Privacy Policy
Overview
A Privacy Policy document states how your business collects, use and manages personal information it may collect.
A Privacy Policy is required under the Privacy Act 1988 if your business collects personal information online or directly from your customers.
Get Your Privacy Policy in Business Tool Kit
A Privacy Policy is required for:
Letting people know how you collect, use and respect their information;
Be compliant under Australian privacy laws;
When collect personal information on your website.
The Privacy Policy covers:
Collection of personal information;
Use of personal information;
Disclosure of personal information;
Rights and control of a customers personal information;
Storage and security of personal information;
Website cookies and third party sites.
Privacy Policy for websites
If your website collects personal information from users, it must include a privacy policy that complies with Australian and / or international laws. A website that does not include a privacy policy may be subject to large fines in cases of a data breach.
The Office of the Australian Information Commissioner (OAIC) provides further information on the content of policy you may require.
Businesses with an annual turnover of $3 million or more must ensure their privacy policy complies with the requirements under the Privacy Act 1988 and the Australian Privacy Principles.
If you are not sure or your annual turnover of less than $3 million, click here to see if you need to comply with the Privacy Act?
Websites with third party apps
Websites are often connected to third party applications (Vendors) such as Google Analytics that track website interactions by users for marketing purposes.
The applications may also use ‘cookies’ that collect personal information from its users. If your website interacts with third party vendors, your privacy policy must include a clause notifying the user that third party vendor may collect their personal information.
European General Data Protection Regulations (GDPR) laws
The European General Data Protection Regulations (GDPR) laws regulate how businesses should manage consumer's data to insure their privacy rights are protected. You will need to comply with the GDPR laws if your business website collects European consumer data. If you are unsure whether your website is GDPR compliant, you can check using the OAIC website. The website also contains a Comparison table between the EU GDPR and the Australian Privacy Act.
The following resources may also assist Australian businesses to take steps to comply:
European Commission, 2018 Reform of EU Data Protection Rules
European Data Protection Board (prior to 25 May 2018, the Article 29 Working Party) GDPR guidance
Asia Pacific Privacy Authorities EU General Data Protection – General Information Document
UK Information Commissioner’s Office Guide to the GDPR
Placement of Privacy Policy
It is common for websites to have a separate page for its Privacy Policy. Most websites place a link to the Privacy Policy in the footer. This makes it easy for users to find your Privacy Policy.