What to consider when launching an online store
Online selling is subject to a number of legal regulations, from those on consumer protection and protection of personal data to legislation governing payment services. Below, we lay out the key compliance requirements that an online store must meet.
1) General terms and conditions
Starting an online store calls for the adoption of appropriate “general terms and conditions”, namely the general terms and conditions of business or online store, as well as the privacy policy and cookie policy.
The general terms and conditions should set down the entire legal relationship with the user of the website and all rights and obligations under the contractual relationship. All obligations regarding use of the online store, including the method of making online purchases, the time of concluding the contract between seller and buyer, payment and delivery method, invoicing, handling complaints and resolving any disputes, etc. must be set down. A precise and well-thought-out set of general terms and conditions is therefore essential for the business going forward, including in the event of any subsequent disputes with customers. The user of the website must explicitly agree with the terms and conditions of the website in advance, which is why it is important that you introduce an appropriate method of accepting the conditions.
Special attention should also be paid to the privacy policy, which concerns the collection and processing of users’ personal data. It must be clear to the user exactly what personal data is to be collected, in what way and for what purpose. Consumer rights that stem from the General Data Protection Regulation (GDPR) and the Personal Data Protection Act (ZVOP-1) must be set down, including the possibility of revoking consent for the processing of personal data, transcription of collected personal data, direct marketing, etc.
2) Consumer rights under the Consumer Protection Act
When formulating general terms and conditions (as well as other business planning), one must have a thorough understanding of obligations to consumers, which includes familiarity with the Consumer Protection Act (ZVPot) and the Consumer Protection against Unfair Commercial Practices Act (ZVPNPP). The provisions on the possibility of withdrawal from a contract within 14 days of distance purchase, without stating the reason (Article 43c ZVPot) and the possibility of asserting warranty claims (Articles 37-40 of ZVPot) are essential, with a special regime in place where a guarantee has been issued (15b – 21č Article ZVPot). This is also important because the deadlines for dealing with and satisfying consumer demands are relatively short, and in the case of violations of these legal obligations, the ZVPot also provides for relatively high fines. Relatively high fines are also provided for under the ZVPNPP in the case of inadmissible commercial practices (including misleading advertising), which is why it makes sense to make sure in advance that your business practices comply with this act.
3) Compliance with recent legislation on payment services – the Strong Customer Authentication measure
On 14 September 2019, the amendments brought by the EU Payment Services Directive (PSD2) and the Slovenian Payment Services, Services for Issuing Electronic Money and Payment Systems Act (ZPlaSSIED) entered into force. The most important measure to consider in online shopping is the so-called Strong Customer Authentication measure. It is designed as an extra layer of customer identification for online payments, intended primarily to reduce online payment fraud.
It is the duty of the online trader to provide an appropriate IT framework for the online store, one which allows for the use of strong customer authentication (e.g. 3D Secure) for payments. Otherwise, the payer’s bank may reject the transaction when ordering payment. This means that the design of an online store must incorporate appropriate IT solutions (for which there are specialized providers, such as Stripe, Adyen, Siteminder or 3C Payment), and in light of the introduced innovations the general terms and conditions should be amended as well. You can read more about Strong Customer Authentication and changes in the legislation governing payment services in one of our previous articles.
4) Watch out for copyright
When setting up a website, make sure to obtain the appropriate rights or license to use all copyright works (images, photographs, statements, etc.). Otherwise, the copyright holder may request a ban on the use of the work and claim damages.
At the same time, you must define the copyrights and rights to use published or used copyrighted works in your general terms and conditions, which should prohibit any further reproduction, distribution and other use of copyrighted works without prior explicit consent and define how and where content or data from your website may be used.
5) Other user safeguards
In order to avoid any liability for damages resulting from failure to exercise due care in the operation of the online store, particular attention must be given to the security of your IT system so as to ensure maximum protection of your information system and the online store itself. As already mentioned, this has added importance in light of the statutory requirements regarding payment services and the protection of personal data.
Additionally, be sure to take appropriate action, which is either mandatory or recommended, in light of the current Covid-19 situation.
6) Get registered
Pursuant to Article 6 of the Companies Act (ZGD-1), companies may carry on only those activities specified in their articles of association. A company’s articles of association therefore determine which activities the company carries on, and they (as well as all activities listed in it) must also be registered in the court or business register of Slovenia. Before starting online sales, you should also check if you have listed all the sales activities that you intend to carry on, including online sales, in the articles of association. When doing so use the activity definitions listed in the current Standard Classification of Activities (available here).
Author: Ana Kastelec, Attorney-at-Law