Phosys web design

Phosys web design

Selling online, cookies, and the law

Here’s our handy guide to online selling (tailored to photographers) – what information you have to supply, and how to deal with those pesky cookies.

Selling Online

We’re often asked by our customers why they have to put their contact information on their website (as opposed to just a contact form).

This is because of the Distance Selling Regulations 2000 and The e-Commerce regulations 2002. You must comply with these if you:

  • Advertise goods or services online.
  • Sell goods or services to businesses or consumers online.
  • Transmit or store electronic content or provide access to communication network.

Covers just about everything doesn’t it? And it’s not just an email address that you’ve got to display.

What happens if I don’t comply?

This could have serious implications for your business. Depending on the exact nature of the no-compliance, an end user may:

  • Cancel their order
  • Seek a court order against you
  • Sue you for damages for breach of statutory duty if they can demonstrate that they have suffered a loss as a result of your failure to comply with your obligations under the Regulations.

What do I need to impart on my site?

We’ve tailored this to photographers, so this is not an exhaustive list and you should check with the information on the DTI Website.

You should show the following information on your site. This would usually be on the contact form, but could also be in another easy to find place such as Terms and Conditions, Frequently Ask Questions or your Contact page.

  • The full name of your business.
  • Your geographic address (not a PO Box).
  • Your contact details and an e-mail address to enable direct and rapid communication.
  • Your VAT Number if your activities are subject to VAT.

What about E-Mail advertising?

If you promote your services using e-mail advertising you must still put your business information online as above and:

  • Clearly identify any discounts, promotional offers, gifts, games or competitions and ensure that any qualifying conditions are easily accessible on your site, presented clearly unambiguously.
  • If you send unsolicited communications by e-mail (i.e. an e-mail to someone who has not requested it), you must ensure that the recipients are able to identify them as such as soon as they receive them.
  • By law, you must allow individuals to opt out or unsubscribe to receiving marketing from you at any time they wish. You must comply with any opt-out requests as quickly as possible.
  • If you purchase or rent email lists, you may use it only if the intended recipients have actively consented to receiving unsolicited messages by electronic mail from third parties. And:
    • The individual subscribers on the list have not already sent an opt-out request to you.
    • You do not conceal your identity when you contact them.


Cookies are small data files that websites sometimes place on your computer. They’re used all over the web for various little innocuous tasks like storing your preferences and enabling you to ‘log in’ to private accounts. They’re also vital for e-commerce websites (such as Phosys websites) because they allow the website to remember what items you’ve added to your basket.

Cookies have received more widespread attention recently due to the e-Privacy Directive (the new EU Cookie Law). Probably one of the most ill-thought out pieces of legislation ever devised.

If you’re a Phosys customer then rest assured: the Phosys system doesn’t actually use cookies for anything that would contravene the new law. Our sites only use “Session” cookies for keeping track of log-ins and pages, and an internal cookie for storing the contents of a shopping basket between visits. Neither of these violate the law.

The problem comes when other items are placed (by customer request) into our sites. YouTube videos, Google Analytics, Facebook widgets, and so on. These sometimes use “Third Party” cookies – cookies that are created by another website that’s not your own.

On May 26th 2011 the new EU law came into effect, requiring website owners to make significant changes to their sites – changes that may fundamentally change the whole web browsing and shopping experience for everybody. This Cookie Law amended privacy legislation that requires websites to obtain ‘informed consent’ from visitors before they can store or retrieve any information on a computer or any other web connected device.

The revised Cookie Law

However, in an updated version of its advice on cookies, the Information Commissioner’s Office (ICO) has said that websites can assume that users have consented to their use of them. The advice was only updated 48 hours before the deadline for the new rules, and published the next day.

The use of “implied consent” shifts responsibility to the user rather than the website operator, and will come as a relief to thousands of website operators who have been struggling to comply with new EU directives which came into law a year ago.

David Smith from the ICO commented, “What’s much more likely is that we will issue a notice that says, in effect, you must remove these cookies or obtain proper consent from users.  If they don’t comply with that notice, that becomes a criminal offence and the Commissioner would prosecute.”

It doesn’t seem likely that the ICO will decide to take action on a non-compliant website unless it causes distress, so if you’re using a Phosys website without any plugins (such as Google Analytics, Twitter or Facebook widgets), then there’s no need to worry. If you are using extra plugins you simply need to tell visitors that the site uses cookies and that they should read your privacy policy for more details.

What are we doing about it for our customers?

We’ve created a widget that can be placed into any of our sites for those customers who wish to use it. It places an unobtrusive transparent bar at the top of the screen which will stay for the duration that the visitor is on the site. By default it will “kill” any desired cookies (such as Google Analytics) if the user wishes to leave the site, and can display text that will direct visitors to terms and conditions if so required. It dismisses itself after about 8 seconds and won’t be seen by the visitor again. If you’d like to add the message bar to your website then just let us know.


Comments are closed.