E – Commerce
E-Commerce
The regulation of e-commerce in Cyprus derives primarily from EU law, transposed into national legislation. The E-Commerce Law of 2004, the Consumer Rights Directive, the General Data Protection Regulation, and sectoral rules on distance selling, electronic signatures, and online dispute resolution all bear on how businesses can lawfully trade online.
The firm’s work in this area begins with the foundational documents. Website terms and conditions, terms of sale, privacy policies, and cookie notices. These are not boilerplate. They must reflect the specific nature of the business—what it sells, to whom, on what terms, and with what obligations. A template drafted for a UK business will not necessarily comply with Cypriot law. A policy written for a B2B supplier will not protect a B2C retailer.
These documents are drafted from first principles, ensuring compliance with the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations. These regulations require specific pre-contractual information, impose a fourteen-day cancellation period for most online purchases, and restrict the use of premium rate phone lines for customer service. Getting it wrong can mean that consumers are entitled to cancel beyond the statutory period, or that the business faces enforcement action from the Consumer Protection Service.
Data protection is inseparable from e-commerce. The GDPR applies fully in Cyprus, and the Office of the Commissioner for Personal Data Protection has shown increasing willingness to investigate and fine non-compliant businesses. The firm advises on GDPR compliance for e-commerce operators. Lawful bases for processing. Privacy notices. Data subject rights. Security obligations. Breach notification requirements. For businesses processing significant volumes of personal data, the firm assists with data protection impact assessments and, where necessary, engagement with the Commissioner.
Cross-border e-commerce raises additional questions. If a Cypriot business sells to consumers in other EU member states, it must comply not only with Cypriot law but also with the consumer protection rules of the consumer’s home country, subject to the country of origin principle. If a non-EU business sells into Cyprus, it must appoint a representative for GDPR purposes and comply with Cypriot distance selling rules. The firm advises on these complexities, helping clients structure their operations to minimise legal risk while maximising market access.
Disputes in e-commerce typically involve non-delivery, defective goods, or wrongful payment processing. The firm handles these at both individual and systemic levels, advising on customer complaints, chargeback disputes, and, where necessary, defending or pursuing claims in the Cypriot courts.