Website Legals: What they cover, why you need them and where to get them

Written By Hannah Dossary

Your branding is done, you have a gorgeous website ready to go.  But do you have proper, tailored website legals in place?  Trust me, crossing your T’s and dotting your I’s on your website isn’t just legal fluff; it’s a protective shield for your business.

Your shopping list should include a well-drafted Privacy Policy (or Privacy Notice), a Cookie Policy, Website Terms of Use, a Refund Policy (if yours is an e-commerce business) and (for larger businesses) an Accessibility Policy.  You also need to make sure you have a GDPR compliant cookie banner in place.

The Big Six: Your Website Legal Guardians

1. Privacy Notice (or Privacy Policy)

This isn’t just a formality; it’s your pledge to safeguard the personal information of your visitors and customers. A tailored privacy policy isn’t just advisable; it’s mandatory under GDPR. It informs users how their data will be collected, stored, and used, providing crucial transparency and building trust.  Your Privacy Notice needs to cover:

  • Data Collection: What information is collected by your business and how it is gathered.
    Data Use: How your business uses collected data.

  • Data Sharing: With whom and under what circumstances data is shared.  This might include for example sharing data with your CRM software, accounting software or email marketing provider.

  • User Rights: You need to set out the rights of users under GDPR, including the rights to access, rectify, and delete their data.

  • Security Measures: How long you keep data for and how you protect it.

Read along to get 10% OFF a bundle of comprehensive, customisable, GDPR-compliant website legal templates, with guidance notes to help you tailor them specifically to your business, just for Shiny Happy Digital’s readers.

 

2. Cookie Policy

It’s important to explain to your website users what cookies you place on visitors’ devices, and what those cookies do.  The usual place to do this is in a tailored Cookie Policy which (like the Privacy Notice) appears in your website footer.  Transparency about cookie usage is a legal requirement under GDPR. A comprehensive Cookie Policy helps users understand how their data is being tracked and used, promoting trust and compliance.  

Your Cookie Policy should set out:

  • Types of Cookies: Information about the types of cookies placed by your website (and whether they are essential or not).

  • Purpose of Cookies: Explanation of why cookies are used (e.g. for analytics such as Google Analytics, or for retargeting visitors, such as Facebook Pixel).

  • User Choices: How users can manage and delete cookies.

3.  Cookie banner

A GDPR-compliant cookie banner is a pop-up or notice that appears when a user first visits your website, informing them about cookie usage and providing options to manage their cookie preferences.

Under GDPR, explicit consent is required for non-essential cookies. A compliant cookie banner ensures users are informed and can opt-in or out of cookie usage, thereby respecting their privacy rights and keeping your website legally compliant.  Using pre-checked boxes is not allowed: users must give positive consent to non-essential cookies, and there must be an easy to find ‘Reject All’ option as well.

4. Website Terms of Use

Consider these the rulebook of your site. Your Website Terms of Use outline what is acceptable user conduct and what isn’t, protecting both you and your users. 

Your Website Terms of Use should include:

  • Usage Rules: What users can and cannot do on your site.

  • Intellectual Property Rights: That you own the copyright in the copy and images on your website, and in your social media posts, and that users may not copy them.

  • Disclaimers and Limitation of Liability: Limitations on your liability for any errors or losses resulting from using your site, for example if a user relies on information in your blog, and says they suffered financial loss as a result. 

5. E-commerce Refund & Returns Policy

Selling online?  A clear refund policy should not only make sure you comply with consumer protection laws, but also reassure your customers about purchasing from you, potentially reducing cart abandonment rates. Your refund policy will set out the conditions under which returns and refunds are processed in accordance with consumer protection law, ensuring clarity and fairness.  Your E-commerce Refund and Returns Policy should include: 

  • Eligibility for Returns: Conditions under which products can be returned (e.g. timeframe, condition of the item being returned).

  • Process: Steps customers need to follow to return a product.

  • Refunds: How refunds are processed and any exceptions.

  • Exchanges: Policies on product exchanges, if applicable.

A clear Refunds & Returns Policy enhances customer trust and satisfaction by providing transparency about their rights and your procedures. It helps prevent disputes and can improve customer loyalty by showing a commitment to fair business practices.

Not sure what to include in your E-commerce terms?  See the Good Legals Club E-Commerce T&Cs Template which can be tailored for your business in minutes, using the guidance notes.

6. Accessibility Statement

Ensuring your website is accessible to all, including those with disabilities, is not just about being inclusive but also complying with legal standards like the Equality Act 2010 in the UK (and equivalent EU legislation).  

How do you know whether your website is truly accessible or not?  The Web Content Accessibility Guidelines (WCAG) are a great place to start when assessing how accessible your website is to all users.

Once you’ve made your website as accessible as possible in accordance with these Guidelines, you should consider including an accessibility statement on your website.  This shows your commitment to accessibility and can protect against discrimination claims.  For larger businesses in the EU, having an accessibility statement on your website is likely to become a legal requirement in the near future.

Your accessibility statement should include:

  • Commitment Statement: A declaration of your commitment to making the website accessible to all users, including those with disabilities.

  • Standards Compliance: Information about the accessibility standards your website adheres to, such as WCAG (Web Content Accessibility Guidelines).

  • Accessibility Features: Description of the specific accessibility features implemented on your website (e.g. alt text for images, keyboard navigation, screen reader compatibility).

  • Known Issues: Acknowledge any current accessibility issues or areas needing improvement and a timeline for fixing them.

  • Feedback Mechanism: Contact details or a form for users to report accessibility issues or provide feedback.

  • Alternative Access Methods: Information about alternative ways to access content or services if the website presents challenges (e.g. phone support, downloadable documents).

Why Not Just Use a Free T&C Generator?

Now, you might be thinking, "Why not just use a free terms and conditions generator?" It’s tempting, right? Instant policies at zero cost. However, here’s the catch—generic doesn’t always mean appropriate. These generators often offer one-size-fits-all solutions that might not cover specific laws or regulations relevant to your business, or (importantly) correctly describe how your business actually collects, uses and stores personal data. 

Using inadequate or incorrect legals can lead to significant legal headaches down the road—think fines, disputes, or a damaged reputation. Plus, cookie-cutter policies can make your business look unprofessional to savvy clients who value transparency and thoroughness.

In addition, many of these free generators come at a hidden monthly cost, so as well as not being tailored to your business, they also can be a false economy.


An Affordable Tailored Solution: The Website Legals Bundle

At the Good Legals Club, we recognise the need for our clients to have access to professionally drafted contracts and policies, at an affordable price. We’ve developed a bundle of comprehensive, customisable, GDPR-compliant website legal templates, with guidance notes to help you tailor them specifically to your business.  You can access the website legals bundle HERE.  The bundle is already discounted, but we’re happy to offer Shiny Happy Digital’s readers an additional 10% discount on the bundle price: just enter the code TEMPLATES10 at checkout.

In conclusion, while putting in place professional, legally-compliant website legals might seem daunting, the cost of not doing it right can be far greater. Think of it as an investment in your business’s foundation—a crucial step to protect and professionalise your online presence.

About the Author

Emma Gooding qualified as a solicitor in 1998 with one of the UK’s top 5 law firms, specialising in commercial litigation. It was glamorous work, with clients including Coca Cola, Ministry of Sound and the UK Government.  But the more litigation she saw unfold, the more it became clear how destructive and expensive it is. And so she shifted focus from helping businesses win in court, to helping them avoid it altogether by putting proper protections in place.  

Emma set up The Good Legals Club to support entrepreneurs, founders and small businesses to put the solid legal foundations in place that they and their businesses want and need.  For more information about the Good Legals Club’s mission, visit the platform HERE and, if you’d like an insight into how solid your business’s legal foundations are, and the immediate steps you can take to improve them, download our free Legal 101 Healthcheck.

Hannah Dossary

Web Designer based in Brighton, UK

https://shinyhappy.digital
Next

My top 5 small business boundaries