Good Legal Notice for your Website

Things like what kind of legal notice a website needs or whether to enter a small amount of money for AdSense advertising implies tax obligations.

We have given some specific brushstrokes to the topic, but we have wanted to address it for a long time as it deserves since, indeed, there is a legal framework that you have to take into account when creating a website that has its substance and that affects even the people who create it as a simple personal entertainment, without professional or profit motive.

This post is the first of a series of posts that we will be publishing over the next few months where we will resolve all the important legal questions about the so-called “digital law” that most disturb you, along with the tax issues that are also raised in the moment in which your web begins to generate income .

Today we will focus on the subject of legal notice.

What is the legal notice?

We refer to the well-known “Legal Notice”, as the compendium of texts or legal mentions that a web must contain, which will be accessed through a link or link, located in a visible place that redirects to that content, permanently and obviously free.

It is not necessary that said link be called “Legal Notice”; can be recorded expressions such as “Legal information of interest to the user”, “Legal issues of interest” or any other equivalent, provided it is clear that the user of the website will find in that link all the information of legal nature corresponding to the page.

In fact, there will be legal mentions that do not necessarily have to be included in the text of the legal notice, but requirements such as the basic description of the products or services offered on a website, or the price thereof can be recorded at any other site. The web, as for example in the product file.

When am I obliged to have a legal notice on my website?

We will be obliged to have a legal notice that contains the mentions of the Law of Services of the Society of the Information (LSSI), that would be like the frame norm of the providers of services through Internet, as long as:

It is a business website.

Be a corporate blog (associated with a company or business).

Through the web we obtain income, both directly through e-commerce activities through the offer of goods and / or services, as if that income is indirectly perceived, for example, through advertising contracts and, attention, regardless of the volume of income generated.

What should the legal notice contain?

The content of the legal notice of a web, as it may seem obvious, will depend on the type of web to which we refer.

Thus, if we refer to a blog in which only articles are posted, personal data is not collected through any type of form, nor are cookies installed on the user’s device because, logically, no type of legal warning would be necessary. But of course, it is very rare, or maybe impossible, to find a blog that does not meet any of the previous premises.

If, on the contrary, it is a website that collects personal data but through which no income is obtained, and in which no cookies are installed, since the legal notice will be made up solely of a privacy policy.

And so we can go making the combinations that we consider.

Therefore, if through a website income is obtained directly or indirectly, data is collected, cookies are installed, and you can contract products or services, this page must have a legal notice that, from my point of view, should compose of four large blocks:

  • Terms of use.
  • Privacy Policy.
  • Cookies policy (as part of the privacy policy).
  • Contract conditions.

I find myself habitually with the circumstance that these terms are confused. Therefore, we will try to explain what each of these blocks must contain:

  1. Terms of use (or terms of use)

This is the clause dedicated to the use of the web by any Internet user who has access to it, by typing the domain or by clicking on a link that redirects it. It may not hire any service, but we have the obligation to inform the user-user of a series of extremes:

Mentions of article 10 of the Law of Services of the Information Society and Electronic Commerce (hereinafter LSSI), in a mandatory, permanent, easy, direct and free way:

Name or corporate name of the owner of the web, as well as the address or registered office and / or any other data that allows establishing a direct and effective communication.

The tax identification number (NIF or CIF).

If it is a commercial company (a Limited Company, for example), the registration data must be recorded in the Commercial Registry of the province in question.

If the activity is subject to a regime of prior administrative authorization, the data relating to said authorization must be recorded, as well as the administrative body in charge of its supervision.

If a regulated profession is exercised (architect, lawyer, doctor …), the data of the Professional Association to which it belongs and the number of the member, the official or professional title it has and the State of the European Union must be indicated and of the European Economic Area in which said title was issued and, where appropriate, the corresponding homologation of said title. They should also state the professional standards or codes of conduct applicable to the exercise of their profession and the means through which they can be known (it would be a link to the page where they are collected from the Professional Association in question).

The prices of the product or service that we offer must be clearly and accurately provided, indicating whether or not it includes the applicable taxes and, where applicable, the shipping costs or, where applicable, the provisions of the regulations of the Autonomous Communities with competences. in the matter.

We can also include different types of clauses, whose purpose is simply to inform the user how we want our website to be used:

Clauses on intellectual property

It is at least convenient, to state in the terms of us who is the owner (owner or licensee) of the contents of a website, as well as questions such as what is the regime to which we want to submit the contents of our website: with a absolute reservation of rights or if we opt for the figures of the “copyleft”, ceding or licensing our contents, establishing or not limits to that license or authorization of use. Obviously it will depend on the product or service that we offer through our website. If, for example, through our website we offer free software, we will have to establish how we allow the use of that software.

Clauses relating to the link policy of our website

Basically, in these clauses we will regulate what happens with the links published on our website, exonerating us from responsibility with respect to the content of those pages that belong to third parties and of which we have no control whatsoever.

We can also establish conditions relating to how we want or how we do not want to be linked to other pages, such as prohibiting deep-links, IMG or image links, frames, which can make the user understand that they are on another website that does not It is ours In the end, if they want to link us in that way, they will, but at least they will not be able to wield that we do not warn them.

Clauses regarding the right to exclude access to the web

Destined to inform that they will not be able to accede to the web to those that breach the conditions established in the terms of use.

Reservation of the right to modify the terms of use

We can include a reservation of the right to modify the terms of use, but making it clear that the modification will take effect with respect to those who use the website after that modification.

And any other clauses that we deem necessary to regulate the use of the web by those Internet users who visit it.

  1. Privacy policy

The privacy policy is nothing else than the mentions that our legal notice must contain in relation to the personal data that, in its case, we collect, through the different forms that we have arranged throughout our web.

No matter what that form is for: contact, to comment on the web’s blog, to request information, to contract a service, etc. In all these forms we collect personal data, understanding by personal data “any information concerning identified or identifiable individuals” (article 3. a) of the Organic Law on Data Protection (LOPD).

As to what the privacy policy of my blog should contain, we will deal with this topic in depth in a subsequent post.

  1. The legal notice and cookies

Although we are treating it as a separate issue of the privacy policy, make no mistake, the cookie policy is an inseparable part of it, since cookies are information files that the server of a website sends to the device (computer, Smartphone, tablet, etc.) of who accesses the page to store and retrieve information about the navigation that is carried out from said equipment.

Cookies do not collect personal data, but they can provide a lot of information about the user’s browsing habits, and even the IP, and since that information could in some cases serve to identify the interested party, we must inform about the use of cookies to Users in accordance with the provisions of the Organic Law on Data Protection (LOPD).

No one took it very seriously at first, but when the Spanish Data Protection Agency (AEPD) sanctioned a company for the first time in 2014 with a fine of € 3,500 for not notifying the use of cookies, everyone is “put the batteries “in terms of information on the use of cookies.

In short, in order for our website to use cookies, we must obtain the user’s consent to use them, prior to installation. Yes, prior to installation, so it is more than advisable that not all cookies be installed upon entering the website, if not, after acceptance by the user of the installation thereof.

3.1 When should I have a cookie policy?

It is not necessary to warn about the use of cookies or to have a cookie policy – according to article 22.2 of the Law of Services of the Information Society (LSSI) – if the cookies are installed “for the sole purpose of transmitting a communication by a network of electronic communications or, to the extent that is strictly necessary, for the provision of a service of the information society expressly requested by the recipient “.

The aforementioned article 22.2 of the LSSI is referring to cookies that are inherent to the functioning of the web or, for example, to the case of the cookies that are installed for the operation of the “shopping cart”, to remember the language of the web or for the updated maintenance of the prices of the products offered in an e-commerce.

If our website installs any other type of cookie (from   Google Analytics, Disqus, Optimizely, Doubleclick, etc …) in the devices of the Internet users who access our website, we will have to obtain the consent of such users before it is processed. Installation of the same, making a warning of the use of cookies and having a cookie policy to send us to inform the user.

3.2 How should I inform about the use of cookies?

Is it enough just with the plugin “this website uses cookies” that jumps as soon as you enter the web?

The Spanish Agency for Data Protection (AEPD) has had occasion to comment on the way to inform the user and obtain their consent to the use of cookies in their Cookies Guide. However, this guide is sure that in the coming months will undergo modifications, so we must be vigilant.

Among the most common methods, highlight:

Through the acceptance of the “Terms and conditions of use” or its “Privacy Policy” when applying for a service.

During the process of configuring the operation of the web page or application (Settings-led consent).

In the moment in which a new function offered on the website or application is requested. (Feature-led consent).

Before the moment you are going to download a service or application offered on the website.

The so-called, information by layers

The information method by layers

It is the most widespread method.

A first layer would be the banner or warning window that automatically jumps when entering a web (through the installation of a plugin), which is already so familiar to all of us and in which we must inform that the website uses cookies and if are from the own web (own) or from other webs (from third parties), describing in a clear, although synthetic way, the purpose for which they are installed, summoning the user to obtain more information in a link or link that redirects the policy of cookies, warning that if you continue browsing the web it could be understood that you are accepting the use of cookies.

It is very important that if the cookies are to be installed to know the user’s consumption habits or to perform statistical analysis, it is already expressed in the first layer of information about cookies.

It could be something like this:

“We use our own and third-party cookies to improve our services and show you advertising related to your preferences by analyzing your browsing habits and performing statistical analysis. If you go on surfing, we will consider you accepting its use. You can change the settings or get more information here”

And a second layer, which would be the text relative to the cookie policy to which we would send the link that we will have arranged in the word “here” of the first layer, in which the following aspects will have to be detailed:

Definition and function of cookies in a broad sense.

Information through a table or list about the type of cookies used by the website and its purpose. It is not necessary to specify how each cookie we install on the user’s device is called, but to say if it is, for example, technical, analytical, advertising, behavioral cookies (the “retargeting” cookies that serve to make our website “follow”). “To the user through other websites during his navigation), etc.

Information on how to disable or eliminate cookies through the features provided by the website itself or through the tools provided by the browser or terminal, as well as the form of revocation of consent already provided.

Information on the identification of who uses cookies, that is, if the information obtained by cookies is treated only by our website and / or also by third parties with whom our website has contracted the provision of a service for which the use of cookies, with identification of the latter.

In short, what is involved is to obtain informed consent from the user or, in other words, that no one can say that the user does not have information to know which cookies are installed on their computer, tablet or Smartphone, when they access to our web. Another thing is that you do not read it but, if you want to be informed, have the means provided by us.

  1. Conditions of contract

We arrive at the fourth pillar on which our legal warning must be sustained.

When should I have the contract conditions on the legal notice on my website? Well, simply, when through our website we offer products or services, whose contracting is done through the web.

The conditions of contracting are not more than the clauses of the contract that the owner of the web “formalizes” in an electronic way with those who are interested in the products or services that are offered through it.

We must be very careful with the wording of these contracting conditions, because we must inform the client of all aspects required by the Law, before hiring and comply with legal obligations after hiring.

Information that must be provided to the user before hiring

As we said, we must provide the customer who has the consideration of a consumer, the following information before he contracts our products or services:

The main characteristics of the goods or services, to the extent appropriate to the support used and to the goods or services

Price (including taxes and shipping costs)

The codes of conduct to which it is adhered, in its case, and the way to consult them electronically.

Means of payment and delivery date

Existence of legal guarantee (2 years)

Duration of the contract and conditions of permanence if there are

Existence of the right of withdrawal in the legally established terms (14 days- If we do not inform of that right, the user will have a period of 2 years to withdraw from the contract without giving any explanation)

Necessary interoperability (For example the compatible Operating System)

Procedure to address claims and, if applicable, if we are attached to an extrajudicial conflict resolution system.

The procedures or steps you must follow to conclude the contract.

If you are going to file the electronic document of the contract and if it will be accessible

The technical means available to identify and correct errors in the introduction of data before confirming them.

The language or languages ​​in which the contract can be formalized

The detailed description of the purchase process.

The right of withdrawal for a minimum period of 14 days.

The obligation to return all expenses (price and shipping costs) in case of withdrawal, etc.

And be very careful with the clauses that can be considered abusive, since the Consumer Services carry out inspections and can initiate a sanctioning process by including clauses of this type in our contracting conditions.

On the other hand, these clauses may be declared void by a court and be considered null and void. So let’s not put clauses “to put them” and think beforehand if they are really going to favor us.

By way of example, I cannot resist commenting on the fact that some Consumer Services are considering as an abusive clause to state in the contract conditions the mention of “the prices of the products offered are those that appear on the web, except error typographical” .

This tagline of “except typographical error”, is interpreted by the Consumer Services (in fact I know cases of sanctioning files initiated by autonomous Consumer Services for this reason) as the owner of the website can arbitrarily change the price of a product of arbitrary way, hence it is considered abusive. So we have to be careful with this aspect.

Another thing that I usually find is an incorrect wording of the clauses relating to the applicable law and the jurisdiction for the case of dispute: The jurisdiction is to determine which court or tribunal will hear the dispute in case of dispute. That is, where will I be sued or where will I sue? Arbitration mechanisms can also be established with entities such as “Online Trust” , for example.

eye! We cannot establish the jurisdiction that suits us best, for example, the address where we are, because the consumer law understands that it must be sued at the consumer’s home. If we put something else, that clause would be considered abusive, not also serving at all, because it would govern the jurisdiction established by law.

Legal obligations after hiring

And now I want to talk to you about some legal obligations after hiring.

Confirm receipt of customer acceptance

Within 24 hours of receiving the customer’s acceptance, the customer or user must be confirmed that their acceptance has been received through a medium equivalent to that used in the contracting procedure (on the screen after the purchase process, through an e-mail …). In addition to a legal requirement is something that by common sense will give security to the client

Confirmation of the contract concluded in a durable support

Within a reasonable time after the conclusion of the distance contract, at the latest at the time of delivery of the goods or before the start of the execution of the service, the user must be provided with a copy of the contract in durable support. The consumer could request the cancellation of the contract otherwise.