Does my website need Terms and Conditions and a Privacy Policy – the legal requirements
Being a UK-registered law firm or business, you need to disclose certain information about your business on your website. This is a legal requirement.
Failure to comply can result in anything from your customers being dissatisfied and your reputation damaged, to fines, action taken by the regulators (the ICO), customers themselves and customer protection bodies.
What information do I need to display on my law firm & business website?
It is a requirement to display the following registered information relating to your firm’s identity:
- The name of your law firm or business,
- Your registered number,
- Place of registration (e.g. England and Wales),
- Your registered office address,
- Your firm’s contact details (including email address),
- Details of how to contact your firm by non-electronic means,
- Details of any trade body or regulator registration (e.g. the SRA),
- Your firm’s VAT number (if applicable).
If you are a sole trader or a partnership, you are also required to show the address of the principal place of business, and if the firm is wound up, you are also required to show that information on your website.
All of the information must be easy to find. You can, for example, include it in your website’s footer or put it on your ‘Contact Us’ or ‘About Us’ page.
Privacy Information
In addition to the above information, you must also publish a privacy notice, also known as the privacy policy, on your website.
This is to explain what personal information you collect and how you use it. You must also publish a disclaimer that outlines your liability for the use of your website and its information (this relates to UK GDPR rules).
Cookies and consent
Under privacy laws, you are required to tell your visitors if you set cookies on your website unless those are absolutely essential to provide an online service at someone’s request (remembering what is in a visitor’s basket or ensure security).
You also must explain how you use cookies on your site – this is best done in a statement. Your cookie statement can be a standalone page on your site or included with your privacy policy.
Furthermore, it is a requirement that you explain in a clear statement what cookies do and why. If no exemptions apply to your firm or business (e.g. you don’t run a shop), you must also seek visitor’s consent to the use of cookies. This means you must give them an option to accept or decline their placement on their devices. You may have seen this on other websites in the form of pop-ups, message bars or banners.
Selling to customers online
If you sell any products or services online, as part of the consumer protection regulation, you are also required to include the following on your website:
- Your Terms & Conditions,
- Delivery & Returns Policy.
As a website operator, you have a legal duty to address any web accessibility issues on your website.
Website Accessibility
If your law firm or business has a website, it should be accessible to disabled users. This is not only due to ethical or commercial reasons – you could be sued for discrimination if your site does not meet certain design standards. This happens rarely, however, it is certainly the kind of battle which any firm or business will want to avoid.
The accessibility of websites covers not just disabled access. It is also about giving people unhindered access to your site from various devices, screen sizes, browser types, settings, and so on.
SRA-Compliance & The Transparency Rules
If you run a law firm, the SRA also require you to publish the following on your firm’s website:
- Your firm’s complaints procedure in full and details of how to complain to the Legal Ombudsman and the SRA,
- Display the SRA clickable logo, also known as the digital badge,
- Costs and descriptions of a number of your legal services (this only applies to certain areas, e.g. residential conveyancing).
You can learn more about the SRA Transparency Rules here.
Read our blog about the SRA’s Law Firm Website Crackdown and download our guide to SRA and GDPR-compliance.