Keeping it Legal – A Guide to Trading On-line for Start-Ups (Guest Blog)

These days the internet is hugely accessible for start-up businesses. It’s easy to develop a functional, professional looking website for your business at very little cost. Setting up an on-line shop isn’t much harder: there are low cost turnkey solutions for store fronts and payment gateways to integrate with your website or even your Facebook page. While it’s easy to focus on what your website should look like, it’s important not to overlook your legal obligations when developing an on-line presence.

There are several areas of the law which can affect the design of both your website and business processes and, therefore, should be addressed before you start trading on-line. Time spent up front ensuring you comply with the law could save you time, stress and money later on and enhance your on-line presence from day one.

Here is an overview of some key aspects of the law to consider:

The Data Protection Act 1988

If you collect personal information such as name, address, telephone number etc. from visitors to your website then you are required (amongst other things) to:

• Register with the Information Commissioner (as a data controller)
• Clearly tell website visitors what information you collect and how you use the information
• Not transmit the data outside the European Economic Area (unless the country provides an adequate level of protection)
• Keep the data securely and disclose, reveal and delete it if so requested by the data subject.

Most websites meet their obligation to inform visitors of what information they collect and how it is used by linking to an appropriate Privacy and Cookies Policy section within the website.
If your website is hosted outside the EEA or you use a payment gateway that is hosted outside the EEA then you will be transmitting data outside the EEA. This may be ok so long as the recipient country is on the Information Commissioner’s list of countries providing adequate safeguards (e.g. Canada, Guernsey, Isle of Man, Israel, New Zealand, Switzerland) or, if the recipient is in the USA, has signed up to the Safe Harbour Scheme.

You can find out more about data protection at the Information Commissioner’s website

The ‘Cookie Law’

The EU e-Privacy Directive, more commonly known as the ‘Cookie Law’ requires that websites obtain informed consent before creating cookies or similar (e.g. Local Shared Objects) on a website visitor’s computer.

You do not need to obtain consent for cookies that are essential to the functioning of the website e.g. session cookies used to implement a shopping basket. You do, however need consent for other forms of cookies such as those created by website metrics services (e.g. Google Analytics) and 3rd party advertising. Implied consent is acceptable for analytics-style cookies but other, more intrusive, cookies such as 3rd party tracking cookies require explicit consent.

You should clearly explain, on your website, what cookies you create and their buy adderall 30 review purpose. A good place for this information is on your website’s Privacy and Cookie Policy page. An easy and free approach to implement the correct level of consent is to use the cookie control widget from CIVIC at

Consumer Protection (Distance Selling)

The Distance Selling Regulations apply to business to consumer transactions when there is no face-to-face contact between the buyer and seller – so it covers both internet and brick and mortar retailers. This legislation gives the consumer a statutory cooling-off period and a right to cancel for many types of purchase of both goods and services, although there are exemptions.

The key points of the Distance Selling Regulations are:
• Customers must be given clear, up-front information about the goods and services before buying (including their right to cancel).
• Goods must be delivered within 30 days unless stated elsewhere e.g. as part of the terms and conditions of sale displayed on your website.
• The buyer has a 7 (working) day cooling-off period during which they can cancel the contract for any reason.
• If the buyer exercises they right to cancel (by notifying the seller of such by email or other ‘durable’ medium) then the seller must refund all monies paid within 30 days.
So, your website must be designed to ensure that the customer is told of their right to cancel prior to purchase and that your back-end processes cater for refunds and accepting returned goods.

E-Commerce Regulations

The Electronic Commerce Regulations 2002 are aimed improving customer confidence when buying on-line.

For on-line businesses in the UK you must show on your website:
• The full name of your business, geographic address and contact details (including an email address)
• Details of any trade association to which your business belongs e.g. Federation of Master Builders
• Details of any authorisation scheme
• Details of any professional bodies, with qualifications recognised across Europe, to which your business belongs e.g. the Institute of Chartered Accountants
• Your VAT number if you are VAT registered
• Clear information, prior to purchase, on price, tax and delivery costs.
• Clear Terms and Conditions of sale, provided in a way such that the customer can store and reproduced (print) the text.
You must also:
• Acknowledge orders promptly by email
• Allow the customer to see details of the order and correct any errors before placing the order.

Much of the information the E-Commerce Regulations requires can be included in your website’s ‘About Us’ or ‘Contact Us’ page. Your terms and conditions of sale would be best included on another web page with links from appropriate points during the purchase process.

Most shopping cart software will generate automatic email confirmation of orders and will allow orders to be amended before the order is finalised.


Joanne Tucker is the Technical Director of, one of the UK’s leading suppliers of online legal document templates.

Image courtesy of sheelamohan