The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 require traders to give you certain information. The specific information varies depending on whether the sale is made at a distance (for example, online or over the phone) or face-to-face somewhere that's not the business premises of the trader (also known as 'off-premises') or in a store.

For distance or off-premises sales  Key information which the trader must provide includes:

• a description of the goods, service or digital content, including how long any commitment will last on the part of the consumer 

• the total price of the goods, service or digital service or the manner in which the price will be calculated if this can’t be determined

• how you will pay for the goods or services and when they will be provided to you

• all additional delivery charges and other costs (and if these charges can't be calculated in advance, the fact that they may be payable)

• details of who pays for the cost of returning items if you have a right to cancel and change your mind

• details of any right to cancel - the trader also needs to provide, or make available, a standard cancellation form to make cancelling easy (although you aren’t under any obligation to use it)

• information about the seller, including their geographical address and contact details and the address and identity of any other trader for whom the trader is acting

• information on the compatibility of digital content with hardware and other software that the trader is aware of (or can reasonably be expected to be aware of).  

• Failure to provide the required information, or to provide it in the way set out in the regulations, could result in cancellation rights being extended by up to a year.

• The information should be given in writing in a 'durable medium' such as on paper or by email. 

• You are also entitled to confirmation of the contract and if the information wasn’t initially provided in a durable form, the trader must provide it at the point of confirmation.

• For example, information about the goods or services being bought, the price, the compatibility of digital content and details of any delivery costs.

What are my rights under the Consumer Contracts Regulations?

• Your right to cancel an order for goods made at a distance starts from the moment you place your order and ends 14 days from the day you receive your goods

• Your right to cancel a service made at a distance starts the moment you enter into the contract and lasts 14 days

• If you want to download digital content within the 14 day cancellation period you must agree to waive your cancellation rights 

• Companies are not allowed to charge you for items they put in your online shopping basket or that you have bought as a result of a pre-ticked box

Cancelling goods and services

The Consumer Contracts Regulations also give you key cancellation rights when you enter into contracts at a distance over the phone, online, from a catalogue or face-to-face with someone who has visited your home, for instance. 

Your right to cancel

Your right to cancel an order for goods starts the moment you place your order and ends 14 days from the day you receive your goods. 

If your order consists of multiple goods, the 14 day period runs from when you get the last of the batch.

This 14 day period is the time you have to decide whether to cancel, you then have a further 14 days to actually send the goods back.

Your right to a refund

You should get a refund within 14 days of either the trader getting the goods back, or you providing evidence of having returned the goods (for example, a proof of postage receipt from the post office), whichever is the sooner. 

A deduction can be made if the value of the goods has been reduced as a result of you handling the goods more than was necessary.

The extent to which you can handle the goods is the same as it would be if you were assessing them in a shop.

Refunding the cost of delivery

The trader has to refund the basic delivery cost of getting the goods to you in the first place, so if you opted for enhanced service eg guaranteed next day, it only has to refund the basic cost.

Exemptions

There are some circumstances where the Consumer Contracts Regulations won’t give you a right to cancel.

These include, CDs, DVDs or software if you've broken the seal on the wrapping, perishable items and tailor-made or personalised items. They also include goods with a seal for health protection and hygiene reasons that's been broken.

Also included are goods that have been mixed inseparably with other items after delivery.

Always check the terms and conditions

The minimum cancellation period that you must be given is 14 days but many sellers choose to exceed this, so always check the terms and conditions in case you have longer to change your mind.

Cancelling services

Your right to cancel  You have 14 days from entering into a service contract in which you can cancel it.

The trader shouldn’t start providing the service before the 14 day cancellation period has ended, unless you have requested this.

If you request a service starts straightaway  In this instance you will still have the right to cancel, but you must pay for the value of the service that is provided up to the point you cancel.

For example, if you buy a service like gym membership and start using the gym and then change your mind within this 14 day time period, you will be refunded but could be charged for the amount of gym time you used.

If the service is provided in full within 14 days  The right to cancel can be lost during the cancellation period if the service is provided in full before the 14 days elapses.  

Exemptions There are some contracts where you won’t have a right to cancel a service. For example, hotel bookings, flights, car hire, concerts and other event tickets, or where the trader is carrying out urgent repairs or maintenance.

Always check the terms & conditions  14 days is the minimum cancellation period that consumers must be given and many sellers choose to exceed this, so always check the terms and conditions in case you have longer to change your mind.  

Cancelling Digital Downloads

The Consumer Contracts Regulations contain specific provisions for digital content.

Retailers mustn’t supply digital content, such as music or software downloads, within the 14 day cancellation period, unless the consumer has given their express consent to this happening.

The consumer must also acknowledge that once the download starts they will lose their right to cancel.

If a consumer doesn’t give their consent, they have to wait until the cancellation period has ended before they can download the digital content.

This is to ensure the digital content is what you want before downloading it. Pre-ticked boxes

The Regulations make it clear that a trader won’t be able to charge a consumer for an item where it was selected for the consumer as part of that purchasing process, rather than the consumer actively choosing to add it to their basket.

For example, retailers are not allowed to charge for an extended warranty if it was added into your basket as a result of a pre-ticked box.

If a company does charge you in this way, you are entitled to your money back. 

Delivery of goods

The Consumer Rights Act, which came into force on 1 October 2015, says the retailer is responsible for the condition of the goods until the goods are received by you, or by someone else you have nominated to receive them on your behalf such as a neighbour.

This means that the retailer is liable for the services provided by the couriers it employs - the delivery firm is not liable.

There is a default delivery period of 30 days during which the retailer needs to deliver the goods to you unless a longer period has been agreed.

If your delivery is later than agreed and it was essential that it was delivered on time, then you have the right to cancel the purchase and get a full refund.

If the delivery isn’t time essential but another reasonable delivery time can’t be agreed, you’re also within your right to cancel the order for a full refund.

Returning faulty goods

If you receive faulty goods and wish to return them, the Regulations are in addition to your other legal rights.

So, if your goods are faulty and don’t do what they're supposed to, or don’t match the description given, you have the same consumer rights under the Consumer Rights Act (which replaces the Sale of Goods Act from 1 October 2015) as you have when buying in store.

Any terms and conditions that say you must cover the cost of returning an item wouldn’t apply where the goods being returned are faulty.

Excessive call charges 

The Consumer Contracts Regulations also prohibits helpline phone charges in excess of the basic rate for calls by existing customers to the retailer or trader about products purchased.

For example, if you are ringing to make a complaint, enquire about your order, or to cancel your order, retailers can't use premium rate numbers. They must provide a basic rate number for you to call.

The same applies to energy supplier customers. You must be provided with a basic rate number to call if you have an enquiry or complaint about your account. 

If you do have to call a company on a surcharged number about goods or services you have bought, or have agreed to buy, you have the right to claim back the surcharge from the company.

Copyright overview

An original piece of work is covered by copyright. It could be a piece of music, a play, a novel, photos or a piece of software. Copyright can be enforced by law. It is against the law to copy and distribute copyrighted material without the copyright owner’s permission.

Copyright facts

• Copyright is automatic and there is no need to register for it.

• The symbol © indicates copyright but a piece of work is still covered without it.

• Copyright does not last forever and will expire after a certain period of time.

• It is illegal to share copyrighted material on the internet without the copyright owner’s permission.

• If you create a piece of work for your employer, the copyright usually belongs to them.

Software copyright

Software is covered by copyright. It prevents:

• copies being made and given to friends and family for free, or being sold for profit

• using software on a network, where multiple users can access it (unless the licence permits it)

• lending the software to friends or family

There are exceptions. Some copyright owners allow their work to be copied and distributed for educational use or for non-profitable use. The copyright owner will make this clear.

Search engine images

Images returned by search engines do not belong to the search engine and are not free to use. The search engine has included them from a number of websites. All of the major search engines provide a link to the website that the original image is from. If you want to use an image you have found using a search engine, always check who it belongs to.

Intellectual property

There are other ways to stop your work from being copied and distributed without your permission:

• Trademark – a sign or logo that identifies a brand or company

• Patent – a patent protects a new idea or invention

• Design – a product’s visual appearance

All companies register their name and address with Companies House.

During the second half of the 20th century, businesses, organisations and the government began using computers to store information about their customers, clients and staff in databases. For example:

• names

• addresses

• contact information

• employment history

• medical conditions

• convictions

• credit history

Databases are easily accessed, searched and edited. It’s also far easier to cross reference information stored in two or more databases than if the records were paper-based. The computers on which databases resided were often networked. This allowed for organisation-wide access to databases and offered an easy way to share information with other organisations.

The data, information and databases section has more on searching databases.

Misuse and unauthorised access to information

With more and more organisations using computers to store and process personal information there was a danger the information could be misused or get into the wrong hands. A number of concerns arose:

• Who could access this information?

• How accurate was the information?

• Could it be easily copied?

• Was it possible to store information about a person without the individual’s knowledge or permission?

• Was a record kept of any changes made to information?

The purpose of the Data Protection Act

The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give legal rights to people who have information stored about them.

Other European Union countries have passed similar laws as often information is held in more than one country.

BBC Webwise features a guide on how the Data Protection Act works.

How the Data Protection Act works

The Data Protection Act was developed to give protection and lay down rules about how data about people can be used.

The 1998 Act covers information or data stored on a computer or an organised paper filing system about living people.

The basic way it works is by:

1. setting up rules that people have to follow

2. having an Information Commissioner to enforce the rules

It does not stop companies storing information about people. It just makes them follow rules.

The roles of those involved

1. The Information Commissioner is the person (and his or her office) who has powers to enforce the Act.

2. A data controller is an organisation or individual (for example, when self-employed) who determines what data the organisation collects, how it is collected and how it is processed.

3. A data subject is someone who has data about them stored somewhere, outside of their direct control. For example, a bank stores its customers' names, addresses and phone numbers. This makes us all data subjects as there can be few people in the UK who do not feature in computer records somewhere.

Registration with the Information Commissioner

Any organisation or person who needs to store personal information must apply to register with the Information Commissioner.

Data controllers must declare what information will be stored and how it will be used in advance. This is recorded in the register.

Each entry in the register contains:

1. the data controller's name and address

2. a description of the information to be stored

3. what they are going to use the information for

4. whether the data controller plans to pass on the information to other people or organisations

5. whether the data controller will transfer the information outside the UK

6. details of how the data controller will keep the information safe and secure

Types of personal data

Some data and information stored on a computer is personal and needs to be kept confidential. People want to keep their pay, bank details, and medical records private and away from the view of just anybody. If someone who is not entitled to see these details can obtain access without permission it is unauthorised access. The Data Protection Act sets up rules to prevent this happening.

Two types of personal data

Personal data is about living people and could be:

• their name

• address

• medical details or banking details

Sensitive personal data is also about living people, but it includes one or more details of a data subject's:

• racial or ethnic origin

• political opinions

• religion

• membership of a trade union

• health

• sex life

• criminal activity

There are fewer safeguards for personal data than there are for sensitive personal data. In most cases a person must be asked specifically if sensitive data can be kept about them.

The eight principles of data protection

For the personal data that controllers store and process:

1. It must be collected and used fairly and inside the law.

2. It must only be held and used for the reasons given to the Information Commissioner.

3. It can only be used for those registered purposes and only be disclosed to those people mentioned in the register entry. You cannot give it away or sell it unless you said you would to begin with.

4. The information held must be adequate, relevant and not excessive when compared with the purpose stated in the register. So you must have enough detail but not too much for the job that you are doing with the data.

5. It must be accurate and be kept up to date. There is a duty to keep it up to date, for example to change an address when people move.

6. It must not be kept longer than is necessary for the registered purpose. It is alright to keep information for certain lengths of time but not indefinitely. This rule means that it would be wrong to keep information about past customers longer than a few years at most.

7. The information must be kept safe and secure. This includes keeping the information backed up and away from any unauthorised access. It would be wrong to leave personal data open to be viewed by just anyone.

8. The files may not be transferred outside of the European Economic Area (that's the EU plus some small European countries) unless the country that the data is being sent to has a suitable data protection law. This part of the DPA has led to some countries passing similar laws to allow computer data centres to be located in their area.

People whose personal data is stored are called data subjects. The DPA sets up rights for people who have data kept about them. They are:

1. A right of subject access: A data subject has a right to be supplied by a data controller with the personal data held about him or her. The data controller can charge for this (usually around £10 pounds).

2. A right of correction: A data subject may force a data controller to correct any mistakes in the data held about them.

3. A right to prevent distress: A data subject may prevent the use of information if it would be likely to cause them distress.

4. A right to prevent direct marketing: A data subject may stop their data being used in attempts to promote or sell them things (eg by junk mail or cold calling.)

5. A right to prevent automatic decisions: A data subject may specify that they do not want a data user to make "automated" decisions about them where, through points scoring, a computer decides on, for example, a loan application.

6. A right of complaint to theInformation Commissioner: A data subject can ask for the use of their personal data to be reviewed by the Information Commissioner who can enforce a ruling using the DPA. The Commissioner may inspect a controller's computers to help in the investigation.

7. A right to compensation: The data subject is entitled to use the law to get compensation for damage caused ("damages") if personal data about them is inaccurate, lost, or disclosed.

Exemptions

There are some complete exemptions and some partial exemptions where personal data is not covered by the 1998 Act. These mean that the people storing data (the data controllers) do not need to keep to the rules.

Complete exemptions

• Any personal data that is held for a national security reason is not covered. So MI5 and MI6 don't have to follow the rules if the data requested could harm national security. If challenged, the security services are able to apply for a certificate from the Home Secretary as proof that the exemption is required.

• Personal data held by an individual only for the purposes of their personal, family or household affairs. eg a list of your friends' names, birthdays and addresses does not have to keep to the rules.

Partial exemptions

Some personal data has partial exemption from the rules of the DPA. The main examples of this are:

• The taxman or police do not have to disclose information held or processed to prevent crime or taxation fraud. Criminals cannot see their police files. Tax or VAT investigators do not have to show people their files.

• A data subject has no right to see information stored about him if it is to do with his/her health. This allows doctors to keep information from patients if they think it is in their best interests.

• A school pupil has no right of access to personal files, or to exam results before publication.

• A data controller can keep data for any length of time if it is being used for statistical, historical or research purposes.

• Some research by journalists and academics is exempt if it is in the public interest or does not identify individuals.

• Employment references written by a previous employer are exempt.

• Planning information about staff in a company is exempt, as it may damage the business to disclose it.

The Computer Misuse Act (1990)

This was passed by Parliament and made three new offences:

1. accessing computer material without permission, eg looking at someone else's files

2. accessing computer material without permission with intent to commit further criminal offences, eg hacking into the bank's computer and wanting to increase the amount in your account

3. altering computer data without permission, eg writing a virus to destroy someone else's data, or actually changing the money in an account