5 Website Policies, Terms and Conditions for Your Online Business (with Templates)

Preview Image
Date published: 4 Jun 2020
by DocPro Legal
Last Update: 3 Jan 2021

When starting out your business online, one of the first questions you will ask is "How do I manage my business and legal risks?An online business is no different from a brick-and-mortar business, with transactions are still subject to the rule of law. Given you would be liable for any potential problem that arises from your online website, it is therefore beneficial to have a certain level of legal protection via the use of legal policy agreement. The best way to limit your liabilities is through website policies, terms and conditions


This article focuses on five policies and terms and conditions that you should include in your online business. Although it is not necessary to set up other policies such as the standard terms and conditions and disclaimer policy because it is not legally required, it is still beneficial to include these policies because they can prevent potential legal liabilities and responsibilities.   


With this in mind, this article will provide you with helpful guidelines to examine the types of policies and Terms and Conditions you need for your online business.



(1) Standard Terms and Conditions

This policy governs what individuals agree to when using a service. They can be referred to as ‘Terms of Use’ or ‘Terms and Conditions’. Not always required by law, T&Cs are typically legally binding agreements that help protect your organization and users.


T&C is important because consumers should be aware of their rights and obligations. This can, in turn, help your business to avoid any disputes that might potentially arise.


For the sake of clarity, your T&C (or a hyperlink) should be visible on every page of your website,  and your customer should have the option to accept the T&C before purchasing an order.

What types of Terms and Conditions do you need?


Depending on your businesses or location, the content of your T&Cs varies. For instance, the T&C for the PwC website might be vastly different from the website for Net-a-porter.  It is, therefore, useful to look at other similar online businesses if you wish to draft your own T&Cs.  

Generally, T&Cs can cover pricing, payment, guarantees, liability, data privacy, and security. Your terms must comply with your local regulations, and for a website that supplies services to its consumer, it must also include cancellation rights for the consumer.  


Basic standard terms and conditions should include the elements as follow:

  • A structure of the legal relationship between the website owner and site users

  • Imposing limitations on website usage

  • Establishing rules on who should legally use the website

  • Granting permission to use materials found on the site

DocPro also provides various standard terms and conditions tailored to specific businesses.  For the sake of your convenience, below is a table of Terms and Conditions documents for you to examine which type of standard term and condition you might need for your online business: 



Types of business 

Website / App Terms and Conditions or
User / Subscriber Agreement to Website / App


Website or mobile phone application-based business. 


E.g. Vox, Vulture, Buzzfeed, Instagram

T&C for Professional Services


Professional services provider. 


E.g. Lawyers, accountants, surveyor

T&C for Purchase of Goods


Purchaser, distributor or retailer.

E.g. Walmart, Amazon, Tesco 

Terms and Conditions for Sale of Goods



Individual sale and purchase transaction

E.g. Net-a-Porter,  Harrods, Liberty 



What governing law and jurisdiction should apply in the T&C? 


As most online can be accessed globally, it is important to state the governing law and jurisdiction that would apply to the T&C. You certainly do not want to be in the situation of being sued in a foreign country where you know nothing about the local law. Most online businesses would pick the governing law and jurisdiction where their online businesses operate in. For instance, if your business is registered in London and you are operating the online business from London, then the governing law of the T&Cs should be listed as English law.

A governing law and jurisdiction clause in a T&Cs would be similar to the clause below:

"Use of this website shall in all respects be governed by the laws of [jurisdiction], regardless of laws that might be applicable under principles of conflicts of law. The parties of this T&Cs agree the courts located in [country], and [country] shall ha exclusive jurisdiction over all controversies arising under this." 

To pick on a jurisdiction that is most advantageous for your business, you might want to consider which law has the best interpretation for your clause, the location of your buyer (and your company), location of performance of a contract, and most importantly jurisdiction that you would like to avoid (e.g. avoid a country that is notorious for having a corrupted legal system).


For more information on jurisdiction clause, please see our other entry on jurisdictions clause:
https://docpro.com/doc302/introduction-to-governing-law-and-jurisdiction-clauses-guide or



(2) Privacy Policy/ Data protection policy

What is a privacy policy/data protection policy?

It is a policy that reveals the type of data you collect on your website. You should also list out how your data is stored and managed.  


This type of policy is most important for online businesses that handle personal data or use cookies (i.e. a type of data that keeps track of a user’s preference on a website).  


In most common law jurisdictions, such as Singapore or Australia, a privacy policy is legally required. Therefore it is likely that you need a privacy policy on your website.


There is also one important regulation that you need to know when considering data protection policy: General Data Protection Regulation ("GDPR").  GDPR applies when a company is processing personal data, and in general, applies to countries that are within the EU.


However, your company might be subject to GDPR if it is dealing with businesses in the EU, or is processing personal data of people within the EU. GDPR offers greater data privacy protection (and a very steep fine), and therefore might apply a stricter privacy law requirement than the jurisdiction that your company is in.


In addition, California has also implemented similar legislation to the GDRP - the California Consumer Privacy Act ("CCPA"). However, the CCPA is generally applicable to large online businesses based in California and its impact is not as extensive as the GDPR.


Does GDPR apply to my company?

Whether GDPR applies depends on your business model. Generally, GDPR applies as long as your company offers goods or services to data subjects inside the EU, or monitor the behaviour of data subjects within the EU.


It does not matter the location of your organisation. GDPR applies to your company when your company collects and process personal data from an individual located within the EU. 


However, GDPR does not apply to EU citizens who has their data collected outside the EU.

What should my data protection policy look like?


Your policy should ensure that data collection is used transparently, fairly and lawfully. The data should be used in a relevant and adequate way, and the data should not be kept longer than strictly necessary. 


If you deploy cookies (e.g. collect website statistics), you should obtain consent from your users before collecting their cookies. Some businesses include cookie terms as part of the Privacy Policy and some have them as a standalone policy (please see below). 

DocPro provides a privacy policy that you can use on your website. Click the link below for an example of a pro forma privacy policy that also complies with GDPR requirement:

(3) Disclaimers


What are Disclaimers?


Disclaimers are generally included in the legal notices to indicate a site owner is not responsible for any potential liabilities. If your online business is of technical or legal nature (i.e. professional services), then you must include some disclaimers on your website to protect your online business. In particular, on things that are not under your control (e.g. IT outages).


For instance, without a disclaimer policy, you might be liable for inaccurate (or non-updated) information provided on your website as long as the user can prove the incorrect message harmed financially or physically. 


Of course, a disclaimer policy is not a 'get out of lawsuit' card. However, by placing appropriate disclaimers on your website, you can potentially argue that you are not liable because you have notified the users of the accuracy of your content.

To sum up, disclaimer policy does not necessarily absolve you from potential liability but it can definitely limit your company from potential liabilities.

Is a disclaimer included in T&C?

A disclaimer is separated from a T&C. Although the two policies might be overlapping, it is strategically better to separate T&C and disclaimer to avoid potential legal problems.

What does a general disclaimer look like?


A general disclaimer might look like this:

"The information contained in this Website / Application is for general information purposes only. The information is provided by [COMPANY] and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is strictly at your own risk. In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this Website / Application." 

However, your website’s disclaimer should be tailored to your business model. Below are some of the most common types of disclaimers that you should consider when drafting your disclaimer:

  • Disclaim liability for the accuracy of your information
    An error on the accuracy of your content could potentially lead to legal problems.

    To prevent misleading labels or libel lawsuit, you should state that your company does not guarantee the accuracy of your website’s information to avoid a potential lawsuit.

  • Disclaim physical liability
    This is required if your business provides physical products.  

    To be precise, you should disclaim liability for physical harm that arises from using your product. One might assume that no business would ever want to sell a defective product, but in case of unfortunate and unforeseeable events, you should probably include this type of disclaimer to avoid a potential lawsuit.

  • Disclaimer of ownership over your content
    For a website that consists of personally or professionally made content, a disclaimer of ownership can serve as a notice of copyright.

    One should note that this does not prevent others from copying or stealing your work, but it could potentially prevent others from stealing or using your work.

    For concern over copyright, please see our entry on IP rights that you might want to obtain:

  • Disclaim third party responsibility
    If your business model is based on revenue generated by advertisement, it is likely that you have no control over advertisements that are served by the 3rd party. To avoid potential legal liability caused by these advertisements, it would be beneficial for you to include a disclaimer that declares you are not responsible for actions done by a third party.

Above are examples of disclaimer that is tailored to your business. Should you want an example of  a comprehensive disclaimer that is universally applicable, see the link below (or scroll down to the bottom of the page):  


(4) Delivery / Shipping Policy


What is the Delivery / Shipping Policy?


Most e-commerce business has a delivery / shipping policy which entails shipping details (e.g. printed tickets) with related costs. For most jurisdictions, this policy is not required by law but it is strongly recommended for you to include it on your website.


There are a few key advantages of having a delivery / shipping policy: 

1. Informs customers of the costs of shipping and time of delivery

Shipping and delivery cost is a major item in relation to the overall cost of online products. Online shoppers usually search for delivery policies to determine their prepaid shipping expenses, depending on where they live.


With Amazon Prime providing a same-day delivery service, many online shoppers are expecting online products to be delivered fast by couriers. As such, it is necessary to set realistic expectations with customers on the actual delivery time with a shipping / delivery policy.


In addition, you also need to consider including shipping deadlines (especially holiday shipping deadlines), shipping times, and shipping times for international orders.


Generally, the shipping cost and the delivery time are inversely correlated and you may get customers who are willing to wait longer for delivery to save shipping cost. By providing customers with options on different shipping costs and different delivery times, you can protect yourself from any customers who might complain about how much the transportation charge is or the delay in delivery. This will save your customer support time to deal with individual enquiries by directing the customers to the shipping / delivery policy.

2. Provide protection in the name of the company

By having a delivery/shipping policy, you can protect yourself by absolving from liabilities and can also guarantee the consumer satisfaction rate. In addition to shipping details, include also other information such as returns and exchanges, product damage, and international shipping expectations.


The more details included in the shipping / delivery policy, the better. The shipping policy provides you and your customers with a transparent way of answering their questions and resolve any issues.


Return / Refund Policy

If your business is a retail business such as an online cake store,  you should clearly list your return policy on your websites. Whether you want to impose a strict or loose return policy depends on your business decisions. You might want to impose a softer return policy (e.g. allows return if there is consumer dissatisfaction) if you would like to retain customers and lure new businesses in.


Below is an example of a return / refund policy:



For general shipping policy,  see our other document template: 


Should you choose not to include a return policy in your website, DocPro also provides letter templates that you can use to mitigate a hostile consumer situation:



Link to Document

A letter to apologise for the return of goods due to defects



A letter to complain about the return of goods due to defects [For buyers]




(5) Cookie Policy


What are Cookies?


Cookies are small pieces of data sent from a website and stored on your computer or other devices in the form of text files by your web browser while you are browsing. They are widely used to "remember" you and your preferences, and information that you previously entered into form fields, such as name, address, password, and credit card number.


They are also used to track your browsing activities. Cookies may be set by the website you visit (referred to as "first-party cookies") or by a third party, such as a third party that provides content or advertising or analysis services on the website ("third-party cookies").


What is a Cookie Policy? 


The cookie policy is to inform your users what cookies are active on your website, what user data they track, for what purpose, and where this data is sent around the world. Cookies are a potential privacy risk because they can track, store, and share user behaviour.


Many online businesses would include their Cookie Policy as part of the Privacy Policy to keep things simple. 


With the implementation of the GDPR and the CCPA, there are legal requirements to enable your users to choose the information they would like to receive, the data they are providing and for what purpose they are sent around the world (along with the choice of preventing it from happening).


Therefore, your Cookie Policy should allow your EU and California users to opt-out of cookies or change their settings for cookies on your online platform. These rules mean that your Cookie Policy, in addition to a cookie notice notifying your users on the use of cookies, should also include consents to the use of cookies and options for your users to disable certain cookies.


As such, many online businesses are now having standalone Cookie Policies. The Privacy Policy is generally static, whereas the Cookie Policy is dynamic, allows users to make choices, and may change on a frequent basis (whenever you change your cookies). Procedures should be put in place to update your Cookie Policy whenever there is a change of cookies on your online platform.


For an example of a Cookie Policy that you can put in place, please refer to the below:






This guide is to facilitate the understanding of terms and conditions policies. It considers briefly the area of policies that you might want to include on your website based on issues that might which arise in your industry. This entry is not intended to provide a detailed legal analysis, but rather it serves as general guidance on the most important matters to be taken into account when drafting legal policies for your online business. 

Please note that this is just a general summary of the position under common law and does not constitute legal advice. As the laws of each jurisdiction may be different, you may want to speak to your lawyer




Data Protection Policy


Gdpr Statement


Gdpr For Small Businesses


Pro Forma Privacy Policy


Standard Terms And Conditions


Online Business


Website Policies


Privacy Protection


Gdpr For Dummies




DocPro Legal

DocPro Legal is a team of legal professionals with a passion for making quality documents and legal contract templates widely available to the public through cutting edge technology. Our lawyers are qualified in numerous common law jurisdictions including the United Kingdom, Australia, New Zealand, India, Singapore and Hong Kong. We have experience in major law firms and international banks with expertise in business, commercial, finance, banking, litigation, family, succession and company laws.

Share this Post