In a world where data is everything, it is vitally important for your business to have a privacy policy. In this guide, we'll step you through what you should include in your privacy policy and you'll hear from an experienced eCommerce lawyer.
What is a privacy policy?
A privacy policy is essentially a disclaimer that states in clear terms how your company handles the personal information of your customers.
If your business is covered by the Privacy Act 1988 (Cth), you must have a stated privacy policy. Some eCommerce platforms and search engines also require businesses to have a privacy policy available to their customers.
Generally, the Privacy Act covers organisations operating in Australia and having an annual turnover of more than $3 million.
You can print your privacy policy on paper, make it available to everyone on your website, or have it displayed on your customers' mobile device.
Author: Farrah Motley, is an eCommerce business lawyer located in Australia.
Information Your Privacy Policy Should Provide
There are a number of things that your privacy policy should contain. For more detailed guidance, you should talk to an eCommerce lawyer.
The Privacy Policy of your organisation must inform your customers of:
Your name
Your contact details
What personal information you are collecting and storing
How you are collecting the personal information
Where you are storing it
The reasons for collecting such personal information
How you will use and disclose such information
How your customers can access their personal information
How they can ask for a correction
How your customers can complain if they feel that their information is being mishandled
How you can handle customer complaints
In case you have to disclose customer information outside of Australia, then which countries you are more likely to disclose such information to
If your organisations' privacy policy states that you are likely to send the personal information of your customers overseas, and if something goes wrong, your eCommerce might be held legally responsible for it.
In that case, you should talk to an eCommerce lawyer.
Things Your Privacy Policy Should Include
There are a set of things that you must include in your privacy policy to avoid legal complications.
If you are unsure, always talk to an eCommerce lawyer.
For instance, your privacy policy should include information like the duration for which you are going to keep the personal information of your customers with you and whether it will be scanned. For your convenience, we have put together a list containing the most important things that you should include in your privacy policy:
Opening Statement
In the opening statement of your privacy policy, you should mention your organisation’s commitment to maintaining the confidentiality of the information that you are going to collect.
You should also include the necessary documents that show your compliance with the Privacy Act, the Australian Privacy Principles, and other privacy obligations that are relevant to your business, like the Privacy (Credit Reporting) Code 2014.
An eCommerce lawyer can help you to draft an opening statement in your privacy policy.
Collection and Use of Personal Information
In this section, you should mention in detail:
What is personal information
[This is information that can render an individual reasonably identifiable]
What type of personal information your business is collecting
[This information can include name, phone number, email address, social media profile, employment history, etc.] You should provide the details of the information that is collected through apps and websites, such as date and time of website access, IP addresses, location information, and cookies]
How your business has collected that information
[Here, you can inform your customers that you can collect their information directly from them, a third-party provider, any publicly available source, or cookies]
Why you have collected that information
[Explain if such information is helping you in improving your products and services, or expanding your marketing scope, or designing personalisation, etc.]
Each of these points is vitally important and you should consult with an eCommerce lawyer to understand how each of these requirements relate to your eCommerce business.
Collection and Use of Sensitive Information
In this part of the Privacy Policy, you must define the term ‘sensitive information’. This is usually information related to an individual’s ethnic or racial origin, religious beliefs, political opinion and/or association, sexual orientation, professional association, membership of a trade, health information, criminal records, etc.
While explaining this point, you must mention that such sensitive information is collected only when the individual consents to providing them. You should also clarify that this information is going to be used for the original purpose of collection only.
If you are unsure how your eCommerce business can collect and use sensitive information, you should contact an eCommerce lawyer.
Disclosure of Personal and Sensitive Information
In this segment, you need to describe when, why and to whom you might disclose the personal information of your customers. For instance, you might have to share it with your contractors and marketers.
You might need to provide their information for data analysis to apps like Google Analytics or present them to authorities and/or courts as required by law. You also need to mention if the information is likely to be disclosed overseas, and if so, what will be the impact of that on data protection.
Storage/Security of Personal Information
In this section of your privacy policy, you should state how you are storing and protecting your customers' personal information, for example through encryption.
You should mention how long you are going to keep the information. Your eCommerce business should also explain if you are combining the personal information of individuals in a file or storing them separately.
An eCommerce lawyer can help you to frame the wording of your privacy policy.
Access to and Correction of Personal Information
It is very important to include in your Privacy Policy that every individual has the right to access their personal information held by your business. They can also request to change, update, or correct that information if required.
Enquiries and Complaints
You must describe in detail an enquiry and complaint process in your Privacy Policy. You should also elucidate the additional steps that the other parties can take if they are unsatisfied with the result of an enquiry or complaint. For example, you can guide them first to an external dispute resolution scheme and then to the Office of the Australian Information Commissioner.
You must also provide a generic phone number and an email address for your customers to get in touch with you. These contact details should not change, irrespective of the staff member in charge.
An eCommerce lawyer can provide legal advice on how to handle privacy complaints.
Review of Privacy Policy
In the end, you must incorporate in your Privacy Policy a statement about your business’ commitment to keeping your privacy policy up to date and publishing every change that you make to the privacy policy on all mediums.
Privacy Policies in Summary
While creating your Privacy Policy, you need to elaborate everything carefully to avoid legal complications. Also, you must update your privacy policy if your information handling practices change.
You can either publish your updated privacy policy on your website or send them to your customers through email or post a hard copy to their physical address.
How can Prosper Law help?
If you need fast and affordable e-commerce legal advice, contact the team at Prosper Law today.
We can help you to prepare all the terms and conditions necessary for your website, as well as provide you with legal advice about your legal rights and obligations. Our eCommerce lawyer can assist to provide you with a bespoke privacy policy for your eCommerce business.
Want to read more? Check out our article which answers the question what does 'without prejudice' mean?
Author: Farrah Motley | Legal Principal
PROSPER LAW - A Commercial Law Firm for Businesses
M: 0422 721 121
A: Suite No. 99, Level 54, One One One Eagle Street, Brisbane, Queensland, Australia
Opmerkingen