Skip to content
LegalVision

What Is the Difference Between a Privacy Policy and Collection Notice?

Jacqueline Gibson

By Jacqueline Gibson
Senior Lawyer

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Summarise with: ChatGPT logo ChatGPT Perplexity logo Perplexity Microsoft Copilot logo Microsoft Copilot
Table of Contents

You most likely will have heard of, and seen, a privacy policy. A collection notice is a lesser-known document, but can be crucial for your business. If your business is an APP entity, you will need to comply with the Privacy Act, and you should have both documents. This article will explain the differences between a privacy policy and collection notice, and when you will need to have each.

What Is an APP Entity?

An APP entity is a business that must handle any personal information it collects in accordance with the Privacy Act. If your business does not comply with the Act, you could face regulatory action and receive fines.

If your business has an annual turnover of $3 million or more, you are an APP entity. Therefore, you will need to comply with the Privacy Act. You will also be an APP entity if your company:

  • holds health information;
  • provides a health service; or
  • buys and sells personal information.

There are other tests that may make your business an APP entity, so you should always speak with a privacy lawyer to confirm if any apply to you.

If your business is an APP entity, you must understand how to handle personal information under the Privacy Act. 

If you are not an APP entity right now, you may become one in the future if your turnover reaches over $3 million. Therefore, it is best practice to comply with the Privacy Act from the start.

What Is a Privacy Policy?

privacy policy is a document that acts as a guide on how you collect and manage personal information. Personal information is any information that can be used to identify a person, whether true or not.

A privacy policy should clearly set out the types of personal information your business: 

  • collects;
  • holds;
  • uses; and 
  • discloses. 

If your business is an APP entity, your privacy policy must also include all of the requirements set out under the Australian Privacy Principles (APPs). 

Some of the core requirements include that the privacy policy:

  • explains how you collect, use and disclose personal information;
  • is easy to read;
  • outlines if you disclose personal information overseas;
  • outlines what countries you disclose it to;
  • provides details about a person’s rights under privacy laws; 
  • outlines how someone can make a privacy complaint to your business; and 
  • explains how someone can make a complaint to the privacy regulator.

Once you have prepared a privacy policy for your business, you will need to make the privacy policy easily accessible. This way, anyone interested in your privacy management practices can easily read about this in your privacy policy. 

You should also make your privacy policy known at any time that you collect personal information. 

For example, if you have a ‘contact us’ form on your website, you should have a statement such as the following that hyperlinks to your privacy policy:

‘We collect and handle your personal information in accordance with our privacy policy.’ 

Continue reading this article below the form
Loading form

What Is a Collection Notice?

When collecting someone’s information, you must notify them that you are doing so. That is unless it is impracticable to notify the person at that time. In which case, you may still need to notify them after you have collected their personal information. 

collection notice can be likened to a summary of the privacy policy, as it sets out the key details that someone should know about how you will use their personal information. It is shorter than a privacy policy but does not replace it altogether. It will often refer to, or directly link to, the privacy policy.

When Do I Use a Privacy Policy or Collection Notice?

You will often need both a privacy policy and collection notice as they serve different purposes. The privacy policy is a document that captures information about all of your businesses’ privacy practices. It also provides an overview of how you: 

  • collect;
  • hold;
  • use; and 
  • disclose personal information.

In comparison, you will use a collection notice to notify someone on the most crucial things they should know when you are collecting their personal information. 

It is best practice to use a collection notice each time you collect personal information. 

For example, you should include a collection notice on a form on your website where someone enters their details to create an account. You should also include it on any ‘contact us’ forms you may also have on your website. 

It is also important that your privacy policy is available on the footer of your website and available within your collection notices.

However, it is generally accepted that if you have drafted your privacy policy with all of the relevant APP matters included, you can use a privacy policy at the point of collection, rather than a specific collection notice.

Key Takeaways

If your business is an APP entity under the Privacy Act, you must be aware of the difference between a privacy policy and a collection notice. You also need to know how to prepare and use these documents in line with the APPs. If your privacy policy is drafted in line with the APPs, you may not need to use a collection notice when collecting your user’s personal details. If you have any questions about when to use a privacy policy or collection notice, contact LegalVision’s privacy lawyers on 1300 544 755 or fill out the form on this page.

Register for our free webinars

Demystifying M&A: What Every Business Owner Should Know

Online
Understand the essentials of mergers and acquisitions and protect your business value. Register for our free webinar.
Register Now

Social Media Compliance: Safeguard Your Brand and Avoid Common Pitfalls

Online
Avoid legal pitfalls in social media marketing and safeguard your brand. Register for our free webinar.
Register Now

Building a Strong Startup: Ask a Lawyer and Founder Your Tough Questions

Stone & Chalk Tech Central, Level 1 - 477 Pitt St Haymarket 2000
Join LegalVision and Bluebird at the Spark Festival to ask a lawyer and founder your startup questions. Register now.
Register Now

Construction Industry Update: What To Expect in 2026

Online
Stay ahead of major construction regulatory changes. Register for our free webinar.
Register Now
See more webinars >
Jacqueline Gibson

Jacqueline Gibson

Read all articles by Jacqueline

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

5 Key Clauses Your Privacy Manual Must Include

Do I Need to Use a Collection Notice on my Website?

Can I Collect and Use My Employees’ Personal Information?

Can I Collect Customer Information Without a Privacy Policy?

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards