Andrew Brennan, a technology lawyer at commercial law firm SGH Martineau, on legal health checks for corporate websites.
Every business in the construction industry and its supply chain recognises the need for a website that delivers an engaging experience for visitors, showcasing the company’s skills and expertise, with plenty of content to ensure visitors return. But a significant number appear to be ignoring the need for their website to meet minimum legal requirements.
The site must display the registered business name, place of registration, registered number, registered office address, details of any regulator if the business undertakes regulated activities and the VAT number. All of this information doesn’t need to be on the homepage, but it should be easy to locate on the site. For sole traders and partnerships, the address of the principal place of business must be shown.
The collection, storage and use of personal data, including the sharing or selling of information is a growing area of concern, so it is essential businesses have the relevant policies and procedures in place.
In 2011 the law governing cookies changed and visitors must now positively consent to their use. Websites should clearly explain what cookies are used, what information they gather, what’s done with it and that by continuing to use the site, the visitor consents to their use.
To help future marketing efforts, websites are now designed to obtain visitors’ personal contact information and while there is no problem emailing individuals at a later date, it has to be in relation to their original enquiry or transaction, and they must be given a way to unsubscribe from future communications.
"When a business collects and uses personal data it becomes a data controller, so must explain what information is being collected and why. The website must have a Privacy Policy that explains how information will be used and it should contain a method for contacting the designated data controller."
If a business wants to email general marketing information that is unrelated to an individual’s original enquiry, their express consent must be obtained. This is often done by providing tick boxes, but these must not be pre-ticked – any business that continues to use pre-ticked boxes risks enforcement action.
While these rules only apply currently to individuals (and strangely, partnerships, but not LLPs) and not corporate visitors to a website, care should still be exercised, as many corporate visitors might use personal email addresses to receive information.
All email marketing must contain the identity of the sender and give the recipient the means to unsubscribe from the service and be removed from any list that holds their contact details. If a website visitor provides address details and a phone number, a business can market to them by telephone or post until asked to stop.
When a business collects and uses personal data it becomes a data controller, so must explain what information is being collected and why. The website must have a Privacy Policy that explains to users how information will be used and it should contain a method for contacting the designated data controller – an email link will usually suffice.
Terms and Conditions are not a website legal requirement, but they can help prevent many problems in the future. They will help protect the business by clearly stating what activities the business undertakes and what intellectual property (IP) it owns on the website. They should also warn visitors against “framing” or “deep linking” to the site – which might imply some professional endorsement of the site that includes the link.
It’s also a good to include a “disclaimer of liability”, warning visitors the information provided is accurate to the best knowledge of the site owner, but should not be taken as fact.
More site owners now allow “user generated content” (UGC) on their sites, where individuals can post comments, reviews, pictures etc, but it is essential the site has an “acceptable use” policy to protect against any illegal or offensive material being posted. Without this policy in place, it is the site owner that could face action, not the individual responsible for the post.
Ignorance of the law is no defence and non-compliance can be serious. Businesses should check their sites carefully and if doubt exists they should get a lawyer who is experienced in this dynamic area of law to check it, make sure it’s legal and ensure it stays that way.
Andrew Brennan is a partner in the intellectual property and technology team at leading UK commercial law firm SGH Martineau. The firm offers a Website Health Check initiative.
