • Akismet
    • Amazon Cloudfront CDN
    • Amazon Pay
    • Apple Pay
    • Borlabs Cookie
    • BootstrapCDN
    • Bunny CDN
    • CDN 77
    • Cloudflare
    • Consentmanager
    • Cookiebot
    • Cookiefirst
    • CreateJS CDN
    • Font Awesome
    • Google Fonts
    • Google Hosted Libraries CDN
    • Google Pay
    • Stripe
    • Twilio
    • unpkg CDN

    I know, I am being a bit picky, but if I am paying for it, it needs to be at a certain level. I am not saying Iubenda is bad, because I haven't tested it enough yet, and it is a great AIO kit. It's just it is, at first sight a bit lacking in "important" clauses (e.g. Iubenda has apparently 1600+ clauses; the german provider above has only 167 clauses, yet rather good ones). Appsumo has a 60 days refund policy, so I will make sure to test it thoroughly. Perhaps, I will also just keep it as a LTD and wait for them to keep adding new services :)

  • bikegremlinbikegremlin ModeratorOGContent Writer
    edited December 2021

    From what I could gather:

    It's too risky if you are working with clients.
    You need to find a good lawyer, and a good dev/admin whatever - and list all the services used, then write proper policies (in a legally acceptable form) for all of them (whatever is being used/tracked etc.).

    I'm not sure I'd sleep well relying on an automated solution for a client's website.

    And I'd definitely not bother for my own (for once I'm happy we're not in the EU, though this crap will soon be global... it already is practically).

    Thanked by (1)Ympker

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • YmpkerYmpker OGContent Writer

    @bikegremlin said:
    From what I could gather:

    It's too risky if you are working with clients.
    You need to find a good lawyer, and a good dev/admin whatever - and list all the services used, then write proper policies (in a legally acceptable form) for all of them (whatever is being used/tracked etc.).

    I'm not sure I'd sleep well relying on an automated solution for a client's website.

    And I'd definitely not bother for my own (for once I'm happy we're not in the EU, though this crap will soon be global... it already is practically).

    Clients, I do directly forward them to either a service like IT-Recht Kanzlei, or connect them with a law firm, I often send clients to.
    I also make sure that the legal texts are not part of the "product"/service I sell to my clients. There are solutions where you could also cover client sites (like Iubenda and other sites with 50+ licenses subscriptions), but I don't really wanna offer that. Too risky for me imho.

    That being said, I still have to know about these things, tell my clients about why they need to pay for a lawyer/such a service and at least guide them in the right direction. For my own website, I do care, but Iubenda or another generator may be enough for it :P

    I like that song ;) Enjoy your freedom until GDPR is everywhere.

    Thanked by (1)bikegremlin
  • mfsmfs OG
    edited December 2021

    @Ympker said: This is just the "short privacy policy", though. I'd like to show the "complete" one

    The "complete" one is shown once you click on the "short" one...

    @Ympker said: According to some law you need to view the full pp with 1 or two clicks

    The "complete one" seems available within two clicks here we're assuming someone is actually interested in reading all this legalese but I get your point

    Thanked by (1)Ympker
  • About some alternatives (self-hosted too!) I remembered someone here is using klaro

    https://heyklaro.com/pricing
    https://github.com/kiprotect/klaro

    the only issue may be the (proper and pseudonymous) collection of the "Record of consent" if you follow the self-hosted route (I guess, didn't investigate this, I just know it's used on some technical regional forums)

    Thanked by (2)Ympker bikegremlin
  • YmpkerYmpker OGContent Writer
    edited December 2021

    @mfs said:

    @Ympker said: This is just the "short privacy policy", though. I'd like to show the "complete" one

    The "complete" one is shown once you click on the "short" one...

    @Ympker said: According to some law you need to view the full pp with 1 or two clicks

    The "complete one" seems available within two clicks here we're assuming someone is actually interested in reading all this legalese but I get your point

    Thanks for the screenshots. Yeah, I already knew that I could click this button at the bottom right to view the full policy. Thing is, if opening the main website is counted as the first click (or clicking on a website in google results) that would make the PP visible with 3 clicks. I know, I know. Who cares? The visitors probably won't, I don't, but german lawyers who use automated crawlers to find and sue websites for minor GDPR/privacy policy violations will still be there. At least very present in Germany. I found an option to show the full pp, though. So that makes it two clicks (opening website + click on "Privacy Policy" in menu). The whole topic really is a pita. I love the idea to care more about ppl's privacy. But, please.. Nitpicking like some law agencies is also not gonna "help" anyone.

    Thanks for bringing up Klaro :) I will try Iubenda first, though. I might be picky and have criticized it a lot. That doesn't mean I am not trying to learn more about it and get the best out of it. Only then can I decide whether it's a good tool for me.

    Thanked by (2)bikegremlin mfs
  • mfsmfs OG
    edited December 2021

    @Ympker said: PP visible with 3 clicks

    Didn't know there was an explicit rule about the number of clicks here; we've had to attend a few mandatory seminars on the topic of "personal data management," and periodically we get indoctrinated by leguleians and the DPO; the main issue for them seems to be "the importance of having a downloadable, updated PDF"; afaik iubenda doesn't offer an option to "download" the PP, it's always online. Since iubenda doesn't offer that option, I assume it's not strictly necessary.
    PDF or not, personally I'd prefer to be able to "self-host" their CP/PP rather than relying on third-party infrastructure. Some entities throw a tantrum if you host some of their content on non-EU servers, if you add iubenda you bring AWS/DO et al. in the mix and this is something someone actively tries to avoid.
    Not 100% sure if you can use iubenda to generate a policy you're going to self-host.

    The regional site that uses klaro (at least on its forum, I think I can share it here, https://forum.fibra.click/ ) references a downloadable PP in PDF format in its footer; they may have been advised to do so by some local lawyer. Some sites are punctilious about always offering a downloadable PDF; at least for sites that aren't plain "showcases".

    The main site of our former premier and future president (???) uses iubenda, but only for the cookie policy. The privacy policy? It's a PDF.

    If I check the (English) PP of the first "Gold Partner" in iubenda ( https://alias2k.com/en/privacy-policy-en/ ) there's no PDF that can be downloaded; OTOH many referenced PP in that same document can be downloaded.
    In that PP for example the Google PP is referenced; Google offers a PDF along with the "online version" ( https://policies.google.com/privacy )
    ArubaCloud (Aruba S.p.A.) is referenced only with their PDF ( https://hosting.aruba.it/documents/tc-files/en/7_privacypolicyhostingcart.pdf )
    The "rule of thumb" (but I get no hard sources for this) is: if there's heavy user interaction, the PP should be downloadable. Even on their main site Aruba for example offers ONLY a pdf for its PP, while the Cookie can be detailed online.
    Institutional sites like https://www.en.regione.lombardia.it/wps/portal/site/en-regione-lombardia/DettaglioRedazionale/legal-and-credits/policy-en, always have the option to "Print" the online privacy policy; that's something that could be added in iubenda. Sure any web browser can "print the page" and therefore anyone can usually "print as pdf" but it's just not immediately available for the user.
    The Importance of Being a PDF is even more the case if health-related data is handled: e.g. https://www.galliera.it//54 (and many others)

    Many other institutional sites anyway, especially the ones of smallish municipalities ( all modelled after https://github.com/italia/designers.italia.it , pretty much any new institutional site follow these stylistic guidelines) just appoint an RDP (that is, a DPO) in their "Privacy Policy" and call it a day. If there's no RDP appointed within the administration itself, some "external agency" serves them with this kind of service.
    I've visited some of the personal/business sites of these "mercenary" RDPs/DPOs, they often lack any PP/CP... sometimes the PP on their own site leads to a 404... but as I said, the RDP/DPO it's (too) often just someone who gets the blame and it's in place for insurance purposes (sadly)

    On a related note:
    something that can fall within the "failed privacy policy" + "excessive data retention" + "data gathered from a website" ring is here.. a € 200k fine has just been issued to a famous university (Bocconi) because they used some USA-based software for "proctoring" during COVID lockdowns . Sadly the administrative injunction is available in Italian only. The app the university used was respondus.

  • YmpkerYmpker OGContent Writer

    @mfs said:

    @Ympker said: PP visible with 3 clicks

    Didn't know there was an explicit rule about the number of clicks here; we've had to attend a few mandatory seminars on the topic of "personal data management," and periodically we get indoctrinated by leguleians and the DPO; the main issue for them seems to be "the importance of having a downloadable, updated PDF"; afaik iubenda doesn't offer an option to "download" the PP, it's always online. Since iubenda doesn't offer that option, I assume it's not strictly necessary.
    PDF or not, personally I'd prefer to be able to "self-host" their CP/PP rather than relying on third-party infrastructure. Some entities throw a tantrum if you host some of their content on non-EU servers, if you add iubenda you bring AWS/DO et al. in the mix and this is something someone actively tries to avoid.
    Not 100% sure if you can use iubenda to generate a policy you're going to self-host.

    The regional site that uses klaro (at least on its forum, I think I can share it here, https://forum.fibra.click/ ) references a downloadable PP in PDF format in its footer; they may have been advised to do so by some local lawyer. Some sites are punctilious about always offering a downloadable PDF; at least for sites that aren't plain "showcases".

    The main site of our former premier and future president (???) uses iubenda, but only for the cookie policy. The privacy policy? It's a PDF.

    If I check the (English) PP of the first "Gold Partner" in iubenda ( https://alias2k.com/en/privacy-policy-en/ ) there's no PDF that can be downloaded; OTOH many referenced PP in that same document can be downloaded.
    In that PP for example the Google PP is referenced; Google offers a PDF along with the "online version" ( https://policies.google.com/privacy )
    ArubaCloud (Aruba S.p.A.) is referenced only with their PDF ( https://hosting.aruba.it/documents/tc-files/en/7_privacypolicyhostingcart.pdf )
    The "rule of thumb" (but I get no hard sources for this) is: if there's heavy user interaction, the PP should be downloadable. Even on their main site Aruba for example offers ONLY a pdf for its PP, while the Cookie can be detailed online.
    Institutional sites like https://www.en.regione.lombardia.it/wps/portal/site/en-regione-lombardia/DettaglioRedazionale/legal-and-credits/policy-en, always have the option to "Print" the online privacy policy; that's something that could be added in iubenda. Sure any web browser can "print the page" and therefore anyone can usually "print as pdf" but it's just not immediately available for the user.
    The Importance of Being a PDF is even more the case if health-related data is handled: e.g. https://www.galliera.it//54 (and many others)

    Many other institutional sites anyway, especially the ones of smallish municipalities ( all modelled after https://github.com/italia/designers.italia.it , pretty much any new institutional site follow these stylistic guidelines) just appoint an RDP (that is, a DPO) in their "Privacy Policy" and call it a day. If there's no RDP appointed within the administration itself, some "external agency" serves them with this kind of service.
    I've visited some of the personal/business sites of these "mercenary" RDPs/DPOs, they often lack any PP/CP... sometimes the PP on their own site leads to a 404... but as I said, the RDP/DPO it's (too) often just someone who gets the blame and it's in place for insurance purposes (sadly)

    On a related note:
    something that can fall within the "failed privacy policy" + "excessive data retention" + "data gathered from a website" ring is here.. a € 200k fine has just been issued to a famous university (Bocconi) because they used some USA-based software for "proctoring" during COVID lockdowns . Sadly the administrative injunction is available in Italian only. The app the university used was respondus.

    Yeah, there seems to be no "download. as PDF" option. You could, however, in the Dashboard just inspect the PP, then choose to show full PP and manually copy the plain text and paste it on your website. Ofc in that case the texts won't automatically update either and you'd need to keep them updated manually. Another "problem" I noticed is the PP turns into a link to Iubenda website if the browser has Javascript disabled. So any visitor with JS disabled in their browser does not see the actual PP when he clicks on "PP" in the website's menu but rather just sees an a href link to Iubenda website which is Iubenda's fallback if JS is disabled. Not such a neat solution either. The Cookie Banner is only displayed in german where as Cookiebot free plan automatically adapts the language to the country of the visitor. In Iubenda I would probably need to create more licenses and see how I would go about that. ToS Generator had some good options but nothing too special. The PP reads a bit "simple" and some of the free generators I have used had more detail. E.g. I have ticked Google Fonts clause and it just mentions Google Ireland Limited but without mentioning the address which I thought was essential, too. I will keep testing things out, but not too sure if Iubenda will be my ultimate solution. Like you said some things are a bit unfortunate (such as the PP being hosted on servers all over the world..) and fines are still out there.

    Thanked by (1)webcraft
  • @Ympker said:
    You could, however, in the Dashboard just inspect the PP, then choose to show full PP and manually copy the plain text and paste it on your website. Ofc in that case the texts won't automatically update either and you'd need to keep them updated manually.

    Do they allow this in their ToS to copy their texts to self-hosted?

  • YmpkerYmpker OGContent Writer

    @webcraft said:

    @Ympker said:
    You could, however, in the Dashboard just inspect the PP, then choose to show full PP and manually copy the plain text and paste it on your website. Ofc in that case the texts won't automatically update either and you'd need to keep them updated manually.

    Do they allow this in their ToS to copy their texts to self-hosted?

    I haven't checked yet. As long as you are paying I don't see why this should be a Problem, though. I'd ask support, but I am still waiting on another inquiry I asked on Nov 30th. Only got an automated reply stating they are overloaded and ticket replies can take 4-5 business days. Yay :P

    Thanked by (1)webcraft
Sign In or Register to comment.