Protecting the consumer and helping UK business since 2003
Benefits for Consumers
- Have confidence in knowing that SafeBuy member websites are independently verified.
- SafeBuy Members agree to follow all provisions of the SafeBuy Code of Practice.
- Should there be a dispute between a consumer and a SafeBuy member, then SafeBuy will help mediate for you.
Benefits for Online Retailers
The SafeBuy code of practice can help build consumer trust through setting high standards in web retail. Retailers have peace of mind that should there be a dispute with a consumer SafeBuy is there to mediate.
Shoppers trust the code because it requires web retailers to:
- Adhere to the terms of the UK Consumer Rights Act of October 2015 and the EU Directive on Privacy and Electronic Communications
- SafeBuy members agree to follow the code of practice, and to abide by UK Ecommerce law.
- Conform to the General Data Protoection Regulations of May 2018
- Provide security for the processing of credit card transactions
- Include physical location and contact details for themselves on their website
- Display the total price consumers must pay for goods (including delivery costs) and provide a clear explanation of the delivery procedures
- Advise the consumer if ‘cookies’ are required for the processing of data
- Not use ‘spam’ for marketing purposes
The SafeBuy Code
Administered by ECOMMERCE SECURITY LTD (“SafeBuy”), 43 Reading Road, Henley-on-Thames RG9 1AB.
1. Qualifications, Purpose and Scope
1.1 The SafeBuy Assurance Scheme is operated by Ecommerce Security Ltd. It has no connection with any manufacturer or service provider and does not take any advertising or sponsorship. The SafeBuy scheme is funded by charges on retailers.
1.2 SafeBuy is acting in the interest of both retailers and consumers in publishing this Code of Practice. The retailers who conform to the Code know that their display of the SafeBuy logo will provide reassurance to consumers that they have undertaken to abide by the SafeBuy Code and any updates that are issued to remain in line with all UK legal requirements. Consumers have access to the Code and are entitled to expect a high level of performance from subscribing retailers with a right of mediation by SafeBuy if they have a complaint.
1.3 The retailer agrees to accurately and honestly complete such questionnaires as are sent from time to time by SafeBuy to address the matters of ongoing website and operational security and of complaints registered, whether resolved prior to or with SafeBuy mediation or not, together with the outcomes.
1.4 By subscribing to the SafeBuy Code retailers undertake with SafeBuy and with their consumers that they will at all times abide by it. Although SafeBuy cannot guarantee that any individual retailer’s site conforms with the SafeBuy Code at every moment in time, SafeBuy validates websites at the time of application and randomly samples sites on an ongoing basis as well as handling all consumer complaints through its mediation procedures.
2. Website Requirements
2.1 The site must use the SafeBuy logo as an active link to safebuy.org.uk where this Code of Practice is published. The logo must be given sufficient prominence that every site visitor is aware of membership of the SafeBuy scheme. The logos may not be used on any site the owner of which does not have a current subscription to the SafeBuy scheme or which SafeBuy considers not to be compliant with the SafeBuy Code.
2.2 Any advertising on the site, whether by the site owner or third parties, must comply with the British Codes of Advertising and Sales Promotion (BCASP) and any other relevant code of advertising and all other statutory requirements. These include The Control of Misleading Advertisements Regulations 1988 (as amended) and, if the site owner offers credit, The Consumer Credit (Advertisements) Regulations 2004.
2.3 Any advertising on the site, whether by the site owner or third parties, must conform to the rulings laid down by the Advertising Standards Authority (asa.org.uk).
2.4 The site must have clearly accessible details of the retailer’s name and address, phone number, an email address and details of what information consumers are required to provide to pursue a complaint against the retailer. Where appropriate, customers must be advised of their right to no-charge mediation by SafeBuy.
2.5 Customers should be charged at the normal rate for a UK inland call for queries relating to a transaction. Where technical support charges are made, either by the retailer or by a third party whose product or service is being sold, that fact must be made clear to the customer before the order is placed. Information on the cost of communication relating to technical support, where it is at other than the basic rate, must be provided. Hours of availability for all types of phone enquiry must be clearly stated.
2.6 The website must make reasonable provision to be compatible with technology that facilitates Internet use for the disabled. The retailer must be aware of its obligations under the Disability Discrimination Act 2005.
3. Transaction Requirements
3.1 Products or services for sale must be clearly and accurately described with relevant characteristics (e.g. dimensions, material). Any variation between the goods or services that are for sale and usual consumer expectations should be explained as should any disparity between a consumer’s stated requirements and the nature of the goods or services to be offered to the consumer.
3.2 Any restrictions on ordering (e.g. parental approval, geographic location) must be made clear to the consumer as a part of the description of the product or service.
3.3 The total price, including packing, delivery and VAT where applicable must be shown for the complete order before consumer final agreement to place the order.
3.4 The method of delivery must be clearly identified. Where appropriate (e.g. for bulky items or those which need to be signed for), the retailer must have effective procedures for agreeing a scheduled delivery and maintaining liaison with the customer to ensure that the delivery occurs as projected or as altered with the customer’s agreement.
3.5 Payment options must be shown and the level of security displayed for the transaction.
3.6 A clear explanation must be given as to the process by which the customer may place, change or cancel an order prior to it being processed and an option
given for the consumer to abort the order up to the point of final confirmation. If languages other than English are available this fact should be made clear.
3.7 There must be no possibility of orders being accepted which are unlikely to be fulfilled within 30 days.
3.8 ‘High pressure selling’ must not be used and any special offers must have the time or condition requirements clearly identified. Where a special offer is time-related the consumer’s cancellation rights as per clause 4.1 (iv) must be drawn to the consumer’s attention.
3.9 The consumer must be advised that a confirmation of the order will be sent by email or post within 24 hours. This confirmation must include the retailer’s company details, a unique order number, the total price and clear instructions on the consumer’s rights of cancellation or return, including timescales, with an explanation of how to effect a cancellation or return, including any return costs that may be applied.
3.10 There must be no misleading claim made on the website or the order confirmation regarding delivery timescale to the consumer. Where any delivery timescale and/or delivery date is stated the consumer must be advised in advance if that timescale and/or date will be delayed and the consumer’s right to cancel must be made clear.
3.11 If there is an ongoing contract with the consumer the minimum duration for the contract to supply goods or services continuously or recurrently must be clearly explained.
3.12 All relevant staff must be adequately trained regarding the retailer’s responsibilities in relation to the law and to this Code of Practice.
4. Terms and Conditions
4.1 The website must specify:
(i) the name, physical address of the principal place of business, email address and telephone number and the company number and VAT number where appropriate;
(ii) the price of the goods or services and any ancillary costs such as delivery charges, identified individually;
(iii) the delivery procedure;
(iv) in terms of products the right of the consumer to cancel the order for at least fourteen working days after delivery; in terms of services fourteen days after the contract is agreed or after the consumer has agreed to the service starting. Please note these cancellation periods could be longer if you have not complied with the detail of the Consumer Rights Act of October 2015 where those regulations apply.
These regulations include requirements on information that must be given to the consumer and specifies when it has to be given.
(v) the returns policy and procedure including information on who bears the cost of return or recovery in the event of revocation of the order in each and all circumstances. Where goods are returned at the consumer’s choice the liability for any expense incurred must be spelt out to the consumer and any conditions, e.g. insurance, proof of delivery made clear. If the retailer in the normal course of business elects to collect the goods that expense must equally be spelt out and not exceed the direct cost;
(vi) the means by which the website user can lodge a complaint with the retailer and how the complaints procedure will operate.
4.2 All contract terms, including any guarantees or warranties, must be clearly displayed and a further clear indication given that they do not affect the consumer’s statutory rights. In particular a statement should be made that “This does not affect your statutory rights, in relation to faulty or misdescribed goods, details of which can be obtained from Consumer Direct (the Government’s consumer advice helpline) or your local Trading Standards Office.” If the retailer’s contract terms give rights to the consumer which are more beneficial than the consumer’s statutory rights, this should be made apparent. If any additional guarantees/warranties are offered, the costs and options must be clearly stated together with all other key elements and, if offered through a third party, a name, address and contact point for that third party. Additional warranties/guarantees must not be projected as a requirement on the consumer nor misrepresented in any way as to their cost, coverage or benefits. The Terms & Conditions which the site owner uses for any transaction must take into account the Unfair Terms in Consumer Contract Regulations on which Trading Standards guidance is available.
In particular the retailer must conform with Statutory Instrument 2005 No. 37 (The Supply of Extended Warranties on Domestic Electrical Goods Order 2005) if the website offers products which fall into this category.
4.3 The product or service must be delivered within 30 days unless the consumer agrees otherwise. In the event that this term cannot be met, or the consumer’s right to cancel has been exercised, the consumer must be advised in good time and offered a cancellation option with a total refund, within 30 days, of any monies, including delivery costs, paid.
5. Faults and Disagreements
5.1 Errors in any area of order processing, delivery or administration must be corrected within 10 working days.
5.2 The retailer must have an effective complaints procedure. At a minimum, any complaint must be logged and an acknowledgement given to the consumer within three working days. The consumer must be further advised on the retailer’s procedures for acting on the complaint with a reasonable and stated timescale. The retailer must keep the consumer informed of the progress of the investigation of the complaint. The same provisions apply regarding an intermediary, acting on behalf of the claimant, as they do to dealing directly with the complainant.
5.3 In the event that the retailer and consumer cannot agree on the resolution of a complaint, the retailer must advise the consumer of any trade complaints body, regulator or ombudsman who may be relevant. They must also advise the consumer of the SafeBuy mediation procedure.
5.4 SafeBuy will act as mediators, at no charge to either party, in the event of a dispute between the retailer and consumer which cannot be resolved in a timely manner. SafeBuy will only act where the consumer can provide a transaction number and date. SafeBuy will be at liberty to provide copies to both parties of all documentation presented in connection with the dispute. SafeBuy is not entitled to impose a decision upon the parties but, as mediator, to attempt to facilitate a resolution of the dispute between the parties. If this is not achieved within a reasonable time (45 days maximum) then SafeBuy will be entitled to withdraw from involvement as mediator.
5.5 In the event of the retailer’s own complaints procedure and the SafeBuy mediation procedure being unsuccessful in resolving the complaint, there is no effect on the right of the consumer to take the matter to the Courts or any other complaints resolution body.
5.6 If the retailer is in breach of the code with no reasonable justification, the retailer will be subject to SafeBuy’s disciplinary procedure. The retailer accepts that there is no right of appeal or redress against SafeBuy’s decision (which includes, ultimately, expulsion of the retailer from the scheme). SafeBuy acts according to the rules as set out at clause 5.8.
5.7 For the purposes of clarity, SafeBuy acts according to the following rules in formal warnings, final warnings and expulsions.
A Formal Warning is issued if a mediation is not concluded successfully, or a breach of the Code that has been advised to the member has not been acted upon within 30 days of notification. The member has the right to claim ‘special circumstances’ (e.g. the return of goods to the maker for a report) to extend this period to an agreed deadline.
A Final Warning is issued if more than one Formal Warning has become necessary in a six month period.
Expulsion will ensue if another Formal Warning becomes necessary within six months of a Final Warning.
5.8 In the event that the retailer becomes uncontactable by email, phone or recorded delivery letter SafeBuy will regard the retailer as no longer accredited and remove them from the scheme.
6.1 The retailer must take and maintain all practicable security procedures to prevent hacking or other external access, or any unauthorised internal access, to any data relating to consumers or orders. If data is provided to any third parties necessary for the execution of the contract, it is the retailer’s responsibility to ensure that the same standards are met by those third parties.
6.2 Methods of payment must be as secure as is practicable and the consumer clearly advised of the level of security applicable. If a hyperlink is required to another site with further details of the level of security it should be prominently displayed.
6.3 The retailer must be aware of its obligations under the Disability Discrimination Act 2005. It is also recommended that the retailer conforms to the requirements of the ISO Code ISO/IEC 27002:2005 (was BS7799) in security matters but as a minimum should ensure that hardware and software security is in line with general standards in the industry for the scale of the retailer’s operation. The retailer must identify a named individual who is responsible for all aspects of security.
6.4 It is understood that the same standards on security of data or process by any third party used by the retailer should be at least equivalent to those used by the retailer.
7.1 The website owner must conform with the requirements of the Data Protection Act, 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, from May 2018 superseded by the EU General Data Protection Regulation pending further UK regulation. Regulation
7.3 The consumer must be given the option to decline any distribution of personal data to third parties. This option must include further use of the data by the retailer and any associated organisations. In the event that the consumer does not reject further use, if appropriate it must be separately made clear that such
data may be transferred outside the European Economic Area and the option provided to reject such use.
7.5 The use of email for direct marketing purposes is not allowed unless the consumer has previously given his/her consent and the contact details have been obtained in the course of a sale of a product or service to that consumer. Direct marketing approaches are confined to the products or services supplied by the online retailer who should ensure that the subscriber is aware of the nature of those products and services. The consumer has also to be given the opportunity to withdraw that consent at the time of each subsequent communication and unsolicited emails must not be sent to consumers who have requested removal from the marketing database either directly to the retailer or through an email preference service. Any attempt to conceal the identity of the sender and withholding of a valid address is prohibited.
7.6 If cookies are used the consumer must be advised accordingly and required to agree to their use (‘opt in’) or known to be in agreement by their settings in the internet browser they are using. This requirement only applies the first time the consumer uses the website. Agreement may also be assumed if another program which already has consent is used to access the retailer website.
8.1 No order may be accepted from a child of 16 or under without the express consent of a parent or guardian.
8.2 No data on other persons may be collected from a child of 16 or under and no data on themselves may be collected which is not strictly relevant to the processing of the order.
8.3 No enticement by way of reward may be made to a child of 16 or under.
8.4 No data on a child of 16 or under may be collected.
8.5 Except for the purpose of processing the order, no further communications, electronic or otherwise, may be sent to a child under 12 and, in the case of 12-16 year olds, only such communications as are relevant where it is clear that the child understands what is involved.
8.6 All communications with children must be non-exploitative and not prey on their immaturity or lack of experience.
© Ecommerce Security Ltd. All rights reserved.