If you own a large business or a business that processes sensitive data, compliance with Australia’s privacy law is a must. And a key part of compliance is having an Australian privacy policy.
In short, a privacy policy is a document that explains how you collect, use, and disclose personal information. However, creating this document from scratch can be tedious (and sometimes inefficient).
That’s where a privacy policy template comes in handy, giving you a structured framework to jumpstart the process. This guide is your ultimate template for drafting a compliant Australian privacy policy for your business.
Let’s get into it.
Key Takeaways
The Australia Privacy Act of 1988 and its 13 Australian Privacy Principles (APPs) protect consumers and keep businesses in check when it comes to privacy protection in Australia.
Australia’s law requires businesses under its scope to maintain an up-to-date privacy policy that explains their data processing practices in clear, understandable terms.
Failing to maintain a privacy policy under Australia’s law invites penalties like legal action, fines, and a negative brand image.
Does Your Business Need a Privacy Policy Under Australia’s Law?
Australia Privacy Policy Requirements Steps to Comply.jpg
If your business is processes a large amount of Australian resident data, you do need a privacy policy under the Australia Privacy Act.
But first, let’s unpack how it all plays out.
The Australia Privacy Act of 1988 is the primary data privacy law in the region. Naturally, it’s been updated a few times to keep up with the ever-evolving data protection landscape.
Like many privacy laws today, the Australia Privacy Act has a global reach. This means even if your business is based outside Australia, the law can apply to you if you cater to Australia’s residents and one of the following is true:
Your annual turnover is at least AUD 3 million (roughly USD 2 million)
You handle sensitive personal information such as health data
Compliance with the Australia Privacy Act largely means abiding by the 13 Australia Privacy Principles (APPs).
In short, they’re as follows:
Be open and transparent
Give customers an option to remain anonymous
Limit your collection of solicited personal information
Handle unsolicited personal information appropriately
Inform customers about your collection of personal information
Tell customers how you use and disclose personal information
Restrict data collection for direct marketing purposes
Observe rules for cross-border data transfers
Follow guidelines for handling government-related identifiers
Keep personal information accurate and up-to-date
Keep personal information secure
Allow customers to access their personal information
Give customers a way to correct their personal information
To comply with these principles, your business needs an Australian privacy policy (also known as a privacy notice or privacy statement).
Beyond compliance with Australia’s law, having a privacy policy is a best practice for several reasons, including:
Complying with other privacy laws such as the GDPR, CPRA, LGPD, etc.
Demonstrating your commitment to transparency and accountability
Building trust and a positive relationship with customers
Elevating your business’s reputation and credibility
Australia Privacy Policy Template Free
Australian privacy policy template free.png
A well-crafted Australian privacy policy not only ensures compliance with Australia’s law but also builds trust with customers. Our free template below aligns with the official guidelines from the Office of the Australian Information Commissioner (OAIC).
That being said, the details below should only serve as a starting point and must be tailored to fit your business’s data processing practices. Let’s take a look.
A brief introduction/summary of the policy
Start your privacy policy with a concise introduction that explains what the policy is about and why it’s important for customers. It could go something like:
“At [Your Business Name], we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines the types of information we collect, why we collect it, and how we use, store, and protect it.
We reserve the right to update or modify this policy at any time, and we will notify users of any significant changes. Please check this page periodically for updates. By using our services, you agree to the terms outlined in this policy.”
Types of personal information you collect
Next, your privacy policy must explain the types of personal information your business collects. The same applies to sensitive personal information.
Remember, Australia’s principles require you to be as clear and transparent as possible.
Example:
“We collect several types of personal information to facilitate our business activities and give you the best service possible. This includes:
Names
Home and email addresses
Phone numbers
Payment information
Date of birth
Location information
IP addresses
Details of reviews and emails you send to us
Social security and driver’s license numbers
Corporate and financial information
Credit history information”
Why you collect personal information
Your privacy policy must clearly outline your purpose(s) for collecting personal information. Australia’s guidelines ask that you focus only on what will likely interest customers.
For instance, an online retail business could present this section like this:
“We use your personal information to run, develop, and improve the products and services we offer our customers. These purposes include:
Process orders
Provide shipping and delivery updates
Offer customer support
Process payments
Provide functionality, analyze performance, and improve our services
Recommend features, products, and services that may interest you
Comply with legal obligations
Communicate with you about orders, products, services, and promotions
Display interest-based ads that might interest you
Prevent and detect fraud and abuse
Assess and manage credit risks”
How you collect and store personal information
Another important section to address is how you collect and store customers’ personal information. Here’s an example of how this can look:
“We collect personal information directly from you when you:
Interact with us over the phone, in person, or on our website/app
Fill out online forms during account registration
Accept cookies to enhance your experience
Participate in surveys or questionnaires
Attend an event hosted by us
Subscribe to our mailing list
Apply for a position with us as an employee, contractor, or volunteer
We will only store your personal information for as long as necessary. Typically, we hold your personal information for the duration of your relationship with us. However, we may keep your personal information for a longer period if applicable laws demand it (e.g., for record-keeping purposes).”
How you use and disclose personal information
In this section, provide specific details about how you use personal information and whether or not you share it with third parties.
Here’s an example:
“We use personal information for many purposes in connection with our business functions and activities, including to:
Provide you with information or services that you request from us
Provide a more personalized user experience and service offering
Improve the quality of the services we offer
Conduct research at your approval
Send you promotional offers and updates
We may also share your personal information with third parties when you reasonably expect us to. In practice, we’ll disclose your information to:
Reputable third-party service providers (e.g., cloud storage and IT)
Trusted marketing partners for targeted advertising
Professional services advisors
Comply with relevant laws and regulations (e.g., fraud prevention)”
How customers can access or correct their personal information
Under APP 12 and 13, customers have the right to access and correct their personal information. As such, your privacy policy must include clear instructions about how customers can exercise this right.
Here’s a short example:
“Under the Australian Privacy Principles, you have the right to access and correct the personal information we hold about you.
You can do this by following the process below:
Log into your account and update your details in the user dashboard
Contact our customer support for assistance”
How customers can report a privacy violation
Australia’s law also gives customers the right to file a complaint if they believe their personal data is being mishandled. Therefore, your privacy policy must reflect this right and include simple steps for customers to report violations.
Here’s an example:
“For complaints about how we handle your personal information, please contact us by:
Sending an email to our dedicated privacy concerns address: [email protected]
Calling our customer support hotline: [Phone Number]”.
Note: We will require proof of your identity and full details of your request to process your complaint. Please allow up to [insert] days for us to respond to your complaint.
It may not be possible to resolve a complaint to everyone’s satisfaction. If you are unhappy with our response to a complaint, you have the right to escalate your complaint to the Office of the Australian Information Commissioner (www.oaic.gov.au/).”
Transfer of personal information outside Australia
If your business transfers personal information outside of Australia, your privacy policy must disclose this fact and include the list of countries to which you will send personal information.
When writing this section, you should reassure customers that you will take every reasonable measure to ensure a secure data transfer across international borders.
For example:
“We may transfer personal information outside Australia to [list countries or regions]. Rest assured, we take all reasonable security measures to protect your personal information when transferred overseas, including using secure servers and data encryption.
Under Australia’s law, we will only proceed with an international data transfer if:
You have provided your express consent
An Australian law or court order authorizes the data transfer
We reasonably believe that the receiving party is subject to a law that is significantly similar to the APPs and enforceable”
How customers can contact you
Wrap up your privacy policy by providing your contact information for customers to reach out with privacy concerns or questions.
It’s a best practice to include multiple channels, such as an email address, a customer support phone number, a physical address, and a support chat feature on your website/app.
For example:
“If you have questions or concerns about how we handle your personal information or this Policy, you can reach out to us through the following mediums:
Email: [email protected]
Phone: [Customer Support Number]
Physical Address: [Your Business Address]
Live Chat on our website”
Best Practices for Creating Your Australian Privacy Policy
Best Practices for Creating Your Australian Privacy Policy.png
It’s not enough to simply write up your Australian privacy policy. You must also observe several best practices to make this policy helpful to customers and enforceable under law.
Here are some best practices to help you create a valid Australian privacy policy.
Make your privacy policy free of charge and in the appropriate format
Under Australia’s law, customers shouldn’t have to pay a fee to access or obtain a copy of your privacy policy.
Moreover, your privacy policy must be presented to your customers in a clear, concise, and readily available format.
Respond to requests for your privacy policy in different formats
Be adaptable when providing your privacy policy. If a customer requests this policy in a specific format (e.g., PDF, HTML, etc.), respond appropriately to their preferences where reasonable.
This is especially important for customers with difficulty accessing or understanding a traditional paper-based privacy policy. Plus, being flexible shows your commitment to customer satisfaction and accessibility for all.
Make your privacy policy easily accessible
Your privacy policy must be easily accessible under Australia’s law. To do this, place prominent links to your privacy policy in conspicuous places around your website or app, especially on pages where personal information is collected.
Typical places to include links are:
Email newsletters
Website footers or headers
In-app settings or menu interfaces
Account registration and log-in pages
Easy accessibility allows customers to review your privacy practices whenever needed, fostering a transparent and open relationship.
Use simple language for easy understanding
A privacy policy may inherently be a legal document, but treating it as such, more often than not, backfires. After all, the average customer will likely get confused by legal or technical terminology.
For this reason, Australia’s law (and many others) requires a privacy policy to be written in simple, plain, and relatable language without any legal or technical jargon.
Making things as simple as possible also tells customers you have nothing to hide within walls of legal text.
Consider maintaining more than one privacy policy if necessary
You may need to maintain multiple privacy policies if your business operates in different sectors, has customers in different locations, or has diverse privacy practices.
When doing this, tailor each policy to the specific sector, location, or practice it addresses. For instance, you may have one privacy policy for EU customers and another privacy policy for California customers.
This approach gives customers clear and relevant information based on their interactions with different parts of your business.
Closing
Now that you’ve gone through our free Australian privacy policy template, you’re ready to take the next step – drafting your own privacy policy.
And if writing your policy still seems tedious or complex, it’s because it is. But the good news is you don’t have to go at it alone!
At Captain Compliance, we live and breathe privacy policies (in addition to our diverse collection of compliance solutions).
Why choose us? Our team of experts will:
Create, review, and refine your Australian privacy policy
Update your existing privacy policy to reflect Australia’s requirements
Assist you every step of the way and set you up for indefinite compliance
Ready to develop a customized privacy policy that complies with Australia’s law? Get in touch today!
FAQs
Why do I need a privacy policy if I operate in Australia?
The Australia Privacy Act and its 13 Australian Privacy Principles (APPs) require all businesses under its scope to maintain a privacy policy. Moreover, having a privacy policy helps you:
Build trust with your customers
Avoid legal consequences
Be open and transparent
Find out everything you need to know about the Australia Privacy Act
What should I include in my privacy policy under Australia’s law?
Under the Australia Privacy Act, your privacy policy must provide information about the following:
What types of personal information you collect
Why you collect personal information
How you collect and store personal information
How you use and share personal information
How customers can access or correct their personal information
How customers can report a privacy violation
Whether you transfer personal information outside Australia and where
How customers can contact you
Learn more in our Australia Privacy Policy Requirements guide
How can I make sure my privacy policy is compliant?
The best way to make sure your privacy policy is compliant is to seek legal advice from a data privacy or compliance service.
That said, there are some general things you can do to ensure your policy is as compliant as possible:
Use clear and simple language
Be specific about your data processing practices
Make your privacy policy easily accessible to customers
Review your privacy policy regularly and update it as needed
See also: How to handle a data breach under the Australia Privacy Act
What happens if I don’t have a privacy policy or my privacy policy is not compliant?
If you don’t have a privacy policy or if your privacy policy is not compliant, you risk facing harsh penalties, including fines and negative publicity. You could also lose the trust of your customers and damage your reputation.
Check out our guide for penalties under the Australia Privacy Act