Overview of Legal Agreements

If you conduct business online, it's important to have links to clearly written, up-to-date legal agreements available on your website. In some cases, maintaining these agreements is legally required, while in others it's just plain good business practice.

This article provides an overview of some of the most common legal agreements, including Privacy Policies, Terms and Conditions agreements, Cookies Policies, End User License Agreements (EULA), disclaimers, and Return and Refund Policies.

You will learn whether these documents are legally required, what information should be included in each type of agreement, and how to create and display each one.

What is a Legal Agreement?

A legal agreement is a document that discloses important information or describes what users need to agree to in order to access your website or use your services. It works as a contract between you and your users, customers, etc.

Legal agreements can be used to explain:

• How you handle consumers' personal data
• How users can exercise their rights
• Consumers' rights and responsibilities when using your services
• How you use cookies
• Restrictions to software usage
• Your limitations of liability
• How users can return a product or initiate the refund process

Some legal agreements are required by law, and businesses that don't comply with these requirements can face harsh financial penalties.

While not all legal agreements are required by law, maintaining relevant legal agreements on your website can help you stay ahead of privacy and consumer protection legislation and build trust with users.

To find out whether you are required to have a legal agreement you will need to check what laws apply to you. Applicable laws depend on your business's location and your users' locations.

Let's look at a few of the key legal agreements and how each differs from the rest.

What is a Privacy Policy?

A Privacy Policy is a legal agreement that has the main purpose of explaining to others how you handle consumers' personal data. Personal data is any information that can be used on its own or combined with other data to identify an individual.

A Privacy Policy is important because it helps business owners comply with privacy laws by describing how they treat personal data and how consumers can exercise their privacy rights.

Privacy Policies will explain the following points of information:

• What kinds of personal data is collected and processed (used)
• If any personal data is shared with any third parties
• How data is kept secure
• What privacy rights consumers have and how they can exercise their rights
• How consumers can contact the business with questions

Is a Privacy Policy Legally Required?

If you collect or use personal data, you will most likely be legally required to have a Privacy Policy by one of many global privacy laws.

Laws that require businesses to have a Privacy Policy include global laws such as the European Union's (EU) General Data Privacy Regulation (GDPR) and state laws, including the California Privacy Rights Act (CPRA).

GDPR

The GDPR applies to certain organizations that collect and process EU residents' personal data. It requires businesses to provide data subjects (those to whom personal data belongs) with information about how and why they process their personal data.

Recital 39 of the GDPR outlines the law's principles of data processing, including providing clearly written and easily accessible information about the processing of personal data:

Article 13 of the GDPR explains that applicable organizations must provide data subjects with details about how their personal data is used at the time of collection:

CCPA/CPRA

The CCPA/CPRA applies to certain companies that do business in California and meet its criteria. It requires applicable organizations to notify California consumers about how they collect, use, or share their personal information.

Section 3 explains that businesses must notify consumers about how they collect and use their personal information and must inform consumers about how they can exercise their rights:

Section 1798.100 goes on to say that businesses must inform consumers about what personal information they are collecting and why before collection:

How to Create a Privacy Policy

When creating your Privacy Policy, make sure it is clearly written, easy to understand, and regularly updated. While it may be tempting to copy and paste a similar company's Privacy Policy, your Privacy Policy should contain clauses that are relevant to your business and required by the laws that apply to you.

There are a few essential clauses many privacy and data protection laws require Privacy Policies to have, including a list of the types of personal data you collect and process and a description of any third parties you share consumers' personal data with.

A Privacy Policy should contain, at a minimum, the following clauses:

• The types of personal information you collect
• Your reasons for collecting or processing personal data
• The categories of third parties you share personal data with
• The types of personal data you share with third parties
• How you keep personal data safe
• How consumers can exercise their rights
• Your contact information

Barnes and Noble's Privacy Policy lists the clauses it contains, including the types of personal information it collects and who it shares personal information with:

When users click on the clause about the personal information Barnes and Noble collects, they are presented with a detailed list of the personal data it collects, including names, email addresses, shipping and banking information, geographic locations, and more:

How to Display a Privacy Policy

Your Privacy Policy needs to be conspicuously displayed. You should put a link to your Privacy Policy anywhere you collect personal information from users.

Common places to put links to your Privacy Policy include:

• Website footer
• Cookie Notice
• Checkout page
• Account creation/login page
• Newsletter sign-up area

Wherever you display your Privacy Policy, you should provide a consent mechanism so that users can indicate that they have read and agree to your Privacy Policy.

An effective way to get users to consent to your Privacy Policy is through the use of a checkbox that users must tick before taking certain actions on your website. The checkbox should be positioned next to a statement that says that users agree that they have read and consent to your Privacy Policy.

When users go to create an account with Nintendo, they must first tick a checkbox next to a statement saying that they have read its Privacy Policy and agree to its Nintendo Account User Agreement. It includes links to both legal agreements within the statement:

What is a Terms and Conditions Agreement?

A Terms and Conditions agreement (also called Terms of Use or Terms of Service) is a document that outlines users' rights and responsibilities and explains your liability limitations. It explains what users must consent to in order to use your website, app, products, or services.

Is a Terms and Conditions Agreement Legally Required?

A Terms and Conditions agreement is not legally required. However, even though not legally required, a Terms and Conditions agreement is important because it informs users about important aspects of your relationship, such as the rules they need to agree to in order to use your services, and how you handle things such as returns and refunds.

How to Create a Terms and Conditions Agreement

To create a Terms and Conditions agreement you should consider what kind of information you want to convey to your users, and then add clauses that are relevant to your unique business.

For instance, businesses that use third-party service providers or have third-party links on their websites typically include a third party clause in their Terms and Conditions agreement, while companies that sell products or subscriptions might include clauses about payment terms and shipping information.

Some common Terms and Conditions agreement clauses include the following:

• Acceptance of terms: Explains that users must consent to your Terms and Conditions agreement before using your website, app, products, or services
• Prohibited behaviors: Describes how users must behave in order to use your website or services
• Intellectual property: Explains ownership and copyrights
• Dispute resolution: Explains how disputes are resolved
• Governing law: Describes the laws that apply to your Terms and Conditions agreement and what laws will apply in case of a dispute
• Payment and subscription terms: Explains how you collect payments, when they are due, and what happens in case of non-payment
• Return and refund information: Describes how users can return an item or request a refund
• Shipping policy: Explains your shipping terms
• Affiliate links information: Tells users whether you engage in affiliate marketing
• Termination: Explains the grounds for termination and what happens if either party wishes to terminate the agreement
• Third party information: Includes information about any third parties involved with your website or services
• Limitation of liability: Describes the limits of what your business is responsible for
• Warranty disclaimers: Explains that your website or services are available on an "as is" basis
• Contact information: Informs users how they can contact your business with questions or concerns

Reebok's Terms and Conditions agreement includes clauses concerning errors and inaccuracies, limitations to its shipping services, and the rules consumers must follow to use its website:

Martin Guitar's Terms and Conditions of Sale agreement includes a prohibited use clause that explains that users may not use its website in any way that could harm its server or connected networks or disrupt anyone else's use of its site:

How to Display a Terms and Conditions Agreement

You should display your Terms and Conditions agreement where users can easily find it. Businesses tend to put links to their Terms and Conditions agreement in the same places they link their Privacy Policies, such as their website footers and account login pages.

Common places to put links to a Terms and Conditions agreement include:

• Website footer
• Checkout page
• Account creation page
• Newsletter sign-up area

Users who want to sign up for a Sesame Street account can find links to its Terms of Use agreement (and its Privacy Policy) on its account registration page:

What Is a Cookies Policy?

A Cookies Policy is a legal agreement that describes what cookies are, what kinds of cookies you use, how you use the cookies, and how users can opt in and opt out of cookie usage.

Is a Cookies Policy Legally Required?

Certain laws require applicable organizations to inform consumers whenever they collect or process their personal information via cookies, and to explain what they use their information for. Maintaining a Cookies Policy can help businesses meet this requirement.

The ePrivacy Directive (also known as the "EU Cookie Law") applies to certain organizations that collect or process personal information belonging to EU citizens. It requires businesses to explain their reasons for using cookies and to give consumers the ability to opt out of the processing of their personal information. While you could do this via a Privacy Policy, it can help with compliance to have both legal agreements.

Even if you're not currently subject to any laws requiring a Cookies Policy, it's still a good idea to have one. Maintaining a Cookies Policy on your website can help you stay ahead of ever-evolving privacy legislation and can help build consumer trust in your business.

It's also a good idea (and sometimes legally required) to have a Cookie Notice - a popup banner that describes how you use cookies and gives users the option to accept or reject cookies - on your website. You can add a link to your Cookies Policy within your Cookie Notice so that it's easy for users to find a detailed description of how you use cookies.

Here's an example of a popup Cookie Notice that contains a link to its Cookie Policy:

How to Create a Cookies Policy

You can maintain a standalone Cookies Policy or add information about your use of cookies to your Privacy Policy. A standalone Cookies Policy makes it easier for users to find information about how you use cookies. However, if you don't use many cookies, you can add a cookies clause to your Privacy Policy instead of creating a separate Cookies Policy.

A Cookies Policy typically includes the following clauses:

• Definition of what cookies are
• The types of cookies you use
• Your reasons for using cookies
• List of all the cookies you use
• How users can manage their cookie preferences

The introduction to Paw Patrol Live's Cookie Policy explains that its definition of cookies includes pixels, flash cookies, local storage, and other similar technologies:

The New York Times' Cookie Policy describes the types of cookies and other trackers it uses and how users can manage trackers:

Meta's Cookies Policy explains its reasons for using cookies, including for authentication, security, and advertising purposes:

How to Display a Cookies Policy

You should display your Cookies Policy along with other legal agreements in places such as website footers and in-app menus. In addition, display the policy in any cookie notices you have, and link it to your Privacy Policy as well.

Visitors to Guinness's website are presented with a Cookie Notice that includes a link to its Privacy and Cookie Notice and blocks users from taking further action on its website until they either accept all cookies or set their cookie preferences:

Another place you can put a link to your Cookies Policy is within your website footer. You should maintain links to your Cookies Policy both within your Cookie Notice and your website footer so that users can find information about your use of cookies after they close the Cookie Notice (and no matter what page of your website they visit).

Here's an example of how to display a link to a Cookies Policy within a website footer, alongside links to a Terms and Conditions agreement and Privacy Policy:

What is an End User License Agreement (EULA)?

An EULA is a legal agreement that gives consumers a license to use a business's software and explains the business's ownership rights. It lets users know what they can and cannot do with the license. Consumers must agree to the EULA before downloading software or using an app.

Is an EULA Legally Required?

While an EULA is not legally required, it can be a legally enforceable document that can help protect your intellectual property rights. Businesses should make sure consumers consent to their EULA to make it legally binding.

How to Create an EULA

Your EULA should contain clauses that are relevant to your software or app and should reflect applicable laws. Some of the information it should contain includes what type of license you are providing users, prohibited uses of your software or app, links to your other legal policies, and a description of governing laws.

An EULA typically contains the following clauses:

• Licensing information: What kind of a license you are granting users
• Description of software: What your software or app does
• Use restrictions: Activities that are prohibited when using the software
• Copyright infringement information: An explanation that you own the copyright to your software
• Warranty disclaimer: Explains that there are no warranties for your software
• Limitations of liability: Explains that you aren't responsible for any harm the user might experience due their use of your software
• Links to relevant legal agreements: Links to your Privacy Policy or Terms and Conditions agreement
• Governing law: Explains what laws apply should a dispute arise
• Termination: Describes the circumstances in which the EULA can be terminated
• Software updates: Lets users know how software can be updated
• Contact information: Gives users information for how to contact you

Apple's EULA explains that it is granting the user a non-transferable license and that users may not copy, redistribute, or modify its application:

Adobe's End User License Agreement includes clauses about intellectual property ownership and use and transfer restrictions:

How to Display an EULA

Your EULA should be displayed where users can read and agree to it before using your software. You need to get consent to your EULA to make it legally enforceable.

Some common places to display a link to your EULA include:

• Website footer
• Software download page
• Account creation page
• Checkout page

Sega displays a link to its EULA within its website footer, along with links to its other legal documents:

What is a Disclaimer?

A disclaimer is a statement that explains something important and relevant to others, such as that your business won't be held responsible for actions of third parties, or that you do not offer a warranty on a product. Disclaimers can be used to explain risks or results associated with using a product or service, and to help limit your liability.

Is a Disclaimer Legally Required?

Some laws require certain entities to maintain disclaimers and disclosures, including the Federal Trade Commission (FTC) Endorsement Guides and the Electronic Code of Federal Regulations.

The FTC has special requirements for businesses that engage in affiliate marketing. Affiliate marketing is when a business promotes another company's product or service in exchange for compensation or a reward.

Businesses that participate in affiliate marketing must follow the FTC's guidelines, including maintaining an affiliate disclaimer that explains affiliate relationships.

An affiliate disclaimer should be conspicuously displayed alongside any affiliate links.

The Anna Edit's Disclaimer page explains that the website may contain affiliate links and that she receives a percentage of purchases made via those links:

If you engage in affiliate marketing you should maintain an affiliate disclosure on your website, and make sure it is posted where users can see it before they see any affiliate links.

Regardless of your industry, you should take a look at the level of risk involved with your business and create relevant disclaimers to help provide a layer of legal protection.

Disclaimers aren't necessarily legally binding on their own, but you can add them to your Terms and Conditions agreement and use a consent mechanism to get consumers to agree to them before they use your website or services.

How to Create a Disclaimer

The types of disclaimers you need depends on your unique business. For example, a skydiving business would want to have a use at your own risk disclaimer, while a digital marketing agency should have an errors and omissions disclaimer to protect it from being sued for potential mistakes.

To write an effective disclaimer you should use easy-to-understand language and clearly explain what your business is - and is not - responsible for.

Common disclaimers include:

• Views expressed: States that your business doesn't necessarily share all opinions expressed on your website
• No responsibility: Explains that you are not responsible for any actions users take based on information they find on your website
• Past performance: Explains that past results do not guarantee future results
• Use at your own risk: Warns users that they are responsible for any risks involved with using your website, services, or products
• Errors and omissions: Explains that you are not responsible for mistakes or incorrect information
• Fair use: Explains that you are legally allowed to use any copyrighted materials on your website
• Investment: Lets users know that financial content is not intended to be used as investment advice
• Copyright notice: Explains who owns copyrighted content on your site
• Medical: Explains that your website's content isn't medical advice

The U.S. Chamber of Commerce includes a disclaimer of warranties within its Terms and Conditions agreement that explains that users must agree to use its website on an "as is" condition and that it makes no warranties or guarantees as to the functionality of its site:

Body By Yoga maintains a use at your own risk disclaimer on its website to warn users that there is a risk of physical injury for anyone who follows its exercise programs:

How to Display a Disclaimer

You should display disclaimers where users can easily find them. You can include disclaimers within your Terms and Conditions agreement and use consent mechanisms to ensure that readers agree to them.

You can also list your disclaimers on their own page, and maintain a link to the page within your website footer.

If you use a video or podcast platform, you should make sure users can see or hear the disclaimer before your content.

Bumble includes a warranty disclaimer within its Terms and Conditions agreement:

The Wrestling-Wrestling Podcast posts a views expressed disclaimer on its Apple Podcasts preview page so that users get the chance to read it before listening to an episode:

What is a Return and Refund Policy?

A Return and Refund Policy is a legal agreement that contains information about how consumers can return an item or request a refund. It explains points such as how long the return and refund processes take, what conditions must be met to make a return or receive a refund, and who pays the return shipping costs.

Is a Return and Refund Policy Legally Required?

There are no federal laws requiring a Return and Refund Policy, but global laws such as the EU's Consumer Rights Directive do require applicable businesses to maintain Return and Refund Policies.

The Consumer Rights Directive applies to all transactions made between traders and consumers within the EU. It requires businesses to provide consumers with a clearly written and easy-to-understand Return and Refund Policy.

Article 6 of the Consumer Rights Directive explains that EU traders must provide consumers with a Return and Refund Policy that describes how they can make a return:

If you want to set custom return terms such as all sales being final or charging restocking fees, you must have a Return and Refund Policy under most return laws. Otherwise, these custom terms may go against standard rights granted to consumers and not be enforceable.

How to Create a Return and Refund Policy

Your Return and Refund Policy should contain information about any fees associated with returning items, what items are eligible for a return/refund, and the timeline for sending an item back or requesting a refund.

A Return and Refund Policy should contain the following clauses:

• How much it costs to make a return
• How long after the purchase date users have to return an item
• How users can initiate a return
• What items qualify for a return
• Conditions that must be met to receive a refund
• When consumers can expect to receive a refund after making a request
• What form the refund comes in (cash, returned to account, gift card, etc.)

Lululemon's Return Policy explains how long items are eligible for return and how purchases made online or in-store can be returned:

Here's how Stanley explains how users can go about requesting a refund and how the process works:

How to Display a Return and Refund Policy

Common places to put a link to your Return and Refund Policy include your website footer and checkout page.

You can maintain a standalone Return and Refund Policy, or make it a part of your Terms and Conditions agreement.

Users can easily find Target's return information (including a link to its Return Policy) by clicking on the Returns link in its website footer:

Etsy users like HempOrganicLife are required to share information about returns on their shop pages:

Summary

A legal agreement is a document that explains the policies and procedures that users must agree to in order to access your website or use your services. The laws that apply to you depend on your location and the locations where your users live. Your legal agreements should be clearly written and easy to understand. They should include clauses that are relevant to your unique business and reflect applicable laws, and should be regularly updated.

A Privacy Policy is a document that explains how you collect and process consumers' personal information and how they can exercise their rights. Many global and state laws (including the GDPR and the CPRA) require applicable businesses to have a Privacy Policy.

A Terms and Conditions agreement contains information about the rules that users need to agree to in order to use your services. While not legally required, it's good business practice to maintain a Terms and Conditions agreement as it educates users about prohibited behaviors and activities and explains where your liability ends.

A Cookies Policy explains what kinds of cookies you use and how users can adjust their cookie preferences. Laws may require applicable businesses to have a Cookies Policy.

An EULA is a document that grants licensing rights to users and outlines your ownership rights. An EULA is not legally required, but if users consent to your EULA it can help provide some legal protection if a consumer misuses your software or violates your copyright.

A disclaimer is a statement that helps protect you from legal liability. Disclaimers are not typically required by law, although there are exceptions, such as in the case of businesses that participate in affiliate marketing and certain activities conducted by political committees.

A Return and Refund Policy includes information about how consumers can return an item or request a refund. While it's not typically a legal requirement to have a Return and Refund Policy, having one will make it possible for you to create custom return and refund parameters outside the minimum rights granted by laws.

Common places to display links to your legal agreements include:

• Website footer
• Checkout page
• Account creation page
• Newsletter sign-up area
• Software or app download page
• Cookie Notice