Introduction

We encounter many questions from new startups. One of the frequent questions we receive is, “Is it legally required that my website have Terms and Conditions”? “If not, why do I need them?”

If you have recently started a new business or have immersed yourself in the startup world, you may be wondering if the website for your business requires legally binding documents.

The answer to this question depends upon your business, type of services or goods, and products being offered.

Are terms and conditions mandatory by law?

No, having a terms and conditions document on your website is not mandatory by law. However, you may be legally required to make certain disclosures if you provide certain services and goods, such as trading/ cryptocurrency platforms telehealth/ telemedicine platforms. Therefore, it is highly recommended to engage experts to write terms and conditions for your business. I will explain why in brief in this article.

What happens if you do not have terms and conditions?

Among many other implications, If a website does not have terms and conditions or other policies which dictate the terms of use of your website, services, or products, the applicable laws of the place in which a dispute arises will apply. For example, if your customer engages in a dispute in Colorado, USA, and your company is based in New York, the jurisdiction will automatically become the state of Colorado. You or a representative of your company will have to travel to Colorado to attend to the dispute. This kind of situation may be easily averted if a clause mentioning the “governing laws” is specified. We also recommend that alternative dispute resolution methods be adopted to resolve disputes faster.

Services

Online Services

You may be providing services to your customers, such as online services like social media marketing, crowdfunding platforms, blockchain-based decentralized streaming platforms, telehealth/telemedicine platforms, and other similar online services. Suppose you provide any of the above listed or similar online services in which you provide services directly or indirectly through your website. In that case, it is highly recommended that you write terms and conditions for your website. A terms and conditions document legally bind your users to comply with the rules contained therein. This document will also have terms that will set out the rights and duties of your users and your company. The terms and condition document’s most important features include limiting your company’s liability and setting out terms for dispute resolution, including which country/state/province law will be applicable and the method of dispute resolution. In the case of online services, the terms and conditions document need to be relatively comprehensive compared to offline or physical on-site services (may vary depending upon business model).

Offline Services.

If you are running a business like a yoga studio, gym, hypnotherapy clinics, and provide other similar services which require either you, your employees, and your clients to be physically present at a premise to provide and avail services as applicable, and you are not providing such services through your website or other online mediums, a basic terms of use document dictating the use of your website may be enough. However, you may still require other documents to protect yourself, your employees, and your business, such as disclaimers, limitation of liability terms, etc. You may also need to make disclosures as may be mandated by laws.

Goods

Suppose you are selling goods through your website. In that case, it is essential to have terms and conditions written for your website as they will contain terms such as cancellation and refund terms, website usage policy, and other terms for effectively running your business. Terms regarding e-commerce websites vary depending upon your business model. If vendors can sign up and sell their products on your website (such as Amazon), or if only you are selling the products (Apple), the terms for your website will vary. A one size fits all approach will be detrimental to your business.

What else do you need for your website?

Even though having terms and conditions on your website is not mandated by law, it is mandatory to display your privacy practices on your website if you are collecting personal data from users via your website. Privacy practices of businesses are usually contained in a Privacy Policy document.

Depending on where your business is based and in which countries users’ data is being collected from and sent, you will need a privacy policy complying with such countries’ local laws. For instance, If you are based in India, your business will require a Privacy Policy document containing the privacy practices of your business and website. Depending on the information collected, such document may also need to comply with the Information Technology Act 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011, Information Technology (Intermediaries Guidelines) Rules, 2011, and other applicable laws mapped according to your business model.

If you collect personal data from EU residents, you will need a General Data Protection Regulation (EU) 2016/679 (GDPR) compliant Privacy Policy. If you collect personal data from the USA, such as California residents, your business will require a California Consumer Privacy Act of 2018 (CCPA) compliant Privacy Policy. The California Privacy Rights Act (CPRA) (unofficially dubbed CCPA 2.0) amends the CCPA, which has been criticized for overbroad definitions and ambiguous language. The CPRA expands the privacy rights of California residents and increases compliance obligations for companies. The CPRA becomes effective on or after January 1, 2022 (other than for access requests) but will not be operative until January 1, 2023.

Once again, companies will have to review their privacy programs and likely amend further to comply with CPRA’s new requirements. That said, the CPRA generally becomes operative on January 1, 2023, and during that time, California regulators are expected to provide additional information on compliance and enforcement implications of the new law.

Companies should monitor CCPA/CPRA developments and ensure their privacy programs and procedures remain aligned with current compliance requirements.

The abovementioned legislation mandates that the privacy practices of businesses be transparent and declared to the general public. These privacy terms also contain the rights of your website users and where the users can reach your company to avail themselves of those rights.

How we can help you

Mapping your product with the law and drafting documents for the safety of your business:

We will assess your business model and accordingly determine the laws that apply to it. We will provide consultation and assist you in creating documents for your business after examining your business.

Connect with us at [email protected]

Author: Akash Mehrotra, Team Lead | IPR | Data Protection & Privacy Law, Vidma Consulting Group LLP