Opening an online shop or ecommerce website involves so many details (coordinating all the catalogue information, synchronising it with other channels and software, thinking about order logistics...) that sometimes the smallest and most important ones are overlooked.
Legislation is becoming more and more demanding and rigorous about the treatment of data and shoppers' rights. And these extend to the digital sphere, where the number of transactions is constantly increasing, as well as the number of problems and scams from which consumers must be protected.
The main responsible party is the business or shop: that is, you as a representative of the brand, manufacturer or retailer. Complying with all legal aspects of e-commerce should always be the first task when opening or updating an online shop, and an aspect that should be continuously reviewed.
Knowing and complying with the legal requirements for online sales gives the shop credibility, inspires confidence in the user and avoids annoyances such as complaints from buyers and official sanctions for non-compliance, which can exceed 20,000 euros.
Legal requirements that an online shop must include
Information and legal notice of the company
The legal notice is the basic section that any online shop must include, clearly and visibly, in the footer or menu of the entire website, including other related domains or blogs.
This section should detail the data that the website collects for its operation, the use and treatment given to them, and the person responsible for such data. This involves marking the full information of the company, such as company name, activity, number in the Commercial Register, VAT number, owner of the website, and contact details, such as postal address, email or telephone (which should never add an extra fee to the user).
In short, the legal notice is the detailed and complete document about the processing of personal data and the rights of the user who visits the online shop, and the general conditions of the website use.
¡Watch out! It is tempting, but no online shop should copy the legal notice of another similar website, by changing the key information. It is advisable to have a specialised lawyer to deal with this and all the other legal aspects of e-commerce that we are going to see.
User data protection: GDPR
The General Data Protection Regulation is a long-standing issue, but it became fully mandatory as of 25 May 2018 in the European Union.
This means that companies are obliged to include on their websites and online shops the terms and conditions of use and purchase in an intelligible and easy to find way, without technical or convoluted legal language.
In ecommerce, it is necessary to collect data from the buyer in order to carry out transactions and deliveries, but this must always be preceded by clear and explicit consent from the user. If that person has not made any purchases in the website, you are obliged to delete their data, and also of those who do make a purchase but have not consented to you storing their data, or ensure that it will be stored securely and that it will not be used for commercial purposes or shared with third parties.
In addition, the protection of buyer data involves two separate consents:
- On the website’s terms of use.
- On the personal data processing.
This leads to the following:
Cookies policy
In order to always keep the user well informed about what data will be collected and for what purposes, it is mandatory to include a clear cookie policy. With the latest regulations, it is necessary to display a pop-up window with consent boxes for different uses of data, from mandatory to supplementary ones that aim to optimise navigation.
Besides from this window, it is also advisable to detail the information in a fixed section of the website, within the privacy policy (which we will see below).
Two types of cookies are considered:
- Mandatory, which the user cannot uncheck if they want to visit the website.
- Tracking, which is unnecessary and therefore optional for the user. You must be informed about how this data will be stored and how you can request their deletion.
Privacy policy
In this legal document, the company declares the use of data collected through cookies and other transactions carried out in the online shop (forms, purchase...).
The ecommerce privacy policy should detail what data is retained, how it is collected (e.g. through cookies), for how long it is stored, how to modify or delete that data, and the processing of that data by the company and third parties (such as shipping and logistics services). The company also commits to communicate errors, incidents and security breaches that may affect stored user data.
It is important to highlight this privacy policy in the footer of the navigation, but also to link it clearly from any part of the shop where any data transaction is going to be carried out, such as the purchase checkout, the registration in a newsletter or the sending of a form.
Don't forget! If you store your customers' or suppliers' data in any kind of file, you must register them with the Spanish Data Protection Agency (AEPD).
Full product content
Compliance with legal requirements in an online shop does not only concern long and tedious documents. It also applies to something as common as the product information you display on catalogue and product sheets.
If the product data provided to the buyer is not correct, it can lead to misunderstandings where the law considers you to be providing fraudulent information. For example, a buyer could accuse you of breach of contract if he finds erroneous or divergent data with the final product received about:
- The type of product
- The composition of the product
- The date of manufacture
- The stock
- The quantity (whether it includes different parts or is made up of several items)
- The price (which must specify VAT and shipping costs)
The safest way to keep all product data under control and ensure that it is up to date and correct in an online shop (and all other sales channels) is a PIM system such as Sales Layer.
Automating the management of product data is indispensable for shops and catalogues that have thousands of references and want to offer their customers the most reliable shopping experience.
Cybersecurity in payments: PSD2
Since 14 November 2020, this new payment system has been in place throughout Europe and aims to standardise online payments and increase security for shoppers.
When making a purchase in an e-commerce or giving bank card details on a website in the European Union, the company must comply with two legal aspects:
On the one hand, to include 2 minimum elements of user authentication:
- Something that the user knows (their PIN or password).
- Something the user has (a device, where he/she receives a temporary key)
- Something that the user is (biometric security measures, such as facial, fingerprint, eye recognition...).
And on the other hand, the purchase process must include 3 phases:
- Checkout in the seller's online shop.
- Authorisation of the online purchase in a secure environment of the buyer's bank.
- Verification of purchase back on the website.
Unambiguous navigation and UX
The online shop must explain all these legal requirements that affect the visit and purchases on the website... and therefore the navigation itself must also be clear and easy.
Among the elements that should not be misleading in an online shop are the buttons and actions that lead to the purchase. It is necessary to use short, standard terms such as "Add to cart", "Buy", "Pay now".
Using more original but potentially confusing language would be in breach of the law if it misleads the buyer.
Communication of the purchase: ecommerce contract
The most important step in an online shop is the confirmation of purchase. Here, the user is concerned with the protection of the personal and banking data he is about to provide, and whether he consents to the company storing them or whether he must delete them immediately.
But the legal aspects also affect the purchase contract itself. The shop must provide full details of the transaction, the conditions under which it was done and the rights attached to it.
For example, it is mandatory to specify the payment methods available, in which currency the purchase is charged, the guarantee (by law minimum 2 years), how the shipment is made and the delivery time. If nothing is specified, by law the maximum is 30 days.
In addition, it is mandatory for the shop to confirm the buyer's order on a "durable medium". That is to say, to send him the purchase details in a document that he can keep, either in an email or a printed invoice attached to the order.
Another key legal aspect here is the return policy, which must be clear to the consumer. By law every buyer can return goods within 14 days, or one year if the company does not offer a full returns policy.
Consent to communications
More and more online shops are taking advantage of their website to collect information from users who do not make a purchase, or to try to engage those who are interested. The most common way of attracting them is by subscribing to newsletters, news bulletins and windows where they can access exclusive offers and promotions.
Although this usually only involves asking for their name and email address, it is also mandatory to include a consent box for the transfer of data and a link to privacy texts detailing the use of this data.
Intellectual property: images, videos and other resources
Finally, one detail that can affect online retail shops is intellectual property.
Brands and manufacturers often use their own graphic resources and therefore own the intellectual property of the materials. However, many online retail shops that sell third-party products include images, videos and other third-party resources without explicit consent, or reuse social media posts from followers or influencers without having confirmed the use.
Always review the terms of use of others' branding and graphic materials, which should be detailed in the supplier or distribution contract.
We recommend that you have legal assistance, preferably specialised in ecommerce, to ensure compliance with the legal aspects of your ecommerce. Reviewing it will save you from many problems before the law and customers, and that has a positive impact on your brand image.
And to ensure that product content is accurate across your online shop and any of your sales channels, try Sales Layer's PIM and discover the time you can save on data handling, complaints and returns from shoppers who found incorrect product data.
