A privacy policy is a statement that explains in simple language how an organisation or agency handles your personal information.
Any organisation or agency the Privacy Act 1988 covers must have a privacy policy.
The Privacy Act covers organisations with an annual turnover more than $3 million and operating in Australia, and some other organisations. A number of factors go into deciding if an organisation operates in Australia, including if they have a presence in Australia or carry on a business in Australia.
A privacy policy may be printed on paper, available on a website or displayed on a mobile device’s screen. If you don’t have access to the internet, you can phone the organisation or agency and ask for a paper copy.
An organisation or agency’s privacy policy must tell you:
If an organisation or agency’s privacy policy says that your personal information is likely to be sent overseas, if something goes wrong then they may be legally responsible.
A privacy policy may also include other information. For example, how long your personal information is kept and if it must be scanned.
An organisation or agency must update their privacy policy when their information handling practices change. They must publicise the updated privacy policy, for example on their website and through email or postal lists.
If you can’t understand an organisation or agency’s privacy policy, ask them to explain it.