Ecommerce Fundamentals (7)
Ecommerce Financial Secrets (4)
Build, Manage & Grow (5)
Marketing & Acquisition (37)
Conversion & Retention (20)
Analytics & Reporting (2)
IRP Research (22)
Inspiration & Opinion (21)
The IRP Platform (2)
Ensure you comply with legislation

Ecommerce Legals

Trading in ecommerce through the IRP platform opens up some new legal requirements for companies.
7 min read

Trading in ecommerce through the IRP platform opens up some new legal requirements for companies.

To a large degree these are not as complicated as might be anticipated, but it is important to understand:

  1. What information you must provide in your ecommerce site.
  2. What your legal obligations are to your customers.

It is important to comply with legislation, but it is also important to understand that overall common sense prevails.

Good customer service is key to ensuring that relations with customers remain positive. It is important to understand that the internet provides many outlets for feedback — so it is critical to keep legal but also to keep customers happy.

The fact that you are often trading internationally means that it is simply not possibly to know every legal requirement for each zone without the advice of experts in the field. However, stating clear Privacy Policy, Returns Policy, Cookie Policy, Data Protection Policy, Company Address, Company Number and Contact Details should mean that you never experience a legal issue for standard consumer goods. Our advice is to ‘seek advice’, but not to be concerned — international ecommerce is a standard part of commerce for anyone who trades online.

In the United Kingdom if are running an IRP, there are three acts and directives that you should comply with:

  • Data Protection Act 1998
  • Distance Selling Act 2000
  • Ecommerce Directive 2002

Data Protection

This is an area that companies often ignore, however you do have obligations to your customers if you collect data on them:

  1. You must register under the Data Protection Act if you collect any kind of information about people. These could be your customers, employees or potential customers. This information includes names, addresses, telephone numbers and email addresses.
  2. You must state what you do and intend to do with your subjects’ data and not deviate from that statement.
  3. The Act applies to any size of business.
  4. You must not export the personal data outside the EC (European Community) without permission from the people you are collecting data on.
  5. You must ensure that all information is held securely and must be revealed or deleted upon request from the subjects of the information.
  6. You must only record data that is pertinent to your prime business needs.

Consumer Protection (Distance Selling) Regulations

The Consumer Protection (Distance Selling) Regulations 2000 apply to many ecommerce websites. However, they are not applicable to ‘business-to-business’ transactions. The basic requirements are also often exceeded by the companies’ own policies.

  1. You must provide clear information about your products and services before purchase.
  2. You must be clear about postage and packing costs and whether VAT or any other tax is included in the prices shown on your website.
  3. You must provide a written confirmation of order following purchase, for example a confirmation email.
  4. You must allow a “cooling off” period whereby the customer can change their mind and cancel or return the order within seven working days for most goods from the point they receive them. Certain exclusions do apply with items such as perishable items and digital-only items.
  5. You must inform your customers of their right to cancel their order with no loss other than return postage and packing. This does allow you to not return the cost of the postage that you paid to ship the item.

Ecommerce Directive

  1. You must display the name of your business, the company registration number (or proprietor’s name), geographical address (not a PO Box number), contact information e.g., telephone number and email address, VAT registration number (if registered).
  2. You may refer to trade or professional schemes, if applicable.
  3. You must provide clear information on price, tax and delivery to buyers.
  4. You must clearly display your site’s Terms and Conditions of Sale.
  5. You must acknowledge all orders that are placed.
  6. In commercial communication with your customers, you must clearly identify any electronic communication designed to promote your goods or services.
  7. You must clearly identify yourself as the sender of all electronic communication.
  8. You must clearly define any promotional offers and the qualifying conditions regarding these offers.
  9. If you send unsolicited emails, you must clearly identify them as unsolicited.

Information Commissioner’s Office E-Privacy Directive (the ICO Cookie Law)

This law relates to the storage of, or gaining access to, information stored in the devices of visitors or users of your website. This means the use of cookies and similar technologies for storing information.

  • Your website must provide clear and comprehensive information about the purposes of the storage of, or access to that information — your Privacy Policy that includes your Cookie Policy.
  • You can ‘assume’ that consent has been given for your site to use cookies, as long as the above point has been carried out (clear and prominent information made available to visitors, on the cookies used by your site).
  • Cookies used for functional purposes do not require consent. Cookies not from a third-party that are required to make the IRP work do not require consent or opt in.

Beyond these legal obligations, you have VAT and Tax considerations that may apply when you reach certain thresholds of sales to EU countries. These thresholds vary by country but are often not noticed or enforced by the countries. It is important to be aware that they do exist.

PCI Compliance

For companies handling credit cards, the PCI Security Standards are required to be met to ensure that you are in compliance with the required standards to handle card data. The IRP is PCI Level 1 Compliant, however you often need to attest your own compliance if it is required. This can be time consuming, however if turnover is small, self-assessment is generally allowed.

Additional Reading

You must be logged in to comment on this article. Click here to Login to the IRP World

Copyright © 2020 IRP Commerce. Use of this website constitutes acceptance of the IRP World Terms of Use, IRP Privacy Policy and IRP Cookie Policy

IRP Commerce Limited, Concourse 3, Catalyst, BT3 9DT, UK. Company Number: NI 041856. VAT Number: GB 888249658
A Deloitte Fast 50 Company seven times: 2010, 2011, 2012, 2013, 2014, 2018 & 2019