All About Privacy Policies | Foundd Legal Contract Templates

All About Privacy Policies


Does your website have a privacy policy? Australian law requires any website that collects and stores information have a privacy policy. Pretty much every website collects information in some way, shape or form (yes, email sign-ups count) and so a privacy policy is a must for almost all businesses. 

What is a privacy policy and how do I get one? 

A privacy policy explains how you handle the personal information of your customers and website users. Online privacy is a huge concern for people. Including a policy on your website is not only a legal requirement but it works to build trust and assures users you aren’t going to sell their details to nefarious third parties or spam them with unrelated content. 

Businesses around the world are recognising the importance of privacy policies. We think that’s great. What’s not great is that said businesses are simply copying privacy policies from other websites rather than taking the time to establish their own documents. This is a terrible idea for two key reasons. First, the privacy policy copied might not be relevant to your business. Second, the privacy policy copied might outline stipulations that your business doesn’t actually follow. This is a recipe for a lawsuit and even a situation where your website and business are shut down. Moral of the story? Don’t copy privacy policies. 

The good news is getting the right privacy policy for your website is super easy. There are online privacy policy generators from reputable businesses (Shopify has one) and there are businesses like ours that offer easily accessible lawyer-approved templates. As you can see, copying a privacy policy is not only silly but unnecessary! Before you scoot off and take advantage of our awesome offer, stick with us a few minutes longer so we can tell you a little more about privacy policies and Australian regulations. We’ll make it interesting, pinky swear. 

Australian legal requirements for privacy policies 

As mentioned, it’s a legal requirement in Australia to have a privacy policy if your website collects, stores and uses any personal information. This includes email addresses, physical addresses, phone numbers, credit card details and so on. The privacy policy must comply with the Privacy Act (1988) and Australian Privacy Principles

Do not be fooled! Even if your website is strictly for marketing purposes or functions solely as a blog, the mere inclusion of a contact form or newsletter sign up will make it necessary for you to include a privacy policy.

The elements that should be included in a privacy policy 

Your privacy policy needs to clearly express how personal information will be managed. It must be open, transparent and easy to understand. The best privacy policies keep their core audience in mind and are written in a way that makes sense to them. Here are a few key components that should be included in a privacy policy. 

Explain the way information is collected and handled 

You must outline the type of personal information you collect and store. The way you collect said information and the purpose for which you will collect, hold, use and disclose information. If you’re collecting information through a contact form, storing it on Mail Chimp and using this information to email people then you need to relay all this in your privacy policy. Take the time to assure your customers that you will not spam, sell or rent their email address or other personal information. 

If you plan to disclose personal information to other people or organisations then this also needs to be relayed in your privacy policy. 

For those who operate e-commerce stores, your privacy policy should include information about how you handle your customer's credit card details and reference the privacy policies of your payment processing providers. 

If your website allows comments and reviews and includes adverts that track visitors, then your privacy policy will need to include this information.

Pop quiz. A beauty blogger who has become an affiliate for a makeup brand begins to include trackable ads on their blog. Should the blogger include this information in their privacy policy? 

Yes. The answer is yes! 

Explain how information can be accessed and corrected 

Your privacy policy should tell customers how they can access and correct any information you hold. It should also let them know how they can unsubscribe from any email or marketing lists. 

Your contact details, including your email, should be provided and customers should be told how they can complain about a potential privacy breach. 

Cookies and tracking 

Inform customers of any cookies that are used on your website. You may also need to comply with General Data Protection Regulation (GDPR). This is the European Union’s new data protection law which came into force on 25 May 2018.  

The GDPR doesn’t just apply to EU based businesses, it applies to any business that processes personal data relating to an individual in the European Union, so even if you are an Australian business, there is a chance that GDPR may apply to you, your clients or the work you undertake online.

If your website uses tracking software like Google Analytics or advertising networks that rely on online tracking, then you should also disclose this in your privacy policy. In fact, it’s a condition of using Google services that an appropriate notice be included in your privacy policy.  

Using and updating privacy policies 

Privacy policies should be updated if there is a change to any systems or procedures that impact the way data is stored. This change should also be followed up with clear communication to your customers. Privacy policies will also need to be updated to coincide with any changes to the law. If it’s suddenly a legal requirement you ask for every website visitor’s favourite colour and then you’d need to reflect this in your privacy policy. 

At Foundd legal, we keep our privacy policy template up to date and are abreast of the legal issues that may impact online entrepreneurs. If you’re unsure whether your privacy policy is compliant, or whether our template is suited to your particular business, then please do contact us for a complimentary consultation


psst... pin this to your Biz Board on Pinterest for safe keeping ;)

All About Privacy Policies | Foundd Legal Blog

FOUNDD LEGAL articles are intended to provide commentary and general information only, in an informal style. Though we like to keep it real, please don’t rely upon our posts as legal advice. If there is something in one of our articles that speaks to you, reach out for some formal and up to the minute legal advice to properly address and discuss your queries and concerns. We’re here for you!