How to make your online store legally watertight

Starting up a business is a dream that many people have. But the saying 'be your own boss' comes with responsibilities. As the owner of an online store, you have to make sure that your business and its products or services are legal and that your website meets all legal requirements. Legal certainty isn’t just obtained by choosing and implementing the correct legal form. Your website must also meet important conditions, especially when it comes to legal information such as disclaimers and data protection.

We’ll show you what you should consider to ensure your online store is legally compliant.

The legal basics of a web store

The legal basics of eCommerce differ from those of stationary commerce. In addition, there are various legal aspects that only apply to online stores.

These include legal regulations such as:

All three regulations follow the same goal: to protect user and customer data and ensure that the process by which companies collect data is transparent. Therefore, web store owners need to inform their customers of how they store personal data in case of a purchase and cookies when they access the store website. If you fail to provide the necessary information, you could risk high fines. So if you’ve yet to install a solution that informs customers about how you track cookies, you’re better off not tracking any user activities just yet.

The obligation to provide information about how user data is handled is not the only stumbling block on the way to a legally secure online store. The following points also play an important role in meeting the legal requirements for an online store:

  • Tools for error detection and correction: Provide your customers with tools that alert them to input errors in the course of their order so they can be corrected before they are submitted.
  • Copyright notice: Your online store is a commercial web project. If you plan to use content such as images and photos, for which you don’t own the copyright, their use must be contractually agreed. You can find out more about online image rights in our article on the topic.
  • Confirm receipt of order on a "permanent data carrier": You are obliged to confirm contract terms associated with any purchase made in your store on a "permanent data carrier", such as email or a paper printout that is added to the shipment.
  • Label the order button correctly: The button that customers use to place an order must be clearly labeled as such. Labels such as “Pay now” or “Buy” are recommended, while “order” or “register” are inadequate or even misleading and therefore not legally compliant.
  • Observe geo-blocking prohibitions: You can set the delivery areas for orders through your store individually, but your offer can’t exclude users whose place of residence falls outside of your delivery area. You can find more detailed information in our article on geo-blocking prohibition.
New call-to-action

If your online store is aimed exclusively at commercial clients, this should be clearly stated on your website. A simple note hidden in your terms and conditions is not sufficient to comply with your information obligation about your online store’s strategic direction.

How the coronavirus has affected eCommerce

In times of the coronavirus pandemic, a legally compliant online store is now more important than ever. After all, eCommerce businesses have profited from strict regulations imposed on public life which has affected stationary stores more than most other businesses.

There is no doubt that both large sales platforms such as Amazon and eBay as well as many web stores have benefited from the crisis in recent months. Stores that primarily sell clothing and luxury goods (cars, watches, etc.) on the other hand, have suffered a drop in sales, especially during the spring 2020. The same applies - not surprisingly - to the tourism and entertainment industries. It’s a problem that has quickly threatened the existence of many operators of smaller online stores.

Additionally, eCommerce logistics have been hampered by the coronavirus crisis. In some instances, production and delivery chains could not be maintained which has led to customer complaints over long waits for ordered goods. For stores that rely on drop shipping, i.e. those whicch don’t have their own warehouses, this spells disaster.


Make sure you inform your customers about any logistical issues as a consequence of the coronavirus crisis to gain their sympathy for the difficulties this has put your business under. Complying with the law may not be enough. Instead, you should also display warnings and COVID-related notices prominently on your website.

As a reliable digital partner, IONOS supports you during these difficult times. Our extensive range of support services can be viewed on our dedicated page.

Legally secure online store check list: the most important elements

It’s never been more important to watch our for legal aspects of online store creation and maintenance. eCommerce plays a central role in our daily lives and it hasn’t even reached its full potential just yet. The following check list summarizes the most important duties and building blocks to create a legally compliant online store.


Looking to create an online store that is legal and supports you in reaching your sales goals? The  eCommerce website builder from IONOS provides the perfect solution for stores with up to 5,000 products!


A disclaimer is a legal notice covering the basic issues that could arise when operating a website. Many websites can use a simple disclaimer, although other business may find they need something more specialized depending on what products or services they offer. In 2004, the FTC (Federal Trade Commission) started to crack down on web businesses that didn’t have the necessarily legal information on their websites. Some were shut down and their operators faced with huge fines.

Terms and conditions

The terms of use (or terms & conditions) are the rules for using your website (they are not the same as terms and conditions for a business). It is necessary for all businesses with a website or online presence to include certain items in their terms of use, in order to comply with the Electronic Commerce Regulations 2002, even if the website does not sell goods or services. Having a terms and conditions page helps protect intellectual property rights on your site and can reduce liability if the worst comes to worst and you’re taken to court. It’s also advisable to include a copyright notice such as “Copyright © 2020." to protect your site and its content.

The errors you should avoid when writing your terms and conditions are summarised in our dedicated article on “Common mistakes when creating T&Cs“.

Privacy policy

A privacy policy tells website visitors what type of personal information you are collecting from them and how you plan to use it. It is therefore a legal requirement and is usually found on the T&C page. It is also advisable to specify if you don’t intend to collect any information (such as e-mail addresses and names) so visitors feel at ease and may be more likely to stay on your site. If you have a contact form on your website (e.g. for customers to subscribe to your newsletter), you should let visitors know how any information they enter will be used.

The aforementioned GDPR and online cookie regulations should be considered here.

Cookie notices and options to agree

While you must notify your customers that you’re using cookies, you can employ tracking solutions without their explicit consent. It’s recommended that you install a solution that notifies your customers and allows them to give consent of cookie tracking. These notices must reach your customers before their data are being transmitted. Typically, this process is presented in the form of a pop-up which informs about how you store data and allows customers to accept or deny the use of cookies. 

Depending on know-how and abilities, you can program the cookie pop-up yourself or use a cookie consent tool. For Content Management Systems, there are various plug-ins available to include cookie notices to make sure your web store complies.


In our guide on WordPress cookie plug-ins we present the four best extensions for easy and quick cookie consent in WordPress!

Product descriptions

To create a legally secure online store, your product descriptions must be complete and not give a false impression of products. Check that all necessary information are included and that relevant pieces of information are accurate. Typical, illegal information include, for example, the following product details:

  • Product type
  • Ingredients/components
  • Date of manufacture
  • Availability
  • Fitness for purpose
  • Possible uses
  • Quantity
  • Origin

Shipping and delivery policy

This kind of policy is required so that customers know when to expect their products and how they will be delivered. It’s important that customers know the expected delivery periods and costs otherwise they may look elsewhere if they can’t find the information. Including a discount or promotion can encourage customers to buy more, for example, 'free shipping on orders over $100'.

Refunds policy

Refunds are a normal part of online business and customers will want to return or exchange their goods from time to time. They are more likely to make a purchase if they know they can send the product back if it’s not to their satisfaction. Different states have different rules concerning returns so be sure to check which one applies to you. For example, in Florida, you must make it clear if you don’t offer refunds otherwise customers may return goods for a full refund within 20 days of purchasing. In California, customers have 30 days to return what they don’t want.

A good idea is to include the refunds policy with the terms and conditions so that buyers know their rights and what to expect. You could embed a check box onto your site so that users have to agree to the terms and conditions so you know they have read them and this protects you too should any problems arise.

Payment methods

It’s important for online business owners to offer a range of payment methods so that every visitor is catered for. You could lose a potential customer if they don’t see their preferred method being offered. You must ensure that you provide at least one payment method that doesn’t incur additional charges.

You must let your customers know if there are charges for using credit cards or other payment methods. This should be explained as part of the order process and in detail on a sub-page that provides more information about the payment options.

Order button

As mentioned, the order button must be explicitly labeled as such to ensure your online store is legally sound. In the past, there have been cases of dubious and fraudulent methods to lure victims into subscriptions. In these cases, customers would enter subscription contracts without their knowledge.

Customers should be able to see that by clicking on a button they are entering a sales contract. Therefore, the button should state the obvious such as

  • ”Buy now“
  • “Order now”
  • “Commit to pay”
  • “Commit to purchase”

You should refrain from using dubious wordings such as “Finish shopping” or “Register” or even “Next”.

Shipping times

If there’s no additional information, a customer can expect that products are available immediately. In most cases, immediately is defined as within five days. A shipping policy is required so that customers know when to expect their products and how they will be delivered. It’s important that customers know the expected delivery periods and costs, otherwise they may look elsewhere if they can’t find the right information. Including a discount or promotion can encourage customers to buy more, for example, 'free shipping on orders over $100'.

Product and delivery costs

All product and service costs listed on your website must be accurate and complete. Product prices should list the cost including and excluding sales taxes. Shipping costs must be stated and be easy to find. You should not add notes such as “shipping costs on request” as this can be confusing and lead to frustration among customers.

Double opt-in newsletter

Newsletter marketing is a favored and cost-effective marketing strategy to reach existing and potential new customers. Newsletter registrations are often included on a website as part of an online form. The CAN-SPAM Act allows direct marketing messages to be sent to recipients without their permission, although this isn’t the case in some areas (i.e. Europe and Canada) where it’s forbidden to send e-mails and newsletters unless the recipient has specifically asked for them. So even though in the US, you can send commercial e-mails in the hope of winning over potential customers, you must have an opt-out or unsubscribe button so your customers can let you know they don’t want your information. Coming across as spammy can damage a company’s reputation so to play it extra safe, you should make use of the double opt-in process. The customer signs up to the newsletter, then receives an e-mail with a link that they have to click in order to activate future newsletters

Conclusion: not without a lawyer

As a store owner, it’s your responsibility to provide your customers with relevant content in a professional and transparent way. Besides this valuable content, it is also important that pages are clearly marked and always available. The topic of data protection is not only relevant for legal reasons, but is also very important for online businesses from a marketing perspective.


You can boost customer trust by using a trust seal for your online store. If you apply for a trust seal, a team of experts will judge your store standards according to existing data security, safety, return policy, delivery, and payment policy regulations. This way you can be sure that you created a legally compliant online store.

Please note the legal disclaimer relating to this article.

We use cookies on our website to provide you with the best possible user experience. By continuing to use our website or services, you agree to their use. More Information.