How to make your online store legally watertight

Starting up a business is a dream that many people have. But the saying "be your own boss" comes with responsibilities. As the owner of an online shop, you have to make sure that your business and its products or services are legal and that your website meets all legal requirements. Legal certainty isn’t just obtained by choosing and implementing the correct legal status. Your website must also meet important conditions, especially when it comes to legal information such as disclaimers and data protection.

We’ll show you what you should consider to ensure the online shop you have created is legally compliant.

The legal basics of a web store

The legal basics of eCommerce differ from those of stationary commerce. In addition, there are various legal aspects that only apply to online shops

All three regulations follow the same goal: to protect user and customer data and ensure that the process by which companies collect data is transparent. Therefore, web shop owners need to inform their customers of how they store personal data in case of a purchase and cookies when they access the sshop website. If you fail to provide the necessary information, you could risk high fines. So if you’ve yet to install a solution that informs customers about how you track cookies, you’re better off not tracking any user activities just yet.

The obligation to provide information about how user data is handled is not the only stumbling block on the way to a legally secure online shop. The following points also play an important role in creating a legally compliant online shop:

  • Tools for error detection and correction: Provide your customers with tools that alert them to input errors in the course of their order so they can be corrected before they are submitted.
  • Copyright notice: Your online shop is a commercial web project. If you plan to use content such as images and photos, for which you don’t own the copyright, their use must be contractually agreed upon. You can find out more about online image rights in our article on the topic.
  • Confirm receipt of order on a ‘permanent data carrier’: You are obliged to confirm contract terms associated with any purchase made in your shop on a ‘permanent data carrier’, such as email or a paper printout that is added to the shipment.
  • Label the order button correctly: The button that customers use to place an order must be clearly labelled as such. Labels such as ‘Pay now’ or ‘Buy’ are recommended, while ‘order’ or ‘register’ are inadequate or even misleading and therefore not legally compliant.
  • Observe geo-blocking prohibitions: You can set the delivery areas for orders through your shop individually, but your offer can’t exclude users whose place of residence falls outside of your delivery area. You can find more detailed information in our article on geo-blocking prohibition.
New call-to-action

If your online shop is aimed exclusively at commercial clients, this should be clearly stated on your website. A simple note hidden in your terms and conditions is not sufficient to comply with your information obligation about your online shop’s strategic direction.

How the coronavirus has affected eCommerce

In times of the coronavirus pandemic, a legally compliant online store is now more important than ever. After all, eCommerce businesses have profited from strict regulations imposed on public life which has affected stationary stores more than most other businesses.

There is no doubt that both large sales platforms such as such as Amazon and eBay as well as many web shops have benefited from the crisis in recent months. Shops that primarily sell clothing and luxury goods (cars, watches, etc.) on the other hand, have suffered a drop in sales, especially during spring 2020. The same applies - not surprisingly - to the tourism and entertainment industries. It’s a problem that has quickly threatened the existence of many operators of smaller online shops.

Additionally, eCommerce logistics have been hampered by the coronavirus crisis. In some instances, production and delivery chains could not be maintained, which has led to customer complaints about long waits for ordered goods. For shops that rely on drop shipping, i.e. those whicch don’t have their own warehouses, this spells disaster.


Make sure you inform your customers about any logistical issues as a consequence of the coronavirus crisis to gain their sympathy for the difficulties this has put your business under. Complying with the law may not be enough. Instead, you should also display warnings and COVID-related notices prominently on your website.

As a reliable digital partner, IONOS supports you during these difficult times. Our extensive range of support services can be viewed on our dedicated page.

Legally secure online store check list: the most important elements

It’s never been more important to watch out for the legal aspects of online shop creation and maintenance. eCommerce plays a central role in our daily lives and it hasn’t even reached its full potential just yet. The following checklist summarises the most important duties and building blocks to create a legally compliant online shop.


Looking to create an online shop that is legal and supports you in reaching your sales goals? The  eCommerce website builder from IONOS provides the perfect solution for shops with up to 5,000 products!


A disclaimer is a legal notice covering the basic issues that could arise when operating a website. Many websites can use a simple disclaimer, although other business may find they need something more specialised depending on what products or services they offer.

Terms and conditions

The T&Cs are the rules for using your website. This page isn’t technically a legal requirement, but it might be better to have one so you have all bases covered. Having a terms and conditions page helps protect your rights to content on your site and can reduce liability if the worst comes to worst and you’re taken to court. The court would look at the terms and conditions to see what kind of contract stands between the operator and the customer and see if the plaintiff has any ground to stand on. In order to limit your liability, you should add a disclaimer saying that you aren’t responsible for any statements made by third parties. It’s also advisable to include a copyright notice such as 'Copyright © 2020.' to protect your site and its content.

The errors you should avoid when writing your terms and conditions are summarized in our dedicated article on “Common mistakes when creating T&Cs“.

Privacy policy

A privacy policy tells website visitors what type of personal information you are collecting from them and how you plan to use it. Data privacy and the protection of personal data are a legal requirement, according to the UK Data Protection Act 1998, as well as being considered fundamental human rights in the Charter of Fundamental Human Rights of the European Union (CFR) 2009, and is protected within the EU by the Data Protection Directive. Companies and shops are required to alert the Office of the Information Commissioners if they are collecting users’ data. It is also advisable to specify if you don’t intend to collect any information (such as e-mail addresses and names), so visitors feel at ease and may be more likely to stay on your site. If you have a contact form on your website (e.g. for customers to subscribe to your newsletter), you should let visitors know how any information they enter will be used.

The aforementioned European GDPR and online cookie regulations should also be considered here.

Cookie notices and options to agree

While you must notify your customers that you’re using cookies, you can employ tracking solutions without their explicit consent. It’s recommended that you install a solution that notifies your customers and allows them to give consent of cookie tracking. These notices must reach your customers before their data are being transmitted. Typically, this process is presented in the form of a pop-up which informs about how you store data and allows customers to accept or deny the use of cookies.

Depending on your know-how and abilities, you can program the cookie pop-up yourself or use a cookie consent tool. For Content Management Systems, there are various plug-ins available to include cookie notices to make sure your web shop complies.


In our guide on WordPress cookie plug-ins we present the four best extensions for easy and quick cookie consent in WordPress!

Product descriptions

To create a legally compliant online shop, your product descriptions must be complete and not give a false impression of products. Check that all necessary information is included and that relevant pieces of information are accurate. Typical sources of illegal information include, for example, the following product details:

  • Product type
  • Ingredients/components
  • Date of manufacture
  • Availability
  • Fitness for purpose
  • Possible uses
  • Quantity
  • Origin

Shipping and delivery policy

This kind of policy is required so that customers know when to expect their products and how they will be delivered. It’s important that customers know the expected delivery periods and costs otherwise they may look elsewhere if they can’t find the information. Including a discount or promotion can encourage customers to buy more, for example, 'free shipping on orders over $100'.

Refund policy

Refunds are a normal part of online business and customers will want to return or exchange their goods from time to time. They are more likely to make a purchase if they know they can send the product back if it’s not to their satisfaction. UK online customers can request a cancel refund within 14 days of receiving their goods. They then have another 14 days to send the goods back to you. If you do not make the customer aware of their right to cancel, they may cancel their order any time within the next 12 months, with 14 days to return the goods from the date they informed you according to UK government regulations.

A good idea is to include the refunds policy with the terms and conditions, so that buyers know their rights and what to expect. You could embed a check box onto your site so that users have to agree to the terms and conditions, so you know they have read them and you are protected should any problems arise.

Payment methods

It’s important for online business owners to offer a range of payment methods so that every visitor is catered to. You could lose a potential customer if they don’t see their preferred method offered. You must ensure that you provide at least one payment method that doesn’t incur additional charges.

You must let your customers know if there are charges for using credit cards or other payment methods. This should be explained as part of the order process and in detail on a sub-page that provides more information about the payment options.

If you are creating a legally compliant online shop, be sure that your payment options comply with the Payment Card Industry Data Security Standard (PCI DSS), which help prevent fraud by creating increased controls around data, particularly companies or shops which store or process card information.

Order button

As mentioned, the order button must be explicitly labelled as such to ensure your online shop is legally watertight. In the past, there have been cases of dubious and fraudulent methods to lure victims into subscriptions. In these cases, customers would enter subscription contracts without their knowledge.

Customers should be able to see that by clicking on a button they are entering a sales contract. Therefore, the button should use text that makes this obvious, such as

  • ‘Buy now’
  • ‘Order now’
  • ‘Commit to pay’
  • ‘Commit to purchase’

You should refrain from using dubious wording such as ‘Finish shopping’, ‘Register’ or even ‘Next’.

Shipping times

If there’s no additional information, a customer can expect that products are available immediately. In most cases, immediately is defined as within five days. A shipping policy is required so that customers know when to expect their products and how they will be delivered. It’s important that customers know the expected delivery periods and costs, otherwise they may look elsewhere if they can’t find the right information. Including a discount or promotion can encourage customers to buy more, for example "free shipping on orders over £100".

Product and delivery costs

All product and service costs listed on your website must be accurate and complete. Product prices should list the cost including and excluding sales taxes. Shipping costs must be stated and be easy to find. You should not add notes such as ‘shipping costs on request’ as this can be confusing and lead to frustration among customers.

Double opt-in newsletter

Newsletter marketing is a favoured and cost-effective marketing strategy to reach existing and potential new customers. Newsletter registrations are often included on a website as part of an online form. The EU Privacy and Electronic Communications Directive (E-Privacy Directive, 2002/58/EC) forbids the sending of unsolicited marketing e-mails within the EU. This means that if you wish to provide a company newsletter for your customers, informing them of new products or sales for example, you must give users the option to opt in and opt out of receiving these e-mails. As previously stated, it is also a legal requirement that customers have given their consent for you to send their e-mail addresses on to third parties. This is not necessarily a negative thing, as the relentless arrival of unsolicited e-mails from companies and shops in your inbox is considered spam, and can be very annoying to the recipient.

Conclusion: not without a lawyer

As a shop owner, it’s your responsibility to provide your customers with relevant content in a professional and transparent way. Besides this valuable content, it is also important that pages are clearly marked and always available. The topic of data protection is not only relevant for legal reasons, but is also very important for online businesses from a marketing perspective.


You can boost customer trust by using a trust seal for your online store. If you apply for a trust seal, a team of experts will judge your shop standards according to existing data security, safety, return policy, delivery, and payment policy regulations. This way you can be sure that you created a legally compliant online shop.

Please note the legal disclaimer relating to this article.