Skip to content
LegalVision

What Are the Differences Between a Website’s Privacy Notice and Privacy Policy?

Avatar photo

By Jessica Anderson
Senior Lawyer

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn

In Short

  • Privacy policies outline what personal information is collected and how it’s handled.

  • Privacy notices are shorter summaries, usually displayed as pop-ups or banners on websites.

  • Businesses should ensure both documents are clear, accessible, and compliant with privacy laws.

Tips for Businesses
Ensure your website has both a comprehensive privacy policy and a concise privacy notice. The policy should detail the types of data collected, how it’s used, and who it’s shared with. The notice should summarise this and encourage users to read the full policy. Regularly review and update these documents for compliance.

Summarise with: ChatGPT logo ChatGPT Claude logo Claude Perplexity logo Perplexity Microsoft Copilot logo Microsoft Copilot
Table of Contents

Data and privacy laws are being scrutinised and updated, so businesses need to revise the way they collect and handle private information on their website. It is important to be clear on your privacy obligations, including what you need to tell people from whom you collect personal information. In this article, we explore the differences between a privacy policy and a privacy notice; two documents you will use in the course of business when gathering personal information.

The Difference Between a Privacy Policy and Privacy Notice

privacy policy is a document that sits on your website, to tell visitors: 

  • what information you are collecting about them; and 
  • how you will handle that information. 

Although a privacy notice can take many forms, it is usually a short summary of your privacy policy, with a link referring visitors to the full document. It often appears in a pop-up box when website visitors are about to enter their personal information. So, the key differences are the: 

  • length of the documents; and 
  • way they appear on your website. 

A privacy notice might look like this: 

“To enable you to use this website, we may collect your personal information. Please refer to our privacy policy which sets out what information we collect and where we store it”. 

The pop-up box would ideally contain a link to your website’s privacy policy. 

The Purpose of a Privacy Policy

Your privacy policy should outline:

  • what sort of personal information you collect from website visitors;
  • the reasons you collect that information;
  • who you share that information with, especially if you share it with third parties; 
  • how you treat sensitive information;
  • the individual’s rights over their personal information;
  • how you store the information; and
  • your use of cookies.  

It is recommended that all businesses that collect personal information have a privacy policy, but only APP (Australian Privacy Principles) entities are required to have one. An APP entity includes businesses that:

  • have an annual turnover of more than $3 million;
  • is a health service provider; or
  • buys, sells or otherwise trades in personal information.

Although your business may not tick these boxes just yet, eventually you may exceed $3 million in annual turnover. It is best practice to implement these privacy practices early, to avoid difficulties if you become an APP entity in the future. Regardless, having a privacy policy demonstrates to customers that you take their privacy seriously.  

Continue reading this article below the form
Loading form

The Purpose of a Privacy Notice

Your privacy notice will summarise and reference your privacy policy. It will usually outline: 

  • the purpose for which you are collecting personal information; and 
  • whether you will be passing the information on to third parties. 

It should also state that further information can be found in your privacy policy. 

How to Publicise Your Privacy Policy and Privacy Notice

These are both public documents that set out how you process data, so they must be clear and accessible. Your privacy policy should be available on your website and is usually accessible via a link in the footer, towards the bottom of each page. 

It is appropriate to use a privacy notice when you want to remind customers that you collect personal information, to encourage them to re-read your privacy policy. 

For example, it may pop up when users are filling out a form on your website. 

Is It Mandatory to Have a Privacy Policy? 

Whether you are legally required to have a privacy policy is dictated by the APPs. However, it is best practice to be transparent with your customers by outlining precisely what personal information you collect and how you handle it. A privacy notice is also useful to remind customers of your privacy policy. 

Key Takeaways 

A privacy policy and privacy notice are legal documents that outline your business’ collection, storage and handling of personal information. A privacy policy extensively details what information you are collecting and how that information will be used. In contrast, a privacy notice is a short summary of the privacy policy, which will appear in a pop-up box to remind your website visitors to read the full terms. If you are looking for advice on your privacy obligations or for a privacy policy and privacy notice to be drafted for you, contact LegalVision’s Privacy lawyers on 1300 544 755 or fill out the form on this page.

Register for our free webinars

ACCC Merger Reforms: Key Takeaways for Executives and Legal Counsel

Online
Understand how the ACCC’s merger reforms impact your legal strategy. Register for our free webinar.
Register Now

Ask an Employment Lawyer: Contracts, Performance and Navigating Dismissals

Online
Ask an employment lawyer your contract, performance and dismissal questions in our free webinar. Register today.
Register Now

Stop Chasing Unpaid Invoices: Payment Terms That Actually Work

Online
Stop chasing late payments with stronger terms and protections. Register for our free webinar.
Register Now

Managing Psychosocial Risks: Employer and Legal Counsel Responsibilities

Online
Protect your business by managing workplace psychosocial risks. Register for our free webinar.
Register Now
See more webinars >
Jessica Anderson

Jessica Anderson

Senior Lawyer | View profile

Jessica is a Senior Lawyer in LegalVision’s Commercial Contracts team. From day to day, Jessica enjoys preparing contracts to suit her clients’ needs, and walking clients through key-risk issues whether within a contract or within the broader regulatory landscape, from privacy law, consumer law, or community gaming and charities law.

Qualifications: Bachelor of Laws, Graduate Diploma of Legal Practice, Macquarie University.

Read all articles by Jessica

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

Can I Collect Customer Information Without a Privacy Policy?

3 Legal Documents Your Online Marketplace Needs

Does the Data Breach Mandatory Notification Law Affect My Small Business?

How Can Businesses Protect Confidential Information?

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards