Most companies or organisations have a website but not all website owners are compliant with the laws governing website activity. This can result in legal risks that are completely unnecessary with some planning.
Commercial websites provide a ‘shop window’ for businesses to promote, market and sell their goods and/ or services. The law expects website owners to provide the same protections to online consumers as are expected with bricks and mortar consumers. In addition, online-specific legislation places extra special obligations upon website owners when it comes to online trade. Common pitfalls include failing to ensure customer personal data is protected, non-compliance with the standard basis of forming a contract online, and breaching consumer protection regulations.
In this article, we consider the main policies that businesses need to put in place when trading online.
- Privacy Statement
A business must comply with the principles of good practice set out in the Data Protection Act 1998/EU data protection regulation 2016/679 and be ‘open and transparent’ to all Data Subjects. The key principles are around processing only specific personal data in a fair, accurate and lawful manner. The processing must not be excessive and must be accurate. Personal data should only be kept for as long as necessary. A business must also protect the data from accidental loss and destruction. Your privacy statement is an important compliancy document and should address:
- What information you collect (personal and/ or financial);
- How and why you collect and handle the information and keep it secure;
- If there will be any direct marketing activities (if yes, an easy and accessible method of opting out should be provided);
- What one needs to do to request information or send a ‘subject access request’.
Our templates can help you get started:
This document defines your relationship with the user and protects your business. It needs to be comprehensive and correct. It is especially important where the site is an interactive one and/ or uses connect platforms via an API of another website. You will need to set out what is acceptable use and attain consents by way of an intellectual property licence grant to use and display user content that may be uploaded to the site. This policy exists to protect your interests by covering areas including:
- Acceptance of collection and use of information;
- Changes and content;
- Links to third party websites;
- Copyright protection of your content and user-generated-content (licences);
- Disclaimers and limitation of liability.
Here is a link to our legal template that will help you get started:
- Main Terms & Conditions (goods or services)
If you intend to sell goods or services online, you need legal terms and conditions that are appropriate to the online environment. For example, the technical steps for formation of the contract and the ordering process as a whole need to take account of the nature of online procedures. Your Ts & Cs should include the following points and be part of your purchasing procedure:
- Conditions of acceptance of order;
- Order process;
- Product or Services information;
- Price and terms of payment;
- Rights of the seller (and Buyer) (Service Provider and Company or Individual);
- Age of consent (where applicable);
- Data Protection;
- Intellectual Property;
- Parties’ respective warranties and indemnities to deal with risk, liability and limitation of the same;
- Cancellation, exchanges, returns and refunds;
- Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (where applicable). As a business you are required to provide certain information to website users under certain regulations. For goods purchased under a B2C contract, there are consumer cancellation rights to expressly provide for;
- Term and termination
Here are links to our templates that will help you get started:
Don’t assume that your Ts & Cs bind all users of your website and that you can rely on them! They need to be:
(1) incorporated; and,
(2) accepted by the user.
Best practice is to have a tick box that the user has to tick to accept the Ts & Cs prior to the purchase being made. The tick box should be server-side validated so that the user cannot proceed without ticking!
When you engage a company to build and develop your website, there are numerous things that need to be addressed from the outset, otherwise, things may go pear-shaped at the first hurdle resulting in delays at the very least, if not, complete project abandonment and extra costs. Be clear on who will own the intellectual property in the deliverables i.e. know your licences from your assignments!