Iubenda logo
Start generating


Table of Contents

Ecommerce: what legal documents do I need?

If you sell products or services online, your ecommerce business must include the following 3 legal documents:

  1. an up-to-date, easy to find and easily accessible Privacy Policy
  2. a Cookie Policy (if you use cookies)
  3. a Terms and Conditions document

Let’s find out why they are so important and what they should include.

ecommerce legal

Privacy Policy

The privacy policy is a legal document in which the data owner (the person or entity that runs a website/app) outlines the methods and purposes of its data processing to users, i.e. individuals who visit or use the website/app.

If your website/app collects personal data, you must inform users of this fact by way of a privacy policy: it’s required by law and by third-party services you may use.

All that is required to trigger this obligation is the presence of a simple contact form, Google Analytics, a cookie or even a social widget: if you’re processing any kind of personal data, you definitely need one.

What should be included in a Privacy Policy for ecommerce businesses

In order to be compliant, your privacy policy must at the very least:

  • describe the personal data collected and the purposes of their collection;
  • accurately list all the third parties the data is shared with; and
  • inform users of their rights in relation to their data.

Of course, you also have to provide the identity of the data controller (in practice who establishes “why” and “how” the personal data collected must be processed, usually the site/app owner), so name/company, full address and contact email.

Cookie Policy

If, as is very likely, your website uses cookies, you must also comply with the ePrivacy Directive (also known as “Cookie Law”). As the website owner, you need to collect user’s consent before cookies are installed on the user’s device.

In order to give consent, users must be informed of data collection activities and choose whether or not to consent to the installation of cookies.

You must then set up a cookie policy in which you:

  • define which cookies you use (e.g. technical, statistical, profiling, etc.) and for what purposes;
  • list the categories and purposes of third party cookies that are installed.
More on the cookie policy

You want to take a closer look at a cookie policy? Check out our example here:

👉 Cookie Policy Example

Terms and Conditions

If you run an ecommerce website, Terms and Conditions are often mandatory: customers must be made aware of the business owner’s rules relating to return, withdrawal or cancellation policies.

Specific instances where Terms and Conditions might be needed are where you:

  • need to make legally required disclosures related to consumer rights (especially withdrawal and cancellation rights);
  • have different user levels (eg. registered vs non-registered);
  • run a service or platform which allows users to sell or trade with other users;
  • facilitate or otherwise process payments and/or other sensitive user data;
  • want to set the rules for user behavior (including comments) and state grounds for termination of accounts;
  • participate in affiliate programs;
  • provide a product or service which can potentially cause harm if misused;
  • would like to have some legally enforceable control over, and set rules about, how your product, service or content may be used.

What should be included in Terms and Conditions for ecommerce businesses

In general, a good Terms and Conditions document for an ecommerce store should contain the following clauses:

  • intellectual property/trademark protection;
  • account registration/termination;
  • product description;
  • pricing, payment and delivery terms (including shipping, returns, exchanges and cancellations);
  • user rights;
  • liability and indemnification;
  • common provisions (privacy policy, intellectual property rights, governing law, etc.);
  • dispute resolution.

If you’re not a lawyer, creating a Privacy and Cookie Policy and a Terms and Conditions document for your ecommerce store can be a serious headache.

Here’s where iubenda can help: our solutions are built with the strictest regulations in mind like the GDPR, the Cookie Law and the CCPA. They’re:

  • crafted and monitored by our international legal team;
  • available in 10 languages;
  • easy to use;
  • fully customizable; and
  • self-updating.

With our Privacy and Cookie Policy Generator you can create a beautiful, professional lawyer-crafted privacy and cookie policy for your ecommerce store:

  • add any of over 1700 pre-created clauses instantly, or simply write your own;
  • after saving, you can easily translate into any of our 9 supported languages with just one click;
  • best of all, it automatically updates when the law changes.

With our Terms and Conditions Generator you can easily generate and manage a professional Terms and Conditions document that is:

  • customizable from over 100 clauses;
  • available in 10 languages;
  • drafted by an international legal team; and
  • up to date with the main international legislations.

Make your ecommerce business compliant in minutes

Start generating

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.


See also