Online retailers – a guide to website compliance

19th July 2021

As the owner of an online shop, you have to make sure that your business and its products or services are legal and that your website meets all legal requirements. Legal certainty isn’t just obtained by choosing and implementing the correct legal status. Your website must also meet important conditions, especially when it comes to legal information such as disclaimers and data protection.

What are these?

Information requirements

Specific information about the organisation and its goods and services must be provided on the website, under the E-Commerce Regulations 2002 and, if selling to consumers, the Consumer Contracts (Information, Cancellation and Additional Payments) Regulation 2013.

Examples include:

  • Name, address and contact details
  • Company and VAT registration details
  • Details of membership of any professional body and any trade registration details
  • Product and service information, including price and delivery details

Website terms of use

All sites should include terms of use that govern how visitors should use the website. Provisions around content liability and intellectual property rights are always recommended. Other terms may also be needed if the website has specific functions, such as a discussion forum or a member-only page.

Trading terms and conditions

All sites should include terms and conditions tailored to the goods and services being sold. Issues typically covered include:

  • Pricing and payment arrangements
  • Delivery obligations
  • Returns and cancellation procedures
  • Liability limitations
  • Remedies for product defect or service failure

If an organisation sells to consumers (rather than businesses) online, the terms will also need to comply with the Consumer Contracts (Information, Cancellation and Additional Payments) Regulations 2013, the Consumer Rights Act 2015 and various other consumer-related rules.

Privacy policy

An organisation that collects and uses personal data, e.g. relating to customers, contacts or enquirers, should have a comprehensive privacy policy, covering issues such as:

  • What personal data is being collected
  • What it is being used for, including any intended disclosure to third parties
  • How a person can access data held about them
  • Who to contact in the case of complaints

If data is intended to be used for direct marketing purposes, an appropriate form of consent should be included. For example, a “box” that users are asked to click to show their agreement to receiving marketing.

Cookies policy

All websites must provide a clear explanation about how they use cookies and tracking technologies. This usually means displaying a cookie policy that tells users what cookies are used, what type of cookies they are and what they used for.

Cookies should only be used where the user has provided freely given specific and informed consent. Many websites use an information banner that includes a short statement about cookie use, a request for consent and a link to the cookies policy.

Need some support on ensuring your online business is legally watertight, we’re here for you – get in touch.


We’re here for you – contact us today

0300 124 0406

Contact Us