As websites become more and more essential to our day to day lives, they also have similar legal requirements as a physical business premises. To make things easy for you we’ve created a guide to help get your website legal.
Are you clearly showing your company information?
Your website must show the same information as business letters and order forms.
If you’re a limited company:
- The company’s registered number
- It’s registered office address
- Where the company is registered (England and Wales, Scotland or Northern Ireland
- The fact that it’s a limited company (usually spelling out the company’s full names including ‘Limited’ or ‘Ltd’)
If you want to include director’s name’s then you must list all of them.
If you want to show your company’s share capital (how much the shares were worth when you issued them), you must say how much is ‘paid up’ (owned by shareholders).
We can’t imagine anyone ever wanting to add the last two optional bits.
For sole traders:
- Business name
- Business address
- Contact email address
Are you VAT registered? If so, you’ll need to add your VAT number too.
All this information does not need to be on every page but it will need to be easily accessible to avoid getting a slap on the wrist. We recommend adding a link either on your footer or somewhere on the contact page (if you have one).
- Contact form (no matter how basic)
- Newsletter signup form (eg. mail chimp, GetResponse or Constant Contact)
- Webtraffic analytics (such as Google Analytics or Squarespace Metrics)
- Shopping cart
- How you will be using any visitor data captured and how you will store it
- A direct link to the Online Dispute Resolution Platform.
This is a legal requirement as of 2016.
- You must explain how you adhere to the DPA
There are hundreds of free templates online or we can do this for you.
If you’re a larger business, it is probably worth speaking to a solicitor to make sure you get everything covered correctly.
If your website was built within the last 3 years, the answer is probably yes.
Cookies are tiny little files that are stored locally (on your computer or mobile device) when you visit a cookie enabled website. These files can be used in various ways but most commonly, to send user information back to the website owner via Google Analytics. This is to track how visitors have used the website, the pages they’ve visited, how many pages they visited, the Geo-location, the device used and a whole load of other stuff.
T&C’s, Delivery and Returns policies
If you have an eCommerce website, this one is for you!
Make sure your customers can find your terms and conditions of purchase plus your delivery options and your returns/refunds/exchange policy. The link to this page must be clear and as usual it’s normally found in the footer of your website.
Can my Newsletter be ‘Opt-in’ only?
If you have an email database, the recipients must have ‘opted-in’ to receive emails from you. Many marketing services such as Mailchimp, Campaign Monitor etc) have clear rules regarding this and if broken, they will close your account.
Have your email database subscribers given ‘opt-in’ permission?
If your subscribers signed up using your website and a subscribe form or have clicked an ‘opt-in to receive newsletters’ box on a contact form or something similar, all is good. This counts as permission.
Did you gain your database through a competition on your website?
If you clearly stated the by entering they would be giving their permission to receive emails, this also counts as permission.
The bottom line is, as long as you clearly show an ‘opt-in’ tick box on the forms on your website, show that by entering a competition they give permission or have clearly marked boxes on printed marketing material that gathers information, you are legally gaining permission.
There is a catch though…
You must also provide instructions or a link that show how to opt-out of the newsletters in every email. This is part of the same law and is a legal requirement.
Accessibility, it’s not just for physical shops and restaurants.
The Equality Act 2010 means that you must make your website as accessible as possible to all users, including the visually impaired. You must also take certain actions to make your website as readable as possible for screen readers. This is laid out in the W3C “Web Content Accessibility Guidelines” and you can find an introduction to making your services accessible on the Gov.uk website.
If you manage your website yourself, you should probably (most definitely) give these a read, alternatively we can do this for you.
No doubt most of you won’t read the links (they’re not very exciting) so here’s the basics:
- Use ‘Alt tags’ religiously! There must be text equivalents for all non-text elements (eg, any image based media). If you use WordPress, these are very easy to apply when uploading your image files.
- You must be able to read your website as pure HTML and without as CSS style sheet. As before, if you are using WordPress, this should be fine as the themes are usually built with this in mind.
If your website used alt tags instead of images, how would it read?
If it contains a lot of blank spaces then you have some work to do.
Do I need an SSL certificate, what does it do and why are there so many to choose from?
Do I legally require an SSL certificate?
This one is mainly for eCommerce websites and the answer is not a simple yes or no.
If you take card payments directly on your website, the answer is Yes.
The Payment Card Industry Data Security Standard law states that you must take the necessary precautions to keep visitor bank details safe.
If you take payments using 3rd party websites (such as PayPal), the answer is no.
Although you may not legally be required to have an SSL certificate, on any eCommerce website, we always recommend using one to keep other data safe (email addresses etc). This in turn helps instil trust with your potential online customers.
Would you buy anything from a website that didn’t have an SSL certificate?
I for one, definitely would not!
What is an SSL Certificate and what does it do?
SSL (Secure Socket Layer) Certificates are small data files that that digitally bind a cryptographic key to an organisation’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.
Why is there so many and which should I choose?
There are 3 main types of SSL Certificate which have different levels of validation.
- Domain Validation (DV)
These are ideal for securing personal websites, blogs and Facebook Apps. They are easily obtained and activated with no paperwork required.
- Organisation Validation (OV)
OV SSL’s are for securing sites that take in customer information (login credentials etc). They also come with a dynamic site seal and trustworthy features to help visitors check that the company is in fact authentic and in turn, ensure greater trust. Paperwork is required.
- Extended Validation (EV)
These are for websites that take in more sensitive information (credit card details, personal data etc). EV SSL certificates also give the ‘magic green bar’ of trust (the same as your banking website). They have the highest trustworthy feature and as you can guess, paperwork is required.
The fun doesn’t stop there! These three types of SSL come in a variety of flavours; all with different descriptions, warranties and uses.
But which one is for you?
Every business is unique and because of this, we would never be able to advise on which SSL is the right for your business without knowing what you do. Most hosting companies have a preferred SSL certificate supplier and will help you choose and install your SSL. However, if it all seems a bit daunting then we would be happy to help.
That’s it! Our guide to keeping you and your website on the right side of the law is complete.
Please note: Do not take this guide as gospel. It should be only used as a guide and nothing more. I’m not a lawyer and the information provided has been created by some seriously mind numbing research.