e-Sign with Lawpath

Privacy Policy

A Privacy Policy is required by law in certain circumstances. It outlines how your business will use, store and collect your customers information. Customisable and ready for use in under 5 minutes.
4.7 (1247 reviews)
Under 5 minutes
Suitable for Australia
Get 1st document free

Document Overview

You must use a Privacy Policy if your business or company collects personal information and data online or directly from your customers. A Privacy Policy is required by law if your business falls within one of the criteria set out in the Privacy Act 1988 (Cth). It is imperative as an application or online business to have customer transparency in data collection and how you store information. We have a Privacy Policy template for you to edit and customise to your own personal preferences on the Lawpath platform.

What is a Privacy Policy?

A Privacy Policy is a document that states how your business will deal with the personal information and data it collects.Your Privacy Policy will inform your consumers about when your business or company will collect information, what the personal information is used for and how that information will be stored and managed in the future. Your Privacy Policy must also include provisions relating to when personal information can be access, transferred, shared and kept. No matter what type of business you run, a Privacy Policy can be an integral step for legal compliance. 

Other names for Privacy Policy 

A Privacy Policy can also be known by a variety of different names, including: Privacy Practices, Responsible Use of Data, Website Privacy Policy, Privacy Policy Agreement, Use of Private and Confidential Information Policy.

Why use this Privacy Policy?

This Privacy Policy should be used if: 

  • You would like to inform your consumers, suppliers or contractors how you collect, use and respect information data;
  • You would like to be in compliance under Australian Federal laws on privacy; and
  • You have created a website and require a Privacy Policy.

What does this Privacy Policy cover?

It should be noted that this Overview only outlines what provisions should be included in your Privacy Policy. This Overview does not include all the provisions that need to be included in your Privacy Policy. The most common provisions used in our Privacy Policy include:

Collection of Personal Information

Firstly, the Privacy Policy should explain what information is deemed to be personal information. This may also be known as the categories of personal information. Personal information may include information pertaining to a customer/users profile, username, password, legal name, date of birth, email address etc. Your Privacy Policy should also outline the type of device information or usage information that may be collected, such as web browser signals, browser type, operating system, internet protocol address (IP address), unique device identifiers etc. It is also common for a Privacy Policy to explain when this information will be collected, i.e. when a user communicates with the business, creates an account on your business website, accesses the website, enters sweepstakes or surveys on the website etc.

Use of Personal Information 

The Privacy Policy should explain how personal information will be received, stored and shared. The Privacy Policy should explain the legitimate interests in holding and storing personal information. For instance, some popular legitimate interests may include: to improve, maintain and enhance services and products, for direct marketing purposes etc. 

Disclosure of Personal Information 

Provisions surrounding disclosure of personal information generally relate to how and when a business or company may share such information with a third-party service provider, agent, supplier or third-party websites. Furthermore, if the business is involved in some merger, acquisition, or sale of assets, the Privacy Policy should outline how personal data will be disclosed and transferred. This provision may also relate to the businesses requirement to disclose personal information when required by an Australian Court. For instance, to abide by subpoenas or other court orders. 

Rights and Control of a Customers Personal Information 

This provision in a Privacy Policy usually relates to how a customer or user may request access to their personal information. The Privacy Policy may also include provisions relating to the right to opt-out or remove the businesses processing of their personal data. 

Storage and Security of Personal Information 

A Privacy Policy should explain how personal information is to be stored and managed. This provision is particularly important in protecting personal information and liability against fraud, misuse and unauthorised disclosure. 

Website Cookies and Similar Technologies

It is common for a Privacy Policy to explain how website cookies and web beacons will be used. This is a great way to track certain behaviour and enhance the effectiveness of a businesses service or product. However, you must notify your consumers and users that your website or company uses cookies and similar forms of technology.

What laws apply to this Privacy Policy?

The Australian Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs) regulates the handling of personal information about individuals. The Privacy Act and APPs are known as the applicable law of privacy in Australia. A Privacy Policy is therefore implemented to ensure that your business or company is collecting and using personal information in accordance with its legal obligations and the legal process stipulated by Australian Law. A business can only deal with personal information where there is a legal basis to do so. If the business or website interacts with consumers outside Australia, certain International Privacy laws may apply.

Commonly Asked Questions

I have an app or a website on a third party platform. Am I required to have a Privacy Policy ?

It is compulsory for those who either have a mobile app or desktop app to have a Privacy Policy to be in compliance under Australian Federal laws, especially those which leverage Google Adsense. Desktop apps can use this Privacy Policy template for compliance. Mobile Apps can use a specific Mobile App Privacy Policy - on the Lawpath platform - for compliance. A Mobile App is a application that is available on mobile devices. However, if you are unsure on whether your business is compliant with applicable privacy policies, contact us for more information.

As of late 2018, most third party platforms that allow individual vendors to set up their own business recommend the use of a Privacy Policy, if the individual vendor collects personal data. For example, Amazon requires website owners to post a Privacy Policy agreement if they use any of their services. However, this is on a case by case basis, if you are unsure as to whether your business requires a Privacy Policy, contact the third party platform or us for more information. 

Does my personal website have to include a Privacy Policy?

If you have a website that collects personal information from its users, it must include a Privacy Policy that complies with Australian laws. If your website operates on an international setting, then you will also need to abide by International Privacy laws. A website that does not include a Privacy Policy may be subject to large fines in cases of a data breach. Small businesses with an annual turnover of $3 million must ensure their Privacy Policy complies with the requirements under the Privacy Act 1988 (Cth) and the Australian Privacy Principles. If you're unsure on whether a Privacy Policy is relevant for you, a helpful tip is to see if you are collecting any of these types of information; phone number, credit card information, contact information, personally identifiable information, demographic information, social media information - you most likely require one.

If you're still unsure if your small business needs to comply with the Privacy Act, you can check the Australian Government website by clicking the link.

I use third party services/vendors on my website. Am I required to have a Privacy Policy?

Websites often interact with and pass data onto affiliates/third party vendors such as Google Analytics or Facebook Advertising who track the website for marketing purposes using browsers ‘cookies’ who collect personal information from its users, also to display ads. If your website interacts with third party vendors, your Privacy Policy must include a clause notifying the user that third party vendor may collect their personal information. Third party services that track personal information may also collect log files/data on certain browser types which should also be included in your Privacy Policy. Log data collected and stored on servers typically includes IP addresses and download information. 

Will anyone actually read my Privacy Policy?

It is often thought that most people who interact with different websites do not read its privacy policies. However, a recent survey undertaken by the Office of the Australian Information Commissioner (OAIC) into community attitude towards privacy has found that 65% of people are now more likely to read Privacy Policies and 61% would check website security before giving personal information to ensure their privacy rights are protected. If your website also collects personal data from browser 'cookies' (ie. blog), it is important to give users the opportunity to consent - directly or possibly from a guardian - before collecting any information.

Does my Privacy Policy need to be compliant with International Privacy laws? (ie. GDPR)

If you company or business operates on an international scale, then International Privacy compliances are required. This may include compliance with European Union laws, Canadian laws and Californian laws. These three international forms of Privacy compliance are outlined below:

  • European Union: If your business or company has a presence in the European Union (EU), the a Privacy Policy geared toward GDPR compliance is a necessity. The European General Data Protection Regulations (GDPR) contain laws which regulate how businesses should interact with consumer data to ensure privacy rights are protected. The GDPR apply to businesses in Australia or overseas if their business or website collects European consumer data from any European Economic Area (EEA). If you are unsure whether your website is GDPR compliant, you can contact us for more information.
  • Canada: The Canadian Personal Information Protection and Electronic Documents Acts (PIPEDA) contain laws which regulate how businesses should interact with consumer data to ensure privacy rights are protected. The PIPEDA applies to businesses in Australia or overseas if their business or website collects Canadian consumer data. If you are unsure whether your website is PIPEDA compliant, you can contact us for more information.
  • California: California has two policies, both of these apply to businesses in Australia or overseas if their business collects Californian consumer data. If you are unsure whether your website is COPPA & CALOPPA compliant, you can contact us for more information.

Should I get my Privacy Policy reviewed by a lawyer?

It is always recommended that a lawyer review your Privacy Policy before its implementation. This ensures that your Privacy Policy contains the accurate wording and the relevant laws are being complied with. One of our lawyers would be happy to help.

Where should I publish my Privacy Policy?

It is common for websites to place their Privacy Policy, terms and conditions and website disclaimer at the footer of the website. This standard makes it easier for your visitors and customers to find your Privacy Policy.

Related Documents:

It's never beenso easy
Sign-up to a free Lawpath accountLawpath is free to join, and you get one free legal document when you sign-up. Also, you can receive unlimited e-signature requests with your Lawpath account.
Browse our 350+ legal documentsBrowse our 350+ legal documents to find the perfect match to cover your business needs. We’ve got Compliance, Employment, Service agreements and more.
Collaborate with e-Sign and SharingHaving access to your legal documents has never been easier. You can request e-signature, share the document and download for an efficient collaboration.
Create unlimited legal documents and eSignatures for only $29/month.
Learn more
Here's what people say about Lawpath’s Privacy Policy
No reviews available.
Powered by
Looking for more documents?
Non-Disclosure Agreement (Mutual)
Services Agreement
Sublease Agreement
GDPR Privacy Policy
Browse all legal documents