Having a company website is now essential for any business. However, many Portuguese companies are unaware that there are specific legal obligations associated with maintaining an online presence.
This article clearly explains everything required by law to ensure your website complies with current regulations and avoids fines.
1. Company Identification on the Website
According to Decree-Law No. 7/2004, which regulates electronic commerce in Portugal, all business websites must clearly identify the website owner.
This information must be permanently visible and include:
-
Company name or registered business name
-
Tax Identification Number (NIF)
-
Registered address or main place of business
-
Contact details (phone, email, contact form, etc.)
-
Commercial registration number and the Commercial Registry Office (if applicable)
It is standard practice to include this information in the website footer and on the Contact page.
2. Privacy Policy and GDPR
Since the implementation of the General Data Protection Regulation (GDPR), any website that collects personal data (such as contact forms, newsletter subscriptions or e-commerce platforms) must have a clear and accessible Privacy Policy.
The Privacy Policy must specify:
-
Which personal data is collected
-
The purpose of the data collection
-
How long the data is stored
-
With whom the data is shared
-
Users’ rights (access, correction, deletion, portability, etc.)
-
Contact details of the Data Protection Officer (if applicable)
Failure to comply with GDPR may result in fines of up to €20 million or 4% of the company’s annual turnover.
3. Cookie Policy
Under Law No. 41/2004 (Electronic Communications Law), all websites that use cookies must inform users and obtain explicit consent before storing them on their devices.
The cookie notice must:
-
Explain what cookies are and why they are used
-
Identify the types of cookies used (necessary, analytical, marketing, etc.)
-
Allow users to accept, refuse, or customise cookies
-
Include a link to the full Cookie Policy
Using GDPR-compliant cookie consent banners is highly recommended.
4. Terms and Conditions of Use
Although not mandatory for every website, having a Terms and Conditions page is crucial to define usage rules and legally protect the company.
This section is mandatory for online stores and digital service platforms.
Terms and Conditions should include:
-
Website usage rules
-
Purchase, refund and return policies
-
Copyright and intellectual property clauses
-
Limitations of liability
-
Applicable law and competent jurisdiction
For e-commerce sites, these terms are required under Decree-Law No. 24/2014, which governs distance contracts.
5. Specific Obligations for Online Stores
Websites that sell goods or services directly to consumers must comply with additional rules, including:
-
Clear display of prices (including VAT)
-
Delivery costs and estimated delivery times
-
Accepted payment methods
-
Right of withdrawal (14-day return period)
-
Link to the Electronic Complaints Book (www.livroreclamacoes.pt)
-
Identification of the competent RAL entity
Failure to comply with these obligations may result in fines by ASAE (Food and Economic Safety Authority) and even suspension of online operations.
6. Alternative Dispute Resolution (RAL)
Under Law No. 144/2015 of 8 September, all companies that sell goods or provide services to consumers (even if not online) are required to inform customers about the Alternative Dispute Resolution entities (RAL) available to them.
The company must:
-
Identify at least one competent RAL entity for its sector
-
Provide the name, address, contact details and website of the entity
-
Display this information clearly on the website (commonly in the footer or Terms and Conditions)
Example text to include:
“In the event of a dispute, the consumer may resort to an Alternative Dispute Resolution entity.
More information is available at www.consumidor.gov.pt.”
Non-compliance with this requirement may result in fines ranging from €500 to €5,000, depending on the company type and severity of the breach.
7. Accessibility and Digital Security
According to Decree-Law No. 83/2018, public entities must ensure that their websites comply with digital accessibility standards (WCAG 2.1).
Although not yet mandatory for all private companies, it is strongly recommended to adopt good accessibility and security practices, such as:
-
Using an HTTPS security certificate
-
Ensuring responsive design (mobile-friendly)
-
Enabling accessibility for users with disabilities
These measures not only enhance user experience but also improve brand credibility and SEO performance.
Conclusion
Complying with the legal requirements of a company website is essential for any business that wants to operate transparently, professionally, and in accordance with Portuguese law.
Before launching or updating your website, verify that it meets all the requirements outlined in this article.
If you need assistance with legal and technical compliance, from GDPR and cookie settings to privacy policies and RAL implementation, our team can help ensure that your website is fully compliant and optimised for search engines.
