Most companies or organisations have a website but not all website owners are compliant with the laws governing website activity. This can result in legal risks that are completely unnecessary with some planning.

Commercial websites provide a ‘shop window’ for businesses to promote, market and sell their goods and/ or services. The law expects website owners to provide the same protections to online consumers as are expected with bricks and mortar consumers. In addition, online-specific legislation places extra special obligations upon website owners when it comes to online trade. Common pitfalls include failing to ensure customer personal data is protected, non-compliance with the standard basis of forming a contract online, and breaching consumer protection regulations.

In this article, we consider the main policies that businesses need to put in place when trading online.

  1. Privacy Statement

A business must comply with the principles of good practice set out in the Data Protection Legislation which means (as applicable)

and be ‘open and transparent’ to all Data Subjects. The key principles are around processing only specific personal data in a fair, accurate and lawful manner. The processing must not be excessive and must be accurate. Personal data should only be kept for as long as necessary. A business must also protect the data from accidental loss and destruction.  Your privacy statement is an important compliancy document and should address:

  • What information you collect (personal and/ or financial);
  • How and why you collect and handle the information and keep it secure;
  • If you use cookies (or similar technologies);
  • If there will be any direct marketing activities (if yes, an easy and accessible method of opting out should be provided);
  • What one needs to do to request information or send a ‘subject access request’.

Our templates can help you get started:

Privacy Statement (website)

  1. Cookie Policy

A cookie policy is also a legal requirement along with a cookie warning message (which can be implied). You should list cookies set on a user’s browser, what their purposes is and for how long they will naturally remain. It would be good practice to provide your users with some information or links on how to delete cookies!

Get started quickly with our Cookie Policy

  1. Website Terms of Use

This document defines your relationship with the user and protects your business. It needs to be comprehensive and correct. It is especially important where the site is an interactive one and/ or uses connect platforms via an API of another website. You will need to set out what is acceptable use and attain consents by way of an intellectual property licence grant to use and display user content that may be uploaded to the site. This policy exists to protect your interests by covering areas including:

  • Acceptance of collection and use of information;
  • Changes and content;
  • Links to third party websites;
  • Copyright protection of your content and user-generated-content (licences);
  • Disclaimers and limitation of liability.

Here is a link to our legal template that will help you get started:

Website Terms of Use

  1. Main Terms & Conditions (goods or services)

If you intend to sell goods or services online, you need legal terms and conditions that are appropriate to the online environment. For example, the technical steps for formation of the contract and the ordering process as a whole need to take account of the nature of online procedures. Your Ts & Cs should include the following points and be part of your purchasing procedure:

  • Conditions of acceptance of order;
  • Order process;
  • Product or Services information;
  • Price and terms of payment;
  • Rights of the seller (and Buyer) (Service Provider and Company or Individual);
  • Age of consent (where applicable);
  • Data Protection;
  • Intellectual Property;
  • Parties’ respective warranties and indemnities to deal with risk, liability and limitation of the same;
  • Delivery;
  • Cancellation, exchanges, returns and refunds;
  • Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (where applicable). As a business you are required to provide certain information to website users under certain regulations. For goods purchased under a B2C contract, there are consumer cancellation rights to expressly provide for;
  • Term and termination

Here are links to our templates that will help you get started:

Website Terms & Conditions (Business to Business – Services)

Website Terms & Conditions (Business to Customer – Goods)

Don’t assume that your Ts & Cs bind all users of your website and that you can rely on them! They need to be:

(1) incorporated; and,

(2) accepted by the user.

Best practice is to have a tick box that the user has to tick to accept the Ts & Cs prior to the purchase being made. The tick box should be server-side validated so that the user cannot proceed without ticking!

When you engage a company to build and develop your website, there are numerous things that need to be addressed from the outset, otherwise, things may go pear-shaped at the first hurdle resulting in delays at the very least, if not, complete project abandonment and extra costs. Be clear on who will own the intellectual property in the deliverables i.e. know your licences from your assignments!


Let us know if we can help you!

Author: Yvonne Morris



twitter: @CloudLegals



CloudLegal is a tech-enabled legal support consultancy which promises practical commercial and jargon-free advice. We support all company matters, commercial contracts/ Ts & Cs (including software and IT), employment & HR as well as data protection matters. We have various services including: