In short, a privacy is a document that explains how you collect, use, and disclose personal information. However, creating this document from scratch can be tedious (and sometimes inefficient).
Let’s get into it.
- The Australia Privacy Act of 1988 and its 13 Australian Privacy Principles (APPs) protect consumers and keep businesses in check when it comes to privacy protection in Australia.
But first, let’s unpack how it all plays out.
The Australia Privacy Act of 1988 is the primary data privacy law in the region. Naturally, it’s been updated a few times to keep up with the ever-evolving data protection landscape.
Like many privacy laws today, the Australia Privacy Act has a global reach. This means even if your business is based outside Australia, the law can apply to you if you cater to Australia’s residents and one of the following is true:
- Your annual turnover is at least AUD 3 million (roughly USD 2 million)
- You handle sensitive personal information such as health data
Compliance with the Australia Privacy Act largely means abiding by the 13 Australia Privacy Principles (APPs).
In short, they’re as follows:
- Be open and transparent
- Give customers an option to remain anonymous
- Limit your collection of solicited personal information
- Handle unsolicited personal information appropriately
- Inform customers about your collection of personal information
- Tell customers how you use and disclose personal information
- Restrict data collection for direct marketing purposes
- Observe rules for cross-border data transfers
- Follow guidelines for handling government-related identifiers
- Keep personal information accurate and up-to-date
- Keep personal information secure
- Allow customers to access their personal information
- Give customers a way to correct their personal information
- Complying with other privacy laws such as the GDPR, CPRA, LGPD, etc.
- Demonstrating your commitment to transparency and accountability
- Building trust and a positive relationship with customers
- Elevating your business’s reputation and credibility
That being said, the details below should only serve as a starting point and must be tailored to fit your business’s data processing practices. Let’s take a look.
A brief introduction/summary of the policy
We reserve the right to update or modify this policy at any time, and we will notify users of any significant changes. Please check this page periodically for updates. By using our services, you agree to the terms outlined in this policy.”
Types of personal information you collect
Remember, Australia’s principles require you to be as clear and transparent as possible.
“We collect several types of personal information to facilitate our business activities and give you the best service possible. This includes:
- Home and email addresses
- Phone numbers
- Payment information
- Date of birth
- Location information
- IP addresses
- Details of reviews and emails you send to us
- Social security and driver's license numbers
- Corporate and financial information
- Credit history information”
Why you collect personal information
For instance, an online retail business could present this section like this:
“We use your personal information to run, develop, and improve the products and services we offer our customers. These purposes include:
- Process orders
- Provide shipping and delivery updates
- Offer customer support
- Process payments
- Provide functionality, analyze performance, and improve our services
- Recommend features, products, and services that may interest you
- Comply with legal obligations
- Communicate with you about orders, products, services, and promotions
- Display interest-based ads that might interest you
- Prevent and detect fraud and abuse
- Assess and manage credit risks”
How you collect and store personal information
Another important section to address is how you collect and store customers’ personal information. Here’s an example of how this can look:
“We collect personal information directly from you when you:
- Interact with us over the phone, in person, or on our website/app
- Fill out online forms during account registration
- Accept cookies to enhance your experience
- Participate in surveys or questionnaires
- Attend an event hosted by us
- Subscribe to our mailing list
- Apply for a position with us as an employee, contractor, or volunteer
We will only store your personal information for as long as necessary. Typically, we hold your personal information for the duration of your relationship with us. However, we may keep your personal information for a longer period if applicable laws demand it (e.g., for record-keeping purposes).”
How you use and disclose personal information
In this section, provide specific details about how you use personal information and whether or not you share it with third parties.
Here’s an example:
“We use personal information for many purposes in connection with our business functions and activities, including to:
- Provide you with information or services that you request from us
- Provide a more personalized user experience and service offering
- Improve the quality of the services we offer
- Conduct research at your approval
- Send you promotional offers and updates
We may also share your personal information with third parties when you reasonably expect us to. In practice, we’ll disclose your information to:
- Reputable third-party service providers (e.g., cloud storage and IT)
- Trusted marketing partners for targeted advertising
- Professional services advisors
- Comply with relevant laws and regulations (e.g., fraud prevention)”
How customers can access or correct their personal information
Under APP 12 and 13, customers have the right to access and correct their personal information. As such, your must include clear instructions about how customers can exercise this right.
Here’s a short example:
“Under the Australian Privacy Principles, you have the right to access and correct the personal information we hold about you.
You can do this by following the process below:
- Log into your account and update your details in the user dashboard
- Contact our customer support for assistance”
How customers can report a privacy violation
Here’s an example:
“For complaints about how we handle your personal information, please contact us by:
- Sending an email to our dedicated privacy concerns address: [email protected]
- Calling our customer support hotline: [Phone Number]”.
Note: We will require proof of your identity and full details of your request to process your complaint. Please allow up to [insert] days for us to respond to your complaint.
It may not be possible to resolve a complaint to everyone’s satisfaction. If you are unhappy with our response to a complaint, you have the right to escalate your complaint to the Office of the Australian Information Commissioner (www.oaic.gov.au/).”
Transfer of personal information outside Australia
When writing this section, you should reassure customers that you will take every reasonable measure to ensure a secure data transfer across international borders.
“We may transfer personal information outside Australia to [list countries or regions]. Rest assured, we take all reasonable security measures to protect your personal information when transferred overseas, including using secure servers and data encryption.
Under Australia’s law, we will only proceed with an international data transfer if:
- You have provided your express consent
- An Australian law or court order authorizes the data transfer
- We reasonably believe that the receiving party is subject to a law that is significantly similar to the APPs and enforceable”
How customers can contact you
It’s a best practice to include multiple channels, such as an email address, a customer support phone number, a physical address, and a support chat feature on your website/app.
“If you have questions or concerns about how we handle your personal information or this Policy, you can reach out to us through the following mediums:
- Email: [email protected]
- Phone: [Customer Support Number]
- Physical Address: [Your Business Address]
- Live Chat on our website”
Typical places to include links are:
- Email newsletters
- Website footers or headers
- In-app settings or menu interfaces
- Account registration and log-in pages
Easy accessibility allows customers to review your privacy practices whenever needed, fostering a transparent and open relationship.
Use simple language for easy understanding
Making things as simple as possible also tells customers you have nothing to hide within walls of legal text.
You may need to maintain multiple privacy policies if your business operates in different sectors, has customers in different locations, or has diverse privacy practices.
This approach gives customers clear and relevant information based on their interactions with different parts of your business.
And if writing your policy still seems tedious or complex, it's because it is. But the good news is you don’t have to go at it alone!
Why choose us? Our team of experts will:
- Assist you every step of the way and set you up for indefinite compliance
- Build trust with your customers
- Avoid legal consequences
- Be open and transparent
- What types of personal information you collect
- Why you collect personal information
- How you collect and store personal information
- How you use and share personal information
- How customers can access or correct their personal information
- How customers can report a privacy violation
- Whether you transfer personal information outside Australia and where
- How customers can contact you
That said, there are some general things you can do to ensure your policy is as compliant as possible:
- Use clear and simple language
- Be specific about your data processing practices