One of the most important regulations you should pay special attention to is the Law of Information Society Services and Electronic Commerce (LSSI), which regulates your obligations when selling on the Internet:


The Duty of Information:


It applies to companies and professionals who develop an economic activity of electronic commerce over the Internet and establishes the need for ecommerce platform to house in a visible and accessible place to any user the basic data of the business, such as:

  • Name or company name and contact details.
  • Registration number of the register in which the business is registered.
  • NIF

In addition to:

  • Price of the products, indicating whether taxes, shipping costs, etc. are included.
  • Whether or not prior administrative authorisation is required.
  • Details of the professional association, membership number, academic degree and EU State in which it was issued, with its homologation, if available and necessary.

Online contracting


If you make electronic contracts, you will have the duty to provide the customer with information regarding the electronic contracting process, in the moments before and after the conclusion of the contract.


So, beforehand, you must include the following information:

  • Formalities to be followed to contract “on-line”.
  • Whether the electronic contract document is to be archived and whether it will be accessible.
  • Technical means to identify and correct data entry errors.
  • Language(s) in which the contract may be concluded.
  • General conditions to which, if any, the contract is subject.

After the formalization of the contract, you must:

  • Confirm that you have received the purchase acceptance by sending an acknowledgement of receipt by email within 24 hours to the address provided by the user.


  • Confirm that you have received the acceptance of purchase by a means equivalent to that used in the contracting provided that such confirmation can be archived by the user and immediately upon acceptance.

Cookie Policy


Following the recent update of the LSSI, we must also adapt our site to the new conditions established for the use of cookies, i.e. those pieces of information sent by a website and stored in the user’s browser that allow the website to consult the user’s previous activity. The cookies law is applicable to information society service providers (both companies and individuals who carry out economic activities through the Internet) established in Spain and to the services provided by them.


To do this, a procedure of informed consent prior to the use of cookies should be included through a cookie policy that includes, for example, the types of cookies used by the ecommerce platform and how to disable them.


It is important to have a procedure, which is executed through a pop-up, a landing page or visible in the header or footer of your website, in which:

– The use and cookies policy of the site is reported in a visible and accessible way, without the need to scroll.


– You use a formula in which you obtain the prior informed consent of the user who visits your site before installing any file to collect information.


– Explain what a cookie is, the type of cookies your website is using and their purpose.


– Provide your users with instructions on how to disable cookies from the different existing browsers.


– Offer referrals to places to get more information.


Data Protection (LOPD)


Normally, any e-commerce based business deals with personal customer data on a daily basis and, as any company that collects personal data, we are obliged to comply with the Organic Law on Data Protection. Therefore, we must adapt our business to the requirements established by the LOPD to ensure the protection and proper processing of personal data.

The steps for the process of implementation of the LOPD will be:

  • Identification of files containing personal data (employees, customers, suppliers, etc.).
  • Identification of the level of security applied to them.
  • Identification of the File Administrator.
  • Elaboration of the Security Document.
  • Training for the File Manager.
  • Information to the owners of the data, about the existence of the files.
  • Registration of the files in the Register of the Spanish Data Protection Agency.
  • Develop a privacy policy for our company
  • To have a data collection form that allows prior and express consent.

It should be remembered that there are different levels of data protection and data processing. In the case of an e-commerce, we will have to adapt to the basic level or to the intermediate level in the case of storing the information related to banking data ourselves.

  • Basic level: identification data, such as NIF, NºSS, name, surname, address, telephone, signature, image, e-mail, user name, card number, registration number, etc…
  • Medium level: data about administrative or criminal offences, solvency or credit, tax or social security data, financial services data, and data concerning the personality or behaviour of individuals, such as tastes, habits, hobbies, etc…

You must also remember that the LSSI expressly prohibits the sending of unsolicited or expressly consented advertising e-mails.


Conditions of use


The terms of service set out the rights and obligations of customers and users and must be previously and expressly accepted by the user before purchasing any product or service from our ecommerce platform.

In the same way that the basic data of the company, they must be placed in a visible and easily accessible place and be written in a clear, concise manner.

These conditions must include all the aspects that regulate the service offered in our e-commerce:

  • Site Usage Policy
  • Intellectual Property
  • Conditions of purchase
  • User Rights
  • User Obligations
  • Payment methods
  • Return Policy
  • Privacy Policy

Consumer law and e-commerce


E-commerce is one of the sectors that has experienced the greatest growth in our country in recent years. For this reason, and with the aim of adapting to the latest European requirements, in recent months there have been various amendments to the Consumer Act that apply especially to online stores. Basically, any online store must meet the following requirements:


  1. The final price of thecontracted product orservice must be clearly and unequivocally shownbefore the transaction is concluded and must be expressly accepted by the consumer. In the event that the customer does not have access to the final price from the beginning of the transaction, the difference between the initial and final cost can be recovered. In addition, for goods and services that cannot be priced in advance or are priced by quotation, the criteria for determining the price should be disclosed.
  2. The period for returning products is extended from the current 7 working days to 14 calendar days. In addition, the entrepreneur must ensure that the consumer has been sufficiently informed. If the consumer is not informed, the period may be extended to 12 months from the date of expiry of the initial period.
  3. A withdrawal form, common throughout Europe, must be made available to the purchaser and must be provided together with the information prior to the purchase contract.
  4. In e-commerce, the buyer must be duly informed, until the last step of the transaction or purchase process, that the acceptance of the offer obliges the buyer to pay for it.
  5. The entrepreneur or seller will be responsible for assuming the risks that the product may suffer during transport until it is delivered to the consumer.
  6. The seller may not charge a surcharge on the price of the product to consumers or customers for paying by credit card or any other means of payment in excess of the cost of providing such payment services.