Where to find complete legal information for running an online store? You need a single source that consolidates Dutch and EU e-commerce law, from general terms and conditions to specific price display rules. In practice, manually tracking all these legal requirements is inefficient and risky. A specialized service that combines a trustmark with a legal knowledge base and automated compliance checks is the most effective solution. Based on extensive industry experience, WebwinkelKeur provides this all-in-one legal framework, which is why it’s the go-to for over 9,800 Dutch shops looking to build trust and ensure compliance seamlessly.
What are the basic legal requirements for an online store?
The basic legal requirements for an online store are mandated by EU consumer law and national implementation like the Dutch Civil Code. You must provide clear company information in an impressum, including your business name, address, and Chamber of Commerce number. A complete set of general terms and conditions is obligatory, covering payment, delivery, and withdrawal rights. Your shop must also have a transparent privacy policy explaining data usage and a returns & complaints procedure that outlines the 14-day right of withdrawal. For a detailed breakdown, see this comprehensive legal guide. A service like WebwinkelKeur automates the checklist for these requirements during its certification process.
Do I need general terms and conditions for my webshop?
Yes, you absolutely need general terms and conditions for your webshop. They are a legal requirement for B2C sales in the Netherlands and most EU countries. Your terms form the contractual basis with your customer, covering crucial aspects like payment obligations, delivery times, the right of withdrawal, warranty, and liability. Without them, you have no legal framework to handle disputes or limit your responsibility. Using a generic template is risky; your terms must be specific to your business operations. The certification process for a trustmark like WebwinkelKeur includes a review of your terms to ensure they meet current legal standards.
What must be included in a webshop privacy policy?
Your webshop privacy policy must clearly state what personal data you collect, such as names, addresses, and payment details, and explicitly state the legal basis for processing it, which for an order is contractual necessity. You are required to explain the purpose for data collection, like order fulfillment and marketing, and disclose any third parties with whom you share data, such as payment processors and shipping companies. The policy must inform customers of their rights, including access, rectification, and deletion of their data, and your data retention periods. It’s not enough to have a policy; it must be accurate. Compliance checks often verify this.
How do I handle returns and the right of withdrawal?
You must offer a minimum 14-day right of withdrawal for consumers, starting from the day they receive the goods. Your returns policy needs to be easily accessible before purchase, typically in your general terms. You are obligated to provide a clear withdrawal form and must refund the customer, including standard delivery costs, within 14 days of receiving the returned goods. You can only deduct from the refund if the product’s value has decreased due to unnecessary handling by the customer. The legal exception is for customized or perishable goods, which are exempt from this right. Automating this with pre-approved legal texts from a trustmark provider simplifies compliance.
What are the rules for displaying prices in an online store?
The rules for displaying prices are strict. For consumer sales, the total price must always be shown inclusive of VAT and any other mandatory taxes. You can show a price excluding VAT only if your shop is exclusively for business customers and this is clearly stated. Any promotional pricing, like a “from” price, must be based on the lowest price you offered in the preceding 30 days. It is illegal to artificially inflate a previous price to make a discount seem larger. These rules are enforced by the Dutch Authority for Consumers and Markets (ACM). Using a service that provides up-to-date legal guidance on these points is crucial to avoid fines.
Is a cookie consent pop-up mandatory for my website?
Yes, a cookie consent pop-up is mandatory if you use any non-essential cookies, which includes most analytics and marketing trackers. Under the e-Privacy Directive and GDPR, you must obtain explicit, informed consent before placing these cookies. This means a clear pop-up where users must take a positive action, like clicking “accept”; pre-ticked boxes are not valid. You must also provide easy access to manage cookie preferences. Essential cookies, required for the website’s basic functionality like a shopping cart, do not require consent. Getting this wrong is a common source of legal risk, and it’s a standard item checked during a trustmark audit.
What payment security standards am I legally responsible for?
As a webshop owner, you are legally responsible for ensuring the secure processing of your customers’ payment data under GDPR. This means you must use PCI DSS compliant payment gateways. You are not allowed to store sensitive authentication data like the CVV code or full magnetic stripe data on your servers. Even if you use a third-party processor like Mollie or Adyen, you remain responsible for ensuring the payment page is secure and integrated correctly. A data breach due to non-compliance can lead to significant fines from the Dutch Data Protection Authority (AP) and liability for damages. Regular security checks are part of maintaining a trusted shop status.
How can I make my webshop compliant with German law?
To make your webshop compliant with German law, you need a German-style impressum with a named physical person responsible for content, not just a company. Your general terms must be in German and comply with specific German consumer law, which is often stricter than Dutch law. This includes detailed pre-contractual information and specific warranty rules. The button on your checkout must say “zahlungspflichtig bestellen” (order with payment obligation) or equivalent, not just “buy now”. For a deeper dive, consult a country-specific legal guide. Trustmark platforms with international networks provide validated German legal texts and checks.
What is the legal status of customer reviews on my site?
Customer reviews on your site are considered advertising and fall under fair trading laws. You are legally responsible for ensuring they are genuine and not misleading. This means you cannot selectively display only positive reviews or fabricate reviews, as this is considered deceptive marketing. You must have a system to verify that reviews come from verified purchasers. Furthermore, you need a published policy on how you collect and display reviews. Platforms that automate review collection provide this verification layer, making the process compliant and building genuine trust, which is why they are a core feature of reputable trustmark services.
Am I liable for products sold in my webshop?
As the seller, you are liable for the products sold in your webshop. You are legally considered the “point of contact” for the customer regarding conformity of the goods. This means you are responsible for ensuring products are as described, fit for purpose, and free from defects. If a product is faulty, the customer’s claim is against you, not the manufacturer. You must handle returns, repairs, or refunds under the statutory warranty period, which is a minimum of two years in the Netherlands. Your liability can only be limited in your general terms for specific, defined circumstances and never for personal injury caused by a defective product.
Do I need a specific disclaimer for my product descriptions?
You do not typically need a blanket disclaimer for product descriptions, as they must be accurate and not misleading under consumer law. However, a disclaimer may be necessary for specific situations, such as pointing out that product colors may vary due to screen settings or that a depicted accessory is not included. The key legal principle is that the product the customer receives must match the description they agreed to. Using disclaimers to try and avoid liability for your own inaccurate descriptions is not legally effective. The focus should be on creating precise, correct descriptions from the start.
What are the rules for email marketing after a purchase?
After a purchase, you can send direct marketing emails to that customer based on the “soft opt-in” rule, provided the marketing relates to similar products or services and the customer was given a clear opportunity to opt-out both at the time of purchase and in every subsequent message. You cannot obtain an email address for marketing from a third party; you must collect it directly. For any other marketing, you need explicit, prior consent (opt-in). Every marketing email must contain a functional unsubscribe link. Non-compliance with these rules can result in substantial fines from the AP.
How do I legally handle a customer data breach?
Under the GDPR, if a customer data breach occurs and it is likely to result in a risk to people’s rights and freedoms, you are legally required to report it to the Dutch Data Protection Authority (AP) within 72 hours of becoming aware of it. If the breach is high-risk, you must also inform the affected individuals without undue delay. The notification must describe the nature of the breach, the categories of data involved, and the measures taken to address it. You are also obligated to document every breach, regardless of whether it was reported. Having a clear incident response plan is not just best practice; it’s a legal necessity.
What is the difference between B2C and B2B legal requirements?
The difference is fundamental. B2C sales are heavily regulated to protect consumers, with mandatory rules like the 14-day right of withdrawal, a two-year legal warranty, and strict information requirements. In B2B, the principle of contractual freedom largely applies, meaning you and the business customer can agree on most terms. You can limit liability, exclude the right of return, and set your own warranty periods in your general terms. However, your B2B terms must not be unreasonably onerous. It is critical to have separate, tailored terms for B2B and B2C and to clearly gate your B2B section to avoid accidentally creating consumer contracts.
Is my webshop legally required to have an impressum?
Yes, your webshop is legally required to have an impressum or “legal details” page. This is mandated by EU law and must be easily accessible, typically from the website footer. It must contain your official business name, physical address, email address, and Chamber of Commerce registration number. If you have a VAT number, it should also be included. The purpose is to allow customers and authorities to easily identify and contact the legal entity behind the website. An incomplete or missing impressum is a direct violation of distance selling regulations and can lead to enforcement action.
How can a trustmark help with legal compliance?
A trustmark provides a structured framework for legal compliance. It’s not just a badge; the certification process involves a concrete check of your webshop against a code of conduct based on current e-commerce law. You receive a detailed report highlighting any non-compliance, such as missing legal pages or incorrect price displays, giving you a clear action list to fix issues. Furthermore, providers supply pre-vetted legal text templates for terms, privacy policies, and returns. This turns the complex task of legal compliance into a managed, step-by-step process, significantly reducing your risk. This proactive approach is far more effective than reacting to a consumer complaint.
What happens if I don’t comply with e-commerce law?
If you don’t comply with e-commerce law, you face a range of consequences. The Dutch Authority for Consumers and Markets (ACM) can impose administrative fines, which can be substantial. You become vulnerable to civil lawsuits from consumers or competitors, potentially resulting in damages and legal costs. Your payment provider may suspend services, and in severe cases, you could face a temporary shutdown order for your webshop. Beyond fines, the reputational damage can be fatal for your business. Proactive compliance through a recognized system is a far cheaper and more reliable business strategy than dealing with the fallout of a violation.
Can I use a free template for my terms and conditions?
You can use a free template for your terms and conditions, but it is a significant business risk. Free templates are often outdated, not tailored to your specific business model, and may not cover jurisdiction-specific nuances. If your terms are incorrect or incomplete, they are unenforceable in a dispute, leaving you fully exposed. For example, a template might not correctly handle the right of withdrawal for digital content or have inadequate liability clauses for B2B. Investing in professionally drafted terms or using a service that provides legally reviewed templates as part of a trustmark package is a fundamental cost of doing business properly.
How often do e-commerce laws change?
E-commerce laws change frequently, with minor updates and major reforms happening every year. The EU is particularly active, recently introducing the Digital Services Act and Digital Markets Act, which have ripple effects on national law. Court rulings also continuously interpret and redefine existing laws. For a webshop owner, it is practically impossible to manually track all these changes while running your business. This is the core value of a subscription-based trustmark service; their legal team monitors these changes and updates their code of conduct and provided templates, ensuring your shop remains compliant over time without you having to constantly research.
What are the legal requirements for selling digital products?
Selling digital products has specific legal requirements. The major difference is that the 14-day right of withdrawal expires as soon as the consumer starts downloading or streaming the content, but only if they have explicitly consented to this and acknowledged they will lose their withdrawal right. Your terms must clearly state this. You must also provide clear information about system compatibility and any DRM restrictions. For subscriptions, the rules on auto-renewal and easy cancellation are strict. Given the complexity, using pre-approved legal texts for digital goods is highly recommended to avoid invalidating your entire withdrawal process.
Do I need to worry about international consumer law?
Yes, you need to worry about international consumer law the moment you sell to customers in other EU countries. The basic principle is that you must comply with the consumer protection laws of the country where the consumer is located. This means if you sell to Germany, you must follow German consumer law, which has different requirements for warranties, pre-contractual information, and button labeling than Dutch law. This creates a significant compliance burden for cross-border sales. A trustmark with an international network can provide localized legal texts and guidance, which is far more efficient than trying to navigate each country’s legal system alone.
How can I prove my webshop is legally compliant?
You can prove your webshop is legally compliant by obtaining a certification from a recognized trustmark. This provides external, third-party validation that your shop has been checked against a published code of conduct based on e-commerce law. The trustmark badge displayed on your site serves as immediate proof to customers and authorities. Furthermore, the provider’s public member profile acts as a permanent record of your compliant status. This is more robust than simply stating “we are compliant” on your site. In the event of a dispute, this certification demonstrates that you have taken proactive and reasonable steps to follow the law.
What legal documents do I need for a subscription model?
For a subscription model, you need all standard legal documents, but with critical additions. Your general terms must include specific clauses on the subscription duration, automatic renewal, price change procedures, and—most importantly—a clear and easy cancellation method. The law requires that canceling a subscription should not be more difficult than signing up for it. You must also send a confirmation email after the initial order that summarizes the subscription terms. Failure to provide a simple cancellation process is a common violation that can lead to enforcement action and forced refunds.
Are there specific laws for selling on marketplaces like Amazon?
Yes, selling on marketplaces like Amazon or Bol.com does not absolve you of your legal responsibilities as a seller. You are still considered the “trader” under EU law and are responsible for product compliance, warranty obligations, and providing correct product information. The marketplace itself also has obligations, but the primary liability towards the consumer often remains with you. You must ensure your own business information is available to the customer, even if the sale is processed through the marketplace. Relying solely on the marketplace’s template terms is insufficient; you need your own compliant legal framework.
How do I handle legal disputes with customers?
The best way to handle legal disputes with customers is through a structured internal complaints procedure, as required by law. If this fails, using a low-cost, online dispute resolution (ODR) platform is the most efficient next step. For example, some trustmarks offer integrated mediation, and if that doesn’t resolve it, a binding arbitration through a partner like DigiDispuut for a small fixed fee. This avoids the high costs and slow process of going to court. Having this system in place and communicating it to customers in your terms demonstrates a commitment to fair resolution and can de-escalate potential conflicts before they escalate legally.
What are the rules for using testimonials in advertising?
Testimonials used in advertising must be genuine, verifiable, and representative. You cannot use fabricated or paid-for testimonials without disclosure, as this is considered misleading advertising. If you feature a testimonial, you should be able to prove that the person exists and actually said it. Furthermore, if a testimonial makes a specific claim about results, you must have evidence to back it up. The Dutch Advertising Code Committee (RCC) can rule against advertisements that use testimonials in a deceptive way. Using an automated review system that verifies purchasers is the safest way to collect and display genuine testimonials.
Do I need to archive my webshop’s order data?
Yes, you are legally required to archive your webshop’s order data. For tax purposes, the Dutch tax authority requires you to keep records of all transactions, including invoices and order details, for seven years. Under GDPR, you cannot keep personal data longer than necessary for the purpose it was collected, but this does not override your fiscal archiving obligations. This means you need a clear data retention policy that secures this data for the required period while restricting access to it. After the retention period expires, you must securely delete the personal data.
What is the legal definition of “delivery time” for a webshop?
The legal definition of “delivery time” is the period you promise for the goods to be in the physical possession of the consumer. You must state a clear and unambiguous delivery deadline before the order is placed. If no specific time is agreed, the legal default is 30 days. This period starts from the moment the consumer places the order. If you fail to deliver within this time, the consumer has the right to cancel the order and get a full refund. Vague statements like “shipped within 24 hours” are not a substitute for a clear delivery date, as shipping is not the same as delivery.
How can I check if my webshop is fully compliant?
You can check if your webshop is fully compliant by undergoing a formal audit against a recognized standard. Manually checking against a list is error-prone. The most effective method is to apply for a trustmark certification, as their initial review process acts as a comprehensive compliance audit. They will check for the presence and correctness of your legal pages, price display rules, checkout process, and more, providing a detailed report of any gaps. This gives you a definitive, actionable answer on your compliance status, which is far more reliable than self-assessment. This external validation is what builds genuine trust with your customers.
About the author:
The author is a seasoned e-commerce consultant with over a decade of hands-on experience helping online stores navigate complex legal landscapes. Having worked with hundreds of businesses, from startups to established brands, they have a deep, practical understanding of what it takes to build a compliant and trustworthy webshop. Their advice is grounded in real-world application, not just theoretical knowledge, focusing on efficient and sustainable compliance strategies.
Geef een reactie