You most likely will have heard of, and seen, a privacy policy. A collection notice is a lesser-known document, but can be crucial for your business. If your business is an APP entity, you will need to comply with the Privacy Act, and you should have both documents. This article will explain the differences between a privacy policy and collection notice, and when you will need to have each.

What Is an APP Entity?

An APP entity is a business that must handle any personal information it collects in accordance with the Privacy Act. If your business does not comply with the Act, you could face regulatory action and receive fines.

If your business has an annual turnover of $3 million or more, you are an APP entity. Therefore, you will need to comply with the Privacy Act. You will also be an APP entity if your company:

  • holds health information;
  • provides a health service; or
  • buys and sells personal information.

There are other tests that may make your business an APP entity, so you should always speak with a privacy lawyer to confirm if any apply to you.

If your business is an APP entity, you must understand how to handle personal information under the Privacy Act. 

If you are not an APP entity right now, you may become one in the future if your turnover reaches over $3 million. Therefore, it is best practice to comply with the Privacy Act from the start.

What Is a Privacy Policy?

privacy policy is a document that acts as a guide on how you collect and manage personal information. Personal information is any information that can be used to identify a person, whether true or not.

A privacy policy should clearly set out the types of personal information your business: 

  • collects;
  • holds;
  • uses; and 
  • discloses. 

If your business is an APP entity, your privacy policy must also include all of the requirements set out under the Australian Privacy Principles (APPs). 

Some of the core requirements include that the privacy policy:

  • explains how you collect, use and disclose personal information;
  • is easy to read;
  • outlines if you disclose personal information overseas;
  • outlines what countries you disclose it to;
  • provides details about a person’s rights under privacy laws; 
  • outlines how someone can make a privacy complaint to your business; and 
  • explains how someone can make a complaint to the privacy regulator.

Once you have prepared a privacy policy for your business, you will need to make the privacy policy easily accessible. This way, anyone interested in your privacy management practices can easily read about this in your privacy policy. 

You should also make your privacy policy known at any time that you collect personal information. 

For example, if you have a ‘contact us’ form on your website, you should have a statement such as the following that hyperlinks to your privacy policy:

‘We collect and handle your personal information in accordance with our privacy policy.’ 

What Is a Collection Notice?

When collecting someone’s information, you must notify them that you are doing so. That is unless it is impracticable to notify the person at that time. In which case, you may still need to notify them after you have collected their personal information. 

collection notice can be likened to a summary of the privacy policy, as it sets out the key details that someone should know about how you will use their personal information. It is shorter than a privacy policy but does not replace it altogether. It will often refer to, or directly link to, the privacy policy.

When Do I Use a Privacy Policy or Collection Notice?

You will often need both a privacy policy and collection notice as they serve different purposes. The privacy policy is a document that captures information about all of your businesses’ privacy practices. It also provides an overview of how you: 

  • collect;
  • hold;
  • use; and 
  • disclose personal information.

In comparison, you will use a collection notice to notify someone on the most crucial things they should know when you are collecting their personal information. 

It is best practice to use a collection notice each time you collect personal information. 

For example, you should include a collection notice on a form on your website where someone enters their details to create an account. You should also include it on any ‘contact us’ forms you may also have on your website. 

It is also important that your privacy policy is available on the footer of your website and available within your collection notices.

However, it is generally accepted that if you have drafted your privacy policy with all of the relevant APP matters included, you can use a privacy policy at the point of collection, rather than a specific collection notice.

Key Takeaways

If your business is an APP entity under the Privacy Act, you must be aware of the difference between a privacy policy and a collection notice. You also need to know how to prepare and use these documents in line with the APPs. If your privacy policy is drafted in line with the APPs, you may not need to use a collection notice when collecting your user’s personal details. If you have any questions about when to use a privacy policy or collection notice, contact LegalVision’s privacy lawyers on 1300 544 755 or fill out the form on this page.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.
Jacqueline Gibson

Get a Free Quote Now

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • We will be in touch shortly with a quote. By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.

Our Awards

  •  Top 20 Startups in Australia - 2018 LinkedIn Startups List Top 20 Startups in Australia - 2018 LinkedIn Startups List
  • NewLaw Firm of the Year – 2019 Australian Law Awards NewLaw Firm of the Year – 2019 Australian Law Awards
  • Law Firm of the Year Finalist – 2018 Australasian Law Awards Law Firm of the Year Finalist – 2018 Australasian Law Awards
  • AFR Fast 100 List – 2018 Australian Financial Review AFR Fast 100 List – 2018 Australian Financial Review
  • NewLaw Firm of the Year – 2017 Australian Law Awards NewLaw Firm of the Year – 2017 Australian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer Most Innovative Law Firm - 2019 Australasian Lawyer

Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at info@legalvision.com.au

View Privacy Policy