Reading time: 5 minutes

You most likely will have heard of, and seen, a privacy policy. A collection notice is a lesser-known document, but can be crucial for your business. If your business is an APP entity, you will need to comply with the Privacy Act, and you should have both documents. This article will explain the differences between a privacy policy and collection notice, and when you will need to have each.

What Is an APP Entity?

An APP entity is a business that must handle any personal information it collects in accordance with the Privacy Act. If your business does not comply with the Act, you could face regulatory action and receive fines.

If your business has an annual turnover of $3 million or more, you are an APP entity. Therefore, you will need to comply with the Privacy Act. You will also be an APP entity if your company:

  • holds health information;
  • provides a health service; or
  • buys and sells personal information.

There are other tests that may make your business an APP entity, so you should always speak with a privacy lawyer to confirm if any apply to you.

If your business is an APP entity, you must understand how to handle personal information under the Privacy Act. 

If you are not an APP entity right now, you may become one in the future if your turnover reaches over $3 million. Therefore, it is best practice to comply with the Privacy Act from the start.

What Is a Privacy Policy?

privacy policy is a document that acts as a guide on how you collect and manage personal information. Personal information is any information that can be used to identify a person, whether true or not.

A privacy policy should clearly set out the types of personal information your business: 

  • collects;
  • holds;
  • uses; and 
  • discloses. 

If your business is an APP entity, your privacy policy must also include all of the requirements set out under the Australian Privacy Principles (APPs). 

Some of the core requirements include that the privacy policy:

  • explains how you collect, use and disclose personal information;
  • is easy to read;
  • outlines if you disclose personal information overseas;
  • outlines what countries you disclose it to;
  • provides details about a person’s rights under privacy laws; 
  • outlines how someone can make a privacy complaint to your business; and 
  • explains how someone can make a complaint to the privacy regulator.

Once you have prepared a privacy policy for your business, you will need to make the privacy policy easily accessible. This way, anyone interested in your privacy management practices can easily read about this in your privacy policy. 

You should also make your privacy policy known at any time that you collect personal information. 

For example, if you have a ‘contact us’ form on your website, you should have a statement such as the following that hyperlinks to your privacy policy:

‘We collect and handle your personal information in accordance with our privacy policy.’ 

What Is a Collection Notice?

When collecting someone’s information, you must notify them that you are doing so. That is unless it is impracticable to notify the person at that time. In which case, you may still need to notify them after you have collected their personal information. 

collection notice can be likened to a summary of the privacy policy, as it sets out the key details that someone should know about how you will use their personal information. It is shorter than a privacy policy but does not replace it altogether. It will often refer to, or directly link to, the privacy policy.

When Do I Use a Privacy Policy or Collection Notice?

You will often need both a privacy policy and collection notice as they serve different purposes. The privacy policy is a document that captures information about all of your businesses’ privacy practices. It also provides an overview of how you: 

  • collect;
  • hold;
  • use; and 
  • disclose personal information.

In comparison, you will use a collection notice to notify someone on the most crucial things they should know when you are collecting their personal information. 

It is best practice to use a collection notice each time you collect personal information. 

For example, you should include a collection notice on a form on your website where someone enters their details to create an account. You should also include it on any ‘contact us’ forms you may also have on your website. 

It is also important that your privacy policy is available on the footer of your website and available within your collection notices.

However, it is generally accepted that if you have drafted your privacy policy with all of the relevant APP matters included, you can use a privacy policy at the point of collection, rather than a specific collection notice.

Key Takeaways

If your business is an APP entity under the Privacy Act, you must be aware of the difference between a privacy policy and a collection notice. You also need to know how to prepare and use these documents in line with the APPs. If your privacy policy is drafted in line with the APPs, you may not need to use a collection notice when collecting your user’s personal details. If you have any questions about when to use a privacy policy or collection notice, contact LegalVision’s privacy lawyers on 1300 544 755 or fill out the form on this page.

Webinars

Key Considerations When Buying a Business

Thursday 11 November | 11:00 - 11:45am

Online
Learn which questions to ask when buying a business to avoid legal and operational pitfalls, so you can hit the ground running. Join our free webinar.
Register Now

Innovation Nation: How to Make the Most of Australia’s Business Innovation and Investor Visas

Thursday 18 November | 11:00 - 11:45am

Online
Want to expand your business into Australia? You need the right visa. Register for our free webinar to learn more.
Register Now

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2019 Most Innovative Firm - Australasian Lawyer