The SafeBuy Code
Administered by ECOMMERCE SECURITY LTD ("SafeBuy"), 43 Reading Road, Henley-on-Thames RG9 1AB.
1. Qualifications, Purpose and Scope
1.1 The SafeBuy Assurance Scheme is operated by Ecommerce Security Ltd.
SafeBuy have been evaluating high-tech products and services
in the UK since 1987 and independently reporting to subscribers and report
purchasers. It has no connection
with any manufacturer or service provider and does not take any advertising
or sponsorship. The SafeBuy scheme is funded by charges on retailers.
1.2 SafeBuy is acting in the interest of both retailers and consumers
in publishing this Code of Practice. The retailers who conform to the
Code know that their display of the SafeBuy logo will provide
reassurance to consumers that they have undertaken to abide by the SafeBuy
Code and any updates that are issued to remain in line with UK and EU
regulations and legal requirements. SafeBuy code members must observe
all relevant legal requirements when dealing with consumers. Consumers
have access to the Code and are entitled to expect a high level of performance
from subscribing retailers with a right of mediation by SafeBuy if they
have a complaint.
1.3 The retailer agrees to accurately and honestly complete such questionnaires
as are sent from time to time by SafeBuy to address the matters of ongoing
website and operational security and of complaints registered, whether
resolved prior to or with SafeBuy mediation or not, together with the
1.4 By subscribing to the SafeBuy Code retailers undertake with SafeBuy
and with their consumers that they will at all times abide by it. Although
SafeBuy cannot guarantee that any individual retailer’s site conforms
with the SafeBuy Code at every moment in time, SafeBuy validates websites
at the time of application and then regularly samples sites including
the placing of orders for goods in order to test those sites for ongoing
conformity. It also spot checks for evidence that consumers’ prepayments
or deposits, where required by clauses 4.5 and 4.6 of this Code are held
2. Website Requirements
2.1 The site must use the SafeBuy logo as an active link (hyperlink)
to safebuy.org.uk where this Code of Practice is published. The logo must be given sufficient prominence
that every site visitor is aware of your membership of the SafeBuy scheme.
The logos may not be used on any site the owner of which does not have
a current subscription to the SafeBuy scheme or which SafeBuy considers
not to be compliant with the SafeBuy Code.
2.2 Any advertising on the site, whether by the site owner or third parties,
must comply with the British Codes of Advertising and Sales Promotion
(BCASP) and any other relevant code of advertising and all other statutory
requirements. These include The Control of Misleading Advertisements Regulations
1988 (as amended) and, if the site owner offers credit, The Consumer Credit
(Advertisements) Regulations 2004.
2.3 Any advertising on the site, whether by the site owner or third parties,
must conform to the rulings laid down by the Advertising Standards Authority
2.4 The site must have clearly accessible details of the retailer’s
name and address, phone number, an email address and details
of what information consumers are required to provide to pursue a complaint
against the retailer. Consumers must also be advised of their right to
no-charge mediation by SafeBuy.
2.5 Customers should be charged at the normal rate for a UK inland call
for queries relating to a transaction. Where technical support charges
are made, either by the retailer or by a third party whose product or
service is being sold, that fact must be made clear to the customer before
the order is placed. Information on the cost of communication relating
to technical support, where it is at other than the basic rate, must be
provided. Hours of availability for all types of phone enquiry must be
2.6 The website must make reasonable provision to be compatible with
technology that facilitates Internet use for the disabled. The retailer
must be aware of its obligations under the Disability Discrimination Act
3. Transaction Requirements
3.1 Products or services for sale must be clearly and accurately described
with relevant characteristics (e.g. dimensions, material). Any variation
between the goods or services that are for sale and usual consumer expectations
should be explained as should any disparity between a consumer’s
stated requirements and the nature of the goods or services to be offered
to the consumer.
3.2 Any restrictions on ordering (e.g. parental approval, geographic
location) must be made clear to the consumer as a part of the description
of the product or service.
3.3 The total price, including packing, delivery and VAT where applicable
must be shown for the complete order before consumer final agreement to
place the order.
3.4 The method of delivery must be clearly identified. Where appropriate
(e.g. for bulky items or those which need to be signed for), the retailer
must have effective procedures for agreeing a scheduled delivery and maintaining
liaison with the customer to ensure that the delivery occurs as projected
or as altered with the customer’s agreement.
3.5 Payment options must be shown and the level of security displayed
for the transaction.
3.6 A clear explanation must be given as to the process by which the
customer may place, change or cancel an order prior to it being processed
and an option given for the consumer to abort the order up to the point
of final confirmation. If languages other than English are available this
fact should be made clear.
3.7 There must be no possibility of orders being accepted which are unlikely
to be fulfilled within 30 days.
3.8 ‘High pressure selling’ must not be used and any special
offers must have the time or condition requirements clearly identified.
Where a special offer is time-related the consumer’s cancellation
rights as per clause 4.1 (d) must be drawn to the consumer’s attention.
3.9 The consumer must be advised that a confirmation of the order will
be sent by email or post within 24 hours. This confirmation must include
the retailer’s company details, a unique order number, the total
price and clear instructions on the consumer’s rights of cancellation
or return, including timescales, with an explanation of how to effect
a cancellation or return, including any return costs that may be applied.
3.10 There must be no misleading claim made on the website or the order
confirmation regarding delivery timescale to the consumer. Where any delivery
timescale and/or delivery date is stated the consumer must be advised
in advance if that timescale and/or date will be delayed and the consumer’s
right to cancel must be made clear.
3.11 If there is an ongoing contract with the consumer the minimum duration
for the contract to supply goods or services continuously or recurrently
must be clearly explained.
3.12 All relevant staff must be adequately trained regarding the retailer’s
responsibilities in relation to the law and to this Code of Practice.
4. Terms and Conditions
4.1 The website must specify:
- the name, physical address of the principal place
of business, email address and telephone number and the company number and VAT number where appropriate;
- the price of the goods or services and any ancillary costs such as
delivery charges, identified individually;
- the delivery procedure;
- in terms of products the right of the consumer to cancel the order
for at least fourteen working days after delivery; in terms of services
fourteen days after the contract is agreed or after the consumer has agreed
to the service starting. Please note these cancellation periods could
be longer if you have not complied with the detail of the Consumer Protection
(Distance Selling) Regulations 2000 (as amended) where those regulations
apply. These regulations include requirements on information that must
be given to the consumer and specifies when it has to be given.
- the returns policy and procedure including information on who bears
the cost of return or recovery in the event of revocation of the order
in each and all circumstances. Where goods are returned at the consumer’s
choice the liability for any expense incurred must be spelt out to the
consumer and any conditions, e.g. insurance, proof of delivery made clear.
If the retailer in the normal course of business elects to collect the
goods that expense must equally be spelt out and not exceed the direct
- the means by which the website user can lodge a complaint with the
retailer and how the complaints procedure will operate.
4.2 All contract terms, including any guarantees or warranties, must
be clearly displayed and a further clear indication given that they do
not affect the consumer’s statutory rights. In particular a statement
should be made that “This does not affect your statutory rights,
in relation to faulty or misdescribed goods, details of which can be obtained
from Consumer Direct (the Government’s consumer advice helpline)
or your local Trading Standards Office.” If the retailer’s contract
terms give rights to the consumer which are more beneficial than the consumer’s
statutory rights, this should be made apparent. If any additional guarantees/warranties
are offered, the costs and options must be clearly stated together with
all other key elements and, if offered through a third party, a name,
address and contact point for that third party. Additional warranties/guarantees
must not be projected as a requirement on the consumer nor misrepresented
in any way as to their cost, coverage or benefits. The Terms & Conditions
which the site owner uses for any transaction must take into account the
Unfair Terms in Consumer Contract Regulations on which Office of Fair
Trading guidance is available.
In particular the retailer must conform with Statutory Instrument 2005
No. 37 (The Supply of Extended Warranties on Domestic Electrical Goods
Order 2005) if the website offers products which fall into this category.
Details are available at http://www.opsi.gov.uk/si/si2005/20050037.htm
4.3 The product or service must be delivered within 30 days unless the
consumer agrees otherwise. In the event that this term cannot be met,
or the consumer’s right to cancel has been exercised, the consumer
must be advised in good time and offered a cancellation option with a
total refund, within 30 days, of any monies, including delivery costs,
4.4 The consumer must, at any time, before or after the order, be able
to scroll through and, if necessary, print the Terms and Conditions and
4.5 No payment from a consumer should be processed more than two working
days before despatch of the goods or, if it is, should be regarded as
a prepayment under the terms of clause 4.6. The website must make this
clear either in general or at the point of order.
4.6 Deposits and prepayments must be protected against loss in the event
of the retailer ceasing to trade or for any other reason. This protection
must be provided by an insurance-backed scheme, a ring-fenced consumer
account, independent third party holding of such funds or other secure
deposit. Deposits, prepayments and scheduled part payments for bespoke
products or consumer-specific services should be subject to clear terms,
including protection of the consumer’s funds where appropriate, which
are agreed to by the consumer as part of the basis for the contract.
5. Faults and Disagreements
5.1 Errors in any area of order processing, delivery or administration
must be corrected within 10 working days.
5.2 The retailer must have an effective complaints procedure. At a minimum,
any complaint must be logged and an acknowledgement given to the consumer
within three working days. The consumer must be further advised on the
retailer’s procedures for acting on the complaint with a reasonable
and stated timescale. The retailer must keep the consumer informed of
the progress of the investigation of the complaint. The same provisions
apply regarding an intermediary, acting on behalf of the claimant, as
they do to dealing directly with the complainant.
5.3 In the event that the retailer and consumer cannot agree on the
resolution of a complaint, the retailer must advise the consumer of any
trade complaints body, regulator or ombudsman who may be relevant. They
must also advise the consumer of the SafeBuy mediation procedure.
5.4 SafeBuy will act as mediators, at no charge to either party, in
the event of a dispute between the retailer and consumer which cannot
be resolved in a timely manner. SafeBuy will only act where the consumer
can provide a transaction number and date. SafeBuy will be at liberty
to provide copies to both parties of all documentation presented in connection
with the dispute. SafeBuy is not entitled to impose a decision upon the
parties but, as mediator, to attempt to facilitate a resolution of the
dispute between the parties. If this is not achieved within a reasonable
time (45 days maximum) then SafeBuy will be entitled to withdraw from
involvement as mediator.
5.5 In the event of the retailer’s own complaints procedure and
the SafeBuy mediation procedure being unsuccessful in resolving the complaint,
the retailer agrees that the consumer has the right to arbitration under
the SafeBuy/CIArb scheme operated by the Chartered Institute of Arbitrators
and waives his/her right to decline arbitration under this scheme. SafeBuy/CIArb
is an email arbitration scheme, at relatively low cost, the full details
of which are at www.idrs.ltd.uk/safebuy. Details are also available
by email from SafeBuy. The costs of the arbitration are borne by the consumer
and the retailer. Decisions made by the arbitrator will be referred back
to SafeBuy and may be acted on to enhance this Code and will contribute
to the warning system laid down in clauses 5.8 (i) and (ii).
5.6 None of the above processes affects the right of the consumer to
take the matter to the Courts or any other complaints resolution body.
5.7 If the retailer is in breach of the code with no reasonable justification,
the retailer will be subject to SafeBuy’s disciplinary procedure
(which is overseen by an independent party). The retailer accepts that
there is no right of appeal or redress against the Independent Overseer’s
decision (which includes, ultimately, expulsion of the retailer from the
scheme). SafeBuy acts according to the rules as set out at clause 5.8.
5.8 For the purposes of clarity, SafeBuy acts according to the following
rules in formal warnings, final warnings and expulsions.
- A Formal Warning is issued if a mediation is not
concluded successfully, or a breach of the Code that has been advised
to the member (following ‘mystery shopping’ for example), has
not been acted upon within 30 days of notification. The member has the
right to claim ‘special circumstances’ (e.g. the return of goods
to the maker for a report) to extend this period to an agreed deadline.
- A Formal Warning will also be issued if, following
an unsuccessful mediation, the consumer has exercised the right to go
to arbitration and the Abitrator’s decision is more than 50% in favour
of the consumer.
- A Final Warning is issued if more than one Formal Warning has become
necessary in a six month period.
- Expulsion will ensue if another Formal Warning becomes necessary
within six months of a Final Warning.
5.9 In the event that the retailer becomes uncontactable by
email, phone or recorded delivery letter SafeBuy will regard the retailer as no
longer accredited and remove him from the scheme.
6.1 The retailer must take and maintain all practicable security procedures
to prevent hacking or other external access, or any unauthorised internal
access, to any data relating to consumers or orders. If data is provided
to any third parties necessary for the execution of the contract, it is
the retailer’s responsibility to ensure that the same standards are
met by those third parties.
6.2 Methods of payment must be as secure as is practicable and the consumer
clearly advised of the level of security applicable. If a hyperlink is
required to another site with further details of the level of security
it should be prominently displayed.
6.3 The retailer must be aware of its obligations under the Disability
Discrimination Act 2005. It is also recommended that the retailer conforms
to the requirements of the ISO Code ISO/IEC 27002:2005 (was BS7799) in security matters but as
a minimum should ensure that hardware and software security is in line
with general standards in the industry for the scale of the retailer’s
operation. The retailer must identify a named individual who is responsible
for all aspects of security.
6.4 It is understood that the same standards on security of data or process
by any third party used by the retailer should be at least equivalent
to those used by the retailer.
7.1 The website owner must conform with the requirements of the Data
Protection Act, 1998 and the Privacy and Electronic Communications (EC
Directive) Regulations 2003. .
users of their right to access to information collected from them and
how any such personal information will be used.
7.3 The consumer must be given the option to decline any distribution
of personal data to third parties. This option must include further use
of the data by the retailer and any associated organisations. In the event
that the consumer does not reject further use, if appropriate it must
be separately made clear that such data may be transferred outside the
European Economic Area and the option provided to reject such use.
7.4 Before the website user can submit personal details to the website,
7.5 The use of email for direct marketing purposes is not allowed unless
the consumer has previously given his/her consent and the contact details
have been obtained in the course of a sale of a product or service to
that consumer. Direct marketing approaches are confined to the products
or services supplied by the online retailer who should ensure that the
subscriber is aware of the nature of those products and services. The
consumer has also to be given the opportunity to withdraw that consent
at the time of each subsequent communication and unsolicited emails must
not be sent to consumers who have requested removal from the marketing
database either directly to the retailer or through an email preference
service. Any attempt to conceal the identity of the sender and withholding
of a valid address is prohibited.
7.6 If cookies are used the consumer must be advised accordingly and required
to agree to their use ('opt in') or known to be in agreement by their settings
in the internet browser they are using. This requirement only applies the first
time the consumer uses the website. Agreement may also be assumed if another
program which already has consent is used to access the retailer website.
8.1 No order may be accepted from a child of 16 or under without the
express consent of a parent or guardian.
8.2 No data on other persons may be collected from a child of 16 or under
and no data on themselves may be collected which is not strictly relevant
to the processing of the order.
8.3 No enticement by way of reward may be made to a child of 16 or under.
8.4 No data on a child of 16 or under may be collected.
8.5 Except for the purpose of processing the order, no further communications,
electronic or otherwise, may be sent to a child under 12 and, in the case
of 12-16 year olds, only such communications as are relevant where it
is clear that the child understands what is involved.
8.6 All communications with children must be non-exploitative
and not prey on their immaturity or lack of experience.
© 2013 Ecommerce Security Ltd. All rights reserved.