Most businesses have a website, but what about the policies behind the pages – how many have all the policies they need and what should they say?
There are five policies a business should consider having on its website. They should be easily accessible and cover the main ways visitors interact with the site and how data is handled. Which policies you need depends very much on the nature of your site and you should take advice regarding those that may be applicable to your business.
Key website policies - an overview of what they should contain.
- Govern the actual access to the website
- State the fees payable to access the website (if any)
- Prohibit unauthorised use/disclosure of passwords
- Protect your intellectual property on the website
- Offer you protection in the unfortunate circumstances where a virus has caused damage to a user's property.
- Allow you the rights to reproduce, distribute, etc the intellectual property uploaded by a user
- Governs behaviour on the site
- Most relevant where interactive services are provided
- Prohibits unauthorised reproduction of material
- Prohibits unacceptable behaviour, eg, hacking
- Allows the website owner to remove offending material or suspend a user’s right to access the site
- Provides the website owner with contractual remedies for breach of standards imposed and offers a level of protection where that breach is investigated
- Assists in compliance with data protection legislation
- Informs a user on how data will be collected, stored and used
- Allows controller to obtain an individual’s implied consent to processing activities. Remember explicit consent is needed for sensitive data, e.g. data that reveals a person’s racial or ethnic origin, political, religious or philosophical beliefs, trade union membership, health or sex life
- Are minors likely to use your site? Be wary of enhanced protections
- A person should have the chance to read these terms before submitting data
- There are binding obligations on your controller, a policy can assist
- Details of any data processor should be included
- Where is your data stored? Does it comply with EU law?
- Clear and comprehensive information about purposes for which cookies are stored and accessed.
- Consent to cookies, usually in the form of a pop-up banner
- Prompts you to look at the cookies you are collecting
- Information linked in a prominent place on the website
Terms and conditions
- Terms and conditions of business for the sale of goods and/or supply of services where applicable
- Terms will depend on the business and the types of goods and services sold
- Particularly important if you sell direct from your website as you will be making a contract with your customer
- Do you sell to consumers? Consumers enjoy enhanced protections
- Don’t get caught out by forgetting the right to cancel a contract
- Can you deliver?
In the same way that there is no such thing as a ‘standard’ business, there is no such thing as a standard set of policies for a website. Correctly drafted policies are a valuable tool that protects your business and the way you trade.