More Information
There are a few laws to consider when launching a website. Not all of them may apply to your business but please take the time to read this page - it is very important that companies comply with this legislation.
- Legal Requirements - Information you MUST display on your website
- Advertising Standards Authority - In March 2011, the ASA's Committee of Advertising Practice (CAP) Code's remit was extended to include companies' communication on social networking sites and their own websites
- Distance Selling Regulations - Protection for consumers when they shop online
- Data Protection - Data protection laws affect how businesses and other organisations are allowed to make use of personal information
Legal Requirements
All limited companies in the UK are required by law to display certain information on their websites and in their email footers. Failure to do so could mean they are in breach of the Companies Act and risk a fine.
Every company must list its company registration number, place of registration, and registered office address on its website. The information must be in legible characters and should also appear on order forms and in emails. Such information is already required on business letters but the duty has been extended to websites, order forms and electronic documents.
McGregor Media sites are set up to automatically comply with UK laws regarding the display of company information by using the information you enter about your company when setting up your company's profile in the Admin section of your website .
You must include the following information:
- The name, geographic address and email address of the service provider. The name of the organisation with which the customer is contracting must be given. This might differ from the trading name. Any such difference should be explained – e.g. "ABC.com is the trading name of ABC Limited."
- It is not sufficient to include a 'contact us' form without also providing an email address and geographic address somewhere easily accessible on the site. A PO Box is unlikely to suffice as a geographic address; but a registered office address would. If the business is a company, the registered office address must be included.
- If a company, the company's registration number should be given and, under the Companies Act, the place of registration should be stated (e.g. "XYZ Enterprises Limited is a company registered in England and Wales with company number 1234567")
- If the business is a member of a trade or professional association, membership details, including any registration number, should be provided.
- If the business has a VAT number, it should be stated – even if the website is not being used for e-commerce transactions.
- Prices on the website must be clear and unambiguous. Also, state whether prices are inclusive of tax and delivery costs.
For more information, go to Out-Law.com.
Advertising Standards Authority
The ASA rules on potential breaches of the Code of Practice written by the Committee of Advertising Practice (CAP). It also applies to marketing on free services, as well as marketing in paid-for space.
"We already regulate internet ads in paid-for space, like banner ads, pop-ups and paid search results, but our new responsibilities mean that we now apply the same high standards to marketing communications on companies' own websites and in other non-paid space they control, like Facebook and Twitter," said an ASA statement.
In the words of section I (h), it applies to: "advertisements and other marketing communications by or from companies, organisations or sole traders on their own websites, or in other non-paid-for space online under their control, that are directly connected with the supply or transfer of goods, services, opportunities and gifts, or which consist of direct solicitations of donations as part of their own fund-raising activities".
In layman's terms, any information you display on your website about your business, your products or your services must be legal, decent, honest and truthful.
For more information, go to Out-Law.com.
Distance Selling Regulations
The Distance Selling Regulations were passed to protect consumers when they shop online or enter into other contracts at a distance from the supplier. The rationale for giving consumers special protection in such deals is that the consumer does not have the benefit of meeting face-to-face with the supplier and inspecting the goods or services offered for sale.
The Regulations give consumers a right to:
- Receive clear information about the supplier, the goods or services and the sale before deciding to buy.
- Confirmation of this information in writing.
- A cancellation period of 7 working days in which to withdraw from the contract. This is also referred to as the "cooling-off period".
- Protection from payment card fraud.
For more information, go to Out-Law.com.
Data Protection
Data protection laws exist to strike a balance between the rights of individuals to privacy and the ability of organisations to use data for the purposes of their business. The Data Protection Act 1984 introduced basic rules of registration for users of data and rights of access to that data for the individuals to which it related. These rules and rights were revised and superseded by the Data Protection Act 1998 which came into force on 1st March 2000.
Data protection law applies whenever a data controller processes personal data. These words are given special meanings by the Act.
A data controller is the person who determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. In other words, you will be a data controller if the processing of personal data is undertaken for your benefit and you decide what personal data should be processed and why. Data controllers must put in place adequate technical and organisational measures to safeguard personal data which they are processing from destruction, adequate loss, unauthorised access or disclosure. This would include, for example, using a secure server when payments are made online.
Personal data means data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, the data controller. For example, most organisations will process personal data relating to employees, customers, suppliers and business contacts. These individuals are referred to in the Act as 'data subjects'.
The Act applies when personal data is processed or is to be processed by a computer, or is recorded or to be recorded in a structured manual filing system. There are other types of system covered by the Act, but these are the most common. The term 'processing' covers virtually any use which can be made of personal data, from collecting the data, storing it and using it to destroying it.
The data protection principles require that personal information is:
- Processed fairly and lawfully
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with the rights of individuals
- Secure
- Not transferred to other countries without adequate protection
The Data Protection Act 1998 requires businesses to give details about the way they process personal information to the Information Commissioner's Office (ICO) for inclusion in a public register, unless they are exempt. This is called notification.
The notification process allows people to find out what personal information an organisation is processing and why. It involves providing some basic details about your business and how you process personal data.
For more information, go to Out-Law.com, Business Link or ICO (Information Commissioner's Office).
