Book a 15-min discovery call

Website Legal Documents and Requirements Solution

Website Legal Documents and Requirements Solution

For your peace of mind, we offer an attorney-level website solution for compliance with the law across multiple countries and legislations, including the GDPR, EU Cookie Law, POPIA, CCPA, ePrivacy and more.

Websites and apps must always comply with certain requirements imposed by law. Failure to comply with the legal requirements, can result in serious penalties including substantial fines, audits and potential litigation.

Relax, your website is in good hands...

We have chosen to rely on iubenda, a company built on both legal and technical expertise, that specializes in this sector. Together with iubenda, of which we are Certified Partners, we have developed a proposal to offer all our customers a simple and safe solution to their compliance needs.

iubenda Certified Bronze Partner

Overview of the main legal requirements for websites and apps

Privacy and Cookie Policy

The law obliges each site/app that collects personal data to disclose relevant details to users via dedicated privacy and cookie notices.

Privacy policies must contain certain fundamental elements specific to your particular processing activities, including:

  • the contact and identifying details of the data controller;
  • which personal data is being processed;
  • the purposes and methods of processing;
  • the categories of sources from which consumers’ data is being collected;
  • the legal bases of processing (e.g., consent);
  • the third-parties that may also access the data — this includes any third-party tools (e.g., Google Analytics);
  • details relating to the transfer of data outside the European Union (where it applies);
  • the rights of the user;
  • description of notification process for changes or updates to the privacy policy;
  • the effective date of the privacy policy.
The cookie policy specifically describes the different types of cookies installed through the site, any third-parties to which these cookies refer – including a link to the respective documents and opt-out forms – and the purposes of the processing.
Can’t we use a generic document?

It’s not possible to use generic documents as your policy must describe in detail the specific data processing carried out by your site/app, and must also include the particular details of any third-party technologies (e.g., Facebook “like” buttons or Google Maps) specifically used by you.

What if my site does not process any data?
It’s very difficult for your site not to process any data. A simple contact form or a traffic analysis system such as Google Analytics is enough to trigger the obligation to prepare and display a privacy and cookie policy.

EU Cookie Law

In addition to providing an easily available and accurate cookie policy, in order to adapt a website to the cookie law, it is also necessary to show an informative cookie banner which links to a detailed cookie policy at the first visit of each user, giving the user the opportunity to either reject or grant consent to the installation of cookies. Most types of cookies, including those issued by tools such as social sharing buttons, should only be released after the user have provided a valid consent.

Furthermore, many third-party vendor networks may limit ad reach if you do not have a cookie management system that meets industry standards in place — potentially reducing your ability to generate ad revenue.

What is a cookie?
Cookies are small files used to store or track certain information while a user browses a site. Cookies are now essential to the proper functioning of a site. In addition, many third-party technologies that we integrate into our sites, such as simple video widgets or analytics programs, also use cookies.

CCPA

CCPA requires that businesses inform California users about how and why their data is being used, their rights in regards to this and how they can exercise these rights – including the right to opt-out. In order to comply with these requirements, you need to include both the relevant disclosures within your privacy policy and display a notice of collection at the first user’s visit (where applicable).

The process which allows the user to opt-out should be facilitated via a “Do Not Sell My Personal Information” (DNSMPI) link which should be accessible from your notice of collection and elsewhere on your site (best practice would be to also include the link in the footer).

My business is not based in California, do I need to comply with CCPA?
The CCPA applies to most businesses that collect or could potentially collect Californian customers personal information, whether or not the business itself is geographically located in California. Since IP addresses are considered personal information, this likely applies to any website with at least 50,000 unique visits per year from California.

Consent according to GDPR and LGPD

When a user directly enters personal data on a site/app, for example by filling in a contact form, service registration or newsletter subscription, it is necessary to collect consent that is freely given, specific and informed. Under the GDPR, it’s also necessary to keep unambiguous records that allow you to demonstrate that valid consent was collected.

Similar to the GDPR, the Brazilian LGPD also requires the data controller to provide an unambiguous proof of consent, giving evidence that the user’s consent was collected by a valid means.

What is free, specific and informed consent?
You must obtain consent for each specific processing purpose – for example, a consent to send newsletters and another consent to send promotional material on behalf of third-parties. Consent may be requested by setting up one or more checkboxes that are not pre-selected, not mandatory or coerced (freely given) and accompanied by relevant disclosures that make it clear to the user how his or her data will be used.
How can proof of valid consent be demonstrated unambiguously?
A range of information must be collected each time a user fills in a form on your site/app. This information includes a unique user identification code, the content of the privacy policy accepted, a copy of the form submitted by the user as well as a record of the opt-in mechanism used.
Is the email I receive from the user as a result of filling out a form not sufficient as proof of consent?
Unfortunately, it is not sufficient, as some information necessary to reconstruct the suitability of the procedure for collecting consent is missing, such as a copy of the form actually completed by the user and the version of the privacy documents available to the user at the time the consent was collected.
Do I have to comply with the LGPD even if my organization is not based in Brazil?
The LGPD has a territorial scope that extends outside of Brazil. This means that you may have to comply even if you or your business are not based in Brazil. Therefore, you fall under the LGPD scope if you process data from individuals located within the Brazilian territory, regardless of their nationality (even if they were in Brazil only at the time of data collection, and have since moved).

Terms and Conditions

In certain circumstances it can be necessary to protect your online business from potential liabilities with a Terms and Conditions document. Though not always legally required, Terms and Conditions set the way in which your product, service or content may be used, in a legally binding way.

The Terms and Conditions typically contain copyright clauses, disclaimers, terms of sale, allow you to set governing law, list mandatory consumer protection clauses, and more.

The Terms and Conditions should at least include:

  • the identification of the business;
  • a description of the service that your site/app provides;
  • information on risk allocation, liability, and disclaimers;
  • warranty/guarantee information;
  • the existence of a withdrawal right;
  • safety information, including instructions for proper use (e.g., terms of delivery of product/service);
  • rights of use;
  • conditions of use/purchase (e.g., age requirements or location-based restrictions);
  • refund policy/exchange/termination of service and related information;
  • information related to methods of payment.
When is it mandatory to have Terms and Conditions?

Everyone from bloggers to e-commerce, SaaS, and enterprise businesses can benefit from setting Terms of Use. However, in some cases it can be mandatory, such as in the case of e-commerce, where payment data is processed.

Can I copy and use a Terms and Conditions document from another site?

Because they are essentially a legally binding agreement, it is not only important to have one in place, but also necessary to ensure that it meets legal requirements and it matches your specific business processes, model, and remains up-to-date with the various laws referenced in its contents. Copy-pasting Terms and Conditions from other sites is very risky and could result in the document being void or unenforceable.

How we can help you using iubenda’s solutions

Thanks to our partnership with iubenda, we can help you configure everything you need to make your site/app compliant. iubenda is in fact the simplest, most complete and professional solution to comply with regulations.

Privacy and Cookie Policy Generator

With iubenda’s Privacy and Cookie Policy Generator we can prepare a fully customized, self-updating policy for your site/app. iubenda’s policies are generated starting from a database of clauses drafted and continuously reviewed by an international team of lawyers.

Cookie Solution

The iubenda Cookie Solution is a comprehensive solution to meet EU Cookie Law, CCPA and any other third-party requirements by facilitating the display of a GDPR-compliant cookie banner or a CCPA notice of collection at each user’s first visit, the preventive blocking of the profiling cookies and the collection of users’ consent to the installation of cookies. It also supports opt-out from sale for Californian users via a “Do Not Sell My Personal Information” link.

Consent Solution

iubenda’s Consent Solution allows the collection and storage of an unambiguous proof of consent whenever a user fills out a form – such as a contact form or newsletter subscription – on your website or app, as required by the GDPR and the Brazilian LGPD. The solution can also be used to document opt-out requests from Californian consumers, as imposed by the CCPA.

TERMS AND CONDITIONS Generator

With iubenda’s Terms and Conditions Generator we can prepare a fully customized, self-updating T&C document for your site/app. iubenda’s Terms and Conditions are generated starting from a database of clauses drafted and continuously reviewed by an international team of lawyers.
Contact us to receive a personalized proposal →

Basic maintenance
(Updates and Security)

$97 / month

  • Updates with visual check
  • Daily off-site backups
  • Daily security scans
  • Malware cleanup
  • Maintenance Dashboard
  • 24/7 Team of WordPress experts
  • Unlimited content edits
  • Unlimited 30 minute tasks
Choose Plan

Premium maintenance
(Unlimited Content Edits)

$197 / month

  • Updates with visual check
  • Daily off-site backups
  • Daily security scans
  • Malware cleanup
  • Maintenance Dashboard
  • 24/7 Team of WordPress experts
  • Unlimited content edits
  • Unlimited 30 minute tasks
Choose Plan

Frequently asked questions

Your questions answered.

General Questions

Click your chosen plan and then complete checkout. You will need to fill out a form providing both WP admin and FTP credentials for the sites you want to add.

Once we receive this information, one of our happiness engineers will log into the site to install our plugins and get the site connected to our remote maintenance system.

We’ll also run a quick test of the off-site backup system and make sure the security scans are running. If there are any outstanding core or plugin updates, we’ll perform those as well.

We prioritize activating new sites, so this should be done within a few hours of you completing the process. Keep in mind, if your site is especially large or the connection to your server is exceptionally slow, it could take a bit longer.

We can perform host migrations for a one-time cost of $197. That said, many hosts have tools that will allow you to do this very quickly and easily with no additional cost and some even offer free migrations. We would recommend contacting the host you’re looking to switch to and your existing host to see what options are available.

To cancel a site, you just need to send us an email letting us know which site. Pure Bliss Digital services work on a 30-day rolling subscription plan basis for cancellation invoices. Your cancellation will be effective for the next 30-day cycle.

Our team of happiness engineers is on call 24 hours a day, 7 days and week, 365 days a year. We strive to complete all tasks within 8 hours but we usually get them done much faster!

Our maintenance service runs during business hours, Monday-Friday.

Pure Bliss Digital provides Maintenance and Unlimited Content Edits for WordPress multisite on a case by case basis.

Here’s how it works and the transparency behind how it is different:

The main domain requires a Maintenance Plan to have updates, backups, and security performed. The updates performed on the main domain impact any/all sites in the network, so there is a chance that a plugin update could cause issues on a subsite that we would not be able to detect.

For this reason, we generally don’t recommend our service for multisite.

If you’re comfortable with us applying updates on the subsites but not having the visual check, you would need a Maintenance Plan subscription for the main site, and then an Unlimited Content Edits Plan for each subsite that requires ongoing content edits.

Basic Plan Questions

Yes! You can exclude plugins from being updated in the Maintenance Dashboard. To do this, just navigate to the Updates tab of the Maintenance Dashboard and click the Settings button. You can then select which plugins to block or exclude from our automatic updates. This can be changed at any time.

Yes! You can keep your currently installed plugins. If there is a question regarding licensing of these plugins or any updates along the way, our team will reach out to you.
Our team does not communicate with hosting providers. If there is an issue with the hosting provider, we will reach out to you and let you know if there is something needed from the host in order for us to be able to deliver our service.

WordPress rolls out core updates in various stages and we assess what needs to be updated and when.

If it is a major update, we will wait 10-14 days until the WordPress development team has worked out all the bugs to help ensure it won’t have a negative impact on your websites.

We provide daily security scans and if malware is detected, it will be removed and we’ll let you know about it.

The WordPress core and plugin updates also protect your website by keeping your software on the latest version. Your website is constantly being monitored with WordPress security alerts and if there is a vulnerable plugin on your website, it will be updated as soon as the patch is available. MalCare automatically blocks malicious traffic with real-time protection.

Visual Validator is our tool that uses visual regression to ensure plugin updates don’t cause visual problems on your site. 

How it works:

  1. Visual Validator takes screenshots of up to 20 pages of your site.
  2. Updates are applied.
  3. Visual Validator takes new screenshots and compares them to see if anything looks different.
  4. If changes are detected, our happiness engineers are alerted and will resolve the issue.

Our update process lets you pick and choose which updates to run. So if needed, we can exclude problematic updates from the process. You also have to ability to choose specific pages for Visual Validator to check.

The Maintenance Plan includes:

  • WordPress core and plugin updates with Visual Validator.
  • Security monitoring and malware cleanup.
  • 90 days of reliable, off-site backups.
  • Maintenance dashboard plugin.

If an update fails and/or Visual Validator detects a visual discrepancy as a result of a plugin update, we’ll research why, and contact you to help fix it.

Visual Validator does not detect if a functionality is impacted by a plugin update. If you notice a functionality issue the has occurred as a result of a plugin update, let us know. We’ll research why and help to fix it.

Yes, we install our Maintenance Dashboard plugin on each site.

The Maintenance Dashboard is visible in the site Admin Panel and gives complete visibility on the updates, backups and security scans we provide.

Yes, we offer monthly maintenance reports for each site. These reports highlight all the maintenance work that’s been going on behind the scenes and give a general health report of the site. If you’d like to receive these monthly reports, just let us know!

Our maintenance service runs during business hours Monday through Friday. This way, if an update causes your website to crash, we’re alerted immediately and able to fix it immediately.

We are not an emergency support service. If your website crashes outside of our maintenance hours, it is likely due to something outside of our control, for example, an issue with the hosting service. That being said, if your website is still down once our maintenance service starts up for the day we will catch that and go in to take a look and let you know what next steps to take.

Premium Plan Questions

No. Only live websites with a host and domain are eligible for The Unlimited Content Edits Plan.

If you’d like help building out a website, please reach out to us for more information.

While our 24/7 team is available at all times for content edits and admin panel changes, we are not an emergency support service. Requests are handled on a first-come, first-serve basis.

Our Jump the Line service offers priority service With Jump the Line, anytime you submit a content edit request, it automatically jumps to the front of the queue — 24 hours a day, 7 days a week.

Websites covered by our Unlimited Content Edits plan must be live sites.

Yes. Our happiness engineers need to know that the sites they are working on are up to date and have reliable backups. Because of this, the Unlimited Content Edits Plan includes the Maintenance Plan service.

When we say unlimited content edits, we mean it! You can send in as many requests as you’d like. Remember that a content edit is anything that takes 30 minutes or less to resolve and can generally be handled within the admin panel of your WordPress website.

We’re able to do this because we have a team of happiness engineers dedicated to doing only this — 24 hours a day, 7 days a week, 365 days a year. We can resolve most tasks very quickly since we often see similar issues across hundreds of sites. And while some customers send more support requests than others, the average number of tasks per customer is very manageable.

Pure Bliss Digital is not an emergency service provider.

All of our content edit requests are handled in the order they are received.

We typically handle requests in under 8 hours unless they need to be escalated or there are further questions.

An example of an urgent request is:

“URGENT! My WooCommerce shop link is not working on a specific product! Please fix this immediately!”

Because we are not an emergency service provider, this type of request would fall into the content edit request queue and be resolved within 8 hours by our team.

If you find you are often in need of urgent requests, you may want to consider our Jump the Line service, which gives you instant VIP status in the queue. Anytime you submit a support request it automatically jumps to the front of the queue — 24 hours a day, 7 days a week.

Whenever we receive a request, the happiness engineers evaluate it to make sure it fits within our scope of service.

If we think a task will take more than 30 minutes, we’ll provide a quote for approval.

Occasionally there are requests that our happiness engineers cannot do because it falls completely outside our scope of service. Once we troubleshoot the issue, we’ll let you know what your best options are.

Here are some requests that the Unlimited Content Edits Plan does not include:

  • Graphic design changes (Things like creating graphics or editing images beyond simple resizing/cropping)
  • SEO and Analytics strategy, review, or consulting
  • Writing or providing copy for posts, pages, products, etc. (Including Cookie Permissions and Privacy Policies)
  • Build-outs and plugin/theme development, including the build-out of new major functionality on an existing site (i.e. setting up an online store, rebuilding existing content through a different page builder, or custom-coding a new plugin to provide new functionality)
  • Host-related optimization
  • Interacting with third-party vendors, including the host, email provider, a plugin/theme’s support team, etc.
  • Purchasing plugins, license keys, or extensions

Just remember, it never hurts to ask. No matter the request, we’ll help point you in the right direction!

Our Unlimited Content Edits Plan covers anything that takes 30 minutes or less to resolve and that can generally be handled within the admin panel of your WordPress site.

For example: Adding or editing content like blog posts, WooCommerce products, pages, editing menus and widgets, installing and activating plugins, and much more.

Have more complex issues? No problem! We’re happy to troubleshoot more complicated issues and then discuss what kind of resolutions we can offer to best fit your needs.

Here’s a more comprehensive list of the most common things our 24/7 team does.

Content Edits:

  • Publishing blog posts and new pages from provided Word or Text documents
  • Adding/Removing/Editing text on posts, pages, products, etc.
  • Uploading provided JPG and PNG images and adding to pages
  • Cropping/Resizing images within the WP Dashboard
  • Adding provided Yoast keywords, titles, snippets, etc
  • Adding/Removing/Editing menu items
  • Configuring popups, notification bars, and slide-in features based on provided text, images, and examples
  • Create image galleries
  • Edit page slugs
  • Adding/Removing/Editing users
  • Upload PDFs
  • Adjust widgets

Settings Adjustments:

  • Updating theme options
  • Adding redirects
  • Add/Remove/Edit form fields
  • Edit templates made from visual editors (such as Beaver Builder, Elementor, and Divi Builder)
  • Installing simple plugins from the WordPress repository (i.e. “Duplicate Post” or “WordPress Zero Spam”)

We can also take care of the following requests, but they may take a bit longer than our usual turnaround time:

  • Custom CSS / JS
  • Performing search and replaces
  • Adding code snippets through WP hooks
  • Installing more complex plugins (i.e. a caching plugin or free WooCommerce add-on)
  • Performance / Page-speed related adjustments based on GT Metrix reports
  • Minor troubleshooting involving plugin and theme compatibility
  • Installing tracking codes (i.e. Google Analytics)
  • Testing contact forms and checkout workflows

It’s easy to submit a content edit request! You can simply send the request via email to [email protected].

It will be received by our team of happiness engineers immediately and you’ll get an email confirmation.

Please include as much information as possible and follow these best practices:

  • The subject of the email should include your domain and a simple subject that captures the essence of your request.
    Examples:
    Email Subject Line 1: mysite.com – Fix font on plans page
    Email Subject Line 2: mysite.com – Gallery posts
  • One task per request
  • Include as much information as possible: screenshots, detailed description, error numbers, videos, etc. Whatever you’ve got, we’ll take it!
  • If you are sending in copy that you would like posted/updated, please be sure to include it as a word document that our happiness engineers can copy and paste.
  • Remember to include any files that you would like uploaded.
Copyright © 2024 Pure Bliss Digital
Terms and Conditions 
Privacy Policy 
Cookie Policy