If you want to sell products or services online, setting up a web shop is now quick and straightforward—the technical implementation has become simple. Ecommerce businesses in Germany can also easily make certain the legal compliance of an online store. In this article, you will learn how to make your online shop’s ordering and purchasing process legally compliant. Plus we explain how to create general terms and conditions, regulatory notices, and privacy policies. You will also learn about the possible consequences of noncompliance with regulations.
What’s in this article?
- Ways companies can make the payment process in an online shop legally compliant
- Creating and integrating legally compliant general terms and conditions into an online shop
- How to create a legally compliant imprint
- How to create a legally compliant privacy policy
- Consequences of an online shop not being legally compliant
Ways companies can make the payment process in an online shop legally compliant
When customers make purchases in online shops, they enter into a legally binding contract with the retailers, a so-called distance selling agreement. This obliges companies that sell products and services online to comply with the requirements of the Information Obligation Ordinance in the German Civil Code (BGB). The requirements contain, among other things, an imprint and general terms and conditions (GTC), which potential customers can easily find on the website. Additionally, the foundation of the distance selling agreement and a legally compliant online shop is an ordering and purchasing system that follows regulations. Throughout the order and payment process, there are several things that online retailers need to consider.
Clear and transparent product presentation
Product descriptions must be complete, understandable, and straightforward. Companies must inform customers about all the essential features of their offerings. Furthermore, they might not give a false impression about its nature or viable areas of application, so they need to describe each item comprehensively and in as much detail as possible. The important data varies depending on the type and complexity of the specific item. As a rule, however, the following information must be part of the description:
- Product name
- Manufacturer
- Product type or design
- Dimensions and quantities
- Color of the product
- Functionality and likely uses
- Key technical data
- Characteristic quality features
- Condition (for example, “new” or “used”)
- For clothing: Material, cut, size, and washability
- Correct total price or, if applicable, base price (see details below)
- Correct payment and delivery information (see details below)
A legally compliant online shop must also contain product images. Each item must be shown in at least one informative photo. Depending on the type of goods, consider showing them in several pictures from various perspectives. And, for items you offer in different versions, you need to ideally display photographs of each variant.
You must clearly indicate if the relevant image shows items not part of the offer. Likewise, you need to point out any potential deviations in detail. Avoid general phrases such as “product similar to picture.” Instead, choose clear wording such as: “It is possible that due to the lighting conditions during photography and different screen settings, the product’s color may not be reproduced exactly.” For natural items, which you cannot always sell identical versions of, include a note: “Since our product is made of wood, each specimen may have certain individual characteristics.”
Stripe solutions, including diverse tools such as Stripe Payments, Stripe Invoicing, and Stripe Billing, can help you correctly display the product and price during the transaction process.
Correct price information
In addition to the product description, legally compliant online shops must list the correct prices. Per Section 3 of the Price Indication Ordinance (PAngV), companies must always state the total cost, including value-added tax (VAT) and other components. If goods vary according to weight, dimensions, or volume, you must clearly state the base price, the respective measurements, and the actual price. Include any shipping costs, as well. That said, you could also break these down on a separate page of the web shop. The important thing is that customers receive the key price information before they place items in their digital shopping cart.
Complete delivery and payment information
If you offer no other information in your online shop, customers can assume that the purchased goods are available and that you will deliver them within five working days. Explicitly state if you cannot guarantee that time frame. Generally, it is advisable to give customers a delivery date. Regulations do not permit open time specifications such as “expected” and “usually.” However, you can state, “Delivery in approximately 3 to 5 working days.”
You need to display all possible delivery options, such as standard or express shipping. On top of that, provide details about delivery areas or restrictions. For example, if you exclusively ship orders within Germany, you must make that detail clearly visible during the ordering and purchasing process.
Payment terms
To ensure legal compliance in your online shop, especially regarding financial transactions, provide a clear list of all accepted payment methods. You must also specify when customers are required to pay, such as immediately after ordering or upon receipt of the goods.
Customers must also understand that they are committing to making a payment. For this reason, you must integrate a button with the inscription “Order with payment” or a corresponding precise formulation into your online shop (see Section 312j of the BGB). Wording such as “Buy,” “Order,” or “Continue” does not meet the legal requirements.
You must again list the most important information about the transaction near the buy button so the buyer can verify. As outlined by Article 246a of the Introductory Act to the BGB, these include:
- The characteristics of the articles or services
- The total price, including tax and delivery costs or the total monthly costs when concluding an indefinite contract or subscription
- The contract terms and termination conditions for indefinite or automatically renewing contracts
- If applicable, a minimum duration of the commitments
If the buyer clicks the button, regulations also require you to confirm the order by email. The confirmation must contain the complete content of the contract, including the GTC of the online shop and the cancellation policy.
For instance, you can ensure that your transaction process is fast and legally compliant with Stripe Payments or Stripe Checkout. Payments gives you access to over 100 payment methods and a quick one-click checkout. Checkout lets you integrate a pre-built transaction form into your website or direct customers to a page hosted by Stripe. This way, you can accept funds easily, quickly, and securely.
Cancellation policy
A legally compliant online shop must have a cancellation policy. As stated by Sections 355 and 356 of the BGB, this policy informs customers about their statutory right of withdrawal, which allows them to cancel the purchase within 14 days without giving reasons. If they do not notify you about the right of withdrawal, it is automatically extended by one year. Make the cancellation policy available on the website and in the order confirmation.
Creating and integrating legally compliant general terms and conditions into an online shop
GTC are mandatory for all online shops as they determine the contractual conditions of purchases. These regulate, among other things, delivery and payment conditions, exclusions or limitations of liability, and the rights and obligations of buyers and sellers.
Creating general terms and conditions
GTC must be complete and individually tailored to the company, the products or services offered, and the specific business process. For this reason, you must not simply copy another website’s terms and conditions, primarily since this constitutes copyright infringement. Additionally, you must respond to new legal requirements by regularly adapting GTC. In particular, this applies to changes in consumer or data protection laws. If you change it, you must inform existing customers. Communicate when the new terms and conditions apply and what changes you have made.
When drawing up GTC, it is also key that you formulate them clearly and comprehensibly. Avoid legal jargon and complicated sentence structures to prevent misunderstandings. In accordance with Section 307 of the BGB, GTC may not contain unreasonable consumer disadvantages. In the event of a dispute, invalid clauses will be unenforceable.
Ideally, you need to have GTC drawn up or reviewed by a lawyer or specialized service provider. Only then can you be sure they are legally compliant and tailored to your business model.
Integrate general terms and conditions
To ensure legal compliance in an online shop, terms and conditions must be straightforward for customers to find. They need to be accessible via a link on the homepage (for example, in the footer) as well as on the order page. They also must be able to read, confirm, and save the terms and conditions when concluding the contract. If the shop requires a specific confirmation, the buyer must indicate their consent by checking a box, agreeing to wording such as the following: “I have read and accept the general terms and conditions.” You must at least provide the GTC to the buyer in text form upon delivery.
How to create a legally compliant imprint
All websites or digital service providers that pursue commercial purposes are subject to the imprint requirement, meaning that anyone who runs an online shop must create an invoice. This must be accessible from every subpage of the website with just one click, which is why most companies place it in the footer such as the terms and conditions. Regardless, you must always contain the following minimum requirements in the imprint (see Section 5 of the Telemedia Act):
- For natural persons, the first and last name; for companies, the full company name and the first and last name of the authorized representative.
- For legal entities, the legal formation.
- The address, including street, house number, zip code, and city.
- Contact details, such as email addresses or telephone numbers.
- If available, the VAT identification number.
- If available, the commercial register number or the registration number of similar registers.
- If applicable, information on the status as a small-scale entrepreneur per Section 19 of the VAT Act.
- If the operators of the online shop are subject to official approval or supervision, companies must also list the responsible supervisory authority. This could be the case, among others, for certain craft businesses, financial service providers, insurance companies, and healthcare providers.
- If the online shop operators belong to a regulated professional group, details about the responsible chamber and the professional regulations must be part of the imprint. This applies, for instance, to physicians, attorneys, and tax consultants.
How to create a legally compliant privacy policy
Ecommerce companies must provide a comprehensive privacy policy according to the General Data Protection Regulation (GDPR). The privacy policy must clearly and comprehensibly explain which personal data the company collects, for what purpose, how it uses the data, and the rights of the data subjects. In addition, it must be easily accessible, for example, via the website’s footer or a direct link when visiting the page. Article 13 of the GDPR lists all the details that they must include in a privacy policy:
- The names and contact details of the controller
- Where applicable, the names and contact details of the data protection officer
- The legal basis and purposes of processing personal data
- The indication of the legitimate interests of the controller, if the company bases data on these (see Article 13, Paragraph 1, Letter f of the GDPR)
- The recipients of personal data in the event of disclosure
- The duration of storage of personal data
- The rights of the data subjects, including the rights to information, rectification, erasure, objection, revocation, and restriction of processing
- The description of the consequences of non-provision of personal data
- Optional: information on professional liability insurance
Consequences of an online shop not being legally compliant
Online shops not complying with all legal requirements can be subject to warnings or fines.
Warnings are widespread due to inaccurate or incomplete information about items or prices. The same applies to inadequate cancellation policies or inadmissible positioning of GTC. Failures such as these could be violations of competition law. Per Section 3a of the Act against Unfair Competition (UWG), anyone who commits a legal violation that harms the interests of customers, market participants, or competitors acts unfairly. In particular, if you do not describe products correctly, you harm your customers and/or might gain an unfair advantage over other providers. Both parties concerned can report violations that will result in warnings.
Incorrect data protection declarations or other violations of the GDPR can result in high fines. According to Article 83 of the GDPR, penalties can range from €20 million or 4% of the company’s annual worldwide revenue.
To be legally safe with your online shop, you must implement all the points mentioned in this article. The checklist below contains the key points.
The content in this article is for general information and education purposes only and should not be construed as legal or tax advice. Stripe does not warrant or guarantee the accurateness, completeness, adequacy, or currency of the information in the article. You should seek the advice of a competent attorney or accountant licensed to practice in your jurisdiction for advice on your particular situation.