How to make your online store legally watertight

The legal basics of eCommerce differ from those of stationary commerce. In addition, there are various legal aspects that only apply to online shops

• the GDPR
• the not-yet active ePrivacy regulations
• and online cookie regulations

All three regulations follow the same goal: to protect user and customer data and ensure that the process by which companies collect data is transparent. Therefore, web shop owners need to inform their customers of how they store personal data in case of a purchase and cookies when they access the sshop website. If you fail to provide the necessary information, you could risk high fines. So if you’ve yet to install a solution that informs customers about how you track cookies, you’re better off not tracking any user activities just yet.

The obligation to provide information about how user data is handled is not the only stumbling block on the way to a legally secure online shop. The following points also play an important role in creating a legally compliant online shop:

• Tools for error detection and correction: Provide your customers with tools that alert them to input errors in the course of their order so they can be corrected before they are submitted.
• Copyright notice: Your online shop is a commercial web project. If you plan to use content such as images and photos, for which you don’t own the copyright, their use must be contractually agreed upon. You can find out more about online image rights in our article on the topic.
• Confirm receipt of order on a ‘permanent data carrier’: You are obliged to confirm contract terms associated with any purchase made in your shop on a ‘permanent data carrier’, such as email or a paper printout that is added to the shipment.
• Label the order button correctly: The button that customers use to place an order must be clearly labelled as such. Labels such as ‘Pay now’ or ‘Buy’ are recommended, while ‘order’ or ‘register’ are inadequate or even misleading and therefore not legally compliant.
• Observe geo-blocking prohibitions: You can set the delivery areas for orders through your shop individually, but your offer can’t exclude users whose place of residence falls outside of your delivery area. You can find more detailed information in our article on geo-blocking prohibition.

In times of the coronavirus pandemic, a legally compliant online store is now more important than ever. After all, eCommerce businesses have profited from strict regulations imposed on public life which has affected stationary stores more than most other businesses.

There is no doubt that both large sales platforms such as such as Amazon and eBay as well as many web shops have benefited from the crisis in recent months. Shops that primarily sell clothing and luxury goods (cars, watches, etc.) on the other hand, have suffered a drop in sales, especially during spring 2020. The same applies - not surprisingly - to the tourism and entertainment industries. It’s a problem that has quickly threatened the existence of many operators of smaller online shops.

Additionally, eCommerce logistics have been hampered by the coronavirus crisis. In some instances, production and delivery chains could not be maintained, which has led to customer complaints about long waits for ordered goods. For shops that rely on drop shipping, i.e. those whicch don’t have their own warehouses, this spells disaster.

As a reliable digital partner, IONOS supports you during these difficult times. Our extensive range of support services can be viewed on our dedicated page.

It’s never been more important to watch out for the legal aspects of online shop creation and maintenance. eCommerce plays a central role in our daily lives and it hasn’t even reached its full potential just yet. The following checklist summarises the most important duties and building blocks to create a legally compliant online shop.

A disclaimer is a legal notice covering the basic issues that could arise when operating a website. Many websites can use a simple disclaimer, although other business may find they need something more specialised depending on what products or services they offer.

A privacy policy tells website visitors what type of personal information you are collecting from them and how you plan to use it. Data privacy and the protection of personal data are a legal requirement, according to the UK Data Protection Act 1998, as well as being considered fundamental human rights in the Charter of Fundamental Human Rights of the European Union (CFR) 2009, and is protected within the EU by the Data Protection Directive. Companies and shops are required to alert the Office of the Information Commissioners if they are collecting users’ data. It is also advisable to specify if you don’t intend to collect any information (such as e-mail addresses and names), so visitors feel at ease and may be more likely to stay on your site. If you have a contact form on your website (e.g. for customers to subscribe to your newsletter), you should let visitors know how any information they enter will be used.

The aforementioned European GDPR and online cookie regulations should also be considered here.

While you must notify your customers that you’re using cookies, you can employ tracking solutions without their explicit consent. It’s recommended that you install a solution that notifies your customers and allows them to give consent of cookie tracking. These notices must reach your customers before their data are being transmitted. Typically, this process is presented in the form of a pop-up which informs about how you store data and allows customers to accept or deny the use of cookies.

Depending on your know-how and abilities, you can program the cookie pop-up yourself or use a cookie consent tool. For Content Management Systems, there are various plug-ins available to include cookie notices to make sure your web shop complies.

To create a legally compliant online shop, your product descriptions must be complete and not give a false impression of products. Check that all necessary information is included and that relevant pieces of information are accurate. Typical sources of illegal information include, for example, the following product details:

• Product type
• Ingredients/components
• Date of manufacture
• Availability
• Fitness for purpose
• Possible uses
• Quantity
• Origin

This kind of policy is required so that customers know when to expect their products and how they will be delivered. It’s important that customers know the expected delivery periods and costs otherwise they may look elsewhere if they can’t find the information. Including a discount or promotion can encourage customers to buy more, for example, 'free shipping on orders over $100'.

Refunds are a normal part of online business and customers will want to return or exchange their goods from time to time. They are more likely to make a purchase if they know they can send the product back if it’s not to their satisfaction. UK online customers can request a cancel refund within 14 days of receiving their goods. They then have another 14 days to send the goods back to you. If you do not make the customer aware of their right to cancel, they may cancel their order any time within the next 12 months, with 14 days to return the goods from the date they informed you according to UK government regulations.

A good idea is to include the refunds policy with the terms and conditions, so that buyers know their rights and what to expect. You could embed a check box onto your site so that users have to agree to the terms and conditions, so you know they have read them and you are protected should any problems arise.

It’s important for online business owners to offer a range of payment methods so that every visitor is catered to. You could lose a potential customer if they don’t see their preferred method offered. You must ensure that you provide at least one payment method that doesn’t incur additional charges.

You must let your customers know if there are charges for using credit cards or other payment methods. This should be explained as part of the order process and in detail on a sub-page that provides more information about the payment options.

If you are creating a legally compliant online shop, be sure that your payment options comply with the Payment Card Industry Data Security Standard (PCI DSS), which help prevent fraud by creating increased controls around data, particularly companies or shops which store or process card information.

As mentioned, the order button must be explicitly labelled as such to ensure your online shop is legally watertight. In the past, there have been cases of dubious and fraudulent methods to lure victims into subscriptions. In these cases, customers would enter subscription contracts without their knowledge.

Customers should be able to see that by clicking on a button they are entering a sales contract. Therefore, the button should use text that makes this obvious, such as

• ‘Buy now’
• ‘Order now’
• ‘Commit to pay’
• ‘Commit to purchase’

You should refrain from using dubious wording such as ‘Finish shopping’, ‘Register’ or even ‘Next’.

If there’s no additional information, a customer can expect that products are available immediately. In most cases, immediately is defined as within five days. A shipping policy is required so that customers know when to expect their products and how they will be delivered. It’s important that customers know the expected delivery periods and costs, otherwise they may look elsewhere if they can’t find the right information. Including a discount or promotion can encourage customers to buy more, for example "free shipping on orders over £100".

All product and service costs listed on your website must be accurate and complete. Product prices should list the cost including and excluding sales taxes. Shipping costs must be stated and be easy to find. You should not add notes such as ‘shipping costs on request’ as this can be confusing and lead to frustration among customers.

Newsletter marketing is a favoured and cost-effective marketing strategy to reach existing and potential new customers. Newsletter registrations are often included on a website as part of an online form. The EU Privacy and Electronic Communications Directive (E-Privacy Directive, 2002/58/EC) forbids the sending of unsolicited marketing e-mails within the EU. This means that if you wish to provide a company newsletter for your customers, informing them of new products or sales for example, you must give users the option to opt in and opt out of receiving these e-mails. As previously stated, it is also a legal requirement that customers have given their consent for you to send their e-mail addresses on to third parties. This is not necessarily a negative thing, as the relentless arrival of unsolicited e-mails from companies and shops in your inbox is considered spam, and can be very annoying to the recipient.

As a shop owner, it’s your responsibility to provide your customers with relevant content in a professional and transparent way. Besides this valuable content, it is also important that pages are clearly marked and always available. The topic of data protection is not only relevant for legal reasons, but is also very important for online businesses from a marketing perspective.

Please note the legal disclaimer relating to this article.