What are the legal requirements an online shop must fulfil to operate in Spain?

Opening an online shop is an attractive and exciting project. But to do it right, we need to keep in mind certain mandatory aspects, if we wish for our e-commerce website to roll out in optimal conditions and to grow limitlessly. In that sense, one of the main points to tackle will be the compliance with all the legal requirements established by the current legislation in Spain and the EU.

Fulfilling all the legal matters established by Law is not simply a question of overcoming some bureaucratic formality, aiming to prevent any type of penalty imposed by the public administration. Instead, we should consider it as something mandatory, in order to transmit to our customers an image of a serious and reliable business.

Conscientious compliance with the legal requirements will contribute to our online shop being seen as a trustworthy website by our customers.

Nowadays, e-commerce has become part of our daily reality. However, there still exist important entry barriers in the eyes of consumers. These barriers can make the user think twice before completing the purchase in our online shop. In that sense, conscientious fulfilment of the legal requirements will contribute to our online shop being seen as a trustworthy website by our customers, encouraging purchase.

Conscientious fulfilment of the legal requirements will contribute to our online shop being seen as a trustworthy website by our customers ☑🤝Click To Tweet

More specifically, any online store should follow three great laws:

Law of Retail Trade Management (Ley de Ordenación del Comercio Minorista)

Any and all online stores should comply with the articles of distance selling regulation, as per the Law of Retail Trade Management, which mainly focusses on legal aspects affecting retail sales “without simultaneous physical presence of the buyer and the seller”.

Some of the most important points of this law we should study thoroughly are the following:

  • Execution and payment terms: usually, we will let our buyers know the estimated delivery times from the moment of purchase confirmation (the shorter this time is, the more attractive our offer). Nevertheless, we must know that, if we haven’t set a delivery deadline, we are obligated –by Law– to deliver the product in up to 30 days.
  • Information about the seller and their offer: the Law explicitly states the obligation of providing the buyer with the following data in a clear and understandable manner:

a) Provider’s identity.

b) The features of the product that is being offered.

c) The price of the product and the shipping costs (if there are any). These must be specified separately.

d) Payment methods, as well as delivery or execution options.

e) Registered place of business, and at least one physical facility, if there are any.

f) In case of providing the possibility of payment in instalments, the customer must be informed of the conditions.

g) Purchase withdrawal form.

  • Right to withdraw: in 2014, the return times went from 7 to 14 natural days, during which the seller cannot demand any penalty. Said right to withdraw starts from the moment the buyer receives the product.

Law of Services of the Information Society and Electronic Commerce (Ley de Servicios de la Sociedad de la Información y Comercio Electrónico)

Also known as simply LSSI, this law is possibly one of the most relevant ones to keep in consideration, if we want to prevent our online shop from suffering any possible penalty or fine, regardless of how tiny it is. It also aims to provide maximum guarantees in terms of data protection and privacy.

LSSI agrees with the Law of Retail Trade Management with regard to the duty to inform. More specifically, this law indicates that we must provide access, at the very least, to the following data for our visitors and potential customers:

a) Name and commercial name.

b) Trade register number.

c) TIN.

d) Registered office.

e) Contact information: e-mail, telephone number, fax…

With regard to the procurement proceedings, an interesting aspect to keep in mind is the obligation to send an acknowledgement receipt via e-mail within 24 hours after the purchase, and/or an order confirmation that it’s been received correctly. This should be done via a medium, which will be equivalent to the one used in the procurement process, so long as it can be archived by the user, and is sent immediately.

Another especially interesting section of the LSSI is the one regarding the cookie policy, as we must inform our users how cookies are used on our website. Moreover, the user should be granted the ability to accept the installation of these cookies if we wish to comply with the law.

Many e-commerce platforms integrate facilities to make compliance with the cookie policy easier. For example, if our store is created using the open-source content management system WordPress, we can find tons of plug-ins focussed on displaying the notice concerning the use of cookies automatically.

Organic Law on Data Protection (Ley Orgánica de Protección de Datos)

Also known for short as LOPD. The vast majority of e-commerce websites manage a certain volume of personal data daily. Any company storing this third-party personal data must follow to a t everything the LOPD says. By personal data we mean any data that can be used to identify a private individual.

There are various levels with regard to the type of collected data. Most online shops belong to the elementary or intermediate level. At the elementary level, we only store basic identification details (name, last name, ID number, address, telephone number, signature, e-mail address, etc.). Our level will go up to intermediate if we collect financial details, such as a bank account number or credit card. An important thing to keep in mind is that in cases of payment methods like PayPal or RedSys, the payment information is going to be stored by these platforms, and not by us.

Any company storing third-party personal data will have to follow to a t what the LOPD says.

If we effectively collect and store third-party personal data in our online store, we will need to register our files in the General Registry for the Protection of Personal Data. Our store will also need to provide information on the data collected, possibility of access, rectification, cancellation or objection that the customer is entitled to, as well as the purpose for storing this information. We will, of course, will have to meticulously comply with our duty of secrecy and security.

In summary, having a store which complies with what the law dictates is very easy and fully within our possibilities. By doing so we not only save ourselves from administrative penalties, but we will also contribute to our users’ peace of mind and a sense of security.

Miguel Ángel Culiáñez
Autor: Miguel Ángel Culiáñez

Leave a comment

Your email address will not be published. Required fields are marked *