It is mandatory for your business to use a Privacy Policy if you collect information data (e.g phone numbers) online or directly from your customers as per the Privacy Act 1988 (Cth).
It is imperative for your customers to be aware of how their data is being used and reasonable steps be taken to handle such information with care.
Depending on your business needs there are various privacy policies that you might use and it is often known by other names such as:
If you have a website that collects personal information from its users, it must include a Privacy Policy that complies with Australian and international laws.
A website that does not include a Privacy Policy may be subject to large fines in cases of a data breach. Small businesses with an annual turnover of $3 million must ensure their Privacy Policy complies with the requirements under the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
If you're unsure on whether a Privacy Policy is required for your business, a helpful tip is to see if you are collecting any of these types of information:
If you're still unsure if your small business needs to comply with the Privacy Act, read more: Does my small business need to comply with the Privacy Act?
It is compulsory for those who either have a mobile app or desktop app to have a Privacy Policy to be in compliance under Australian federal laws, especially those which leverage Google Adsense.
Desktop apps can use this Privacy Policy template for compliance. Mobile App developers can use a specific Mobile App Privacy Policy - on the Lawpath platform - for compliance.
However, if you are unsure on whether your business is compliant with applicable privacy policies, contact us for more information.
As of late 2018, most third party platforms that allow individual vendors to set up their own business recommend the use of a Privacy Policy, if the individual vendor collects personal data. For example, Amazon requires website owners to post a Privacy Policy agreement if they use any of their services.
Websites often interact with and pass data onto affiliates/third party vendors such as Google Analytics or Facebook Advertising who track the website for marketing purposes using browsers ‘cookies’ who collect personal information from its users, also to display ads.
If your website interacts with third party vendors, your Privacy Policy must include a clause notifying the user that third party vendor may collect their personal information. Third party services that track personal information may also collect log files/data on certain browser types which should also be included in your Privacy Policy. Log data collected and stored on servers typically includes IP addresses and download information.
A survey undertaken by the Office of the Australian Information Commissioner (OAIC) into community attitudes towards privacy has found that 84% of people believe the privacy of their information is important. However, only 1 in 5 Australians read a Privacy Policy in full. 87% of people surveyed suggested that privacy policies be in plain english so that they can understand how their information is dealt with.
If your website also collects personal data from browser 'cookies' (ie. blog), it is important to give users the opportunity to consent - directly or possibly from a guardian - before collecting any information.
The Australian Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs) regulates the handling of personal information about individuals.
If the business or website interacts with consumers outside Australia, certain international privacy laws may apply.
If you are unsure about any international compliance regarding data collection, you can contact us for more information.
Although it is not a legal requirement to have a lawyer draft your Privacy Policy, it is recommended, to ensure the accurate wording is being used and the relevant laws are being complied with.
It is common for websites to place their Privacy Policy, terms and conditions and website disclaimer at the footer of the website. This standard makes it easier for your visitors and customers to find your Privacy Policy.
It's never been so easy