A Privacy Policy sets out how your business will deal with personal information. It is important for businesses that collect personal information to have a detailed Privacy Policy that follows the Australian Privacy Principles. In addition to setting out what personal information you collect, how the personal information is used and disclosed, how the personal information is stored, your Privacy Policy also needs to include your customer’s rights in relation to the personal information your business collects.

It is important to expressly include a clause in your Privacy Policy that addresses the rights of your customers in respect of their personal information. What needs to be addressed in the clause regarding your customer’s rights has been set out below. For further clarification, we advise that you speak with an experienced contract lawyer.

Choice and consent

You need to explain to your customers that providing personal information is optional. Customers are not required to provide your business with their personal information, however, you should also explain that in refusing to provide personal information, you may not be able to provide the products and/or services requested. You should also include in your Privacy Policy that in providing any personal information, the customer is consenting to the terms of your Privacy Policy, including any use and disclosure of their personal information as set out in your Privacy Policy.

Restriction

Your customers should also be given the option to restrict the collection and use of their personal information. Where customers have given their permission for your business to use and disclose their personal information for direct marketing purposes, you should explain in your Privacy Policy that the customers can contact you at any time to change their mind and remove themselves from the contact list for marketing.

Access

Customers are given rights to request details of the personal information that your business holds about them in circumstances as set out in the Privacy Act. You are, however, able to charge an administrative fee for providing such access. If you are looking to charge a fee, this should be indicated in your Privacy Policy.

Correction

Where customers believe that their information is incorrect, inaccurate, or out of date, your customers have a right to contact you and request that their personal information be corrected.

Complaints

In the event that a customer has any complaints or believes that you have breached any of the provisions of the Privacy Act, your customers should be encouraged to first contact you so that you have an opportunity to investigate the complaint. How you will deal with such complaints should be set out in your Privacy Policy. This includes setting out the outcome of your investigations and what steps you propose to take to remedy the breach.

Unsubscribing

If you use personal information to send newsletters or other promotional material, your customers must be given an option to unsubscribe. Your Privacy Policy should set out how customers can unsubscribe from an email database, request to be removed from a marketing or contact list, or opt out of communications.

Conclusion

It is essential that your Privacy Policy include a clause that addresses your customers’ rights to their personal information. This is required as part of a business’ compliance with the Australian Privacy Principles. If you are unsure of what rights your customers have in relation to the personal information that your business collects, or if there are any disputes with your customers in relation to your use and disclosure of their personal information, you should speak to a contract lawyer. Our lawyers at LegalVision are happy to assist!

Ask Priscilla a Question

If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.