Reading time: 5 minutes

You most likely will have heard of, and seen, a privacy policy. A collection notice is a lesser-known document, but can be crucial for your business. If your business is an APP entity, you will need to comply with the Privacy Act, and you should have both documents. This article will explain the differences between a privacy policy and collection notice, and when you will need to have each.

What Is an APP Entity?

An APP entity is a business that must handle any personal information it collects in accordance with the Privacy Act. If your business does not comply with the Act, you could face regulatory action and receive fines.

If your business has an annual turnover of $3 million or more, you are an APP entity. Therefore, you will need to comply with the Privacy Act. You will also be an APP entity if your company:

  • holds health information;
  • provides a health service; or
  • buys and sells personal information.

There are other tests that may make your business an APP entity, so you should always speak with a privacy lawyer to confirm if any apply to you.

If your business is an APP entity, you must understand how to handle personal information under the Privacy Act. 

If you are not an APP entity right now, you may become one in the future if your turnover reaches over $3 million. Therefore, it is best practice to comply with the Privacy Act from the start.

What Is a Privacy Policy?

privacy policy is a document that acts as a guide on how you collect and manage personal information. Personal information is any information that can be used to identify a person, whether true or not.

A privacy policy should clearly set out the types of personal information your business: 

  • collects;
  • holds;
  • uses; and 
  • discloses. 

If your business is an APP entity, your privacy policy must also include all of the requirements set out under the Australian Privacy Principles (APPs). 

Some of the core requirements include that the privacy policy:

  • explains how you collect, use and disclose personal information;
  • is easy to read;
  • outlines if you disclose personal information overseas;
  • outlines what countries you disclose it to;
  • provides details about a person’s rights under privacy laws; 
  • outlines how someone can make a privacy complaint to your business; and 
  • explains how someone can make a complaint to the privacy regulator.

Once you have prepared a privacy policy for your business, you will need to make the privacy policy easily accessible. This way, anyone interested in your privacy management practices can easily read about this in your privacy policy. 

You should also make your privacy policy known at any time that you collect personal information. 

For example, if you have a ‘contact us’ form on your website, you should have a statement such as the following that hyperlinks to your privacy policy:

‘We collect and handle your personal information in accordance with our privacy policy.’ 

What Is a Collection Notice?

When collecting someone’s information, you must notify them that you are doing so. That is unless it is impracticable to notify the person at that time. In which case, you may still need to notify them after you have collected their personal information. 

collection notice can be likened to a summary of the privacy policy, as it sets out the key details that someone should know about how you will use their personal information. It is shorter than a privacy policy but does not replace it altogether. It will often refer to, or directly link to, the privacy policy.

When Do I Use a Privacy Policy or Collection Notice?

You will often need both a privacy policy and collection notice as they serve different purposes. The privacy policy is a document that captures information about all of your businesses’ privacy practices. It also provides an overview of how you: 

  • collect;
  • hold;
  • use; and 
  • disclose personal information.

In comparison, you will use a collection notice to notify someone on the most crucial things they should know when you are collecting their personal information. 

It is best practice to use a collection notice each time you collect personal information. 

For example, you should include a collection notice on a form on your website where someone enters their details to create an account. You should also include it on any ‘contact us’ forms you may also have on your website. 

It is also important that your privacy policy is available on the footer of your website and available within your collection notices.

However, it is generally accepted that if you have drafted your privacy policy with all of the relevant APP matters included, you can use a privacy policy at the point of collection, rather than a specific collection notice.

Key Takeaways

If your business is an APP entity under the Privacy Act, you must be aware of the difference between a privacy policy and a collection notice. You also need to know how to prepare and use these documents in line with the APPs. If your privacy policy is drafted in line with the APPs, you may not need to use a collection notice when collecting your user’s personal details. If you have any questions about when to use a privacy policy or collection notice, contact LegalVision’s privacy lawyers on 1300 544 755 or fill out the form on this page.


Day in Court: What Happens When Your Business Goes to Court

Thursday 2 June | 11:00 - 11:45am

If your business is going to court, then you need to understand the process. Our free webinar will explain.
Register Now

How to Manage a Construction Dispute

Thursday 9 June | 11:00 - 11:45am

Protect your construction firm from disputes. To understand how, join our free webinar.
Register Now

Startup Financing: Venture Debt 101

Thursday 23 June | 11:00 - 11:45am

Learn how venture debt can help take your startup to the next level. Register for our free webinar today.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards