Skip to content
LegalVision

What Privacy Policy Do I Need for My Website?

Avatar photo

By Sam Blake
Law Graduate

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn

In Short

  • Many Australian businesses must have a privacy policy if they are covered by the Australian Privacy Principles.
  • A privacy policy must clearly explain what personal information you collect, why, and how you handle it.
  • Using generic or outdated policies can create compliance risks.

Tips for Businesses

Check if your business is an APP entity and assume privacy obligations may expand. Write a policy that matches your real practices, not a copied template. Be clear about what you collect and why. Keep it updated as your business changes and make it easy to find on your website.

Summary

This article explains privacy policy requirements for business owners operating websites in Australia and outlines what the law expects. It is prepared by LegalVision’s business lawyers, and LegalVision, a commercial law firm, specialises in advising clients on privacy and data protection law.

Summarise with:
ChatGPT logo ChatGPT Perplexity logo Perplexity

Open now
Table of Contents

If you are running a business, you are probably collecting personal information. You might be gathering names, email addresses, payment details or tracking website visits. This article will explain whether you need a privacy policy, and if so, what information you should include.

Do I Need a Privacy Policy?

If your business is an APP entity, you are legally required to have a privacy policy. This means you must comply with Australian Privacy Principles (APPs). You are an APP entity if your business generates over $3 million in annual turnover, or if you earn less than $3 million in annual turnover, but you:

  • provide health services and hold health information (like medical centres and gyms);
  • buy or sell information; or
  • are a service provider for the Australian government.

The rules are likely to change soon so that all Australian companies will need to comply with the APPs.

Regardless, it is best practice to set your business up to comply with the principles before you need to. A privacy policy builds trust with your customers, as it shows you take their privacy seriously.

Front page of publication
Notifiable Data Breach Factsheet

This factsheet explains what a data breach is and when one is serious, your reporting obligations, and limiting an NDB’s impact.

Download Now

What Should My Privacy Policy Include?

The APPs set out specific information that your privacy policy must include. Your policy needs to be clear, up-to-date, and written in plain English so that your customers can easily understand it. 

It should be specific to your business and your actual practices, not just a generic template you have copied from somewhere else

The Six Essential Elements

Your privacy policy must cover six key topics:

  1. what information do you collect? (like names, addresses, payment details, or health information);
  2. how do you get it? (directly from customers, through your website, or from third parties);
  3. why do you need it? (such as processing orders or customer service);
  4. can customers see and fix their information? (how they can access their personal information and ask you to correct it);
  5. what if something goes wrong? (how someone can make a complaint if you breach the APPs and how you will handle it); and
  6. do you send information overseas? (whether you disclose personal information to overseas recipients and, if so, which countries).

These six elements form the backbone of your privacy policy, and you must address each one clearly.

Make it Clear and Specific

Your privacy policy should reflect how your business actually operates. Do not use vague terms like ‘we may collect information’. Be specific about what information you collect and why you need it. 

For example, if you run an online store, explain that you collect names and addresses to ship products, and payment details to process orders. Use simple, straightforward language that anyone can understand. A good test is whether a 14-year-old could read and understand your policy.

Information Your Customers Want to Know

Think about what your customers care about, such as:

  • what information are you collecting about them and why; and
  • are you sharing it with anyone else, especially overseas companies? 

Be upfront about this.

If you use contractors or service providers who access customer information, say so. Give customers a general overview of how you protect their information.

Make it Easy to Find

The standard practice is to put a link to your privacy policy in the footer of your website, where it is easy to find on every page.

You also need to make your policy available in different formats if someone asks for it. 

For example, if you run a medical practice and a patient asks to see your privacy policy, you should have a printed copy available for them to read.

Continue reading this article below the form

Common Mistakes to Avoid

Common mistakes include:

  • copying a template privacy policy;
  • saying ‘we may collect information’ when you do collect it; and
  • not keeping your policy up to date.

These can make your policy inaccurate and risky.

Key Takeaways

If your business is an APP entity, you must have a privacy policy. Even if you are not legally required to have one, it is best practice to create one to build customer trust and prepare for business growth.

Generally, businesses with turnover over $3 million, plus some specific exceptions.

Your privacy policy must cover six essential elements: 

  • what information do you collect; 
  • how you collect it; 
  • why you use it;
  • how customers can access and correct their information; 
  • how to make complaints; and 
  • whether you disclose information overseas.

Furthermore, make your policy clear, specific to your business, and easy to find on your website.

LegalVision provides ongoing legal support for Australian businesses through our fixed-fee legal membership. Our experienced lawyers help businesses manage contracts, employment law, disputes, intellectual property and more, with unlimited access to specialist lawyers for a fixed monthly fee. To learn more about LegalVision’s legal membership, call 1300 544 755 or visit our membership page.

Frequently Asked Questions

What is a Privacy Policy?

A privacy policy explains how your business collects, stores, uses and shares personal information.

Who Regulates Privacy Policies?

The Office of the Australian Information Commissioner (OAIC) regulates privacy policies and enforces the Australian Privacy Principles.

Register for our free webinars

Commercial Lease Essentials: What Every Landlord Should Know

Online
Understand the key issues that affect commercial leases. Register for our free webinar.
Register Now

2026 Employment Law Changes: What Businesses and Legal Counsel Need to Know

Online
Stay ahead of 2026 employment law changes with practical insights for businesses and in-house counsel. Register now.
Register Now

Deal-Ready: Navigating Mandatory Merger Compliance for In-House Counsel

Online
Master mandatory merger compliance and learn when ACCC approval is required for your deals. Register for our free webinar today.
Register Now

Global Expansion, Global Protection: Protecting Your Brand Across Borders

Online
Protect your brand as you expand globally. Register for our free webinar.
Register Now
See more webinars >
Sam Blake

Sam Blake

Law Graduate | View profile

Sam is a Law Graduate in LegalVision’s Commercial team. Before joining LegalVision, he worked in business consulting, focusing on strategy and transformation projects.

Qualifications:  Bachelor of Laws, Bachelor of Commerce, University of Otago.

Read all articles by Sam

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

Data Privacy Laws and Real Estate: What Your Agency Should Know

Data Protection and Privacy Laws for Your Fashion and Beauty Business

Data Protection and Privacy Laws for Your Charity

Data Protection and Privacy Laws in Aged Care

LegalVision is an award-winning business law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards