Legal Advisory
What is the Reasonable Person Test?
The reasonable person test is a benchmark of behaviour for determining whether something is reasonable or not. The idea of a reasonable person is a made-up concept used to help
It is vitally important for your business to have a privacy policy. In this guide, we’ll step you through what you should include in your privacy policy and you’ll hear from an experienced eCommerce lawyer.
This article will be particularly helpful for new businesses. Whether you sell goods or services, its important to inform people you interact with how your business will handle their personal information.
A privacy policy is essentially a disclaimer that states in clear terms how your company handles the personal information of your customers.
If your business is covered by the Privacy Act 1988 (Cth), you must have a stated privacy policy. Some eCommerce platforms and search engines also require businesses to have a privacy policy available to their customers.
Generally, the Privacy Act covers organisations operating in Australia and having an annual turnover of more than $3 million.
You can print your privacy policy on paper, make it available to everyone on your website, or have it displayed on your customers’ mobile devices.
There are a number of things that your privacy policy should contain. For more detailed guidance, you should talk to an eCommerce lawyer.
The Privacy Policy of your organisation must inform your customers of:
If your organisation’s privacy policy states that you are likely to send the personal information of your customers overseas, and if something goes wrong, your eCommerce might be held legally responsible for it.
In that case, you should talk to an eCommerce lawyer.
There are a set of things that you must include in your privacy policy to avoid legal complications.
If you are unsure, always talk to an eCommerce lawyer.
For instance, your privacy policy should include information like the duration for which you are going to keep the personal information of your customers with you and whether it will be scanned. For your convenience, we have put together a list containing the most important things that you should include in your privacy policy:
In the opening statement of your privacy policy, you should mention your organisation’s commitment to maintaining the confidentiality of the information that you are going to collect.
You should also include the necessary documents that show your compliance with the Privacy Act, the Australian Privacy Principles, and other privacy obligations that are relevant to your business, like the Privacy (Credit Reporting) Code 2014.
An eCommerce lawyer can help you to draft an opening statement in your privacy policy.
In this section, you should mention in detail:
This is information that can render an individual reasonably identifiable.
This information can include name, phone number, email address, social media profile, employment history, etc. You should provide the details of the information that is collected through apps and websites, such as date and time of website access, IP addresses, location information, and cookies
Here, you can inform your customers that you can collect their information directly from them, a third-party provider, any publicly available source, or cookies
Explain if such information is helping you in improving your products and services, or expanding your marketing scope, or designing personalisation, etc.
Each of these points is vitally important and you should consult with an eCommerce lawyer to understand how each of these requirements relates to your eCommerce business.
In this part of the Privacy Policy, you must define the term ‘sensitive information’. This is usually information related to an individual’s ethnic or racial origin, religious beliefs, political opinion and/or association, sexual orientation, professional association, membership of a trade, health information, criminal records, etc.
While explaining this point, you must mention that such sensitive information is collected only when the individual consents to providing them. You should also clarify that this information is going to be used for the original purpose of collection only.
If you are unsure how your eCommerce business can collect and use sensitive information, you should contact an eCommerce lawyer.
In this segment, you need to describe when, why and to whom you might disclose the personal information of your customers. For instance, you might have to share it with your contractors and marketers.
You might need to provide their information for data analysis to apps like Google Analytics or present them to authorities and/or courts as required by law. You also need to mention if the information is likely to be disclosed overseas, and if so, what will be the impact of that on data protection.
In this section of your privacy policy, you should state how you are storing and protecting your customers’ personal information, for example through encryption.
You should mention how long you are going to keep the information. Your eCommerce business should also explain if you are combining the personal information of individuals in a file or storing them separately.
An eCommerce lawyer can help you to frame the wording of your privacy policy.
It is very important to include in your Privacy Policy that every individual has the right to access their personal information held by your business. They can also request to change, update, or correct that information if required.
You must describe in detail an enquiry and complaint process in your Privacy Policy. You should also elucidate the additional steps that the other parties can take if they are unsatisfied with the result of an enquiry or complaint.
For example, you can guide them first to an external dispute resolution scheme and then to the Office of the Australian Information Commissioner.
You must also provide a generic phone number and an email address for your customers to get in touch with you. These contact details should not change, irrespective of the staff member in charge.
An eCommerce lawyer can provide legal advice on how to handle privacy complaints.
In the end, you must incorporate in your Privacy Policy a statement about your business’s commitment to keeping your privacy policy up to date and publishing every change that you make to the privacy policy on all mediums.
While creating your Privacy Policy, you need to elaborate everything carefully to avoid legal complications. Also, you must update your privacy policy if your information handling practices change.
You can either publish your updated privacy policy on your website or send them to your customers through email or post a hard copy to their physical address.
Yes, in Australia, having a privacy policy is often legally required. The Privacy Act 1988 (Cth) governs the handling of personal information. The Act includes the Australian Privacy Principles (APPs). These set out the standards, rights, and obligations for the handling, collection, use, and disclosure of personal information.
Under the Privacy Act, entities covered by the Act are generally required to have a privacy policy that outlines how they manage personal information. This policy should cover various aspects, including the type of personal information collected, how it is used and disclosed, security measures in place to protect the information, and how individuals can access and correct their personal information.
It’s important to note that specific obligations may vary depending on the size and nature of the organisation, as well as the kind of personal information it handles. Entities that are covered by the Privacy Act may face penalties for non-compliance, so it’s crucial to ensure that privacy practices align with the legal requirements.
A privacy policy should include the following key elements:
Types of personal data collected: The privacy policy should clearly state the types of personal data that are collected from the users, such as name, email address, physical address, IP address, and other relevant information.
Purpose of data collection: The policy should specify the reasons for collecting user information and how it will be used. This may include providing services, improving user experience, or marketing purposes.
Data storage and security measures: The policy should outline how long the data will be stored, where it will be kept, and the security measures taken to protect the data.
Third-party sharing: If the data is shared with any third parties, the policy must disclose this, including who the third parties are and why the data is being shared.
Enquiry and complaint process: The policy should detail how users can raise enquiries or complaints about their data, and what steps they can take if they are unsatisfied with the outcome.
Updates to the policy: The policy should specify that it can be updated from time to time, and how users will be notified of these updates.
It’s crucial to update the privacy policy when information handling practices change to maintain transparency with users and ensure compliance with the law. This includes changes in the types of data collected, how the data is used, where it’s stored, what security measures are in place, and whether the data is shared with third parties.
By keeping users informed of these changes, you can maintain their trust and avoid potential legal complications.
We provide legal advice to business and individuals across Australia, no matter which State or Territory you are located. Our easy-to-access, online legal services mean that you can talk to our lawyers wherever you are, at a time that suits you.
4.5
Google Reviews
Don’t hesitate – reach out for your free legal assistance today. Your peace of mind is just a click or call away!
The reasonable person test is a benchmark of behaviour for determining whether something is reasonable or not. The idea of a reasonable person is a made-up concept used to help
If you are looking for online legal advice, it is important to understand how an online legal advice lawyer can impact the outcome of your legal matter. Getting advice from an online
A legal counsel is sometimes known as an in-house lawyer. Legal counsel deliver legal advice from within a business. A legal counsel may work as part of an in-house legal team or as a sole lawyer