Your website should clearly set out some vital information about your company; for instance, limited companies and limited liability partnerships must display their company’s registered name, place of registration, registration number and registered office address. Having a contact form is not enough so you should also include an email address where people can contact you.
Under the Electronic Commerce (EC Directive) Regulations 2002, there are also specific rules that you must follow if you are one of the following:
If your business name is different from your actual name, you must provide your name on your ‘About’ or ‘Contact Us’ pages.
You must provide your VAT registration number on your website if your business is VAT registered.
If you offer a service that has a supervisory authority or if you are a member of a regulated profession, this must be stipulated on your website.
In addition, it is essential that you seek users’ consent before you store cookies on their devices. Users must give their consent through a clear positive action. An excellent example of this is clicking on an ‘Accept Cookies’ button. You should also make it easy for users to withdraw consent and disable cookies.
The law stipulates that you must rely on a lawful basis before you can send them any marketing emails. One of those lawful basis is consent. If enquiries have joined your mailing list or checked a box indicating their willingness to receive newsletters from you, then that’s great. This means they have given you their consent. However, the GDPR made it clear that the above mentioned box should not be pre-ticked.
After receiving permission to include people on your email marketing list, you must provide a link or instructions on how they can unsubscribe from your newsletters. The GDPR specifies that you should do this in every such email you send.
If you sell products online, the Electronic Commerce (EC Directive) Regulations 2002 require you to provide information about the different steps buyers should take to complete a transaction. You must also outline what shoppers can do if an error occurs and indicate whether your website can be translated into another language.
Meanwhile, the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 require you as an online store owner to display a link to your terms of purchase, delivery options, cancellation forms and returns/refunds/exchange policy. Compliance is essential as it protects both you and your customers.
You must ensure that you have sufficient cyber security measures in place, particularly if your website collects or stores users’ personal data and/or processes payments. This is to ensure that you comply with the GDPR and the Payment Card Industry Data Security Standard (PCI DSS). In order to meet the GDPR and PCI DSS security requirements, you should take the following steps:
Non-compliance with the above mentioned legal requirements, including having terms and conditions for website can result in fines. In fact, the Information Commissioner’s Office and the local Trading Standards could pursue legal action against you. Similarly, an individual could sue you provided that they can prove that your non-compliance caused them to suffer a loss.
Do not copy privacy policies and similar documents from other websites. Not only is it considered to be copyright infringement, but it could also cause you to use content that is neither correct nor legally compliant. Furthermore, you would not be able to rely on copied content should you find yourself involved in a legal dispute.
At BEB, we can help ensure that your website complies with UK law. We can also assist you in drafting your website’s terms and conditions and privacy policies. Contact us today so we can answer any questions you may have.