Сontent of article
With each passing year, more and more business transactions are being conducted online. The rise of e-commerce has simplified the process of starting a business by allowing entrepreneurs to create a website and promote it through digital advertising. Now, transactions with customers happen online, speeding up the process. Contracts can be executed without the need for the parties to meet in person.
However, it is crucial to ensure legal protection for your online platform (such as a website, bot, or Telegram channel) by having several key documents in place: a public offer, a privacy policy, and consent for data processing. It is important to emphasize that these documents are necessary not only for websites but for any online resource used for sales, customer interaction, and the collection of personal data.
What is an offer, and why do all online sellers need this document?
A public offer is a seller’s proposal to enter into a contract with any person who agrees to it by taking certain actions. Online, this offer is typically presented as text on a digital platform, outlining all the conditions for purchasing goods or services. A buyer can accept the offer by actions such as clicking a button that says "I accept the terms of the public offer" or by completing a payment for the product or service, which constitutes acceptance of the terms laid out in the offer.
A valid public offer must satisfy the following conditions:
- Definiteness. The offer to enter into a contract by accepting its terms must contain a comprehensive list of conditions under which the parties will interact. These are known as essential terms under Russian law (such as the price of the goods or services), and the absence of these terms would render the contract invalid;
- Directed to an undefined group. The offer is made to an unspecified group of individuals, although certain limitations may be imposed. For example, if the product is not intended for sale to individuals under 18, this can be specified in the offer so that only adults may accept it;
- Irrevocability. Once the offer is made, the seller is obligated to provide the services or goods to any person who accepts the terms as stated in the offer. Therefore, it is essential to carefully draft the public offer to ensure sufficient legal protection for the seller.
Including a public offer on a web platform is essential for all sellers due to the following reasons:
- Legal compliance. The Federal Russian Law "On Consumer Protection" mandates that sellers provide information about their products or services, along with the terms of sale, prior to entering into a contract with the buyer. In the context of online sales, a public offer fulfills this requirement by outlining all the essential terms of the contract with the buyer;
- Proof of agreement. For any seller, it is critical to have clear evidence that the buyer has agreed to the terms of sale. By accepting the public offer, the buyer consents to the specified terms, which then serves as proof of the contract;
- Protection for both the seller and the buyer. The public offer helps avoid disputes between the seller and the buyer. In the event of any claims by the buyer against the seller, the conditions of the public offer can always be cited as proof of the terms agreed to by the buyer;
- Building trust with buyers. Posting a public offer on the website establishes a trust-based relationship with buyers. At any time, before or after the purchase, they can review the terms of the purchase they agreed to, which demonstrates the seller's good faith and serves as a positive factor in the site's development.
How a buyer can accept the terms of the offer:
- Pre-registration on the site and/or ticking a checkbox. You can require buyers to register on the site, with the final step being to tick the checkbox (button) "I accept the terms of the public offer." Or you can provide a pop-up of this button before making the purchase;
- Payment for goods or services. The act of making a payment also serves as confirmation that the buyer has accepted the terms of the offer. Once the payment is made, it is crucial to provide the buyer with a receipt via their chosen contact method.
FYI: the button labeled "I accept the terms of the public offer" must not be pre-selected by default. The buyer must intentionally and consciously agree to the terms. Otherwise, this acceptance could be considered invalid, and the buyer's rights may be defended in court.
What other documents must be on an online store’s website?
- Personal data processing policy or Privacy policy.
- Consent to the processing of personal data.
- Consent to receive advertising information.
- User agreement.
- Return and refund policy.
Russian law mandates that all entrepreneurs conducting business online must publish a document on their websites that governs the processing of users' personal data. This document provides transparency regarding how personal information is handled and assures buyers that their data is being safeguarded. Additionally, it serves as protection for the seller, as failing to include this document may lead to fines imposed by Roskomnadzor.
To legally process customer information, an online store must obtain the customer’s explicit consent. This consent should be presented as a separate document, which users can agree to by ticking a checkbox on the registration page, confirming their approval for the use of their personal data.
FYI: the consent must be clear and individualized for the buyer. To ensure this, the text of the consent may include the following universal clause: "I consent to the processing of my personal data; my consent is specific, informed, deliberate, and unambiguous."
Sellers often want to establish long-term relationships with customers by sending them advertising or informational messages to their email or phone. The buyer must give their consent to such mailings in advance, and it is not recommended to include this consent within the personal data processing agreement, as this should be a separate document to avoid fines from Roskomnadzor.
In terms of content, it will indeed resemble the consent to the processing of personal data, but the purpose of the processing will specifically be the receipt of the seller’s advertising materials.
The user agreement details the terms and conditions for using the website, including guidelines for posting reviews or comments on the products or services offered in the online store. While not all entrepreneurs opt to include this document on their website, having it in place reduces the likelihood of user violations and helps establish clear rules for appropriate behavior on the platform.
This document sets forth the procedures and conditions for returning goods and issuing refunds to buyers. Under Russian federal law, buyers have the right to return goods of unsatisfactory quality or under other circumstances stipulated by law. The document can be posted separately or incorporated into the text of the public offer.
Notification to Roskomnadzor and the risks of its absence.
Filing a notification with Roskomnadzor is a required step for informing the regulatory authority about the initiation of personal data processing. Before launching any activities on their website, all businesses and entrepreneurs are obligated to submit this notification to Roskomnadzor.
The notification should include the following details: information about the data controller, the objectives for which personal data is being processed, the categories of individuals whose data will be processed etc.
The notification process involves the following essential steps:
- Preparation of the notification. The data operator drafts the notification, ensuring all legally required information is included. Much of the necessary data is typically found in the consent form for personal data processing, which is already available on the website;
- Submission of the notification. The notification can be filed either in paper format or electronically via a dedicated service on Roskomnadzor’s website or through the Gosuslugi platform;
- Entry into the register of operators. Once the notification is submitted, the operator is added to Roskomnadzor’s registry of personal data operators.
FYI: after being included in Roskomnadzor's register, the organization must ensure that the information remains accurate and must inform Roskomnadzor of any changes regarding personal data processing.
Consequences of not notifying Roskomnadzor:
- Administrative penalties. Failing to submit the required notification can lead to fines. For individuals, the fines range from 3,000 to 6,000 rubles, while for legal entities, they can range from 15,000 to 75,000 rubles. Additionally, this may be considered a violation of personal data processing regulations, increasing the likelihood of further sanctions;
- Damage to reputation. Non-compliance with personal data legislation often negatively impacts the reputation of the organization;
- Challenges in legal defense. Without proper notification to Roskomnadzor, the data operator may struggle to prove the legality of its actions during court proceedings or inspections. This could result in the organization failing to demonstrate compliance with legal obligations, potentially leading to negative outcomes;
- Unscheduled inspections. Failure to notify can prompt Roskomnadzor to conduct unannounced inspections, which may uncover additional violations and result in further fines or penalties.
Adhering to legal requirements for personal data protection is crucial for minimizing risks, ensuring smooth business operations, and maintaining competitiveness. Online stores and other entities that handle personal data on the Internet must promptly notify Roskomnadzor and implement all necessary safeguards to protect customer information.