e-Sign with Lawpath

Privacy Policy (CCPA Compliant)

A Privacy Policy outlines how your business will use, store and collect your customers' information. This Privacy Policy meets the requirements of the Australian Privacy Principles, as well as the California Consumer Privacy Act.

starstarstarstar_borderstar_border

3.0 (2 reviews)

alarm_on

Last updated December 18, 2024

edit

Under 20 minutes

location_on

Suitable for Australia

Get 1st document free

Written by

Edwin Montoya Zorrilla

Reviewed by

Damin Murdock

Document Overview

It is imperative for your customers to be aware of how their data is being used and reasonable steps be taken to handle such information with care.

Depending on your business needs there are various privacy policies that you might use and it is often known by other names such as:

  • Responsible use of data policy.
  • Website privacy policy.
  • Privacy policy agreement.
  • Confidential information policy.

This Privacy Policy reflects disclosure and transparency requirements set out in the California Consumer Privacy Act of 2018 (CCPA) and the EU General Data Protection Regulation (GDPR).

IMPORTANT: having this policy is not sufficient to comply with any of the relevant legislation. You must actually follow the procedures outlined in the policy. Please read the provisions of this policy and ensure that you are prepared to follow such procedures.

The Legal Risk Score of a Privacy Policy (CCPA Compliant) Template

Our legal team have marked this document as low risk considering:

  • The document allows for the collection and sharing of a wide range of personal information, which could expose users to potential privacy breaches if not handled properly.
  • The transfer of personal information across international borders, as outlined in the document, introduces the risk of data being subject to less stringent protections than in the user's home country.
  • The document outlines the use of personal information for marketing purposes, which might not align with every user's expectations or preferences regarding their personal data usage.
Get started

Privacy Policy (CCPA Compliant) Checklist

Complete your free Privacy Policy (CCPA Compliant) with our checklist

Review Personal Information Handling Practices

Ensure that all personal information collection, storage, and sharing practices align with the stipulations outlined in the privacy policy to maintain compliance and protect user data.

Implement Adequate Security Measures

Adopt and maintain robust security measures as described in the document to prevent unauthorized access or breaches of personal information.

Update and Monitor Compliance Regularly

Regularly review and update the privacy policy to reflect any changes in legal requirements or business practices, and monitor compliance to ensure ongoing adherence to the policy.

Educate and Inform Stakeholders

Inform and educate employees, users, and stakeholders about their rights and obligations under the privacy policy to ensure clarity and transparency in its execution.

Get started

Does my personal website have to include a Privacy Policy?

If you have a website that collects personal information from its users, it must include a Privacy Policy that complies with Australian and international laws.

A website that does not include a Privacy Policy may be subject to large fines in cases of a data breach. Small businesses with an annual turnover of $3 million must ensure their Privacy Policy complies with the requirements under the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

If you're unsure on whether a Privacy Policy is required for your business, a helpful tip is to see if you are collecting any of these types of information:

  • telephone number;
  • date of birth;
  • credit card information;
  • financial information;
  • contact information;
  • sexual orientation;
  • ethnic origin;
  • health information;
  • personally identifiable information;
  • demographic information; or
  • social media information.

If you're still unsure if your small business needs to comply with the Privacy Act, read more: Does my small business need to comply with the Privacy Act?

Use this Privacy Policy when:

  1. You would like to inform people how you collect, use and respect information data; 
  2. You would like to be in compliance under Australian federal laws, as well as the California Consumer Privacy Act.
  3. You have created a website and require a privacy policy (please note, if you're after a more general-purpose privacy policy applicable to offline avenues, please see Lawpath's Offline Privacy Policy).

What does the Privacy Policy cover?

  • how personal information data and sensitive information is collected;
  • what the personal information is used for;
  • how the personal information data is stored and managed; and
  • the kind of control and rights that customers have over their personal information.

Other documents you may need:

I have an app or a website on a third party platform. Am I required to have a Privacy Policy ?

It is compulsory for those who either have a mobile app or desktop app to have a Privacy Policy to be in compliance under Australian federal laws, especially those which leverage Google Adsense.

Desktop apps can use this Privacy Policy template for compliance. Mobile App developers can use a specific Mobile App Privacy Policy - on the Lawpath platform - for compliance.

However, if you are unsure on whether your business is compliant with applicable privacy policies, contact us for more information.

As of late 2018, most third party platforms that allow individual vendors to set up their own business recommend the use of a Privacy Policy, if the individual vendor collects personal data. For example, Amazon requires website owners to post a Privacy Policy agreement if they use any of their services.

I use third party services/vendors on my website. Am I required to have a Privacy Policy?

Websites often interact with and pass data onto affiliates/third party vendors such as Google Analytics or Facebook Advertising who track the website for marketing purposes using browsers ‘cookies’ who collect personal information from its users, also to display ads.

If your website interacts with third party vendors, your Privacy Policy must include a clause notifying the user that third party vendor may collect their personal information. Third party services that track personal information may also collect log files/data on certain browser types which should also be included in your Privacy Policy. Log data collected and stored on servers typically includes IP addresses and download information.

Does anybody actually read privacy policies?

A survey undertaken by the Office of the Australian Information Commissioner (OAIC) into community attitudes towards privacy has found that 84% of people believe the privacy of their information is important. However, only 1 in 5 Australians read a Privacy Policy in full. 87% of people surveyed suggested that privacy policies be in plain english so that they can understand how their information is dealt with.

If your website also collects personal data from browser 'cookies' (ie. blog), it is important to give users the opportunity to consent - directly or possibly from a guardian - before collecting any information.

What laws apply to this Privacy Policy?

The Australian Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs) regulates the handling of personal information about individuals. The CCPA is the California equivalent, and has different requirements to Australian legislation.

If the business or website interacts with consumers outside Australia, certain international privacy laws may apply.

Should I get this policy reviewed by a lawyer?

Although it is not a legal requirement to have a lawyer draft your Privacy Policy, it is recommended, to ensure the accurate wording is being used and the relevant laws are being complied with.

Where should I publish my Privacy Policy?

It is common for websites to place their Privacy Policy, terms and conditions and website disclaimer at the footer of the website. This standard makes it easier for your visitors and customers to find your Privacy Policy.

Further information

It's never been so easy

laptop_mac

Sign-up to a free Lawpath account

Get started and we’ll take care of you. It’s that easy.

gavel
person_outline

Collaborate with e-Sign and Sharing

Having access to your legal documents has never been easier. You can request e-signature, share the document and download for an efficient collaboration.

Create unlimited legal documents and eSignatures for only $39/month.

Upgrade to a Lawpath legal plan to boost your new business.

View plans & pricing
trust-mark

Here's what people say about Lawpath’s Privacy Policy (CCPA Compliant)

Reviews are managed by BazaarVoice and comply with the BazaarVoice Authenticity Policy. Reviews are independently verified by BazaarVoice and detail our customers' real experiences.

Looking for more documents?

Browse all legal documents