What legal stuff to take care of when launching a German e-commerce site?

Take care, visitor: the information here is provided "as is", without any warranties, neither explicit nor implied. The information in this article is especially not to be taken as legal advice. It is merely a collection of information that I found and linked to in the Internet; granting some comfort when researching in that area, but no guarantees that the information is correct. 'Nough said.

This article was updated on 2010-09-28 to reflect the changes in German revocation right regulation that took place in mid 2010. The main changes are that the BGB-InfoV regulations were abandoned in favor of "real" law regulations in BGBEG, to provide legal security.

This article deals only with the case of an e-commerce websites of a company, either for a B2C (selling) or C2B (e.g. buying from customers) business type. And, it only applies to the situation in Germany. The regulations are only detailed here for the simplest case:

  • an unincorporated sole trader ("nicht in ein Register / das Handelsregister eingetragenes Einzelunternehmen")
  • which is not obliged to balancing, instead doing cash-basis accounting
  • which is a small business in the sense of German VAT, and did not opt in to VAT, so that the invoices are VAT exempt according to §19(1) UStG
  • and which offers only one service via the website
  • and which trades only in Germany

Hints for other types of business are added, but without the claim to completeness.

Summary: law regulations you must conform to

The types of regulations to observe when launching an e-commerce website:

  1. Regulations about domain naming
  2. Regulations about the sale of consumer goods ("Verbrauchsgütervorschriften")
  3. Regulations about provider identification ("Anbieterkennzeichnungspflicht")
  4. Regulations about distance selling ("Fernabsatzgesetz")
  5. Regulations about data privacy

The individual obligations will be listed now, in hierarchical manner. Good, freely available sources that I used in reasearch are:

Regulations about domain naming

Currently not included in this article. See better: Prof. Dr. Thomas Hoeren: Skriptum Internet-Recht.

Regulations about the sale of consumer goods ("Verbrauchsgütervorschriften")

A consumer goods sale in German law is selling things to private persons (BGB § 474).

  1. A commercial seller must grant a warranty to a private customer. This is the German German "Gewährleistung / Mängelhaftung" (being liable for deficiencies of the goods according to BGB § 434), different from "Garantie" (a voluntary additional assurance). Giving this warranty is an obligation of the seller, not the manufacturer, because it is connected to the buying contract [source].
  2. This warranty starts running when the customer receives the goods (BGB § 438 (2)).
  3. The warranty has to last at least 2 years for new items, and one year for used items (BGB § 475 (2)); if nothing different is agreed on (e.g. via the GTCs), the warranty normally runs for two years for movable goods (BGB § 438 (1) 3.).

Regulations about provider identification ("Anbieterkennzeichnungspflicht")

  1. The provider is obliged to make the following information obviously recognizable, simply and always accessible (commonly called the "impressum obligation"):

  2. The provider must make "commercial communication" clearly recognizable as such (TMG §6 (1) 1.).
  3. There are special regulations when using advertisement means like price reductions and contests (TMG §6 (1) 3-4.).
  4. The From: and Subject: header of e-mails sent must indicate the correct sender and the commercial content of the message (TMG §6.).

Previously, there had been an obligation that unincorporated sole traders need to include their family name and at least one non-abbreviated first name in all their written business communication, including e-mails (§ 15b GewO prior to 2009-03-25). This obligation has been removed without a replacement [source].

Regulations about electronic contracts

Note: this section has not yet been updated to the new regulations applicable from 2010-07 on: the BGB-InfoV references are now probably invalid and have to be exchanged, probably with references to the BGBEG.

  1. The provider has to inform the customer about what technical steps lead to making the contract (BGB-InfoV §3 1.).
  2. The provider has to provide adequate, accessible and effective means to the customer to check the information he entered, and if necessary change it, before submitting it (BGB §312e (1) 1.).
  3. The provider has to confirm the arrival of the customer's order immediately in electronic ways (BGB §312e (1) 3.).
  4. The provider has to provide the possibility to the customer to get the text of the contract, including the GTCs, at the time when the contract is made. The customer must be able to save this. (BGB §312e (1) 4.)
  5. The provider has to inform the customer if the contract is stored by the provider and if it is accessible to the customer (BGB-InfoV §3 2.),
  6. The provider has to inform the customer how he can detect and correct errors in the data he entered, before submitting them (BGB-InfoV §3 3.),
  7. The provider has to inform the customer about the languages that are available for making the contract (BGB-InfoV §3 4.).

Regulations about distance selling ("Fernabsatzgesetz")

  1. In addition to information already provided by provider identification ("Anbieterkennzeichnungspflicht"), because an e-commerce website engages in distance selling, the provider has to inform the customer about:

    1. important attributes of the service or product (BGBEG Art. 246 §1 (1) 4.),
    2. how the contract is made  (BGBEG Art. 246 §1 (1) 4.),
    3. the full price of the service or product (BGBEG Art. 246 §1 (1) 7.),
    4. the taxes contained in the given price (BGBEG Art. 246 §1 (1) 7.),
    5. the added shipment fee (BGBEG Art. 246 §1 (1) 8.),
    6. details about how the payment and shipment etc. will be made (BGBEG Art. 246 §1 (1) 9.),
    7. if applicable: the minimum runtime of the contract (BGBEG Art. 246 §1 (1) 5.),
    8. if applicable: statements about substitutionary fulfillment if a product or service is unavailable (BGBEG Art. 246 §1 (1) 6.),
    9. if applicable: statements about the right to not fulfill a contract if a product or service is unavailable (BGBEG Art. 246 §1 (1) 6.),
    10. if applicable: information about the end of validity of the information provided (esp. prices) (BGBEG Art. 246 §1 (1) 12.)
    11. if applicable: information about additional costs that would occur when ordering something, in addition to the costs on the invoice (BGBEG Art. 246 §1 (1) 8.)
  2. The provider has to inform the customer about his right (or absence of this right) to revoke the contract, and the details of that right (BGBEG Art. 246 §1 (1) 10.). Informing about the absence of the right to revoke includes to name the applicable § 312d Abs. 4 BGB exceptions [source]. This also applies if a company buys from the customer instead of selling, because it applies to all contracts made over a distance between a company and a consumer (BGB §312b). The provider can use an official template for the revocation information (BGBEG Art. 246 § 2 (3)). Note that there are two templates, one called "revocation template" (BGBEG Anlage 1) and one "return template" (BGBEG Anlage 2). One has to choose and use exactly one of them, not both [source]. Also note the discussion what template is better in what case, discussed in that linked source. Also, based on that, eBay offers a revocation statement template for trading goods.
  3. The provider has to inform the customer about the availability of customer service (BGBEG Art. 246 § 2 (1) x 4. b)), but it is sufficient to do this until shipment.
  4. The provider has to inform the customer about the applicable warranty and guarantee conditions (BGBEG Art. 246 § 2 (1) x 4. b)), but it is sufficient to do this until shipment. Warranty means here German "Gewährleistung / Mängelhaftung", that is the legally binding obligation to be liable for deficiences of the product.
  5. You can use GTCs (German: AGB), but if you do, they must be conform to law, and you must place them at an obvious position. See this article (German).
  6. There are special regulations for financial services (BGBEG Art. 246 § 1 (2)).

All this information has to be given before the contract is made up (BGB §312e (1) 2.).

In addition to that (!), all this information has to be given in "text form" (BGBEG Art. 246 § 2 (1) 2.), which means, in a way so that the supplier cannot change this afterwards. Sending as e-mail is sufficient. This can be done after the contract is made up and until shipment (BGBEG Art. 246 § 2 (1) 2.). This  information can be contained in the GTCs, but if they are, the following items have to beobvious there, and emphasized by typesetting (BGBEG Art. 246 § 2 (3)):

  1. summonable (de: "ladungsfähige") address of the company owner
  2. every other address that is of relevance for the contract made with the customer
  3. information about the availability of customer service
  4. information about the applicable warranty and guarantee conditions
  5. all information about the right to revoke the contract

Regulations about data privacy

  1. The provider has to inform the user in understandable form, before he starts entering his data for the first time, about:

    • kind, extent and purpose of getting and using person-related data (TMG §13 (1))
    • processing the data in states outside of some EU legislation (TMG §13 (1))
  2. The provider must use the entered data only for the purpose that he has stated (BDSG somewhere).
  3. The provider has to make this information about the processing of person-related data (the "data privacy statement") immediately accessible for the user (TMG §13 (1)).
  4. The provider must inform the user before he gives his consent to the privacy statement that he has the right to revoke this consent at any time for the future (TMG §13 (3)).
  5. The provider must make sure that the user gives his consent to this privacy statement consciously and explicitly. (TMG §13 (2) 1.)
  6. The provider must log the consent of a user to his privacy statement (TMG §13 (2) 2.).
  7. The provider must make it available to the user to access the content of his consent at any time (TMG §13 (2) 3.).
  8. The provider must make it possible that the user revokes his consent at any time for the future (TMG §13 (2) 4.).
  9. The provider has to make it possible that the user can end using the service at any time (TMG §13 (4) 1.).
  10. The provider has to make sure that person-related data about a user's access to a service are deleted immediately afterwards (TMG §13 (4) 2.). This probably relates to IP address and stuff, excluding of course data necessary for accounting etc..
  11. The provider has to make sure that the user can use the service without third parties noticing that (TMG §13 (4) 3.).
  12. The provider has to make sure that it is impossibe to connect usage logs with person-related information (TMG §13 (4) 6.).
  13. More regulations if more than one service is offered (TMG §13 (4) 4.-5.).
  14. If the provider forwards the user to another provider, the user has to be informed about this (TMG §13 (5)).
  15. If possible, the provider has to offer anonymous / pseudonymous payment and usage to the user, and to inform the user about that option (TMG §13 (6)).
  16. The provider has to inform the user on demand what person-related resp. pseudonym-related data is saved about him; if the user demands so, the information has to be given electronically (TMG §13 (7)).
  17. Detailed regulations about "Bestandsdaten" (TMG §14).
  18. Detailed regulations about "Nutzungsdaten" (TMG §15).

Posted

in

,

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.