Just as a physical shop or office has legal requirements, such as insurance, so does your website.
Your website is your virtual HQ, and you want it to be as safe and secure as possible. But you also definitely want it to be legal, or else it could land you in a spot of trouble...
- You have a contact form on your website (even just a simple one!)
- You have a shopping cart on your website
- You collect email addresses through a newsletter sign up form on your website
- You have cookies on your website (eg, if you have any kind of analytics about your website traffic, such as Squarespace metrics & Google Analytics, you have cookies)
- A link to the Online Dispute Resolution Platform (this is a new legal requirement for 2016, so double check you have this in place!)
- How you will be using any customer data you collect, and how you will store it
- A link to and explanation of how you adhere to the Data Protection Act
Cookies are small files that are stored on a user's computer when they go to a website that has cookies enabled, and these files are used to send information back to the owner of the website (eg, Google Analytics cookies will track how many pages a user has visited and other information).
- You can block cookies on your website until the user consents to using them by clicking 'OK' on a pop-up asking them if they're happy to have cookies (this is called opt-in consent)
Are You Displaying Your Company Information?
As a business owner, it is a legal requirement to clearly display company information on your website. As of 2016, it is also a legal requirement for any website owner to clearly provide an email address on your website (ie, you can't just have a contact form alone).
For registered companies (LTD/LLC, PLC etc), you must include:
- The business name
- The place of registration (eg, England & Wales, Scotland etc.)
- Registered office address
- Trade association membership (if any)
- A contact email address
- VAT number (if any)
For sole traders, you must include:
- The business name (this may be just your name)
- The registered office address
- A contact email address
This information does not have to be displayed on every page of your website, but it should be clearly accessible. Some might put this information on their contact page for example.
Is Your Website Accessible?
Due to the Equality Act 2010, you must make your website accessible to all users, including the visually impaired. As laid out in the Priority 1 W3C guidelines, this means taking certain actions to make your site as readable as possible for screen readers.
You can read the guidelines yourself and talk to your website developer/designer about ensuring these are fulfilled, but the basic principles are:
- There must be text equivalents for non-text elements (eg, all images & media should have 'alt tags' - in WordPress & Squarespace you can fill these in yourself when adding images/media. Graphical elements that come with themes/templates should be added already by the developer).
- Your website must be able to be viewed and read as pure HTML without a CSS stylesheet (good WordPress templates and all Squarespace templates should be built with this in mind)
- So imagine if all the design elements and images etc were stripped from your website; would it still be readable? (Obviously it will be harder to read, but it must be possible).
Is Your Newsletter 'opt-in' only?
Any email address in your database must have 'opted in' to receive emails from you, and many email marketing services (such as Mailchimp, Convertkit, Campaign Monitor etc) will shut down your account if they find you have broken this rule.
So what counts as opt-in permission?
If people have signed up to your mailing list on your website, or have checked a box to say 'I would like to receive newsletters' (or something to that effect) at your shop checkout, that counts as permission!
If you have email addresses you have gathered yourself by online research, tradeshows or purchasing, you can only send them newsletters/marketing emails if you first contact them to ask them and get permission.
If you ran a competition or have an 'opt-in freebie' on your website and have clearly & visibly stated that by entering their email address the user is giving your business permission to send them marketing emails that is fine. But it must be clearly visible!
Campaign Monitor have a really useful guide for finding out if your list is okay or not.
Remember: As part of the same law, you MUST provide a link or instructions on how to opt-out of your newsletter emails in EVERY email.
Do you have T&Cs, Delivery & Returns Policies?
This is for ecommerce websites; you must clearly display or link to pages that include your terms and conditions of purchase, your delivery options, and returns/refunds/exchange policy.
Termsfeed has information on what to include in these policies, but if you are a large retail store or you plan to grow, it would definitely be worth having a lawyer involved to help.
Do You Have an SSL Certificate?
This is for ecommerce websites; as per the Payment Card Industry Data Security Standard law, if you are taking payments directly through your website (ie, not redirecting visitors through a Paypal link), you must take the necessary precautions to keep their bank details safe.
This obviously includes keeping your website as safe and secure as possible, but it also means you need to have an SSL certificate.
What is an SSL certificate?
SSL is an acronym for Secure Sockets Layer, and having one installed on your website will create an encrypted connection between your web server and the user's browser while they are making a payment on your website.
When you are online shopping and you get to the checkout and see the URL has changed to https:// with a padlock next to it, you know the website is using a secure, encrypted connection via an SSL certificate.
Squarespace ecommerce has SSL built in, but if you are self-hosted with WordPress, you will need to contact your hosting provider to help you install one onto your site.
* Please note I am not a lawyer, and I can only recommend the basic information that I understand to be true from my own research as a diligent website designer.