Join ISIS / Trusted Shops
Code of Practice
A. AUDIT CRITERIA
Trusted Shops will conduct reviews of the
ISIS/TS-accredited merchant (the “merchant”) based on the following
Audit Criteria.
1. PRODUCT DESCRIPTION AND
PRICE
1.1. The merchant will
display prices clearly and unambi-guously (including whether prices
include tax and de-livery costs), and not give any misleading price
indica-tion.
1.2. Details of shipping costs must contain the
delivery and shipping costs for all countries that are supplied by the
supplier, or the details for the calculation of these costs, so that the
customers themselves can easily calculate the amount.
1.3. The
merchant will provide a fair and adequate description / illustration of
the product, sufficient to enable the customer to gain a reasonable
understand-ing of the product and to make an informed buying decision
before placing an order.
2. COMMUNICATION AND
NOTIFICATION
2.1. The website
will state the name and address of who it is owned and operated by. The
geographic address at which the business is established will be given (a
PO Box address is not sufficient): if a limited company, the full
corporate name will be stated; if a sole trader or partnership, the
name(s) of the proprietor(s) will be stated. If the merchant has VAT and
company regis-tration numbers, these will be given. The merchant will,
where it is displaying the ISIS/TS Trustmark, pro-vide details of
ISIS/TS and how we may be contacted.
2.2.
The merchant should provide consumers with clear information on website
security and on how they han-dle consumer transactions and protect
consumer in-formation. The merchant will notify the customer in advance
of an order being placed how communication will be facilitated (e-mail
and / or telephone facilities will be the minimum, and a valid email
address must be provided at all times), its timeliness (how quickly
responses will be made), how to correct input errors, the availability
of services (e.g. office hours, public holidays) and provide all
requisite contractual informa-tion in a designated language(s). The
merchant should advise customers to print out, save or other-wise record
relevant information about the
transaction.
2.3. Before any order is
placed, the merchant will state whether the contract with the consumer
will be filed by the merchant (for example with a regulatory authority,
which may not often be the case in the UK but may be necessary elsewhere
in the European Union), be ac-cessible to the consumer, and the
languages the con-tract may be concluded in. If the contract will not be
so filed the merchant should make this
clear.
2.4. The merchant will notify the
consumer prior to pur-chase, the method of fulfilment and the delivery
date and / or delivery time window. Each product web page of the online
shop must specify the availability and the prospective dispatch and
delivery time for the applica-ble product, unless this product can be
delivered im-mediately.
3. TERMS, CANCELLATION AND
WARRANTY
3.1. The merchant will
disclose and make easily available before the transaction its terms and
conditions for electronic transactions, the consumer’s right of
with-drawal and how to exercise this right.
3.3 Clear
guidelines will be given as to the terms of guarantees, e.g. will a
product be replaced if faulty, or will it be sent to a service
agent?
3.4 If the merchant has a returns and refunds policy
that offers consumers more rights than they have under the law or this
Code, they must also state that these rights will not affect the
consumer's statutory rights.
4. ORDERING PROCESS AND TRUSTED SHOPS
GUARANTEE
4.1. As a minimum,
when the customer embarks upon the ordering process, it should be clear
to them what steps, or at least how many steps, are required prior to
completion of the ordering process.
4.2. If the merchant is
selling to only one or a limited number of countries, this should be
identified to the customer early in the ordering process, to avoid
frus-tration.
4.3. The merchant will state their electronic
payment or other electronic settlement practices.
4.4. If the
merchant sells any goods which may not be sold to customers younger than
any specified age, it shall apply an age control mechanism when such
goods are purchased and shall not, to its knowledge, deliver goods to
persons under age or provide inappropriate content to
minors.
4.5. The merchant must offer the Trusted Shops
Guaran-tee to all its customers in order to give the customer the
possibility of insuring all payments
made.
5. ACCEPTANCE OF ORDER, COSTS AND
PAYMENT
5.1. The merchant
should acknowledge an order immedi-ately via an automated process
wherever possible.
5.2. The merchant will supply the customer
with all order details: ideally this will show the total cost including
taxes, duties and carriage; or, as a minimum will indi-cate the likely
scale of any additional charges that may be incurred and a source(s)
from which the con-sumer can find detailed information before processing
an order.
5.3. The customer should not be required to
calculate the total price.
6. DELIVERY AND
RETURNS
6.1. Customers will be
informed of their rights to reject products, refunds and / or
replacements prior to pur-chase.
6.2. The right to cancel must
not be restricted by placing onerous or unfair conditions on the
consumer. In par-ticular, any arrangements that stipulate the following
for the consumer shall be considered unacceptable:
6.2.1. any
provision that impose the risk of losses or damages with regard to
return transportation on the consumer;
6.2.2. any stipulation
that the consumer must return the goods in their original
packaging;
6.2.3. the requirement for the consumer to pay any
administration or penalty fees for exercising the right to
cancel.
7. PRIVACY AND
SECURITY
7.1. Appropriate
security measures must be used to protect customers’ private
information, order details, credit card numbers and banking information,
during transmission.
7.2. Merchants are strongly encouraged to
publish their Privacy Policy concerning the merchant’s use of cus-tomer
personal information, which policy should con-form to any applicable
codes or practice or guidance published by the UK Information
Commissioner.
7.3. The customer must be informed in the Privacy
Policy about the right to revoke their consent at any time in the
future.
7.4. In any event the merchant must ensure at all times
that their practice regarding the use of personal infor-mation is
transparent to the customer (i.e. the con-sumer should be told what data
is being collected, how, by whom, what for, and of their right to have
such data kept up to date).
7.5. However, merchants should
provide information relating to their use of cookies on their websites.
This includes the storage of data specific to an individual's use on the
customer's own computer.
B. REQUIRED
CRITERIA
In order to display the ISIS/TS
Trustmark, the merchant must comply with the following Required
Criteria.
1. PRODUCT AVAILABILITY AND
PROPERTIES
1.1. The merchant
will only promote products that are available for sale. Any limits to
product availability will be stated. In the event that stock may run
out, the merchant will arrange for its timely removal from dis-play.
Unavailable products should be clearly marked as
unavailable.
1.4. Products displayed and offered for sale will
be fit for their stated purpose, or where the purpose is not stated, for
the purpose for which they might reasona-bly be
used.
2. WRITTEN INFORMATION, TERMS AND RIGHT OF
WITHDRAWAL
2.1. The merchant
will disclose and make easily available during and after the transaction
its terms and condi-tions for electronic transactions, the consumer’s
right of withdrawal and how to exercise this right.
2.2. Unless
the law permits otherwise or an exemption applies, the merchant must
tell customers in writing that they have a 'cooling off' period during
which they have the right to cancel - in the UK, where the re-quired
contractual information has been provided, this cooling off period is
generally 7 working days after the day on which the goods have been
received (al-though, for example, the parties may contract for a longer
period). Across the EU Member States this pe-riod varies, and may be
longer.
2.3. When a consumer cancels, unless the law permits
otherwise, the merchant must reimburse them the cost of the goods /
service plus any delivery charges incurred under the same contract
within 30 days of the date of cancellation.
2.4. The merchant
may only charge the customer for the cost of returning the goods if this
was stated in the terms and conditions at the time of
sale.
2.5. After a transaction, the specific applicable terms
and conditions that applied at the time the contract was formed must
remain available to the customer in a form that can be stored and
reproduced.
3. GUARANTEES, WARRANTIES AND
COMPLAINTS
3.1. The merchant
will ensure that a clear, easy to use and effective procedure is in
place to enable a customer to notify the merchant of a fault and obtain a
remedy if goods are faulty (for example, not reasonably fit for
purpose, of unsatisfactory quality or do not match their
description).
3.2. If goods are faulty, the merchant must offer
the consumer a remedy in accordance with their statutory rights (i.e. a
replacement, a repair, or a refund) or any other contractual warranty
between the merchant and the customer.
3.3. If the complaint is
made within a reasonable time, the merchant must not insist that the
consumer seeks re-dress direct from the manufacturer under any
guaran-tees or warranties but must allow the customers to use the
aforementioned procedure to obtain a rem-edy.
3.4. Any errors
in bills, receipts or payments must be corrected as soon as possible and
in no more than 30 days of agreeing to do so. The merchant should not
make any charge for complaint handling. Further in-formation regarding
defective goods and consumer remedies may be found at the Office of Fair
Trading website, in their ‘Sale of Goods Act Hub’
(http://www.oft.gov.uk/business-advice/treating-customers-fairly/sogahome/
).
3.5. Merchants should comply with any binding require-ments
within the territories from which the merchant is prepared to accept
orders.
4.ORDER HANDLING
4.1.
The merchant will put in place procedures to ensure that all orders are
promptly processed.
4.2. Acceptance of an order should not be
given by the merchant before positive confirmation to proceed is
received from the customer (i.e. a clear match has been made between the
customer's requirements and a tangible product, and the customer has
confirmed their acceptance of price and delivery details). Posi-tive
confirmation to proceed is required from the cus-tomer before a
transaction is processed.
4.3. All order information will be
retained by the merchant for a period of not less than one year from the
trans-action date, and supplied to the customer on request, and will
remain available during that period.
4.4. Each order will be
allocated a unique identification number or code to enable
tracking.
4.5. The merchant will take all reasonable steps to
ensure that the customer is legally entitled to purchase the goods on
offer.
4.6. If an ordered item is out of stock, the merchant
should give the customer the option to cancel the order with a full
refund, in a timely manner and before confirming the
contract.
4.7. In the event that the merchant is fulfilling an
order from outside their own territory, the merchant will en-sure that
it complies with all applicable law regarding such orders.
4.8.
If the merchant provides information in more than one language, they
should either be able to respond to queries and complaints in those
languages, or clearly state prior to purchase that they
cannot.
4.9. The merchant will deal promptly with proper
returns or replacements of product. The merchant should ensure that any
agreed replacement or refund is actioned without delay. The full cost of
replacing damaged or faulty goods will fall on the
merchant.
4.10. In the event of non-delivery it will fall to
the merchant to prove receipt of goods by the consumer, therefore
procedures should be in place to ensure product tracking exists to the
final destination. Failing to prove delivery will place responsibility
on the merchant to provide a replacement free-of-charge. The consumer
cannot be made responsible for communicating with the carrier company
about failed deliveries.
5. PRIVACY AND
SECURITY
5.1. Merchants, and
others responsible for administering e-commerce services must ensure
that the way they compile and use personal information about consum-ers
conforms to the EU data protection legislation (see
http://ec.europa.eu/justice _home/fsj/privacy/index_en.htm and
www.ico.gov.uk).
5.2. Appropriate security measures must be
used to protect customers’ private information, order details, credit
card numbers and banking information in stor-age. Further information is
available from the Informa-tion Commissioner's Office (see
www.ico.gov.uk) and the UK trade association for payments, APACS (see
www.apacs.org.uk).
5.3. The merchant must ensure that personal
data are accurate and up to date, and are only held for as long as
needed and for the purpose it was collected. In particular, the law
relating to obtaining such informa-tion from minors (i.e. a person under
18 years of age) should be strictly adhered to and best practice (for
ex-ample compliance with the Direct Marketing Associa-tion Code of
Practice) implemented- no information about a child under 12 years of
age may be collected without the explicit verifiable consent of his /
her par-ent or guardian, and no information about a child un-der the age
of 14 may be disclosed to anyone else without the consent of their
parent or guardian.
5.4. In any event the merchant must ensure
at all times that their practice regarding the use of personal
infor-mation is in accordance with applicable data protec-tion
laws.
5.5. Customer personal information should be kept no
longer than is necessary.
5.6. It is acceptable, subject to
compliance with the applicable data protection legislation, for the
merchant to capture, exchange and store aggregated data on customers'
use and preferences in respect of the mer-chant's e-commerce services
(i.e. place "Cookies") without the customer's prior
permission.
5.7. It is also acceptable for third party
organisations and the merchant's agents, in association with the
mer-chant, to capture aggregated data from the merchant's customers in a
similar manner, provided that the pur-pose for such data collection
remains the pursuit of better and more relevant customer service. Any
infor-mation stored in this manner on the customer's com-puter will only
be accessible on future visits by the customer.
5.8. The
merchant will gain the customer’s informed permission before embarking
on any more elaborate software or data installation on the customer's
com-puter and every reasonable precaution will be taken to protect the
customer’s computer from viruses.
6. PUBLIC
INTEREST
In the event of a
dispute, merchants must be able to demonstrate that they have complied
with the Code by submitting documentary evidence without delay when
required to do so by ISIS. The adequacy of evi-dence will be judged on
whether it supports the de-tailed claims, on the way in which electronic
transac-tions are administered and on the overall impression created by
the e-commerce service.
7.
LEGALITY
7.1. Merchants have
primary responsibility for ensuring that what they do is
legal.
7.2. E-commerce services should contain nothing that
breaks the law or incites anyone to break it, and should omit nothing
that the law requires. Information about EU legal requirements is
available at the EU website, Europa: http://europa.eu/ .Information
about UK legal requirements is available from the Depart-ment for
Business, Enterprise and Regulatory Reform (formerly the DTI) website:
www.berr.gov.uk/, or your local trading standards service:
www.tradingstandards.gov.uk .
7.3. Merchants will respect the
Intellectual Property Rights of creators and providers of copyrighted
materials, in-formation and other intellectual
works.
8. TRUTHFULNESS
8.1.
No e-commerce service should mislead by inaccu-racy, ambiguity,
exaggeration, omission or otherwise.
8.2. Warnings will be
given regarding material that may be unsuitable or inappropriate for
children or other con-sumers. E-commerce services should not cause
of-fence.
8.3. Where applicable, geographical or personal
restric-tions should be stated, including whether permission is needed
from an adult or any other factor likely to in-fluence consumers'
decisions or understanding about the
offer.
C. BEST
PRACTICE
The merchant should endeavour
to comply with the following Best
Practice.
1. UNAVAILABLE PRODUCTS,
ADVERTISEMENTS
1.1. It is
acceptable to display unavailable products when the merchant considers
it in their customers' interests to do so, for example, to maintain
consistency with the merchant's other catalogues (e.g. in print). Under
these circumstances the merchant should also en-deavour to make it
difficult for the customer to order these unavailable products by
mistake.
1.2. If the merchant and customer are using different
currencies, wherever possible, the customer will be able to see a
display of the estimated cost in their lo-cal currency.
1.3. In
the event that the merchant is fulfilling an order from outside their
own territory, the merchant will en-deavour to meet the reasonable
expectations of the customer in terms of levels of consumer
protection.
1.4. The merchant should endeavour to ensure that
their advertisements and sales promotions are considerate to the
sensibilities and expectations of consumers within the territories from
which the merchant is pre-pared to accept orders.
1.5.
Merchants should make best efforts to comply with whatever accepted
non-binding codes of advertising practice are in use within the
territories from which the merchant is prepared to accept orders and
segregate their customers accordingly.
1.6. Merchants should
make best efforts to meet the reasonable expectations of their customers
when de-termining delivery times, and fulfil orders within 7 days
unless customers have consented to a different ar-rangement or are given
an opportunity to recover any money paid. Merchants should, to their
best ability, keep customers reasonably informed of any failure to meet
an expected delivery time.
1.7. Merchants should be aware of
the various consumer protection provisions that apply to their supply of
goods and services. Merchants should specifically be aware of the EU
Distance Selling Regulations and, where applicable, allow no-fault
return of most types of goods within the appropriate 'cooling off'
period (para 7.2.c refers). Further guidance is available from:
www.dti.gov.uk/consumers/buying-selling/distance-selling/index.html
2. CONSUMER INFORMATION - COLLECTION AND
USE, OPT-IN PRINCIPLE
2.1. The
merchant must take the confidentiality of personal data
seriously.
2.2. Particular attention should be paid to the
Payments Card Industry Data Security Standard (PCIDSS) which could
affect the merchant's ability to take card payments.
2.3. If
the merchant proposes to provide personal informa-tion about a customer
to third parties, or use such data itself, for direct marketing
purposes, ISIS/TS rec-ommends that the customer should be given the
op-tion to opt-in as opposed to the option to opt-out (al-though
'opt-out' may in certain circumstances be ac-ceptable). The customer
would therefore specifically consent to the inclusion of their
information in such a provision.
3.
ACCESSIBILITY
3.1. There are
more than 10 million disabled people in the UK with a combined spending
power of £80 billion per annum (source: Department for Work and
Pensions). Since 1999, the Disability Discrimination Act 1995 (DDA) has
placed a legal duty on service providers to make reasonable adjustments
to ensure that disabled people are able to access services, including
services provided via the web. Although the DDA has now been repealed
and was replaced by the Equality Act 2010 (EqA) on 1 October 2010, this
legal duty to make reasonable adjustments still exists in the same way
as it did under the DDA.
3.2. To meet all legal requirements,
as well as implement-ing best practice, it is recommended that merchants
comply with the following:
3.2.1. Publicly Available
Specification 78: Guide to Good Practice in Commissioning Accessible
Websites (PAS 78) provides guidance on en-suring that websites are
usable by disabled people. PAS 78 is available free of charge from
www.equalityhumanrights.com/footer
/accessibility-statement/general-web-accessibility-guidance/
3.2.2.
Accessibility + Inclusivity + User Prefer-ences + DDA: To meet
communication needs, personal preferences and the requirement to make
reasonable adjustments under the EqA, IMRG recommends compliance with
the W3C guidelines (which can be found at accessibility best practice
guide can be found at http://www.w3.org/TR /WCAG20/) and the Brit-ish
Standards Institution web acces sibility guidance BS 8878 (available at
http://shop.bsigroup.com/en/ProductDetail/?pid=000000000030180388).
4.
SUITABILITY
4.1. Merchants
should make every effort to ensure that unsuitable or inappropriate
material does not reach consumers.
4.2. Caveats such as
'subject to availability' do not relieve merchants of the obligation to
take all reasonable steps to avoid disappointing
consumers.
5 HONESTY
Merchants
should not abuse consumers' trust or exploit their lack of knowledge or
experience.
6.
ADMINISTRATION
E-commerce
services should be conducted under management supervision and resources
should be made available to ensure their efficient administration at all
times. High standards of customer service and minimal cause for
complaints should be the rudiments of e-retailing for both suppliers and
intermediaries.
7. SITE PERFORMANCE AND DISASTER
RECOVERY
7.1. E-retailing
services should be easy to use and designed to facilitate ease of
navigation. Merchants should optimise their service performance
criteria. For example, the optimum web screen arrival time is <6
seconds, and >20 seconds is completely unac-ceptable in normal
conditions.
7.2. Merchants should endeavour to ensure that,
other than during agreed scheduled maintenance periods, their site is
available for use a minimum of 99.9% of the time. Measured on a monthly
basis, this equates to a maximum of 43 minutes downtime per
month.
7.3. Customers' orders should be acknowledged
electroni-cally on receipt and be responded to within no more than one
working day.
7.4. Merchants should ensure their computer clocks
are accurate ( < 3 seconds is recommended ) and that all of
their communications are properly time-stamped.
7.5. Merchants
should have Disaster Recovery plans in place and make all relevant
personnel aware of them.
7.6. Merchants should ensure they have
suitable commer-cial insurance cover for their e-commerce
activities.