Month: September 2024

Back in 2003, a Polish band sang in German that “there are no borders.” They had a point! But here we are in 2024, and your e-commerce opportunities are even broader: you can sell online to more than just three people (or as we might say, Ich Więcej), and far beyond just Germany! 🌍 

Now, let’s dive into the key legal aspects of selling services and products abroad. The essential documents to ensure your e-commerce is fully compliant include:
• 📜 online store terms and conditions
• 🔐 privacy policy (GDPR information and cookie obligations)
• ✉️ newsletter terms (if applicable)
• 🔄 return and refund policy 

📜 Online Store Terms and Conditions
The most important document to start with when setting up your online store is the terms and conditions. While it can be a bit complex, it’s essential to include the following to make your life easier and ensure legal compliance:
• ⚖️ Applicable Law – you choose the governing law. For a Polish store, it’s easiest and safest to select Polish law. Be sure to state that this choice doesn’t deprive consumers of protections under their local laws.
• 🛒 Available Services – clearly outline what customers can do, like creating accounts, signing up for newsletters and making purchases.
• 💸 Sales Agreement Terms – a key section. Specify operating hours, accepted currencies, payment methods, order processing and taxes.
• 🚚 Delivery Terms – cover shipping costs, available delivery options and order fulfillment times.
• 🔄 Conditions for Making Complaints – define a clear complaint procedure, including customer rights and time limits.
• 🤝 Alternative Dispute Resolution (ADR) – mention available ADR options, even if not mandatory.
• 📝 Model Documents – consider including templates for complaints or contract withdrawals. 

🔐 Privacy Policy: GDPR Information Obligations and Cookies
Meeting GDPR requirements, especially regarding personal data and cookies, is crucial. Your privacy policy should clearly explain:
• Who you are and how you process customer data,
• What rights customers have regarding their data,
• What data is collected, why, on what legal basis and for how long,
• Who has access to the data.
Moreover, in a separate document, explain what cookies are, the types you use and their purpose on your website. 

✉️ Newsletter and Return/Refund Policies
Don’t overlook these key documents, especially if you’re selling internationally. It’s essential to provide them in English as well. 📄 

🚫 Geoblocking
Geoblocking restricts access to certain websites based on a user’s location or residence. However, regulations now prohibit this kind of discrimination in EU commerce. A notable example is streaming platforms like Netflix, where content availability can vary by country. 🌍  

📝 Online Consent Practices
Despite EU-wide regulations, different countries follow varying practices when it comes to obtaining consent for personal data processing or sending newsletters. 

🚀 Summary
Carefully preparing your e-commerce documentation is the first step toward success. Well-structured documentation helps avoid disputes with customers and fosters a positive company image. If you need consultation, feel free to reach out to us! 📞 

📌 Running an online store without processing customers’ personal data isn’t just impossible; it’s also impractical. What you need to know is that processing this data is regulated by the EU’s General Data Protection Regulation (GDPR). This includes collecting, recording, storing, modifying, sharing and deleting your customers’ personal data. You’ve likely heard of GDPR—since it came into effect in 2018, those information clauses seem to pop up everywhere, even from your fridge. 

To comply with the law, you must include the following in your e-commerce platform: 

• an information clause or privacy policy, and 

• in certain situations, consent clauses for data processing. 

As a business owner, you need to inform customers that you’re processing their data no later than when you collect it, or within a reasonable timeframe if you obtain it through a third party. In practice, you can do this during account creation, when placing an order, submitting an inquiry via a contact form or signing up for a newsletter. 

📌  You have a few options for meeting the information obligation. You can: 

• provide all the necessary details at each data collection point, or 

• include brief references at these points that direct customers to your privacy policy, which outlines the data processing procedures for your store in detail. 

👉 In practice, the second option is most chosen. It’s simpler and significantly reduces the amount of text at each point where customers may provide their data. 

Remember that obtaining consent for data processing isn’t always necessary or appropriate and sometimes it can be a mistake. In e-commerce stores, you often see checkboxes for consent to process personal data, such as for order fulfillment. However, this approach isn’t correct. Provisions allow for different bases for data processing, one of which is the necessity to fulfill a contrac – like delivering the goods a customer has ordered. In such cases, asking for additional consent for the same purpose can create more issues than benefits. 

For What Purposes Can You Use Customer Data? 💻

Customer data is typically processed for creating accounts, fulfilling orders and conducting statistical and marketing activities. Provisions are quite flexible and do not define specific purposes for data processing. 

 📲 However, you should keep in mind that customer data should: 

• Not be collected “just in case”, but only for clear and specific purposes that you define at the time of collection. 

• Be collected only to the extent necessary to achieve those purposes—avoid gathering more data than you actually need. 

• Be stored only for as long as necessary. 

• Be kept secure—most significant fines (yes, GDPR violations can result in hefty penalties) come from security breaches, which can also severely damage your reputation and erode customer trust. Furthermore, customers should be aware of how their data will be used. Ensure they are informed by including an information clause at the point of data collection. 

📌 How to Increase Sales by Streamlining the Path to Purchase 

Aim to create a user-friendly path to purchase by minimising unnecessary content. Collect the shortest consents possible and reduce the required information obligations. This will help keep customers on your site longer and encourage them to complete their purchases. 

Although provisions require various pieces of information during the path to purchase process, you can simplify this by avoiding complex legal language. Clear and straightforward messages will be more appreciated by your customers. 

Example 

A provision might require consent for “the use of telecommunications equipment for direct marketing purposes, in the form of text messages sent to the mobile phone number provided below, in accordance with the Telecommunications Law Act of 16 July 2004 (Journal of Laws No. 171, item 1800). 

You can simplify this to: “I hereby consent to receive SMS newsletters at the phone number provided.” 

Do you see the difference? 😊 

You have similar opportunities for simplification, such as with the GDPR-required information clause. Instead of crowding the path to purchase process with lengthy details, you can use brief references or hyperlinks that direct customers to more comprehensive information in your privacy policy. Don’t let data processing information overwhelm the path to purchase experience!  

👉 New Sales Channels, Same Consents and Customer Accounts 

Yes, it’s possible, but you need to check your existing documents to make sure they cover your new activities. If your agreement with the customer only covers an account on a specific website, setting up an account in a mobile app will require updating the consent, which means you’ll need to revise the terms of service. Once the consent is updated, the customer can use their account in the mobile app without having to re-register. 

In addition to the terms of service, review the GDPR-required information clause provided to the customer. Ensure that it’s broad enough to cover the new channel. If not, it will need to be updated. 

👉 Data Collected Online and In-Store Operations 

You might wonder if data collected from your online store can also be used for your stationary stores. The answer is yes. For instance, if you’ve implemented a loyalty program offering discounts, promotions or rewards redeemable in your stationary stores, you can include online purchases in this program. Similarly, if you want to carry out marketing activities in your stationary stores based on consents collected online, that’s also allowed. Applicable provisions support these practices. 

Typically, consents obtained for data processing in e-commerce for marketing purposes are also sufficient for running marketing campaigns in your stationary store. 

The same applies to newsletter consents. If you have consent for a newsletter related to your online store, you can also include information about your stationary business. The goal is to obtain consent for a “general” newsletter that promotes your products or services. Ensure that the information you provide is broad and not limited to just the online store. This is important because customers need to be aware that their data collected through the online store will also be used for purposes related to your stationary business. 

Overwhelmed by consents, data and clauses? No worries. Reach out to LBKP, the new technologies law experts who crafted the legal section of our guide. They’ll be happy to help with any questions you have.