Organization : Malta Communications Authority
Type of Facility : Application For eShop Verification
Country: Malta
Website : http://eshop.mca.org.mt/
Application For eShop Verification:
The eShop Instructions Manual is intended to assist you in completing the online form for the eShop trust-mark.
Should you still require further clarification or assistance, you are kindly requested to contact our office on 21 336840 or send an email to eshop AT mca.org.mt.
Apply Here: http://eshop.mca.org.mt/apply/eshop-verification#overlay-context=
eShop Instruction Manual:
These instructions are intended to assist you in completing the application form for the eShop trust-mark. Should you require further clarification or assistance, you are kindly requested to contact our office on 21 336840 or send an email to eshop AT mca.org.mt.
General :
Briefly indicate the categories of the products/services you offer online:
Indicate the categories of the products or services you offer online.
Example: Computer Accessories, Travel Agency, Home Appliances, Consumer Electronics etc. It is important to note that certain items are prohibited from being sold and/or offered. These include pornographic or obscene articles and threatening, seditious, offensive or libellous articles. Similarly, the Food, Drugs and Drinking Water Act, Product Safety Act prohibits the sale/import/export of a number of products.
In addition, the eCommerce Act does not provide for the following activities:
contracts that create or transfer rights over immovable property other than leasing rights and contracts of surety-ship granted and on collateral security furnished by persons acting for purposes outside their trade, business or profession.
public deeds that require ex lege formalities by public authorities / notaries (eg wills and separation); activities of notaries, representation of a client and defence before the courts and gambling activities including lotteries and betting.
Have you obtained the relevant licenses required, in order to sell your products or to provide such services?:
Although you are not required to have a trading licence to offer an eCommerce service, you are still obliged to get one if that activity so requires, irrespective of whether the products/services will be provided online or through conventional methods.
The Trading Licences Act requires anybody carrying out a commercial activity to obtain a trading licence, unless the nature of the business falls under the remit of a specific Authority. In the latter case, the licence will need to be obtained from the Authority that regulates that specific sector.
We recommend that you consult with the Trading Licences Act and Regulations1 for further guidance.
Contractual Relationship:
Are your customers informed that in some instances, although you are the service provider, some products and/or services will be provided by a 3rd party?
It is important that at all times customers are informed about who is responsible for the performance of the contract.
Information On Website :
Is the customer provided with the following information in clear, comprehensive and unambiguous terms BEFORE placing the order:
According to the Electronic Commerce Act and Regulations, and the Distance Selling Regulations, you should provide the consumer with certain information BEFORE an order is placed.
The name and address where you are established and e-mail address and/or tel. no. where any queries and/or complaints can be addressed
The geographic address is normally the address of the business/retail shop. However, in cases where there is no physical store/shop, the address would refer to the one that appears on the Trade licence or Supervisory Authority’s register; Moreover, you should also make available the details that would enable the consumer to contact you for information, queries or any complaints.
This information should include the electronic mailing address, telephone number or any other means that allows the consumer to contact you rapidly and communicate with you, in a direct and effective manner.
The Value Added Tax (VAT) registration number if you undertake an activity that is subject to VAT:
Your VAT registration number. The different steps to follow to conclude the contract
According to the eCommerce Act you should make the customer aware of the process involved to conclude a contract and the stage at which s/he will commit himself/herself.
Unless the shopping cart is designed in such a way that it easily and unequivocally indicates at which point the customer will be submitting the order, the trader needs to provide information on how to place an order, ideally, in the website’s terms and conditions.
The technical means for identifying and correcting input errors prior to the placing of the order:
The eCommerce Act states that you should provide the customer with effective and accessible means to identify and correct errors and accidental transactions prior to the conclusion of the contract. The customer should be able to correct order details (for example quantity, size, etc.) prior to placing the order.
The Terms and Conditions applicable to the contract:
By making available the terms and conditions, you would be satisfying the obligations at law of informing and providing the client, prior to the placement of the order, with the required information in a clear, comprehensive and unambiguous manner. The terms and conditions applicable to the contract clarify the relationship between you and the customer.
These would normally include the following information: description of the goods or services being supplied; price and payment structure; delivery details, including the time, place, who is responsible for delivery and related costs; rights of either party to terminate the contract; return and refund policy; and confidentiality provisions, particularly if the contract is of a sensitive nature.
The language or languages in which the contract may be concluded:
Regardless of whether your website is available in one or more languages, you need to specify the language/s in which the contract can be concluded, as set out in the eCommerce Act.
Written information on the conditions and procedures for exercising the right of cancellation, including the last date for cancelation:
The Distance Selling Regulations require that you provide the customer, prior to the conclusion of an online contract, with information about his/her cancellation rights. These allow the customer to cancel the sale within fifteen (15) days from the receipt of the goods, without incurring any penalty and without giving any reason whatsoever.
Therefore, in such cases, you need to reimburse any sums paid by the customer after s/he has availed himself/herself of the cancellation right. However, you are not obliged to absorb the direct cost in returning the goods.
A description of the main characteristics of the goods or services provided/sold/promoted on your website:
You should provide clear information about the products and/or services that you are promoting on your website, enabling the customer to make an informed decision before placing an order. In addition, you should ensure that the products displayed and offered for sale, are fit for their stated purpose or for the purpose for which they might reasonably be used.
The arrangements for payment:
You need to explain the payment options accepted on your website, making it easy for customers to select the method that best suits their needs. According to the Distance Selling Regulations you should include when and how payment is effected (e.g. by credit card, pay on delivery etc.).
The arrangements for delivery and performance:
According to the Distance Selling Regulations you need to specify the delivery options available, including the applicable charges, if any. Ideally delivery costs should be made available to consumers prior to initiating the ordering process.
Besides, information about the arrangements for delivery should also be available, especially where perishable products are concerned (e.g. fresh or frozen food) or where timely delivery is required (e.g. gifts for special occasions etc.). Moreover, it is important to indicate to consumers the expected delivery time of the goods or services.
Data Protection:
Did you notify the Data Protection Commissioner that you are carrying out automated processing operations?:
You need to notify the Data Protection Commissioner prior to collecting customers’ personal information by automated process operations, as specified in the Data Protection Act.
For further information you may wish to visit the website of the Office of the Data Protection Commissioner on https://idpc.org.mt/
Do you have a Data Protection Declaration/Privacy Policy?:
The Data Protection Declaration or Privacy Policy is a statement published on your website which explains to customers how you protect the privacy of the information it acquires on them.
In addition, it explains how a customer’s personal information will be treated, for example, whether it treats personal data as strictly confidential or whether it trades in personal data. It is also the logical place to explain the purposes
For which the organisation uses personal data and any likely disclosures. This will provide consumers with further reassurance about the way in which information is being collected and used.
This information should ideally be placed in the Privacy Policy document, or included elsewhere on the website (e.g.in the T&Cs). Is the Data Protection Declaration/Privacy Policy accessible on all pages or at least on those web pages that are used to collect data
The Data Protection Declaration or Privacy Policy should ideally be linked in such a way as to be accessible and viewable at any particular instance. This could be achieved by linking the page through a toolbar placed anywhere across the perimeter of the website.
This would cover all instances, particularly when the customer did not enter directly through the homepage, but accessed a particular section of the website via a hyper-text link. Notwithstanding, the Privacy Policy should at least be accessible from pages that collect personal information.
Is the customer adequately information about the security measures applied to the data that he/she submits?:
You need to assure customers that you have implemented the appropriate technical and organisational measures to protect the personal data that is processed against accidental destruction or loss or unlawful forms of processing thereby providing an adequate level of security with regard to the: technical possibilities available; cost of implementing the security measures; special risks that exist in the processing of personal data; sensitivity of the personal data being processed.
If you engage a third party to process customers’ data on your behalf, you should ensure that the third party:
can implement the security measures that must be taken; actually takes the measures identified by yourself. (Data Protection Act, art. 26)
This information is usually included in the Data Protection Declaration or Privacy Policy.
In the Data Protection Declaration/Privacy Policy, is the customer informed of any cookies that are installed on his/her computer?:
Cookies contain information (e.g. how many and which pages were visited, log-in information, shopping cart contents, and other volunteered information) about customers and are generated by a web-page server and usually take the form of a very small text file that is placed on a customer’s hard drive.
When the latter moves from one page to another, the cookies are also passed back and forth from the web server to the web browser. The stored cookies will be used to remember this information each time a customer returns to the website and can hence be considered as a customer’s identification card.
Therefore, it is important that you inform customers explaining how their details are used and stored in cookies, and how they can remove, block or allow cookies. It is advisable that this information is inserted in the Privacy Policy. The following is an example of the appropriate text to place on your website:
‘We may also store information about you using cookies (files which are sent by us to your computer or other access device) which we can access when you visit our site in future. We do this to [describe why cookies are used].
If you want to delete any cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that stores cookies. Our cookies will have the file names [insert file names, e.g. cookie1.txt and cookie2.txt].’
In the Data Protection Declaration/Privacy Policy, is the customer clearly informed about his/her right to information, amendments, blocking and cancellation?
You need to inform customers of their right to access the data held about them as this is a requirement of the Data Protection Act2. Where personal data relating to customers is being processed, customers are entitled to receive written information, without excessive delay and without expense about the actual personal data which is processed; the source of the information; the purpose of the processing; any recipients or categories of recipients of the data; the manner in which any automatic processing of data takes place.
It should be noted that while customers have the right of access to the above information, such requests must be made at reasonable intervals. In addition, customers can request the trader to immediately rectify, block or erase any personal data that has not been processed in accordance with this Act or with regulations made under this Act.
The Online Transaction :
Does the shopping cart include all expenses including taxes and delivery costs?:
When you refer to prices, you should indicate them clearly and unambiguously and, in particular, indicate whether these are inclusive of any tax and delivery costs. It is very important that this information is provided before the contract is concluded.
Does the customer receive an acknowledgment/order confirmation immediately after an order has been placed?:
According to the eCommerce Act, you have to immediately and without any undue delay acknowledge the receipt of the client’s order by electronic means. This should include a copy of the order and specify whether the order has been accepted. It is also recommended to include information about when and how the customer can exercise the right to cancel.
Does the customer have access to past orders?:
If you provide customers with access to past orders you need to indicate how this can be done. Ideally, this information should be made available in the websites T&Cs.