Table of Contents
- your business is transparent about its privacy practices;
- your customers have confidence in you; and
- as your business grows and you need to comply with the APPs, you are in a good position to do so.
Personal information is information that can be used to identify a person, whether true or not. Your business probably collects all sorts of personal information, such as:
- names and contact details;
- photographs and payment details; and
- information about browser session and location data.
What is an APP Entity?
An APP entity is a business that needs to comply with the Australian Privacy Principles.
If your business generates more than $3 million in turnover annually, then it is an APP entity and you must comply with the Australian Privacy Principles.
You must also comply with the Australian Privacy Principles if your business generates $3 million or less in turnover annually, but you:
- provide a health service and hold health information other than in an employee record;
- buy or sell personal information; or
- are a contracted service provider for a Commonwealth contract (but compliance will only be required for the activities that are for the purposes of a Commonwealth contract).
It is not just typical health service providers such as doctors that need to comply with the APPs. Examples of types of businesses that are considered to be a health service include:
- child care centres, private schools and private tertiary institutions;
- naturopaths and chiropractors; and
- hospitals, day surgeries, medical centres, pharmacists, and allied health professionals such as physiotherapists.
Health information is classified as a type of sensitive information and attracts higher privacy standards than other types of personal information. Health information can include:
- information about an individual’s physical or mental health;
- records held by a fitness club about an individual; and
- an individual’s healthcare identifier when it is collected to provide a health service.
Buying and Selling Personal Information
If you disclose personal information about another individual for a benefit (such as a financial reward) or provide a benefit to collect personal information about another individual from anyone else, then you will be an APP entity.
Example of businesses that trade in personal information include:
- businesses that sell lists of personal information (e.g. names and phone numbers) to another business for the purposes of direct marketing. The business that purchases the list is also an APP entity;
- lobby groups that pay another entity to collect information about the political preferences of an individual; or
- finance brokers who sell lists of individuals to finance companies without the individuals’ consent.
Contracting with a Commonwealth Agency
If your business provides services as part of a commonwealth contract, then you are an APP entity. If you:
- provide services to a government agency under a government contract; or
- are a subcontractor for a government contractor, you will need to comply with the APPs.
Call 1300 544 755 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
- the kinds of personal information you collect and hold;
- how you collect and hold personal information;
- the purposes for which you collect the personal information;
- how an individual may access their personal information and seek its correction;
- how an individual may make a complaint if you breach the APPs and how you will handle their complaint; and
- whether you are likely to disclose personal information to overseas recipients, and if so, to which countries.
If you are an APP entity, then you need to notify parties at the time you are collecting personal information from them that you are doing so. If it is impractical to do so at the time, then you should notify them as soon as you can.
For example, if someone is purchasing a bag from your website, you may set out:
- that you are collecting personal information for the purposes of processing their order and shipping them the bag;
- who you are likely to disclose the information to;
- whether you are likely to disclose the information to an overseas recipient; and
A privacy lawyer will be able to guide you through how to use a collection notice and what to include.
Frequently Asked Questions
Personal information is any information, whether true or not, that can be used to identify a person. Personal information commonly collected by businesses include names, contact details, photographs and payment details.
An APP entity is a business that is required to comply with the Australian Privacy Principles. There are specific categories that are used to determine if your business is an APP entity.
We appreciate your feedback – your submission has been successfully received.