This statement should tell the consumer how the merchant will be using the personal data they have collected.
“We respect and are committed to protecting your privacy. We may collect personally identifiable information when you visit our site. We also automatically receive and record information on our server logs from your browser including your IP address, cookie information and the page(s) you visited. We will not sell your personally identifiable information to anyone.” (And so on...)
Or, if they do pass along personal information for whatever reasons, they would state this instead. This policy should be tailored to how the merchant intends to use the information they are given.
This statement should tell the consumer how their personal information is kept secure during the transmission of payment.
“Your payment and personal information is always safe. Our Secure Sockets Layer (SSL) software is the industry standard and among the best software available today for secure commerce transactions. It encrypts all of your personal information, including credit card number, name, and address, so that it cannot be read over the internet.” (Etc.)
All Sales are Final. No Refunds
Note - It could be that all sales are final or No Refunds. If this is the merchant’s policy, it should be stated on the website and should also be noted on the footer of the merchant receipt or invoice