Safety and Privacy

The internet and privacy can't work together? We say they can! Read more about the data protection rules and safety basics at Connox.

Data Protection

Connox GmbH
Aegidientorplatz 2a
30159 Hanover


Tel. +44 (1603) 733366
Available Mon-Fri 7am-6pm, Sat 8am-12am London, UK Time

Data Protection Officer: Christoph Kuhn

Privacy and security are especially important to Connox. With our constant optimisation of all technical security principles, Connox is continuously improving the protection of your data.

Your data is in good hands, we promise that:

We will not sell your personal data to third parties, nor lease it to other companies for advertising purposes. Data will not be transferred to third persons, except for the purpose of completing your transaction (eg. your address will be shared with the delivery company for the purpose of delivering your purchase).

In the following, you will find information regarding the storage of your data. Our data protection practices are in accordance with the German Federal Data Protection Act (in short: BDSG) as well as the German Telemedia Act (in short: TMG).

Personal data

Connox treats the customers data as confidential and exclusively for processing the order, except if the customer wishes to enjoy additional services. To process the customer's order and to deliver, Connox only forwards the customer's data to the supplier and, if need be, for a checking of the creditworthiness to Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss. The transmitted data may be used by the recipient only in accordance to the task to be performed. Another use of this information is prohibited. For the registration as a regular customer or the use of the newsletter service, Connox, due to the aforementioned laws, needs the customer's approval, which is being asked for at the appropriate time and place. Should the customer later decide to not enjoy these services anymore, he or she may revoke their approval at any time via message to Connox (email, fax, postal message, phone).

To better handle your enquiries, orders etc., Connox collects the following personal data:

Customer registration: Here, Connox processes and uses the data that has been voluntarily submitted into the forms and that has been transmitted to Connox, for example name, address or other contact data such as phone number and email address, a user name and a password.

Newsletter registration: Here, Connox uses the email address that has been voluntarily submitted and transmitted by the customer to Connox. The customer is able to unsubscribe from the newsletter at any time.

Order: Aside of the customer registration data, Connox furthermore needs all the data that are necessary for executing the order, such as, for example, the delivery address and payment information (f.e. credit card or debit information). In addition, Connox collects the IP-address, which Connox uses to protect the customer and to prevent or to detect misuse of the website. It is to be pointed out that the IP-address will only be used and handled in a shortened form to exclude the possibility of a direct connection to a person.

Transaction in the Online-Shop: In order to be able to use the shopping cart and to enable customer recognition in case of repeated visits on our website, Connox saves so-called "cookies" on the visitor's computer. You can find further information in regards to cookies in the section "cookies".

Checking of creditworthiness and credit scoring: Should we deliver in advance, we reserve the right to perform a checking of the creditworthiness on the principles of mathematical-statistical procedures to preserve our legitimate interests. The personal data that are necessary for such an examination will be transmitted to the following service provider:

Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss

The credit information may contain probability values (so-called score values). As far as score-values are included in the result of the creditworthiness examination, these are based upon a scientifically recognized mathematical-statistical procedure. In the calculation of these score-values, inter alia, address data may have some influence. The result of this checking in regards to the statistical non-payment probability will be used for the purpose of the conclusion, execution or cancellation of a contractual relation.

Connox guarantees that your data, including your email address, will principally not be passed on to a third party. The data information will not be sold.


On request, Connox will give the customer information about the stored data at no charge. If that is what the customer desires, he or she shall contact Connox with the email address Connox is also obligated by request to correct, bar or delete the customer's data.


Personal data on this website will only be transmitted in an encrypted form, using the TLS-encryption-method (Transport Layer Security, also known as SSL, Secure Sockets Layer). The used method TLS v1.0 is at this time one of the safest ways to encrypt data. uses a 256-Bit-encryption pursuant to AES (Advanced Encryption Standard) and thereby meets highest security standards. The issuer of this SSL-certificate is GeoTrust, and the method for the key exchange is DHE_RSA (2048 Bit).

Through the application of the SSL-encryption, your data will be changed to a degree that a third party could not reconstruct it, before it is transmitted to the Connox-server. Along the lines of this encryption procedure, it is further assured that your data will be sent exclusively to the server that has been requesting them. In the moment of your data's reception on the Connox-server, it will be examined in regards to completeness and potential changes.

If you use the Internet Explorer as your browser, you can identify a secure transmission of personal information with the yellow lock-symbol in the address line of your browser.

Non-personal data

With every visit of the website, access data of this visit will be stored in a log-file. This file is non-personal, which is why Connox cannot conclude which user has transmitted which data. With the access on the website, Connox receives data that will be stored for statistical purposes only.

In particular, every access results in the storage of the following data set: Name of the accessed file; date and time of access; transmitted data volume; notification if the transfer has been successful; notification why an access has failed; if applicable, operating and browser software of the user as well as the website, from which our website has been visited.


Connox partially uses so-called cookies on internet sites, in order to enable web-based applications to administer the status of an online-visit and to provide a smooth navigation between the separate services and contents on the website as well as provide the internet-user with repeating settings on the Connox website.

A cookie is a small file that is being transferred by Connox onto the user's computer if he or she visits Connox' website. A cookie only contains information that Connox itself transmits to the user's computer – private files cannot be read by a cookie.

When cookies are accepted by the user, Connox does not have access to his or her personal information. Connox may however identify the user's computer through the use of the cookies. Connox uses cookies so that the user can fill up the shopping cart with orders and administer those while in session, so that Connox' website can be tailored even more towards the desires of the customer.

Connox applies "session-related" cookies that are not stored permanently on the website's visitor's computer. These temporary cookies will be deleted after leaving the website. By ascertaining the gathered information, Connox is able to analyse usage patterns and structures of the website, thus continuously optimizing the website through improving the content and simplifying its use.

Connox also uses "permanent" cookies. These cookies remain on the customer's computer to simplify shopping and registration services. For example, the cookies are able to remember which articles the customer has chosen for purchase while he or she continues to shop. Furthermore, the customer only has to enter passwords on sites that require a registration once.

Permanent cookies can be removed by the user manually. The permanent cookies used by Connox will be stored for up to 1000 days on your hard disk. Afterwards, they are automatically deleted. Most of the standard browsers accept cookies by default. Temporary or stored cookies can be admitted or barred separately and independently by setting the security settings. If cookies are barred, certain features on the Connox-websites might not be available and some websites might potentially not be displayed correctly.

In order to use the Connox shopping cart as well as the check-out, session-related cookies have to be allowed! If the customer does not allow cookies in general, he or she also has the option to order at Connox by email, phone or fax.

Connox works with some partner companies in order to increase the value of the internet assortment and of the websites for the user. This is the reason why some cookies of partner companies are saved on your hard disk. The cookies used by Connox are "permanent" ones. These cookies remain on the computer of the user and they will be deleted after their programmed duration automatically. The duration of them lasts up to 22 years in some cases. Our partner companies won't have any access to your personal information. The pseudonym data won't come together with your personal data. The pseudonyms are e.g. data about the products you searched or which ones the user bought. That information is only used by our partner companies for publicity purposes, so that the user will only see publicity of things that are really interesting for him – or also to avoid the repetition of the same publicity again and again.

Kupona Re-Targeting

Technologies from Kupona GmbH are used on our pages. Kupona uses cookies to control the display and delivery of advertising. For this purpose, anonymised information is temporarily stored on the user's computer and is evaluated by the user's browser. This way, Kupona is able to, among other things, control the advertising frequency, or "frequency capping", which prevents the user always sees the same ads, or the CPC user ban, which prevents the customer seeing a banner again on which he or she has already clicked. In some cases, Kupona makes use of another module for re-targeting. In this case the cookie is used capture anonymised movement patterns and thus tailor the ads to the user's interests. Users then are shown advertisements which are probably of interest to them. Only numeric IDs and/or timestamps that do not allow personally identifiable information are used. All information also has an expiry date, usually just mere minutes, hours or days, after which the browser deletes it automatically. In case you do want to revoke your consent to data collection by Kupona, you can object and deactivate the data collection by clicking on the following link:

Google Remarketing Tag

On our websites, technologies by Google (Google Remarketing Tag) are used to collect and store data for marketing purposes. From this data, anonymised usage profiles can be created and stored in cookies. Third parties, including Google, serve ads on web pages in the internet. These parties, including Google, use cookies to serve ads based on your previous visits to our website, as part of the remarketing tag function. The data collected by the remarketing tag function, will not – without your separate consent – be used to personally identify you as a visitor of this website and will not be merged with personal information from the anonymised user profile. You can opt out of the use of cookies by Google by going to and clicking on the "opt out"-button. Alternatively, you may find the deactivation site of the Network Advertising Initiative here: For more information about Google's privacy policy can be found here:

Google Conversion Tracking

We use Google Conversion Tracking on our website. It is an analysis service by Google Inc. ("Google"). Google Adwords places a cookie on your computer ("conversion cookie"), if you came to our website via a Google advertisement. These cookies will expire after 30 days and are not personally identifiable. You can visit certain pages of ours and the cookie has not expired, Google and we are able to see that someone clicked on the advertisement and was directed to our webpage. Every AdWords customer receives a different cookie. Cookies can be tracked over different web sites of AdWords customers. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have opted to use conversion tracking. The AdWords customers will know the total amount of users that clicked on their advertisement and were directed to a webpage with a conversion tracking tag. They won't receive any information that would allow them to identify the user personally, however. If you do not want to be part of the tracking procedure, you can also reject the necessary cookie – by generally deactivating the automatic storage of cookies, for example. You can also deactivate cookies for conversion tracking by adjusting your browser settings to only block cookies from the domain "". Google's privacy policy for conversion tracking can be found here

Google DoubleClick
On our website, we use DoubleClick by Google, which is a service by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). DoubleClick uses cookies in order to show you relevant advertisements. This includes verifying which ads were shown in your browser and which ones were clicked. The cookies do not contain any personal information. The use of the DoubleClick cookies allows Google and their partner pages to place advertisements based on previous visits to ours or other websites. You can prevent the storage of cookies by adjusting setting your web browser. You can also prevent the collection of the data created by the cookie and the processing of this data by google by downloading and installing the browser plug-in available here: You can also deactivate the use of cookies by Google by clicking on the "opt out" button at: Alternatively, you can access the deactivation page of the network advertising initiative: For more information about Google's privacy policy can be found here:

Google Analytics

This website uses Google Analytics, including the function Universal Analytics, a web analysis service of the Google Inc. Google Analytics uses so-called Cookies, text files which are stored on your computer and which allow an analysis of the use of the website by you. Through Universal Analytics and the use of a pseudonym user ID, device-crossing activities (e.g. tablet, PC or laptop) on our website can be analysed. The information generated by the cookie concerning your use of this website (including your IP address) will be passed on to a Google server in the USA and saved there. In case of an activation of the IP-anonymization on this website, your IP-address will be shortened by Google within the member states of the European Union or in other contractual states of the Agreement on the European Economic Area. Only in exceptional cases will the complete IP-address be transmitted to a Google-server in the USA and shortened then and there. Google will use this information on behalf of this website's provider for the purpose of evaluating your website to gather reports concerning the website's activities and to furthermore provide services around this website. Google Analytics does not combine your transmitted IP-address data with other data collected by Google. You can prevent the storage of cookies by a specific setting in your browser-software; however please note that if you do this you may not be able to use the full functionality of this website. You can furthermore prevent the collection of your data (including your IP-address) by Google as well as the processing of that data by Google by downloading and installing the following browser-plugin:

Alternatively, you can prevent the processing of your data by Google by clicking on the following link: Click here, to be excluded from the Google Analytics measurement protocol.

We hereby point out that this website uses Google Analytics including Universal Analytics with the add-on "anonymizeIp()", which is in accordance with privacy regularities. IP-addresses thereby are processed only in a shortened version to exclude any possibility of direct personal relation.

Bing Ads

We use conversion tracking by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Thereby Microsoft Bing Ads saves a cookie on your computer if you arrived at our webpage via a Microsoft Bing advertisement. We and Microsoft can see that someone clicked on our ad and was directed to our page, and visited a predetermined target page beforehand. We learn only the total number of users that clicked on a Bing ad and were directed to our page. No personal information related to the identity of the user are transmitted. If you do not want to be part of the tracking procedure, you can also reject the necessary cookie – by generally deactivating the automatic storage of cookies, for example. Find further information privacy and cookies used by Microsoft Bing on the Microsoft website:

Facebook Pixel

We use the "Pixel" by Facebook, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") for the analysis and support of online marketing measures. With its help we can track the movements of users after they see or click on a Facebook ad. This is how we can evaluate the significance of Facebook ads for statistics and market analysis purposes. The data collected is anonymous and personal data of individual users is not visible to us. However, the information is saved and processed by Facebook. Facebook can connect the information with your Facebook account and use them for its own advertising purposes according to Facebook's Data Policy: Cookies may be saved on your computer for this purpose. You can prevent the storage of cookies by adjusting setting your web browser.

Facebook Plugins

Our website also includes plugins by the social network Facebook. Our website is configured so that a direct connection between your browser and the Facebook server is made only when you click on a Facebook plugin. A connection will not be made automatically as soon as you open our website. Data is transmitted to Facebook only after you click on the plug-in, consciously "activating" it. If you click on the Facebook button while you're logged in on your Facebook account, Facebook can possibly associate the visit to our website with your account. We would like to point out that as the provider of the web page we have no knowledge of the content of the transmitted data or of their use through Facebook. Further information about this can be found in Facebook's Data Policy: If you do not wish for Facebook to be able to associate the visit of our website with your Facebook account, please do not click on the Facebook plugins or log out of your Facebook account.


On our website, we use plugins by the social network Twitter (Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, USA). Our website is configured so that a direct connection between your browser and the Twitter server is made only when you click on a Twitter plugin. A connection will not be made automatically as soon as you open our website. Data is transmitted to Twitter only after you click on the plug-in, consciously "activating" it. By clicking on the Twitter plugin, the websites you visit are linked with your Twitter account and divulged to other users. Data will thereby also be transmitted to Twitter. We would like to point out that as the provider of the web page we have no knowledge of the content of the transmitted data or of their use through Twitter. Find further information you can view Twitter's privacy policy here: If you do not wish for Twitter to be able to associate the visit of our website with your Twitter account, please do not click on the Twitter plugin.


Our website uses plugins by the social network Google+ (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Our website is configured so that a direct connection between your browser and the Google+ server is made only when you click on a Google+ plugin. A connection will not be made automatically as soon as you open our website. Data is transmitted to Google only after you click on a plug-in, consciously "activating" it. If you click on the Google+ button while you're logged in on your Google+ account, Google can possibly associate the visit to our website with your account. We would like to point out that as the provider of the web page we have no knowledge of the content of the transmitted data or of their use through Google. Further information and settings options can be found in the Google+ privacy policy here: If you do not wish for Google+ to be able to associate the visit of our website with your Google+ account, please do not click on the Google+ plugins or log out of your Google+ account.


We use the "Pin it" button by the social media network Pinterest (Pinterest, Inc., 808 Brannan St, San Francisco, CA 94103, USA). Our website is configured so that a direct connection between your browser and the Pinterest server is made only when you click on a Pinterest plugin. A connection will not be made automatically as soon as you open our website. Data is transmitted to Pinterest only after you click on a plug-in, consciously "activating" it. If you click on the Pinterest button while you're logged in on your Pinterest account, Pinterest can possibly associate the visit to our website with your account. We would like to point out that as the provider of the web page we have no knowledge of the content of the transmitted data or of their use through Pinterest. Further information and settings options can be found in the Pinterest privacy policy here: If you do not wish for Pinterest to be able to associate the visit of our website with your Pinterest account, please do not click on the Pinterest plugins or log out of your Pinterest account.


The "XING Share Button" by the social media network XING (XING AG, Gänsemarkt 43, 20354 Hamburg, Germany) is used on this webpage. Our website is configured so that a direct connection between your browser and the XING server is made only when you click on a XING plugin. A connection will not be made automatically as soon as you open our website. Data is transmitted to XING only after you click on the plug-in, consciously "activating" it. XING does not save any personal data when you open this website. XING does not store any IP addresses. There is also no analysis of your user behaviour through the usage of Cookies related to the "XING Share Button". The current privacy policy of the "XING Share Button" and more information can be found on this webpage:

XING doesn't save any personal data when you open it via this website.

XING especially doesn't save any IP-addresses. There won't especially be any analysis of your user behaviour of the usage of Cookies related with the "XING Share Button". Find the current privacy information of the "XING Share Button" and more on this webpage:

Target Performance

Cookies are used to enable the switching of Retargeting campaigns of the target performance Gmbh (Rosenheimerstr. 145 e-f, 81671 Munich, Germany) on our website. The saved data while using Cookies are only anonymized visitor's data, which won't allow personal associations. The target performance advertising technology used IP-addresses for the evaluation of the geographical region, the access velocity and of the internet provider. You can prevent the storage of cookies by adjusting setting your web browser. An association of the information to determinate people, the exact address, the geographical place or transmitted personal data is not possible at any time. IP data won't be transmitted to third parties. All the information moreover has an expiration date of max. 90 days, which is then your browser will erase the saved information automatically. You are able to avoid the saving of Cookies by means of adjusting your browser software. Moreover, you will be able to avoid the collection of the data from Cookies referring your usage of the website by means of activating the opt-out function clicking on the following link: Find further information about the retargeting of the target performance GmbH in here:

Affilinet / Tracdelight

Our website uses services of the companies affilinet GmbH (Joseph-Wild-Str. 20, 81829 Munich, Germany) and tracdelight GmbH (Wilhelmstr. 4a, 70182 Stuttgart, Germany). Cookies are produced for the optimization of our advertisement measures. These Cookies are only used for a correct association of the success of an advertisement of the distribution partner and the according invoicing of the service partner. Personal data aren't collected. The Cookie only contains the information of when a determinate advertisement has been clicked from an internet-capable device. If you don't want such Cookies to be saved in your browser, you will be able to change it via your browser adjustments.


We use a chat program of the company Zopim Technologies Pte Ltd (8 Prince George's Park, Extension Block Singapore 118407) in order to improve and facilitate the communication with our customer service. If you have questions and problems concerning our products, the website or our company, you will be able to send us a message via Zopim. Thereby visitors of the visited page are recorded with their IP-address. The IP-address is thereby anonymized. Zopim also uses Cookies. The information caused by the Cookie about your usage of this website are transmitted to a server of Zopim in the USA and buffered there. The information is only visible for the moment of your stay on a determinate page and they're not saved. Done chats are protocolled and saved. Please also note the privacy information of Zopim:


We offer you the possibility to evaluate our service through a rating service ( operated by Trustpilot A/S, Pilestræde 58, 5, 3rd floor, 1112 Copenhagen, Denmark. The evaluation is published on the Trustpilot internet pages and can also be displayed in so-called widgets on the website. In order to rate us without having to first log in to Trustpilot, we offer a direct evaluation via a "Unique Link". By clicking on this link, we send your name, e-mail address and order number as a unique reference to Trustpilot. This information is sent encrypted and will not be transmitted in plaintext or be passed on to third parties. You can find more information about the "Unique Link" here: Please also find Trustpilot's privacy policy at


We use the services offered by Emarsys eMarketing Systems AG (Hans-Fischer-Str. 10, D-80339 Munich (Emarsys)) to evaluate and support our online marketing initiatives, particularly when processing the newsletter. This helps us to determine how our newsletters are opened and used by customers (e.g. clicks on links in a newsletter) in order to record and measure the success of certain marketing initiatives. This information is used in the form of pseudonymous user profiles to improve our website, our newsletters and any related marketing initiatives, in particularly to adapt offers and information to the interests and wishes of the users. Emarsys will only process data (e.g. the email address) in accordance with our instructions and will neither directly nor indirectly use it for their own purposes or pass it on to a third party. Cookies can be stored on your computer for these purposes. You can prevent the installation of cookies by appropriately adjusting your browser software. You can withdraw your agreement to the collection and analysis of data for the aforementioned purposes by clicking on the opt-out box via the following link: You can also unsubscribe from our newsletter at any time to no longer receive any newsletters from us.

Save Data Protection document as PDF
Print Data Protection Policy

To watch the PDFs you need e. g. the Adobe Reader, this one is downloaded for free under the following link:



The SafeBuy Code

1. Qualifications, Purpose and Scope

1.1 The SafeBuy Assurance Scheme is operated by Ecommerce Security Ltd. SafeBuy have been evaluating high-tech products and services in the UK since 1987 and independently reporting to subscribers and report purchasers. It has no connection with any manufacturer or service provider and does not take any advertising or sponsorship. The SafeBuy scheme is funded by charges on retailers.
1.2 SafeBuy is acting in the interest of both retailers and consumers in publishing this Code of Practice. The retailers who conform to the Code know that their display of the SafeBuy logo will provide reassurance to consumers that they have undertaken to abide by the SafeBuy Code and any updates that are issued to remain in line with UK and EU regulations and legal requirements. SafeBuy code members must observe all relevant legal requirements when dealing with consumers. Consumers have access to the Code and are entitled to expect a high level of performance from subscribing retailers with a right of mediation by SafeBuy if they have a complaint.
1.3 The retailer agrees to accurately and honestly complete such questionnaires as are sent from time to time by SafeBuy to address the matters of ongoing website and operational security and of complaints registered, whether resolved prior to or with SafeBuy mediation or not, together with the outcomes.
1.4 By subscribing to the SafeBuy Code retailers undertake with SafeBuy and with their consumers that they will at all times abide by it. Although SafeBuy cannot guarantee that any individual retailer's site conforms with the SafeBuy Code at every moment in time, SafeBuy validates websites at the time of application and then regularly samples sites including the placing of orders for goods in order to test those sites for ongoing conformity. It also spot checks for evidence that consumers' prepayments or deposits, where required by clauses 4.5 and 4.6 of this Code are held securely.

2. Website Requirements

2.1 The site must use the SafeBuy logo as an active link (hyperlink) to where this Code of Practice is published. The logo must be given sufficient prominence that every site visitor is aware of your membership of the SafeBuy scheme. The logos may not be used on any site the owner of which does not have a current subscription to the SafeBuy scheme or which SafeBuy considers not to be compliant with the SafeBuy Code.
2.2 Any advertising on the site, whether by the site owner or third parties, must comply with the British Codes of Advertising and Sales Promotion (BCASP) and any other relevant code of advertising and all other statutory requirements. These include The Control of Misleading Advertisements Regulations 1988 (as amended) and, if the site owner offers credit, The Consumer Credit (Advertisements) Regulations 2004.
2.3 Any advertising on the site, whether by the site owner or third parties, must conform to the rulings laid down by the Advertising Standards Authority (
2.4 The site must have clearly accessible details of the retailer's name and address, phone number, an email address and details of what information consumers are required to provide to pursue a complaint against the retailer. Consumers must also be advised of their right to no-charge mediation by SafeBuy.
2.5 Customers should be charged at the normal rate for a UK inland call for queries relating to a transaction. Where technical support charges are made, either by the retailer or by a third party whose product or service is being sold, that fact must be made clear to the customer before the order is placed. Information on the cost of communication relating to technical support, where it is at other than the basic rate, must be provided. Hours of availability for all types of phone enquiry must be clearly stated.
2.6 The website must make reasonable provision to be compatible with technology that facilitates Internet use for the disabled. The retailer must be aware of its obligations under the Disability Discrimination Act 2005.

3. Transaction Requirements

3.1 Products or services for sale must be clearly and accurately described with relevant characteristics (e.g. dimensions, material). Any variation between the goods or services that are for sale and usual consumer expectations should be explained as should any disparity between a consumer's stated requirements and the nature of the goods or services to be offered to the consumer.
3.2 Any restrictions on ordering (e.g. parental approval, geographic location) must be made clear to the consumer as a part of the description of the product or service.
3.3 The total price, including packing, delivery and VAT where applicable must be shown for the complete order before consumer final agreement to place the order.
3.4 The method of delivery must be clearly identified. Where appropriate (e.g. for bulky items or those which need to be signed for), the retailer must have effective procedures for agreeing a scheduled delivery and maintaining liaison with the customer to ensure that the delivery occurs as projected or as altered with the customer's agreement.
3.5 Payment options must be shown and the level of security displayed for the transaction.
3.6 A clear explanation must be given as to the process by which the customer may place, change or cancel an order prior to it being processed and an option given for the consumer to abort the order up to the point of final confirmation. If languages other than English are available this fact should be made clear.
3.7 There must be no possibility of orders being accepted which are unlikely to be fulfilled within 30 days.
3.8 'High pressure selling' must not be used and any special offers must have the time or condition requirements clearly identified. Where a special offer is time-related the consumer's cancellation rights as per clause 4.1 (d) must be drawn to the consumer's attention.
3.9 The consumer must be advised that a confirmation of the order will be sent by email or post within 24 hours. This confirmation must include the retailer's company details, a unique order number, the total price and clear instructions on the consumer's rights of cancellation or return, including timescales, with an explanation of how to effect a cancellation or return, including any return costs that may be applied.
3.10 There must be no misleading claim made on the website or the order confirmation regarding delivery timescale to the consumer. Where any delivery timescale and/or delivery date is stated the consumer must be advised in advance if that timescale and/or date will be delayed and the consumer's right to cancel must be made clear.
3.11 If there is an ongoing contract with the consumer the minimum duration for the contract to supply goods or services continuously or recurrently must be clearly explained.
3.12 All relevant staff must be adequately trained regarding the retailer's responsibilities in relation to the law and to this Code of Practice.

4. Terms and Conditions

4.1 The website must specify:
the name, physical address of the principal place of business, email address and telephone number and the company number and VAT number where appropriate;
the price of the goods or services and any ancillary costs such as delivery charges, identified individually;
the delivery procedure;
in terms of products the right of the consumer to cancel the order for at least fourteen working days after delivery; in terms of services fourteen days after the contract is agreed or after the consumer has agreed to the service starting. Please note these cancellation periods could be longer if you have not complied with the detail of the Consumer Protection (Distance Selling) Regulations 2000 (as amended) where those regulations apply. These regulations include requirements on information that must be given to the consumer and specifies when it has to be given.
the returns policy and procedure including information on who bears the cost of return or recovery in the event of revocation of the order in each and all circumstances. Where goods are returned at the consumer's choice the liability for any expense incurred must be spelt out to the consumer and any conditions, e.g. insurance, proof of delivery made clear. If the retailer in the normal course of business elects to collect the goods that expense must equally be spelt out and not exceed the direct cost;
the means by which the website user can lodge a complaint with the retailer and how the complaints procedure will operate.
4.2 All contract terms, including any guarantees or warranties, must be clearly displayed and a further clear indication given that they do not affect the consumer's statutory rights. In particular a statement should be made that "This does not affect your statutory rights, in relation to faulty or misdescribed goods, details of which can be obtained from Consumer Direct (the Government's consumer advice helpline) or your local Trading Standards Office." If the retailer's contract terms give rights to the consumer which are more beneficial than the consumer's statutory rights, this should be made apparent. If any additional guarantees/warranties are offered, the costs and options must be clearly stated together with all other key elements and, if offered through a third party, a name, address and contact point for that third party. Additional warranties/guarantees must not be projected as a requirement on the consumer nor misrepresented in any way as to their cost, coverage or benefits. The Terms & Conditions which the site owner uses for any transaction must take into account the Unfair Terms in Consumer Contract Regulations on which Office of Fair Trading guidance is available.
In particular the retailer must conform with Statutory Instrument 2005 No. 37 (The Supply of Extended Warranties on Domestic Electrical Goods Order 2005) if the website offers products which fall into this category. Details are available at
4.3 The product or service must be delivered within 30 days unless the consumer agrees otherwise. In the event that this term cannot be met, or the consumer's right to cancel has been exercised, the consumer must be advised in good time and offered a cancellation option with a total refund, within 30 days, of any monies, including delivery costs, paid.
4.4 The consumer must, at any time, before or after the order, be able to scroll through and, if necessary, print the Terms and Conditions and Privacy Policy.
4.5 No payment from a consumer should be processed more than two working days before despatch of the goods or, if it is, should be regarded as a prepayment under the terms of clause 4.6. The website must make this clear either in general or at the point of order.
4.6 Deposits and prepayments must be protected against loss in the event of the retailer ceasing to trade or for any other reason. This protection must be provided by an insurance-backed scheme, a ring-fenced consumer account, independent third party holding of such funds or other secure deposit. Deposits, prepayments and scheduled part payments for bespoke products or consumer-specific services should be subject to clear terms, including protection of the consumer's funds where appropriate, which are agreed to by the consumer as part of the basis for the contract.

5. Faults and Disagreements

5.1 Errors in any area of order processing, delivery or administration must be corrected within 10 working days.
5.2 The retailer must have an effective complaints procedure. At a minimum, any complaint must be logged and an acknowledgement given to the consumer within three working days. The consumer must be further advised on the retailer's procedures for acting on the complaint with a reasonable and stated timescale. The retailer must keep the consumer informed of the progress of the investigation of the complaint. The same provisions apply regarding an intermediary, acting on behalf of the claimant, as they do to dealing directly with the complainant.
5.3 In the event that the retailer and consumer cannot agree on the resolution of a complaint, the retailer must advise the consumer of any trade complaints body, regulator or ombudsman who may be relevant. They must also advise the consumer of the SafeBuy mediation procedure.
5.4 SafeBuy will act as mediators, at no charge to either party, in the event of a dispute between the retailer and consumer which cannot be resolved in a timely manner. SafeBuy will only act where the consumer can provide a transaction number and date. SafeBuy will be at liberty to provide copies to both parties of all documentation presented in connection with the dispute. SafeBuy is not entitled to impose a decision upon the parties but, as mediator, to attempt to facilitate a resolution of the dispute between the parties. If this is not achieved within a reasonable time (45 days maximum) then SafeBuy will be entitled to withdraw from involvement as mediator.
5.5 In the event of the retailer's own complaints procedure and the SafeBuy mediation procedure being unsuccessful in resolving the complaint, the retailer agrees that the consumer has the right to arbitration under the SafeBuy/CIArb scheme operated by the Chartered Institute of Arbitrators and waives his/her right to decline arbitration under this scheme. SafeBuy/CIArb is an email arbitration scheme, at relatively low cost, the full details of which are at Details are also available by email from SafeBuy. The costs of the arbitration are borne by the consumer and the retailer. Decisions made by the arbitrator will be referred back to SafeBuy and may be acted on to enhance this Code and will contribute to the warning system laid down in clauses 5.8 (i) and (ii).
5.6 None of the above processes affects the right of the consumer to take the matter to the Courts or any other complaints resolution body.
5.7 If the retailer is in breach of the code with no reasonable justification, the retailer will be subject to SafeBuy's disciplinary procedure (which is overseen by an independent party). The retailer accepts that there is no right of appeal or redress against the Independent Overseer's decision (which includes, ultimately, expulsion of the retailer from the scheme). SafeBuy acts according to the rules as set out at clause 5.8.
5.8 For the purposes of clarity, SafeBuy acts according to the following rules in formal warnings, final warnings and expulsions.
A Formal Warning is issued if a mediation is not concluded successfully, or a breach of the Code that has been advised to the member (following 'mystery shopping' for example), has not been acted upon within 30 days of notification. The member has the right to claim 'special circumstances' (e.g. the return of goods to the maker for a report) to extend this period to an agreed deadline.
A Formal Warning will also be issued if, following an unsuccessful mediation, the consumer has exercised the right to go to arbitration and the Abitrator's decision is more than 50% in favour of the consumer.
A Final Warning is issued if more than one Formal Warning has become necessary in a six month period.
Expulsion will ensue if another Formal Warning becomes necessary within six months of a Final Warning.
5.9 In the event that the retailer becomes uncontactable by email, phone or recorded delivery letter SafeBuy will regard the retailer as no longer accredited and remove him from the scheme.

6. Security

6.1 The retailer must take and maintain all practicable security procedures to prevent hacking or other external access, or any unauthorised internal access, to any data relating to consumers or orders. If data is provided to any third parties necessary for the execution of the contract, it is the retailer's responsibility to ensure that the same standards are met by those third parties.
6.2 Methods of payment must be as secure as is practicable and the consumer clearly advised of the level of security applicable. If a hyperlink is required to another site with further details of the level of security it should be prominently displayed.
6.3 The retailer must be aware of its obligations under the Disability Discrimination Act 2005. It is also recommended that the retailer conforms to the requirements of the ISO Code ISO/IEC 27002:2005 (was BS7799) in security matters but as a minimum should ensure that hardware and software security is in line with general standards in the industry for the scale of the retailer's operation. The retailer must identify a named individual who is responsible for all aspects of security.
6.4 It is understood that the same standards on security of data or process by any third party used by the retailer should be at least equivalent to those used by the retailer.

7. Privacy

7.1 The website owner must conform with the requirements of the Data Protection Act, 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. .
7.2 The website must incorporate a privacy policy which informs website users of their right to access to information collected from them and how any such personal information will be used.
7.3 The consumer must be given the option to decline any distribution of personal data to third parties. This option must include further use of the data by the retailer and any associated organisations. In the event that the consumer does not reject further use, if appropriate it must be separately made clear that such data may be transferred outside the European Economic Area and the option provided to reject such use.
7.4 Before the website user can submit personal details to the website, he/she must be able to scroll through the terms of the privacy policy.
7.5 The use of email for direct marketing purposes is not allowed unless the consumer has previously given his/her consent and the contact details have been obtained in the course of a sale of a product or service to that consumer. Direct marketing approaches are confined to the products or services supplied by the online retailer who should ensure that the subscriber is aware of the nature of those products and services. The consumer has also to be given the opportunity to withdraw that consent at the time of each subsequent communication and unsolicited emails must not be sent to consumers who have requested removal from the marketing database either directly to the retailer or through an email preference service. Any attempt to conceal the identity of the sender and withholding of a valid address is prohibited.
7.6 If cookies are used the consumer must be advised accordingly and required to agree to their use ('opt in') or known to be in agreement by their settings in the internet browser they are using. This requirement only applies the first time the consumer uses the website. Agreement may also be assumed if another program which already has consent is used to access the retailer website.

8. Children

8.1 No order may be accepted from a child of 16 or under without the express consent of a parent or guardian.
8.2 No data on other persons may be collected from a child of 16 or under and no data on themselves may be collected which is not strictly relevant to the processing of the order.
8.3 No enticement by way of reward may be made to a child of 16 or under.
8.4 No data on a child of 16 or under may be collected.
8.5 Except for the purpose of processing the order, no further communications, electronic or otherwise, may be sent to a child under 12 and, in the case of 12-16 year olds, only such communications as are relevant where it is clear that the child understands what is involved.
8.6 All communications with children must be non-exploitative and not prey on their immaturity or lack of experience.

Find the websites and online shops that deserve the trust of the customers in here: SafeBuy-Website.