Can I collect, use and store personal information for direct marketing?

The Australian Privacy Principles (APPs) contained within the Privacy Act 1988 (Cth) (Privacy Act) sets out how businesses in Australia are to collect, use, disclose and store personal information, and under what circumstances it can be used for direct marketing.
Under the requirements of the APPs, if your business collects personal information from customers, you are required to tell your customers that you are collecting it and what you will be doing with it. You must only use personal information for the purpose for which it was obtained.
Direct marketing
According to APP 7, businesses that collect personal information from individuals must not use or disclosure information for the purpose of direct marketing.
There are, however, several exceptions to this rule.
Your business is able to use and disclose personal information (other than information that is classified as sensitive information) for the purpose of direct marketing if:
- you collected the information directly from your customer;
- your customer would expect you to use or disclose the information for marketing purposes;
- you provide a means for your customer to request not to receive direct marketing from your business; and
- your customer has not made a request to not receive direct marketing from you.
Your business is also able to use and disclose personal information (other than information that is classified as sensitive information) for the purpose of direct marketing if:
- your business is a contracted service provider under a Commonwealth contract;
- your business collected personal information for the purpose of being able to meet (either directly or indirectly) an obligation under the Commonwealth contract; and
- the use or disclosure of the information is necessary to meet such an obligation.
Requests to not receive direct marketing
If you have used or disclosed the personal information of a customer for the purposes of direct marketing, and the customer returns with a request not to receive any further direct marketing communications from your business, you must give effect to the customer’s request within a reasonable period of time after the request is made.
Conclusion
It is important that you comply with the requirements of the Privacy Act. Failure to comply with the Privacy Act may result in a fine of up to $1.7 million for companies and $340,000 for entities that are not companies (including individuals) for any serious or repeated breaches of the Privacy Act.
If you are unsure whether your business is collecting, using, disclosing and/or storing personal information in a manner which is compliant with the APPs, contact one of our lawyers today.
How Franchisors Can Avoid Misleading and Deceptive Conduct
Wednesday 18 May | 11:00 - 11:45am
Online
New Kid on the Blockchain: Understanding the Proposed Laws for Crypto, NFT and Blockchain Projects
Wednesday 25 May | 10:00 - 10:45am
Online
How to Expand Your Business Into a Franchise
Thursday 26 May | 11:00 - 11:45am
Online
Day in Court: What Happens When Your Business Goes to Court
Thursday 2 June | 11:00 - 11:45am
Online
How to Manage a Construction Dispute
Thursday 9 June | 11:00 - 11:45am
Online
Startup Financing: Venture Debt 101
Thursday 23 June | 11:00 - 11:45am
Online
Was this article helpful?
We appreciate your feedback – your submission has been successfully received.
About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.
By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.
If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.