Roythornes Blog
Roythornes Spalding Offices
News and Events

Five policies every website should contain

  • Posted

Most businesses have a website, but what about the policies behind the pages – how many have all the policies they need and what should they say?

There are five policies a business should consider having on its website. They should be easily accessible and cover the main ways visitors interact with the site and how data is handled.  Which policies you need depends very much on the nature of your site and you should take advice regarding those that may be applicable to your business.

Key website policies - an overview of what they should contain.

Terms of use

  • Govern the actual access to the website
  • State the fees payable to access the website (if any)
  • Prohibit unauthorised use/disclosure of passwords
  • Ideally the terms of use would be accepted before being allowed to view the site but common practice is to display a link prominently on each page
  • Protect your intellectual property on the website
  • Offer you protection in the unfortunate circumstances where a virus has caused damage to a user's property.
  • Allow you the rights to reproduce, distribute, etc the intellectual property uploaded by a user

Acceptable use

  • Governs behaviour on the site
  • Most relevant where interactive services are provided
  • Prohibits unauthorised reproduction of material
  • Prohibits unacceptable behaviour, eg, hacking
  • Allows the website owner to remove offending material or suspend a user’s right to access the site
  • Provides the website owner with contractual remedies for breach of standards imposed and offers a level of protection where that breach is investigated

Privacy policy

  • Assists in compliance with data protection legislation
  • Data includes information about a user's online behaviour where identifiable, this can include IP addresses. You may need a privacy policy even if you are not actually collecting names/payment details
  • Informs a user on how data will be collected, stored and used
  • Allows controller to obtain an individual’s implied consent to processing activities. Remember explicit consent is needed for sensitive data, e.g. data that reveals a person’s racial or ethnic origin, political, religious or philosophical beliefs, trade union membership, health or sex life
  • Are minors likely to use your site? Be wary of enhanced protections
  • A person should have the chance to read these terms before submitting data
  • There are binding obligations on your controller, a policy can assist
  • Details of any data processor should be included
  • Where is your data stored? Does it comply with EU law?

Cookie policy

  • Clear and comprehensive information about purposes for which cookies are stored and accessed.
  • Consent to cookies, usually in the form of a pop-up banner
  • Interaction with the privacy policy
  • Prompts you to look at the cookies you are collecting
  • Cookie policy/information about cookies - details of all cookies used and the purpose for which they are used (table of cookies and broader explanation)
  • Information linked in a prominent place on the website

Terms and conditions

  • Terms and conditions of business for the sale of goods and/or supply of services where applicable
  • Terms will depend on the business and the types of goods and services sold
  • Particularly important if you sell direct from your website as you will be making a contract with your customer
  • Do you sell to consumers? Consumers enjoy enhanced protections
  • Don’t get caught out by forgetting the right to cancel a contract
  • Can you deliver?

Standard policies?

In the same way that there is no such thing as a ‘standard’ business, there is no such thing as a standard set of policies for a website. Correctly drafted policies are a valuable tool that protects your business and the way you trade.