Privacy policy clauses for Iubenda

Installation triggers immediate obligations

Adding Iubenda to your site or app immediately creates a legal trigger: you are now explicitly managing user consent for cookies and tracking technologies. This is not optional in jurisdictions under GDPR (EU/EEA), ePrivacy Directive (Article 5(3)), CCPA (California), or comparable laws (LGPD in Brazil, DPA 2018 in UK).

### GDPR context

If your users include EU residents, GDPR Articles 6 (lawful basis), 7 (consent conditions), and 13/14 (transparency) apply immediately. Iubenda's consent banner captures affirmative consent signals; GDPR Article 7(4) requires that consent be freely given, specific, informed, and unambiguous. The moment the banner appears, you must document what data you collect, who processes it, and how long it's retained.

### ePrivacy Directive (PECR in UK, national laws in EU)

Article 5(3) of the ePrivacy Directive mandates prior consent before storing non-essential cookies or accessing terminal equipment. Iubenda's consent interface is built to satisfy this requirement—but only if configured correctly with granular categories.

### CCPA and state privacy laws

If you have California (or Virginia, Colorado, Connecticut, Utah) users, CCPA Section 1798.100 grants users rights to know, delete, and opt-out. Iubenda's policy generation and consent tracking help satisfy disclosure obligations (Section 1798.100), but you must ensure the policies it generates match your actual data practices.

### First concrete step

Before deploying Iubenda, complete a data mapping: list every tracking tool, cookie, pixel, or SDK on your site. Cross-reference each against Iubenda's consent categories (essential, functional, analytics, marketing). This prevents the most common failure: deploying consent UI without knowing what actually needs consent.