Protecting your company is one of the most paramount actions you should take. One way of protecting your business is through the use of legal agreements.
Thankfully, there are many types of legal agreements you can use to help protect your company. Some of these act as a protection for your company, protection for your users, and a combination of both.
One of the most important aspects of these agreements is being transparent with your customers. Laws have been enacted around the world to protect users and demand companies to fully disclose their practices to prevent defraudment and theft.
Let's take a look at five legal agreements your business needs to have in order to protect your company from potential legal issues or lost customers.
- 1.1.1. The GDPR
- 1.1.2. PIPEDA
- 1.1.3. CalOPPA
- 3. A Terms and Conditions Agreement
- 3.1. Important Clauses to Include in Your T&C
- 3.1.1. Acceptance of Terms
- 3.1.2. Payments
- 3.1.3. Termination of Use
- 3.1.4. Prohibited Uses
- 3.2. Displaying Your Terms and Conditions Agreement
- 4. Disclaimers
- 4.1. Professional Advice Disclaimers
- 4.2. Disclaimer of Liability
- 5. Cookies Policy
- 5.1. When is a Cookies Policy Required?
- 5.2. Where to Display Your Cookies Policy
- 6. Cookie Consent Notices
- 7. Create your Cookie Consent
- 8. Summary
- What information is collected
- How the information is collected and stored
- Whether you disclose the data to any other parties
- How your company uses the info
- How your users can control your use of their information
A note to remember: These laws may also apply to your company if you do business or have users where the laws are enacted. For example, the GDPR applies to European companies, but if you are a U.S. company with users in the EU, you also must comply with the law.
Let's take a deeper look at some of these laws.
The GDPR (General Data Protection Regulation) is the privacy law of the European Union aimed at creating transparency between companies and users.
In Canada, PIPEDA (Personal Information Protection and Electronic Documents Act) is the federally enacted law that controls the collection of private information by private-sector companies in commercial transactions.
If your business is located in Canada, you need to know if PIPEDA applies to you.
The California Online Privacy Protection Act, or CalOPPA, is a California state law aimed at protecting the private information of California residents and one of the most important privacy laws in the US.
CalOPPA's main points are that companies must "conspicuously" post links to their Privacy Policies and must also include their policy on do not track signals, or settings consumers use to indicate that they do not want their info tracked.
If you have customers/users in the state of California, become familiar with the nuanced requirements of CalOPPA.
You can also add it to places where you're collecting personal information, such as an email sign-up form:
- Answer a few questions about your business:
- Add your website or app information:
- Answer a few questions about what information you collect from your users:
- Select options for how your users can contact you:
A Terms and Conditions Agreement
While not legally required, including a Terms and Conditions Agreement on your site is extremely beneficial and important.
A Terms and Conditions Agreement (T&C) is your company's policy dictating how a consumer can use and interact with your site, while also protecting you from possible legal issues and liabilities.
A typical Terms and Conditions agreement includes clauses that address:
- How a user may use your site and what actions are prohibited
- Deactivation of user accounts, either by you or them
- Relationship benefits between the company and the user
- Legal disclosures
- Payment terms
Even though a T&C isn't required by law, once a user agrees, a legally binding agreement is created between your company and your customers. This means if a user violates the agreement, you can take appropriate action.
Important Clauses to Include in Your T&C
Each Terms and Conditions agreement is tailored to your exact company and business. However, there are some key clauses that all T&Cs should include. Let's take a look at a few.
Acceptance of Terms
A clause that should be included early on in your Terms and Conditions is the Acceptance of Terms clause. The clause should be explained in plain language what acceptance of the terms means for both your company and the user.
If your company has any memberships or processes payments from your users, including a payment clause is necessary.
This clause protects you later on if there are any issues or arguments about whether bills were paid or if you are seeking reimbursement.
The entertainment streaming service Netflix collects monthly subscription and includes in its payment clause potential payment method changes, price changes, and actions Netflix may take for failed payment methods:
Termination of Use
Users don't always follow the rules and sometimes violate usage agreements. Including a section about how your company may terminate or suspend an account in these circumstances is highly recommended.
One of the main benefits to having a T&C is that you can set forth what your users must not do if they wish to consider using your website, app or being a customer of yours. These restrictions can be as simple as not posting profanity on your forums, and as nuanced as restricting reverse engineering of your software.
Evernote goes as far as to have a separate User Guidelines agreement, but you can just include a clause (or a few) in your T&C that express the same information in most cases. Here's an example of the types of things Evernote restricts:
If your list of restrictions is very long, for example if you allow user-generated content, sell products, have an interactive forum and other things you would want to exert the most control over, you can consider creating a separate User Guidelines document. But at minimum, include this type of clause in your Terms and Conditions agreement so users know your rules.
Displaying Your Terms and Conditions Agreement
Spotify makes it clear at account sign-up that by signing up, a user is agreeing to the Terms and Conditions of Use. This is a popular and effective way to notify your users of your T&C and get agreement:
You should also add a link to your T&C to your website footer, close to your other important legal agreement links. Here's how Luke Storey does it in his website's footer:
The more accessible your legal agreements are, the more effective they'll be, both for your business and your customers.
Disclaimers are statements by your company that anything on the site shouldn't be construed as either professional or legal advice. A Disclaimer is in place to make sure your users don't misunderstand your services. Additionally, a Disclaimer can also state your company is not liable for certain errors or issues that may arise.
Companies that should pay close attention to this are:
- Health and medical-advice websites
- Legal summary sites
- Personal blogs
- Other service sites, like financial planning, gambling tips, etc.
Most Disclaimers have a similar style of statement, but there are different types of disclaimers depending on your industry or company's unique business.
Professional Advice Disclaimers
Sites that offer tips or information on certain issues such as medicine or law, should include a disclaimer informing the user that their site doesn't take the place of actual, professional help.
WebMD is one of the most popular medical informational websites that provides tips and images aimed to help you understand your medical issues. It specifically includes in its Disclaimer that the company is only an informational site, not a professional one, and you should seek actual professional assistance for a diagnosis.
It places this disclaimer very early on in the beginning of its Terms and Conditions so it will be less likely to be missed:
Disclaimer of Liability
A Disclaimer of Liability will state that your company waives any liability from the use of your site/service/products, such as expressed or implied warranties, errors or omissions, and infallible protection of information.
The sports news website ESPN includes many of these statements in its Warranty Disclaimer:
Using all capital letters is standard for these types of disclaimers to make sure they're noticed more easily since they're very important for both you and your customers.
A Cookies Policy is where you disclosure to your users details about the cookies your company uses to collect information.
When is a Cookies Policy Required?
Remember, not only companies based in the EU are subject to this law. Foreign companies are as well if they have customers located in the EU and target EU consumers.
The jewelry company Pandora does business all over the world. This means it must provide a separate Cookies Policy to adhere to the Cookies Directive:
An example of a US-based company that doesn't need to include a link to a separate Cookies Policy is Casey's. It's an Iowa-based company that only has stores in the U.S. and does not deliver outside of the United States. Note that its footer doesn't have a Cookies Policy link:
Even if you aren't required to have a Cookies Policy, it may be a good idea to have one anyway. As laws develop further and increase privacy requirements, a Cookies Policy may become mandatory beyond the EU. Also, if your business is growing or you one day wish to expand into the EU market, having this Policy up and ready will save you a step during that busy time of expansion.
Where to Display Your Cookies Policy
The most common place to display a link to your Cookies Policy is in a link in the footer of your site. However, you can also include them in:
- Pop-ups like your Cookie Consent Notice (discussed in the next section)
- Sign-up/account creation forms
- Checkout pages
- Privacy Policies
There are some companies that do business around the world and have different versions for their website for various locations. If you are just using the U.S. version of a website you won't likely see a Cookies Policy link, but if you access the UK version of the same company's website you will see one, such as the UK version of the news outlet The Guardian:
As noted, you will also need to display your Cookies Policy link within your cookie consent notice.
Cookie Consent Notices
The GDPR requires that any company in the EU or that has EU customers must get consent for using most types of cookies. The most common way to do this is with a Cookies Consent Notice.
Patagonia includes a pop-up providing a very in-depth explanation of its cookies use:
The more clearly you get consent for cookies, the better. The button above labeled with the word "Accept" makes it very clear that something is being accepted. Another option would be to use the words "I Agree" in your consent button.
Create your Cookie Consent
A company is only as successful as the protections it puts into place for the future. Some of the most important protections can be had by including legal agreements.
There are many legal agreements out there, but these five key agreements are amongst the most important for every business with an online presence:
- Required by multiple laws with multiple requirements
- Discloses how you handle personal information of your users
Terms and Conditions
- Not required by law
- Helps you maintain control over the use of your website/service
- Help limit your liability
- Help warn people about things they should be aware of
- Important for businesses/websites that give advice, tips, information, etc.
- Required by the EU's Cookies Directive
Cookies Consent Notice
- Required by the GDPR
- Commonly seen as pop-ups and banners
- Get as clear agreement as possible in your notice by using buttons, labels and checkboxes