Privacy Policy

Document Overview

A Privacy Policy is a document that states how your business will deal with the personal information it collects. A Privacy Policy covers how personal information is collected, what the personal information is used for, and how the personal information is stored and managed. You must use a Privacy Policy if your business or company collects personal information online or directly from your customers. A Privacy Policy is required by law if you business falls within one of the criteria set out in the Privacy Act 1988 (Cth).

Use this Privacy Policy if:

- You would like to inform people how you collect, use and respect information;
- You would like to be compliant under Australian privacy laws; and
- You have created a website and require a privacy policy.

What does the Privacy Policy cover?

- Collection of personal information;
- Use of personal information;
- Disclosure of personal information;
- Rights and control of a customers personal information;
- Storage and security of personal information;
- Website cookies and third party sites.

Other names for Privacy Policy include:

- Responsible Use of Data; and
- Use of Private and Confidential Information Policy.

Does my website have to include a privacy policy?

If you have a website that collects personal information from its users, it must include a privacy policy that complies with Australian and international laws. A website that does not include a privacy policy may be subject to large fines in cases of a data breach.

Small businesses with an annual turnover of $3 million must ensure their privacy policy complies with the requirements under the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Not sure if your small business needs to comply with the Privacy Act?

I use third party vendors on my website. Am I required to have a privacy policy?

Websites often interact with third party vendors such as Google Analytics or Facebook Advertising who track the website for marketing purposes using ‘cookies’ who collect personal information from its users. If your website interacts with third party vendors, your privacy policy must include a clause notifying the user that third party vendor may collect their personal information.

Does anybody actually read privacy policies?

It is common knowledge that most people who interact with different websites do not read its privacy policies.

However, a recent survey undertaken by the Office the Australian Information Commissioner (OAIC) into community attitude towards privacy has found that 65% of people are now more likely to read Privacy Policies and 61% would check website security before giving personal information to ensure their Privacy right are protected.

What laws apply to this privacy policy?

The Australian Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs) regulates the handling of personal information about individuals. If the business or website interacts with consumers outside Australia, certain international privacy laws may apply.

Does my privacy policy need to be GDPR compliant

The European General Data Protection Regulations (GDPR) contain laws which regulate how businesses should interact with consumer data to insure privacy rights are protected. The GDPR apply to businesses in Australia or overseas if their business or website collects European consumer data. If you are unsure whether your website is GDPR compliant, you can contact us here for more information.

Should I get this policy reviewed by a lawyer?

Although it is not a legal requirement to have a lawyer draft your privacy policy, It is recommended, to ensure the accurate wording is being used and the relevant laws are being complied with.

Where should I publish my privacy policy?

It is common for websites to place their privacy policy, terms and conditions and website disclaimer at the footer of the website. This standard makes it easier for your visitors and customers to find your Privacy Policy.