Google Reviews

Need Help? Contact An Australian Business Lawyer Today 1300 003 077
Close this search box.

What Do I Need In A Privacy Policy?

A Privacy Policy is important for every business. A privacy policy needs to include all the information set out in the Privacy Act 1988. Our privacy and data lawyers also recommend that a privacy policy include information that is helpful and transparent.

If you have a website or app that collects personal data from its users, you need to establish a policy. Although it is common for users not to read through this policy, it is essential to have one for your business.

Most Internet users have heard of a privacy policy. However, you may not know what it does or what it generally includes.

In this article, our eCommerce lawyer explains what you should have in a privacy policy.

Lawyers that can prepare Privacy Policy Australia

What is a Privacy Policy?

A Privacy Policy is a legal requirement if you collect and process personal data from customers or users of your website. It discloses what kind of data you collect, how you collect it, what it is used for, where it is stored, and how you keep it secure. It also describes how you collect personal data, for example, using cookies, and how users can limit the data they share with you.

The definition of personal data varies depending on applicable law. However, personal data is any data that allows businesses to identify a person.

Examples of the types of personal information include:

  • Name
  • Email address
  • IP address
  • Passport Number

You may also collect sensitive data such as financial details, biodata, or data of minors. If you collect such data, you should highlight it in a Privacy Policy.

The three most important reasons you need a privacy policy are:

Reason One: It’s a Legal Requirement under Australian Privacy Laws

In Australia, collecting and storing personal information requires a privacy policy as a legal requirement. However, the law only requires businesses that meet certain criteria to have one. We will discuss those criteria below.

We are also aware that there are some significant changes coming to Australia’s privacy laws. You may need to revisit any privacy policy you include now once the new law comes into effect.

Reason Two: It builds trust and shows respect for your users’ privacy

A privacy policy shows that your company takes the data collected from its users seriously. A privacy policy assures website users and customers that you will keep their personal information safe and private. Additionally, they can trust that your business follows Australian laws.

Reason Three: It’s a requirement of a third-party service you use

Operating an online business or website often requires the use of third-party tools or services. For example, most websites use analytics tools to track the traffic coming to the website and traffic patterns. Websites and blogs often use advertising to generate revenue and affiliate links. All these services may require that your website, blog, or eCommerce store have a policy.

For example, companies like Google and Apple require your website to include a privacy policy.

Where to put a Privacy Policy on the website?

Your policy must be easily accessible to your users/customers. Your Privacy Policy should be clearly displayed on your website and on every page where you gather personal information from users.

Header Menu

The most obvious and prominent placement for the policy is in the header menu. Put your privacy policy, terms and conditions, and feedback page in the header menu of your website.

The header menu is accessible from any website page, and users can easily navigate to the privacy policy.

Make sure you have clearly marked your policy as “Privacy Policy” so that there is no confusion among users.

privacy policy
eCommerce lawyer


The footer is the most popular place for websites to post their policy. It is also accessible from any page on your website.

About Us

Another place where your privacy policy should be is on the main menu under the “About Us” section. This is a convenient and easily accessible option, again, available on every page of your website.

Checkout Forms

An effortless way to ensure your users can find your privacy policy is to add it to your checkout form. This is typically done by adding a checkbox next to a statement such as “I have read and agree to the Privacy Policy .

The checkbox is near the “Pay” button, and you cannot process the transaction until you check the checkbox. A link to your privacy policy is provided. This means the customer must agree to, and read the privacy policy to purchase.

privacy policy
eCommerce lawyer

Do I need a Privacy Policy?

You need a privacy policy if:

  1. your business has an annual turnover of more than $3 million
  2. your business is a health service provider
  3. your business engages in credit reporting activities
  4. your business provides services to organisations covered by the Privacy Act
  5. you collect personal information online
  6. your business transfers personal information overseas

There are a variety of ways you can collect data from your users.

Some examples are:

  1. Using cookies on your website;
  2. Collecting email addresses for monthly newsletters;
  3. Collecting email addresses to advise when you are running a sale or to publish your next blog post;
  4. Collecting personal information to send goods to your customers.

What does a Privacy Policy need to include?

A policy should be a comprehensive handbook that leaves no stone unturned. It should encompass the following elements:

  1. The type of personal information you collect and store
  2. The purposes for which you collect, retain, use and disclose personal information
  3. How you collect and securely store personal information
  4. A promise not to “spam,” sell, or rent a visitor’s email address
  5. How an individual can get access to personal information and correct the information you hold, including unsubscribing from an email list
  6. How an individual can complain about a breach of the Australian Privacy Principles and how you’ll handle the complaint
  7. How you share personal information with others, and if they’re in other countries, the countries it will be shared with.
  8. Your contact details

The Australian Privacy Principles (APPs):

The Australian Privacy Principles (APPs) strengthen Australia’s data protection by providing 13 fundamental rules for managing personal information. A robust policy must align with these principles, ensuring comprehensive adherence to the legal framework. These principles address matters such as lawful data collection, responsible use, and vigilant data security.

Tailor your Australian privacy policy to your business

We don’t recommend copying and pasting policies from other websites as they may not fully meet your needs.

A privacy policy is a legal document that informs and protects consumers. It should be well-written, readable, understandable, and accurate. Readers and customers won’t find a policy helpful if they cannot understand the meaning behind the legal jargon.

There are several ways to write a company’s privacy policy, and they’re:

  1. Hiring a law firm: reliable legal advice and the most expensive option available;
  2. Writing it yourself: The cheapest option, but also the most difficult and time-consuming. If you’re not familiar with the rules and regulations, you could miss important information and put your business at risk.

It’s best to hire a privacy lawyer to draft a privacy policy for your business website. If you want to write it yourself that is acceptable. However, we recommend hiring a privacy lawyer to review your privacy policy.

Key takeaways

  • place your policy somewhere prominent on your website
  • be transparent and disclose anything a user may want to know about their personal information
  • don’t copy privacy policies from other websites
  • seek legal advice from qualified privacy and data lawyers

How can Prosper Law help?

Prosper Law is Australia’s online law firm. We provide legal advice to businesses and individuals across Australia. Our areas of legal practice include contracts, eCommerce, publishing, legal counsel and employment law.

If you need to talk to an eCommerce Lawyer, get in touch today.

Contact the team at Prosper Law today. Talk to our privacy data lawyers to discuss how we can help you for a fixed fee.

PROSPER LAW – Australia’s Online Law Firm

M: 1300 003 077

E: enquiry@prosperlaw.com.au  

W: www.prosperlaw.com.au

A: Suite No. 99, Level 18, 324 Queen Street, Brisbane, Queensland Australia 4000

privacy policy law firm

About the Author

Farrah Motley
Director of Prosper Law. Farrah founded Prosper online law firm in 2021. She wanted to create a better way of doing legal work and a better experience for customers of legal services.

Contact an Australian Business Lawyer Today.

Contact us for a free consultation
Contact Us For A Free Legal Consultation
About Prosper Law

We provide legal advice to business and individuals across Australia, no matter which State or Territory you are located. Our easy-to-access, online legal services mean that you can talk to our lawyers wherever you are, at a time that suits you.


Google Reviews

Get Your Free Guide Now
Need Legal Assistance?

Don’t hesitate – reach out for your free legal assistance today. Your peace of mind is just a click or call away!

Check Out Our Latest Blog Posts


Steps in Handling Negative Online Reviews

Removing a bad online review can be done by contacting the customer, resolving the problem or contacting the online platform. Bad reviews are (for the most part) an inevitable part

black woman messaging on modern cellphone
Commercial Contracts

Your Guide to Australia’s Spam Act

The Spam Act 2003 is the basis of Australia’s electronic communications legislation. Its main goal is to oversee and control the transmission of unwanted commercial electronic messages (CEMs). These commercial