Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

What are the security and legal requirements for an online shop in Ireland?

  • 29-01-2015 10:48am
    #1
    Registered Users, Registered Users 2 Posts: 254 ✭✭


    Hello wise designers (and hello to the daft designers too!),

    What are the security and legal requirements for an on-line shop in Ireland?
    • Assume I have an online shop set up on Wordpress using Woocommerce.
    • I've set up a Paypal/Strip/similar account and connected it to the online shop.
    • The shop allows users to register (so they can track their purchase history and save their details for future purchases).
    • The shop is based in Ireland and sells goods within Ireland.

    What are the legal obligations and security recommendations for such a shop? For example:
    • What are the Data Protection obligations (for recording user registration data)?
    • What cookies notices if any should be displayed?
    • What security arrangements should be in place? Am I correct in assuming that the Paypal/Stripe/similar account handles all the security in the sense that my shop is not handling any credit card or other payment information?
    • What policies must be displayed e.g. privacy policies, terms and conditions, etc.?
    • Are there other issues to consider?

    I'm comfortable with the technical aspects of setting up the Wordpress and Woocommerce end of things but haven't found a useful, comprehensive and reliable reference for these other aspects of e-commerce in Ireland. Is there one?

    I'd appreciate your feedback and experience!

    :)

    c


Comments

  • Moderators, Society & Culture Moderators Posts: 17,643 Mod ✭✭✭✭Graham


    Consumer rules if you sell online:

    http://corporate.nca.ie/eng/Business_Zone/Guides/Full%20List/Consumer_rules_if_you_sell_online.html

    Slightly old but probably all relevant.


  • Registered Users, Registered Users 2 Posts: 254 ✭✭coolaboola


    Thanks Graham! I appreciate you sharing the link. I'm also looking for more specific information e.g. what policies/notices must be displayed and how must they be displayed (wording, etc.)? Also would like to find out what would be recommended best practice (as opposed to legal requirements)...


  • Registered Users, Registered Users 2 Posts: 7,740 ✭✭✭mneylon


    Off the top of my head:
    • Terms and conditions
    • privacy policy
    • Cookie notice
    • Company number + VAT number
    • physical contact details

    Security - depends on what you are collecting and storing. Also the more comfortable / "safe" someone feels when interacting with an online shop the better.
    Even if you are passing the payment processing to a 3rd party you are probably still collecting personal information and storing it somewhere in the site / server.
    How is that data secured?
    What data is being collected?
    What is that data being used for?
    How long are you keeping it?
    Is any of the personal data being transferred outside Ireland?
    If it's transferred outside Ireland is it being kept within the EU?

    Some of these questions can be addressed via your privacy policy.

    Be realistic about this - you can take it to an extreme, but no matter how you handle things please don't ignore it :)

    Wording - have a look at what other established sites based in Ireland (and other countries of the EU) are doing.
    Don't simply copy and paste their terms of service etc., - I've seen that a LOT and it's not a good idea :)
    However you can take someone else's text and use it as a starting point.
    Ideally get your solicitor to review the documents
    I *think* the IIA had sample docs available to their members (http://iia.ie/)
    HTH
    Michele


  • Moderators, Society & Culture Moderators Posts: 17,643 Mod ✭✭✭✭Graham


    Make sure you check out your obligations under the EU Distance Selling regulations too.

    If you fail to communicate a consumers rights to a 7 day cooling off period correctly then the cooling off period extends automatically to 3 months.


  • Registered Users, Registered Users 2 Posts: 254 ✭✭coolaboola


    That's great info. Thanks Michele and Graham.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,786 ✭✭✭slimjimmc


    Graham wrote: »
    Make sure you check out your obligations under the EU Distance Selling regulations too.

    If you fail to communicate a consumers rights to a 7 day cooling off period correctly then the cooling off period extends automatically to 3 months.
    The new EU Directive on Consumer Rights has upped that to a 14 day cooling off period.
    http://www.citizensinformation.ie/en/consumer_affairs/consumer_protection/consumer_rights/distance_selling.html

    You might also need to quote the registered company address.


  • Registered Users, Registered Users 2 Posts: 254 ✭✭coolaboola


    Hi slimjimmc,

    Thats good to know. Thanks for pointing that out.

    Is there a boiler-plate text for displaying consumer rights on websites to comply with this legislation? As these rights are dictated by legislation I guess they're pretty similar across online retailers so the text would be similar across websites.

    c


  • Registered Users, Registered Users 2 Posts: 240 ✭✭tramoreman


    If you are selling
    coolaboola wrote: »
    Hello wise designers (and hello to the daft designers too!),

    What are the security and legal requirements for an on-line shop in Ireland?
    • Assume I have an online shop set up on Wordpress using Woocommerce.
    • I've set up a Paypal/Strip/similar account and connected it to the online shop.
    • The shop allows users to register (so they can track their purchase history and save their details for future purchases).
    • The shop is based in Ireland and sells goods within Ireland.

    What are the legal obligations and security recommendations for such a shop? For example:
    • What are the Data Protection obligations (for recording user registration data)?
    • What cookies notices if any should be displayed?
    • What security arrangements should be in place? Am I correct in assuming that the Paypal/Stripe/similar account handles all the security in the sense that my shop is not handling any credit card or other payment information?
    • What policies must be displayed e.g. privacy policies, terms and conditions, etc.?
    • Are there other issues to consider?

    I'm comfortable with the technical aspects of setting up the Wordpress and Woocommerce end of things but haven't found a useful, comprehensive and reliable reference for these other aspects of e-commerce in Ireland. Is there one?

    I'd appreciate your feedback and experience!

    :)

    c


Advertisement