Virtual Visibility

COVID-19 is first and foremost a tragedy and is impacting people on a deeply human level.  For many of us, it has also changed our priorities around what’s important, while others face ongoing financial uncertainty.

Just like the year 2020 is proving to be, the global recovery from lockdown measures is difficult to accurately predict. Will future consumers turn away from measuring success through the value of having ‘stuff’ and want a simpler life? Or will they think ‘life’s too short’ and live for the moment?

With this in mind, we’ve been reading the first edition of the EY Future Consumer Index, a survey of 4,859 people tracking consumer sentiment and behaviour across the US, Canada, the UK, France and Germany.

In this survey, 42% of those interviewed expected their shopping behaviour to permanently change, a third are willing to pay more for local products, a quarter for trusted brands and a quarter for ethical products (Source: EY Future Consumer Index, May 2020.)

The table below gives some context:

Businesses need to think about their online retail platforms, how they can trade with them and how visible they are to customers.

Any online presence needs to be reviewed to see if this could be the time to expand reach and use social media channels to keep in touch with your customer base and build brand values.

With many businesses normally reliant on a strong physical presence, the challenge now is how to deliver sales and services face-to-face, outsourced, automated and self-service.

At the centre of this is the website, the virtual shop window to the world. We’ve had various enquiries about website use and will be coming back to it in more detail in future updates, including looking at finding ways to make your Intellectual Property work harder for you.

However , what has come across at a more basic level is that businesses are not all aware of the data protection issues and  statutory requirements to make certain information easily accessible on their website.

We’ve tried to summarise the basic requirements below.

What are the core Data Protection issues for a site?

Data protection legislation sets out obligations on controllers of personal data.

The important thing to remember that a business (and its website) can process personal data in a variety of easy ways, for example by using IP addresses or when a user contacts it via a “Contact Us” section.

It is essential to have the following on your website:

  1. A statement, which must come up when a user first arrives at the site, explaining that Cookies (a text file on your computer that when you visit a website stores the website’s name, and also a unique ID to your PC, Mac, phone or tablet) are used, and the ability for users to accept or reject any “non-essential” cookies without hindering the experience. Compliant business need to demonstrate a consent mechanism for non-essential cookies, a good example of which would be tracking cookies.
  2. Adding to this, a policy that indicates what cookies your website uses, what those cookies do and how long they are stored on any user’s device.
  3. A privacy policy that details what personal information your business collects, how it collects it, why it collects it and what the lawful basis is for processing it. We would usually advise including a disclaimer stipulating how users can use the information on the website, and what liability (if any) your business accepts.
  4. Please note that if any business wishes to send direct marketing i.e. via email, to users of its website, it must first acquire consent. Any user consent needs to be freely and positively given (e.g. ticking a box). It is not good enough if that box is ticked by default.

What about basic information for the site?

The following information needs to be easily accessible, but it doesn’t have to appear on every page:

  1. Company name.
  2. Place of registration, such as England and Wales.
  3. Company registered number.
  4. Registered office address.
  5. Postal address and company email address.
  6. How to contact the company via non-electronic means.
  7. The name of any trade bodies or professional associations that the company is part of, as well as any membership or registration details.
  8. If the applicable (i.e. the company carries on a VATable activity), its VAT number.
  9. Where a limited company is exempt from the obligation to use the word “limited” as part of its registered name, the fact that it is a limited company.
  10. If the company is part of a regulated profession (e.g. solicitors and doctors), it must also provide:
    1. The details of any professional body (or similar institution) with which it is registered.
    2. The professional title and country where that title has been awarded.
    3. A reference (via hyperlink) to the professional rules applicable to the company in the member state where it is established. Where no hyperlink can be provided, the company must explain how such professional rules can be accessed.

Any other basic information or policies required?

Most sites also have a website terms of use with provisions dealing with access to, and use of, the site.

These include information about the website owner, rights to modify or withdraw the website, disclaimers for material published on it or linked to from it, rules about how such materials may be used and about unacceptable user behaviour such as hacking, introducing viruses and uploading illegal or defamatory content.

This may have as part of it or separate to it, an acceptable use policy with rules and standards with which visitors of a website must comply when they are using the website.

The site owner can then rely on such rules to try and prevent both the unauthorised reproduction of material contained on the website, and undesirable user behaviour such as hacking, introducing viruses, and uploading illegal or defamatory content.

The Modern Slavery Act 2015 requires any “commercial organisation” having a global turnover of £36 million or more to publish a slavery and human trafficking statement for each financial year that ends on or after 31 March 2016. If the organisation has a website, it must publish the statement on that website and include a link to the statement in a prominent place on its homepage.

If a company is in financial difficulty it must also provide:

  1. While a company is in administration, a statement of the name of the administrator and that the affairs, business and property of the company are being managed by them.
  2. Where a moratorium is in force, a statement that effect and the nominee’s name.
  3. Where a receiver or manager has been appointed, a statement to that effect.
  4. Where the company is being wound up (whether voluntarily or by the court), a statement that it is being wound up.

We offer bespoke advice and support both for new sites and revising terms of use for existing sites as well as keeping business terms and conditions up to date and COVID aware. Please drop me an email if you need any further details.

Stay safe and well.