How to make your online store legally wa­ter­tight

The legal basics of eCommerce differ from those of sta­tion­ary commerce. In addition, there are various legal aspects that only apply to online shops

• the GDPR
• the not-yet active ePrivacy reg­u­la­tions
• and online cookie reg­u­la­tions

All three reg­u­la­tions follow the same goal: to protect user and customer data and ensure that the process by which companies collect data is trans­par­ent. Therefore, web shop owners need to inform their customers of how they store personal data in case of a purchase and cookies when they access the sshop website. If you fail to provide the necessary in­form­a­tion, you could risk high fines. So if you’ve yet to install a solution that informs customers about how you track cookies, you’re better off not tracking any user activ­it­ies just yet.

The ob­lig­a­tion to provide in­form­a­tion about how user data is handled is not the only stumbling block on the way to a legally secure online shop. The following points also play an important role in creating a legally compliant online shop:

• Tools for error detection and cor­rec­tion: Provide your customers with tools that alert them to input errors in the course of their order so they can be corrected before they are submitted.
• Copyright notice: Your online shop is a com­mer­cial web project. If you plan to use content such as images and photos, for which you don’t own the copyright, their use must be con­trac­tu­ally agreed upon. You can find out more about online image rights in our article on the topic.
• Confirm receipt of order on a ‘permanent data carrier’: You are obliged to confirm contract terms as­so­ci­ated with any purchase made in your shop on a ‘permanent data carrier’, such as email or a paper printout that is added to the shipment.
• Label the order button correctly: The button that customers use to place an order must be clearly labelled as such. Labels such as ‘Pay now’ or ‘Buy’ are re­com­men­ded, while ‘order’ or ‘register’ are in­ad­equate or even mis­lead­ing and therefore not legally compliant.
• Observe geo-blocking pro­hib­i­tions: You can set the delivery areas for orders through your shop in­di­vidu­ally, but your offer can’t exclude users whose place of residence falls outside of your delivery area. You can find more detailed in­form­a­tion in our article on geo-blocking pro­hib­i­tion.

In times of the coronavir­us pandemic, a legally compliant online store is now more important than ever. After all, eCommerce busi­nesses have profited from strict reg­u­la­tions imposed on public life which has affected sta­tion­ary stores more than most other busi­nesses.

There is no doubt that both large sales platforms such as such as Amazon and eBay as well as many web shops have benefited from the crisis in recent months. Shops that primarily sell clothing and luxury goods (cars, watches, etc.) on the other hand, have suffered a drop in sales, es­pe­cially during spring 2020. The same applies - not sur­pris­ingly - to the tourism and en­ter­tain­ment in­dus­tries. It’s a problem that has quickly threatened the existence of many operators of smaller online shops.

Ad­di­tion­ally, eCommerce logistics have been hampered by the coronavir­us crisis. In some instances, pro­duc­tion and delivery chains could not be main­tained, which has led to customer com­plaints about long waits for ordered goods. For shops that rely on drop shipping, i.e. those whicch don’t have their own ware­houses, this spells disaster.

As a reliable digital partner, IONOS supports you during these difficult times. Our extensive range of support services can be viewed on our dedicated page.

It’s never been more important to watch out for the legal aspects of online shop creation and main­ten­ance. eCommerce plays a central role in our daily lives and it hasn’t even reached its full potential just yet. The following checklist sum­mar­ises the most important duties and building blocks to create a legally compliant online shop.

A dis­claim­er is a legal notice covering the basic issues that could arise when operating a website. Many websites can use a simple dis­claim­er, although other business may find they need something more spe­cial­ised depending on what products or services they offer.

A privacy policy tells website visitors what type of personal in­form­a­tion you are col­lect­ing from them and how you plan to use it. Data privacy and the pro­tec­tion of personal data are a legal re­quire­ment, according to the UK Data Pro­tec­tion Act 1998, as well as being con­sidered fun­da­ment­al human rights in the Charter of Fun­da­ment­al Human Rights of the European Union (CFR) 2009, and is protected within the EU by the Data Pro­tec­tion Directive. Companies and shops are required to alert the Office of the In­form­a­tion Com­mis­sion­ers if they are col­lect­ing users’ data. It is also advisable to specify if you don’t intend to collect any in­form­a­tion (such as e-mail addresses and names), so visitors feel at ease and may be more likely to stay on your site. If you have a contact form on your website (e.g. for customers to subscribe to your news­let­ter), you should let visitors know how any in­form­a­tion they enter will be used.

The afore­men­tioned European GDPR and online cookie reg­u­la­tions should also be con­sidered here.

While you must notify your customers that you’re using cookies, you can employ tracking solutions without their explicit consent. It’s re­com­men­ded that you install a solution that notifies your customers and allows them to give consent of cookie tracking. These notices must reach your customers before their data are being trans­mit­ted. Typically, this process is presented in the form of a pop-up which informs about how you store data and allows customers to accept or deny the use of cookies.

Depending on your know-how and abilities, you can program the cookie pop-up yourself or use a cookie consent tool. For Content Man­age­ment Systems, there are various plug-ins available to include cookie notices to make sure your web shop complies.

To create a legally compliant online shop, your product de­scrip­tions must be complete and not give a false im­pres­sion of products. Check that all necessary in­form­a­tion is included and that relevant pieces of in­form­a­tion are accurate. Typical sources of illegal in­form­a­tion include, for example, the following product details:

• Product type
• In­gredi­ents/com­pon­ents
• Date of man­u­fac­ture
• Avail­ab­il­ity
• Fitness for purpose
• Possible uses
• Quantity
• Origin

This kind of policy is required so that customers know when to expect their products and how they will be delivered. It’s important that customers know the expected delivery periods and costs otherwise they may look elsewhere if they can’t find the in­form­a­tion. Including a discount or promotion can encourage customers to buy more, for example, 'free shipping on orders over $100'.

Refunds are a normal part of online business and customers will want to return or exchange their goods from time to time. They are more likely to make a purchase if they know they can send the product back if it’s not to their sat­is­fac­tion. UK online customers can request a cancel refund within 14 days of receiving their goods. They then have another 14 days to send the goods back to you. If you do not make the customer aware of their right to cancel, they may cancel their order any time within the next 12 months, with 14 days to return the goods from the date they informed you according to UK gov­ern­ment reg­u­la­tions.

A good idea is to include the refunds policy with the terms and con­di­tions, so that buyers know their rights and what to expect. You could embed a check box onto your site so that users have to agree to the terms and con­di­tions, so you know they have read them and you are protected should any problems arise.

It’s important for online business owners to offer a range of payment methods so that every visitor is catered to. You could lose a potential customer if they don’t see their preferred method offered. You must ensure that you provide at least one payment method that doesn’t incur ad­di­tion­al charges.

You must let your customers know if there are charges for using credit cards or other payment methods. This should be explained as part of the order process and in detail on a sub-page that provides more in­form­a­tion about the payment options.

If you are creating a legally compliant online shop, be sure that your payment options comply with the Payment Card Industry Data Security Standard (PCI DSS), which help prevent fraud by creating increased controls around data, par­tic­u­larly companies or shops which store or process card in­form­a­tion.

As mentioned, the order button must be ex­pli­citly labelled as such to ensure your online shop is legally wa­ter­tight. In the past, there have been cases of dubious and fraud­u­lent methods to lure victims into sub­scrip­tions. In these cases, customers would enter sub­scrip­tion contracts without their knowledge.

Customers should be able to see that by clicking on a button they are entering a sales contract. Therefore, the button should use text that makes this obvious, such as

• ‘Buy now’
• ‘Order now’
• ‘Commit to pay’
• ‘Commit to purchase’

You should refrain from using dubious wording such as ‘Finish shopping’, ‘Register’ or even ‘Next’.

If there’s no ad­di­tion­al in­form­a­tion, a customer can expect that products are available im­me­di­ately. In most cases, im­me­di­ately is defined as within five days. A shipping policy is required so that customers know when to expect their products and how they will be delivered. It’s important that customers know the expected delivery periods and costs, otherwise they may look elsewhere if they can’t find the right in­form­a­tion. Including a discount or promotion can encourage customers to buy more, for example "free shipping on orders over £100".

All product and service costs listed on your website must be accurate and complete. Product prices should list the cost including and excluding sales taxes. Shipping costs must be stated and be easy to find. You should not add notes such as ‘shipping costs on request’ as this can be confusing and lead to frus­tra­tion among customers.

News­let­ter marketing is a favoured and cost-effective marketing strategy to reach existing and potential new customers. News­let­ter re­gis­tra­tions are often included on a website as part of an online form. The EU Privacy and Elec­tron­ic Com­mu­nic­a­tions Directive (E-Privacy Directive, 2002/58/EC) forbids the sending of un­so­li­cited marketing e-mails within the EU. This means that if you wish to provide a company news­let­ter for your customers, informing them of new products or sales for example, you must give users the option to opt in and opt out of receiving these e-mails. As pre­vi­ously stated, it is also a legal re­quire­ment that customers have given their consent for you to send their e-mail addresses on to third parties. This is not ne­ces­sar­ily a negative thing, as the re­lent­less arrival of un­so­li­cited e-mails from companies and shops in your inbox is con­sidered spam, and can be very annoying to the recipient.

As a shop owner, it’s your re­spons­ib­il­ity to provide your customers with relevant content in a pro­fes­sion­al and trans­par­ent way. Besides this valuable content, it is also important that pages are clearly marked and always available. The topic of data pro­tec­tion is not only relevant for legal reasons, but is also very important for online busi­nesses from a marketing per­spect­ive.

Please note the legal dis­claim­er relating to this article.