What does your website require to be LEGAL?

As websites become more and more essential to our day to day lives, they also have similar legal requirements as a physical business premises. To make things easy for you we’ve created a guide to help get your website legal.

Are you clearly showing your company information?

Your website must show the same information as business letters and order forms.

If you’re a limited company:

  • The company’s registered number
  • It’s registered office address
  • Where the company is registered (England and Wales, Scotland or Northern Ireland
  • The fact that it’s a limited company (usually spelling out the company’s full names including ‘Limited’ or ‘Ltd’)

If you want to include director’s name’s then you must list all of them.

If you want to show your company’s share capital (how much the shares were worth when you issued them), you must say how much is ‘paid up’ (owned by shareholders).

We can’t imagine anyone ever wanting to add the last two optional bits.

For sole traders:

  • Business name
  • Business address
  • Contact email address

Are you VAT registered? If so,  you’ll need to add your VAT number too.

All this information does not need to be on every page but it will need to be easily accessible to avoid getting a slap on the wrist. We recommend adding a link either on your footer or somewhere on the contact page (if you have one).

Do you have a Privacy Policy?

Your privacy policy is a key element of the Data Protection Act 1998 (DPA) and the EU General Protection Regulation (GDPR). It provides transparency by letting your site visitors know how you plan on using their personal data that you may capture.

You may not think that you’re capturing data and therefore don’t need one but if you have any of the following, you’ll need to get a boring old privacy policy:

  • Contact form (no matter how basic)
  • Newsletter signup form (eg. mail chimp, GetResponse or Constant Contact)
  • Webtraffic analytics (such as Google Analytics or Squarespace Metrics)
  • Cookies
  • Shopping cart

Your privacy policy needs to be accessible from every page.  A link to this is, most commonly, found in the footer.

What does your privacy policy need to contain?

  • A short introduction to what cookies your website uses. This can be basic and can save you creating a separate cookie policy page (we’ll explain more about cookies in the next section).
  • How you will be using any visitor data captured and how you will store it
  • A direct link to the Online Dispute Resolution Platform.
    This is a legal requirement as of 2016.
  • You must explain how you adhere to the DPA

As daunting as the privacy policy may look DON’T PANIC!!!
There are hundreds of free templates online or we can do this for you.

If you’re a larger business, it is probably worth speaking to a solicitor to make sure you get everything covered correctly.

Does your website use cookies?

If your website was built within the last 3 years, the answer is probably yes.

Cookies are tiny little files that are stored locally (on your computer or mobile device) when you visit a cookie enabled website. These files can be used in various ways but most commonly, to send user information back to the website owner via Google Analytics. This is to track how visitors have used the website, the pages they’ve visited, how many pages they visited, the Geo-location, the device used and a whole load of other stuff.

Your website visitors must be made aware that your website uses cookies and how to block and/or delete them. As you can imagine, there is more than one way to do this:

  • Option 1: Display a clear link in the footer of your website to your cookie policy (which can be contained inside your privacy policy). We recommend this option as no one likes annoying pop-ups. This is known as implied consent and you must mention that you use it in your cookie policy.
  • Option 2: Display a pop-up which asks if the user is happy for the website to use cookies. Cookies will be blocked until the user clicks ‘OK’. This is known as an ‘opt-in consent’.
  • Option 3: Similar to option 2 but in reverse. Display a pop-up that informs the user that the website uses cookies and show the link to the cookie policy which shows how to block and remove them should they want to. As mentioned in option 1, this is known as implied consent.

T&C’s, Delivery and Returns policies

If you have an eCommerce website, this one is for you!
Make sure your customers can find your terms and conditions of purchase plus your delivery options and your returns/refunds/exchange policy. The link to this page must be clear and as usual it’s normally found in the footer of your website.

Can my Newsletter be ‘Opt-in’ only?

The short answer is no. Remember the Privacy Policy that adheres to the Data Protection Act?  Well you must also comply with the EU Anti Spam Laws too. The Anti Spam Law says that users must give express permission to be sent marketing emails.

If you have an email database, the recipients must have ‘opted-in’ to receive emails from you. Many marketing services such as Mailchimp, Campaign Monitor etc) have clear rules regarding this and if broken, they will close your account.

Have your email database subscribers given ‘opt-in’ permission?

If your subscribers signed up using your website and a subscribe form or have clicked an ‘opt-in to receive newsletters’ box on a contact form or something similar, all is good. This counts as permission.

Did you gain your database through a competition on your website?
If you clearly stated the by entering they would be giving their permission to receive emails, this also counts as permission.

The bottom line is, as long as you clearly show an ‘opt-in’ tick box on the forms on your website, show that by entering a competition they give permission or have clearly marked boxes on printed marketing material that gathers information, you are legally gaining permission.

There is a catch though…

You must also provide instructions or a link that show how to opt-out of the newsletters in every email. This is part of the same law and is a legal requirement.

Accessibility, it’s not just for physical shops and restaurants.

The Equality Act 2010 means that you must make your website as accessible as possible to all users, including the visually impaired. You must also take certain actions to make your website as readable as possible for screen readers. This is  laid out in the W3C “Web Content Accessibility Guidelines” and you can find an introduction to making your services accessible on the Gov.uk website.

If you manage your website yourself, you should probably (most definitely) give these a read, alternatively we can do this for you.

No doubt most of you won’t read the links (they’re not very exciting) so here’s the basics:

  • Use ‘Alt tags’ religiously! There must be text equivalents for all non-text elements (eg, any image based media). If you use WordPress, these are very easy to apply when uploading your image files.
  • You must be able to read your website as pure HTML and without as CSS style sheet. As before, if you are using WordPress, this should be fine as the themes are usually built with this in mind.

If your website used alt tags instead of images, how would it read?
If it contains a lot of blank spaces then you have some work to do.

Do I need an SSL certificate, what does it do and why are there so many to choose from?

Do I legally require an SSL certificate?
This one is mainly for eCommerce websites and the answer is not a simple yes or no.

If you take card payments directly on your website, the answer is Yes.
The Payment Card Industry Data Security Standard law states that you must take the necessary precautions to keep visitor bank details safe.

If you take payments using 3rd party websites (such as PayPal), the answer is no.

But…
Although you may not legally be required to have an SSL certificate,  on any eCommerce website, we always recommend using one to keep other data safe (email addresses etc). This in turn helps instil trust with your potential online customers.

Would you buy anything from a website that didn’t have an SSL certificate?
I for one, definitely would not!

What is an SSL Certificate and what does it do?
SSL (Secure Socket Layer) Certificates are small data files that that digitally bind a cryptographic key to an organisation’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.

Why is there so many and which should I choose?
There are 3 main types of SSL Certificate which have different levels of validation.

  • Domain Validation (DV)
    These are ideal for securing personal websites, blogs and Facebook Apps. They are easily obtained and activated with no paperwork required.
  • Organisation Validation (OV)
    OV SSL’s are for securing sites that take in customer information (login credentials etc). They also come with a dynamic site seal and trustworthy features to help visitors check that the company is in fact authentic and in turn, ensure greater trust. Paperwork is required.
  • Extended Validation (EV)
    These are for websites that take in more sensitive information (credit card details, personal data etc). EV SSL certificates also give the ‘magic green bar’ of trust (the same as your banking website). They have the highest trustworthy feature and as you can guess, paperwork is required.

The fun doesn’t stop there! These three types of SSL come in a variety of flavours; all with different descriptions, warranties and uses.

But which one is for you?
Every business is unique and because of this, we would never be able to advise on which SSL is the right for your business without knowing what you do. Most hosting companies have a preferred SSL certificate supplier and will help you choose and install your SSL. However, if it all seems a bit daunting then we would be happy to help.

That’s it! Our guide to keeping you and your website on the right side of the law is complete.


Please note: Do not take this guide as gospel. It should be only used as a guide and nothing more. I’m not a lawyer and the information provided has been created by some seriously mind numbing research.