Start by clicking on "Fill out the template"
Answer a few questions and your document is created automatically.
Your document is ready! You will receive it in Word and PDF formats. You will be able to modify it.
Last revision: 02/09/2024
Available formats: Word and PDF
Size: 7 to 11 pages
Rating: 4.6 - 84 votes
Fill out the templateA Privacy Policy is a document that is published by the owner of a website or mobile application, explaining what sort of information they collect from users and how they collect it, as well as how they use, store and share that information.
In Australia, any APP entities must have a Privacy Policy. An APP entity is defined under the Australian Privacy Principles and includes:
The Australian public is becoming more concerned about online privacy. A Privacy Policy can help to address some of those concerns. Therefore, it is best practice for all businesses in Australia to have a Privacy Policy, even if they think they might not be obliged to have one.
These documents are quite similar.
The GDPR refers to the European Union's General Data Protection Regulation. This is a comprehensive set of privacy law which contains some strict data protection requirements. While it is European law rather than Australian law, Australian businesses (regardless of size) may need to comply with the GDPR if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU. There are a lot of similarities between Australian privacy law and the GDPR, but the GDPR is stricter than Australian privacy law in a number of ways.
A Privacy Policy for Website or Mobile Application only addresses Australian law, so it is designed for businesses that do not need to comply with the GDPR. The GDPR Privacy Policy is for Australian businesses that may also need to comply with the GDPR.
Personal information is information or an opinon about an identified individual, or an individual who is reasonably identifiable. This could include:
A Privacy Policy can stay in place indefinitely. However, business owners should regularly review their Privacy Policy to make sure that they are up to date with current privacy laws and that they accurately reflect how the business handles privacy matters.
If the business changes the way it collects, stores, shares or uses personal information, then the business owner should make sure to update their Privacy Policy.
Once the Privacy Policy has been completed, it can be published on the website or mobile application, in a location that is easy for users to find. For example, many websites include a link to their Privacy Policy in their website footer.
A Privacy Policy does not need to be signed.
A Privacy Policy should outline:
A Privacy Policy may also outline:
Some industries have additional privacy rules. These are discussed below.
The primary legislation in relation to privacy law in Australia is the Commonwealth Privacy Act 1988. This has been amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 also sets out a set of Australian Privacy Principles which apply to Australian organisations and provide guidance as to what should be included in a Privacy Policy. Further information about the Australian Privacy Principles is available via the Office of the Australian Information Commissioner.
Other relevant laws include the Privacy Regulation 2013, and the Privacy (Credit Reporting) Code 2014. A number of industries also have additional privacy rules. For example, specific laws may impose additional privacy requirements in relation to:
This privacy policy satisfies basic requirements of the Privacy Act 1988 and the Privacy Amendment (Enhancing Privacy Protection) Act 2012 but does not contemplate the full range of specific privacy matters that may apply in some situations (including those additional matters that may arise under the other privacy laws listed above).
The European Union General Data Protection Regulation (GDPR) contains data protection requirements that may also apply to Australian businesses.
Australian businesses (regardless of size) may need to comply with the GDPR if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU.
This privacy policy does not deal with the GDPR. It is only designed for compliance under Australian law. Businesses that deal with the EU should consider our GDPR Privacy Policy.
Further information about how the GDPR may affect Australian businesses is available through the Office of the Australian Information Commissioner.
You fill out a form. The document is created before your eyes as you respond to the questions.
At the end, you receive it in Word and PDF formats. You can modify it and reuse it.
Guides to help you
Country: Australia