If you sell SaaS services to business customers online in the UK you must have the following legal documents and information available on your website to comply with English law. Simply publishing SaaS agreement terms online will not cover your legal obligations in the UK.
Below is a summary of the documents and information that you should make available on a UK website when selling SaaS services BTB (business to business).
The terms and conditions under which you will be providing SaaS services to customers should be set out in your SaaS agreement. These should as a minimum include:
- a licence to access the SaaS services only for the term of the agreement;
- retaining ownership in all intellectual property rights in the software and services;
- return of customer data on termination;
- the Customer’s obligations as a data controller under the Data Protection Act 1998.
Service Level Agreement (SLA)
This should set out the hosting, support and maintenance services being provided. The SLA should specify:
- where the data centre is located and who is operating it;
- what security, backup and disaster recovery procedures are in place;
- what support and maintenance services are included.
- the type of data being collected;
- why the data is being collected;
- how the data is used and why;
- information about any cookies used;
- if and why personal data will be disclosed to third parties;
- how and where data is stored;
- how complaints or queries about personal data will be dealt with.
Registration under the Data Protection Act
If you collect personal data on your website – i.e. email addresses, names or addresses of a living individual, you will be processing personal data and must register as a data controller under the Data Protection Act. It is a criminal offence not to register and you can face a substantial fine for non-compliance.
About Us/Contact Information
You must provide the following information in an easily accessible position on your website:
- legal name i.e. XYZ Ltd;
- geographical address;
- contact details i.e. telephone number, fax number and email address;
- which country your business is registered in and the registration number;
- details of any supervisory body which regulates your business i.e. the FSA;
- where you are registered for VAT and your VAT number;
- clear details of prices and whether or not delivery and/or tax is included.
Compliance with other Laws
You will also need to consider your compliance with any other applicable laws or rules. These will be industry specific depending on the type of SaaS services you are providing.
For example, if you provide email marketing services you will need to comply with applicable email marketing and advertising rules and guidelines such as the CAP Code and the Privacy and Electronic Communications Regulations 2003.