Privacy Policies, GDPR, Cookie policies, refund policy, return policy... the list is endless. How do you comply with all these laws?
The information provided below is meant as general knowledge and should NOT be taken as legal advice. Always confirm with local authorities the exact legal obligations of your business online.
Online sales can be a legal nightmare
The list of policies one could write is endless but in this article, we'll try to address the most common ones.
The General Data Protect Regulation came into effect on the 25th May 2018 and yet, almost 3 years later many businesses still don't understand it.
The law is simple;
If you store or process personal information in any way you need to have consent to do so.
A very common misbelief is that everyone needs to have that annoying popup to consent to data collection. In reality that is NOT true. If you have a website that doesn't collect any personal identifying information, you're exempt from GDPR.
GDPR also clearly states;
"If you have legal obligations to collect the data and the user understands it, you do NOT need to pro-actively obtain consent."
Another common misbelief is that you need to obtain consent to use third-party software on your website.
One last misbelief is that you need active consent to collect information such as "Email". Even though this is true, GDPR also states that almost any form of consent is acceptable. In cases such as the email capture form, it is enough to state how the information is going to be used, and in signing up for the service the user is actively giving consent.
"By signing up through this form, you are consenting to receive marketing material from XYZ ltd."
Whether you need to acquire consent or not, there still are some things that you need to adhere to, if you want to be GDPR compliant.
An example of this can be found on the Lifeboat's website: https://lifeboat.app/privacy
Another common policy found in e-commerce websites is; Refunds & Returns. Even though not obligatory in every country, we still recommend having this on your website.
This policy needs to outline how you handle requests for refunds and returns.
"We accept returns if they are returned in their original packaging within 7 days of order delivery date."
This is a relatively old policy, which varies slightly from country to country however the basics remain the same;
We do not store or process any personal information in cookies."
Do you sell Tabacco? Alcohol? Gambling-related items? Adult items? Guns or Ammunition?... This applies to you.
Even though online sales of these categories are permitted in some countries, it comes with additional obligations. The most common obligation is that you don't market nor sell these items to people below a specified age.
The most common approach is to have a popup block access to such websites until the age of the visitor is verified.
These kinds of popups however can be easily circumvented and don't offer a reliable way to confirm the visitor's age or location. For such merchandise, we recommend opting for verification during the checkout process. We also recommend having a clear policy on your website detailing why such visitors cannot purchase from your store and how you prevent such sales.
Even though we debunked quite a few common misbeliefs in this article, one should still address privacy as an important pillar in your online sales.
Data leaks, unnecessary data collection, ... could quickly lead to a legal and PR nightmare, so don't take risks.
Unlike other platforms, Lifeboat takes data privacy and security extremely seriously.
We hope that this article was helpful, if it was (or wasn't), let us know the comments below.