E-commerce is experiencing dynamic growth, but this growth brings with it new legislative challenges. What legal pitfalls await online entrepreneurs, and how can they avoid problems related to e-shop regulations? We discussed these and many other topics with Barbora Vrabcová, an experienced attorney at the law firm Hronček & Partners, who specializes in e-commerce, technology law, and cryptoasset regulation.
Could you briefly introduce yourself? What is your area of legal specialization?
My name is Barbora Vrabcová, and I am currently nearing the end of my legal clerkship. However, I have been with Hronček & Partners since 2018, with a brief hiatus during my maternity leave. During my training, I focused on several areas of law, but for quite some time now I have specialized primarily in e-commerce, technology law, fintech, and cryptoasset regulation. I help clients meet all legislative and regulatory requirements while also structuring their business model to ensure it is commercially sustainable, which I believe significantly impacts the success of their business.
As part of your practice, you also focus on e-commerce law. What issues do entrepreneurs in this field most frequently bring to you?
Most often, of course, we address issues related to consumer law and the drafting of general terms and conditions (GTC). Complaints and contract termination are also major issues, as consumers hold a strong position in the online marketplace, which is associated with a wide range of extensive rights—for which e-shop and marketplace operators, or merchants, are often completely unprepared or only inadequately prepared. Naturally, this is closely linked to the requirement to maintain complete documentation for the proper operation of a trustworthy e-shop. Many merchants in this case follow a sort of motto of “better late than never,” which I personally consider an illogical approach, since even from an economic standpoint, it is certainly more advantageous to be prepared in advance, to have clearly defined rules, and high-quality legal documentation in place than to subsequently, say, after a sanction is imposed by the relevant supervisory authorities, have to retroactively amend the Terms and Conditions or various technical settings of the online platform. It is important to realize that if you want to establish a relevant position in the online market, it is necessary to invest not only in the platform’s design but also in its functionality—specifically, in providing relevant information to consumers, as most consumers today perform a quick check of the mandatory information that every merchant should provide before making an online purchase (we are referring to information such as the merchant’s contact details, Terms and Conditions, Return Policy, GDPR compliance, and forms for returning or exchanging goods, etc.).
This, too, can ultimately play a role in the final decision of whether a customer will place an order at a given e-shop.
E-commerce is a rapidly changing industry where legislation is constantly adapting to new trends. What do you think are the biggest challenges facing online entrepreneurs today?
One of the main challenges is aligning business processes with increasing regulation. It wasn’t long ago that merchants had to adapt to new consumer protection legislation implemented just last year, yet a large number of merchants have still failed to adapt to the dynamics of consumer reform despite increased media coverage of this issue and have not reflected these changes in their online business operations, including legal documents. It is important to note, however, that changes to the legal framework of consumer law were necessary not only to harmonize legislation with European Union directives but also to prevent further fragmentation of legal regulations by consolidating them into a single comprehensive regulation. The amendment to the Consumer Protection Act proved to be a necessary step aimed at both strengthening consumer confidence in the online environment and increasing the transparency and accountability of merchants. In this way, the legislature ensured the modernization of legal regulations to reflect current needs and trends, while elegantly ensuring the same level of consumer protection in Slovakia as in other European Union member states.
At the same time, this amendment to the Consumer Protection Act has eliminated duplications, application issues, internal contradictions between individual provisions, and terminological discrepancies. As consumer law is evolving dynamically, it is essential that it responds to new market developments, business models, and technological progress, including digitalization. Last but not least, changes to consumer legislation are desirable given the sector’s dynamics, even though they impose new obligations and possibly a burden on businesses; on the other hand, however, these changes can also be viewed as new opportunities to strengthen one’s market position.
However, it is important not only to adopt these changes but also to ensure that they are actually implemented within the online market, which is often problematic, especially for small and medium-sized e-shop operators.
Why are General Terms and Conditions (GTC) essential for e-shops, and what is their primary legal significance?
General Terms and Conditions (GTC) are a contractual document that governs the relationship between the merchant and the customer. They define the rights and obligations of both parties and address the ordering process, payments, delivery, complaints, withdrawal from the contract, and other requirements.
At first glance, it may seem that they serve only to protect the consumer, but the truth is that they are equally important, if not more so, for protecting the business owner, as they are the first thing authorities or a court will review in the event of a dispute. Well-drafted and professionally prepared Terms and Conditions prevent most disputes and thus save significant financial resources which the merchant would otherwise have to spend to prove the truth of their claims, and, last but not least, they save time and stress in the event that deficiencies in the GTC are discovered, which will sooner or later come to light.
Are there any legal obligations that every e-shop must comply with?
Yes, merchants must comply with and provide their customers with at least the general information obligations arising from the Consumer Protection Act, which include, for example, the merchant’s identification details, information on the selling price, the main characteristics of the product, terms of performance—including delivery terms—options for withdrawing from the contract, liability for defects in the goods, and much more. At the same time, the legislative framework also sets out a negative definition of obligations—that is, the scope of what merchants are prohibited from doing, such as the prohibition on using unfair commercial practices, unacceptable contract terms, denying consumer rights, acting contrary to good morals, and the like. There are indeed many obligations, and it is not wise to select only those that seem easiest to fulfill or less demanding to implement.
What are the most common mistakes entrepreneurs make when drafting their Terms and Conditions?
If I were to name the most common—and, in my view, the most fundamental—mistake, there is generally an undesirable trend in the market of copying T&Cs from other platforms. While this may seem harmless and businesses hope it will save them money, the opposite is true.
Terms and Conditions tailored to one business model may not fit another. It matters whether the GTCs govern goods or services; differences may also arise in the type of goods or services, delivery methods, performance conditions, and many other aspects that, for understandable reasons, cannot be universally standardized and must be tailored individually. That is why, as a law firm, we strive to educate both our clients and the general public in this area so that they do not simply adopt templates in the form of GTCs from competitors and truly leave the drafting of legal documents to professionals.
How should a customer’s withdrawal from the contract be addressed within the GTCs?
First and foremost, the provisions regarding the possibility of contract termination must be drafted in a way that is easily understandable, minimizing the potential for differing interpretations. The legislature has quite clearly established the conditions under which a customer may terminate the contract. However, merchants are also creative in this regard and, in many cases, attempt to adapt these conditions or failing to inform their customers of this option, which is certainly not the correct approach, as the merchant has an explicit obligation to inform the customer, in their capacity as a consumer, of the possibility to withdraw from the contract within the statutory 14-day period. If the merchant fails to do so, they risk the consumer being granted an additional period to withdraw from the contract by law, up to 12 months after the expiration of the period, had the merchant properly and timely fulfilled their obligation to inform the consumer. In addition, the merchant is required to provide customers with a model form for withdrawing from a distance contract and a contract concluded outside of business premises. Traders are also required to provide their customers with instructions on exercising the consumer’s right to withdraw from a distance contract and a contract concluded outside the trader’s business premises, thereby fulfilling their statutory duty to provide information.
What must an e-shop include in its complaint policy to comply with the law?
First and foremost, it is important for an e-shop to have a properly drafted complaints policy that is clear and transparently published in an easily accessible and visible location—which may sound simple, but practice shows that merchants do not always fulfill this obligation. It is not enough to simply have the complaint policy tucked away in a drawer somewhere. It is essential to ensure that customers have access to and the opportunity to familiarize themselves with the terms and conditions and the procedure for handling complaints before they decide to place their order; this is the first prerequisite for successfully meeting legal requirements regarding the complaint process. Ideally, it is advisable to have a complaint form available on the e-shop website, which will significantly simplify the entire complaint process for both parties. In this simple way, merchants ensure that customers provide all the information necessary to process their complaints, and customers easily know what information they must provide to the merchant as well as how to proceed if they want their complaint to be resolved without complications. A very important aspect of the complaint policy that is of primary interest to customers is, of course, the timeframe for resolving their complaint, which is set by law at 30 days. This is the maximum timeframe, and the complaint should be resolved as quickly as possible, depending on the circumstances and nature of the complaint. This deadline may be exceeded only in individual cases where there are reasons beyond the merchant’s control that prevent the complaint from being resolved within 30 days. However, even for an extended period, it must be the shortest possible time, and the merchant must always inform the consumer in writing of this period and the reasons why it exceeds 30 days. Interpretative and application practices in the Slovak Republic regarding this issue follow the long-standing legal framework with a fixed 30-day period for all types of matters, and thus, in practice, the 30-day period should be considered a reference period for interpreting a reasonable period, which should be shortened if the circumstances of the specific case permit it, and extended if the objective circumstances of the specific case require it. This provision naturally entails the merchant’s obligation to inform the consumer of the reasonable period.
An interesting point—which few merchants are aware of, as it is a new development from last year—is that the legislature finally addressed situations where customers did not collect their claimed goods, and thus introduced an obligation for the buyer to collect the item from the seller within 6 months of the date when they were supposed to pick it up after repair or replacement, which represents significant relief for merchants who were previously limited by consumers and their arbitrary decisions regarding the pickup date for repaired or replaced goods.
What are the main GDPR requirements for Terms and Conditions, and how should they be incorporated?
The GDPR—or, in other words, the issue of personal data protection—is a broad and highly sensitive topic, which is why it requires a special and thorough approach. I would venture to say that, unfortunately, most e-shops have processed information on personal data protection inadequately or completely incorrectly. A classic mistake is incorporating personal data protection information entirely as part of the Terms and Conditions. However, we now know from practice that this form of providing personal data protection information is insufficient and does not meet the requirements for informing customers about how their personal data is processed. Providing partial and basic information on personal data protection within the T&Cs is desirable, and the T&Cs may contain basic information on the processing of personal data; however, these should also primarily refer to a separate document which contains a comprehensive range of information regarding the processing of personal data, the purposes of processing, the retention period, as well as the options for withdrawing consent to the processing of personal data and many other details required by applicable legislation. Under no circumstances is it sufficient, for example, for a merchant to simply include this information in an order summary, especially when it includes pre-selected consent to the processing of the customer’s personal data and does not even allow the customer to review the terms of such processing.
Unfortunately, this still occurs on the websites of many merchants, despite the fact that it is one of the most common violations identified during inspections by the Office for Personal Data Protection. In this case as well, the law favors the vigilant, and therefore it is necessary to clearly prioritize the processing of GDPR documentation.
How often should e-shops update their Terms and Conditions, and what might compel them to do so?
There are several situations where it is truly necessary to update the Terms and Conditions, or the documentation used by merchants in general, whether due to changes in legislation, the goods or services merchants offer, or even minor informational changes on the merchant’s part. These are essentially all situations where it is necessary to ensure that the documentation is updated practically immediately. In addition to these standard situations, however, I recommend that clients conduct a preventive review of the potential need to update documentation at least once a year. However, if I were to provide a comprehensive answer to the entire question, regarding enforcement measures, it appears that the most effective approach is indeed an inspection by the relevant authorities, during which businesses—especially in order to avoid penalties—are willing to carry out a whole range of updates, from amending legal documents to making technical adjustments.
What penalties do businesses face if their General Terms and Conditions are not in compliance with the law?
It depends on the situation, the scope, and the severity of the violations committed by the business. The latest reform of consumer law last year introduced a new penalty regime that is, let’s say, more favorable to businesses. In general, it can be said that the supervisory authority (Slovak Trade Inspection) has the option to apply a “second chance” mechanism, which is intended to strengthen the preventive and educational impact of supervision on supervised entities, and thus proceed to reduce or waive the sanction for a violation of a legal obligation if the supervised entity accepts responsibility for its unlawful conduct, ceases the violation of legal regulations, remedies the consequences of its conduct, and compensates consumers whose rights were infringed by its actions. The entire revision of the penalty provisions was aimed at imposing penalties in a fairer and more proportionate manner. Penalties are currently imposed based on the trader’s turnover for the previous accounting period, which may represent a maximum limit of 5% of the trader’s turnover for the previous accounting period, but not exceeding EUR 600,000.
If you were to give e-commerce entrepreneurs one piece of advice when drafting their Terms and Conditions, what would it be?
Pay sufficient attention to them and seek advice from experts who have experience in this field.
