Questions we answer in this guide:
- What documentation do you legally need on your website?
- What's a website privacy notice?
- What's a cookies pop up notice?
- What does a cookies policy need to include?
- How do you draft website terms and conditions?
Launching a website is one of those key milestone moments when you're setting up a business.
It's the marker in the sand, evidencing that you're open for business (whether that's the business of sharing content digitally, or you're setting up a full-on sales and marketing vehicle for your products or services).
It encapsulates your brand, helps to make you discoverable, whilst celebrating and advertising all the wonderful things your business does.
And once you're ready to turn that website live, it's time to make sure you've ticked off those all important legal requirements for how you'll operate your website.
Because whatever you're doing on your site, and whatever your future intentions for it, or your business, there are some crucial legal elements that you need to put in place and keep up to date.
Website requirements at a glance
These legal elements protect you, your creativity and legal rights as much as they warn and protect your website visitors.
There are four of them. Because you'll want to make sure that:
You have your site visitor's consent to capture any information about them as they browse your site (a cookies pop-up policy matters here.)
You've got the right website terms and conditions, suitably tailored to your target audience, whether you're selling goods, services, digital content or a combination of them.
(Different rules apply to sales to businesses vs sales to consumers, so getting the right terms (or sets of terms) prepared and uploaded, is also a legal must.)
Our templates contain helpful guidance notes within them to help and you can simply tailor them to your circumstances.
You can download them in html version, removing any need for tweaking and fiddling once you're ready to publish them on your website.
And Farillio's super handy selector feature will help you pinpoint exactly the right website terms and conditions for your business.
1. Website privacy notice
By law, you must have one of these in place on your website.
A website privacy notice tells individuals (with whom you may do business or interact with in a business environment) about how you collect, handle, store and potentially also share their personal data – as well as the rights that they have in relation to your activities, under the UK’s data protection law.
The privacy notice requires you to give people comprehensive information about how their personal information's being used.
Personal information means any information from which a living individual can be identified. (It doesn't apply to information that has been anonymised.)
Not all parts of the notice will be applicable to all businesses and you may want to use our Speak to an Adviser service to double check whether a certain provision is necessary for what you're doing – or planning to do.
We've included examples in the template as you go along – but as every business differs, you'll need to consider each one with care.
You should also consider whether there's any extra personal information that you collect and should therefore list in the notice.
Before you attempt the drafting of this template, it's useful to complete a data-mapping (or data audit) exercise in order to establish all the types of data that you hold, why you use them, the legal basis for using them and details of when that personal data is shared with other people or organisations.
(Take a look at our guide to data handling rules and what the GDPR means for small businesses for more background on data mapping.)
The categories of information you'll hold are likely to include:
- identity information (such as a name, title, gender, marital status and date of birth)
- contact information (relating to your contact details such as email address, addresses, telephone numbers)
- account information (e.g. username and password)
- payment information (e.g. bank account details and details of payments made).
You might even be holding what's called 'special information', such as gender, marital status and health data, for example.
The template also provides guidance and drafting options on these categories too
Why you're using someone's personal information
To use someone's personal information, you need a specific legal reason for doing so.
These reasons are all covered in our template. These reasons include, for example:
a contract reason: This says that so the data-collecting business can perform its contractual obligations to the individual, it needs to have this data, or
a consent reason: This is where a customer has given their consent for the data-collecting business to use their personal information for a specific reason or specific reasons.
Reasons might include that you need to enroll a customer, or to process an order that has been placed by them, and the legal basis on which you're doing this is a 'contract reason'.
Don't forget that if you add any new purposes for which you process personal data, you'll need to inform the individuals affected by this before you begin that purpose.
And if you update your privacy notice, you'll need to let people know that you've done this. (Often, the easiest way to do this is to add a sentence to your cookies-pop-up notice (see below) and include a link to the updated notice, so that as soon as a site visitor lands on your website, they're notified that your privacy notice has been updated and they can take a look at it if they want.)
In line with data protection law, you'll need to give customers the opportunity to manage how you market your business or similar goods or services to them.
There's a difference in the rules between marketing to businesses vs consumers - with consumers requiring far more exacting and direct consensual interactions before you may be considered cleared to market or to continue to market to them.
And you'll need to tell the customer how they can request that you stop processing their personal information for marketing purposes.
Our guide to what the GDPR means for marketing activities contains plenty more guidance on what's permitted or not with marketing activities.
2. Cookies pop-up notice and policy
Cookies pop-up notice
Did you know that if you have a website that’s owned in the EU or is aimed at individuals or businesses in the EU, it’s a legal obligation to have a prominent cookies notice on your site?
Your cookies notice is the short box of text which pops up when you visit a website.
It should pop up as soon as the visitor to the website arrives on the landing page.
The notice should state that you're using cookies and ask the visitor to accept this.
You could also provide a link to your cookies policy so that the visitor can get more information if they want to.
And you'll also need a cookies policy. This is designed to sit alongside your website privacy notice and your website terms and conditions (covered later on).
What is a cookie, anyway?
Cookies are little pieces of text data that are left on computers, tablets, and phones of website visitors.
That data is kept and used by the website and may even be passed on to another website that recognises that cookie and has a relationship with it.
Some types of cookie are essential for the website to work, but other cookies are non-essential and are designed to:
- remember a user by recognising their device
- track what returning users did before on the site and how they’re behaving now
This is typically designed to provide visitors with a more personalised browsing experience, based on their apparent preferences and interests.
To find out more about cookies, you can take a look at our guide on cookies on websites here.
What does your cookies policy need to include?
Everything you need to include is in our cookies policy.
Here are the highlights.
Your cookies policy will need to:
explain, specifically, the types of cookies used on your website with a description of what they do and, where relevant, external links that provide more information about these sorts of cookies
tell your website visitors that third parties may also set cookies on your website over which you have no control
inform your website visitors that they can manage the cookies on your site themselves (including refusing or deleting cookies), and providing them with details about how they can do this (as well as information about what happens if they modify those cookies; e.g. the site functionality may be very limited as a result).
Want to access this guide?
Already have a Farillio account? SIGN IN
Get unlimited access to 100s of legal resources by signing up to Farillio today.
- Manage your legal documents online
- Well written legal templates by our partners
- Guides to help you understand law
- Legal help available every step of the way