Privacy policies are one of those things that many start-ups think they don’t need to worry about. However, almost every business needs to have an effective privacy policy.

A privacy policy is a statement or a legal document that discloses how you gather, use, disclose, and manage a customer, website visitor, or client’s data. It fulfils your legal requirement to protect a customer or client’s privacy.

Starting your business the right way means setting the foundations appropriately and building trust with your customers. One of the ways you can do that is with an easily accessible, well drafted and legally compliant privacy policy.


Plus, if you want to use online tools such as email marketing (think newsletter signups and opt-ins), or Facebook ads etc. you will need to provide a link to your Privacy Policy. Visitors may not sign up for anything on your website, or fill in a contact form, however, your website will collect their IP address, which is classified as personal information.


Let’s talk about the in’s and out’s of why Privacy Policies matter:


The Privacy Act 1988

It has always been the case that the Privacy Act requires all organisations and businesses with a turnover of over 3 million dollars to have Privacy Policy.

What you need to know is

  • The Privacy Act now requires all business websites, regardless of turnover, to publish a compliant Privacy Policy to collect ANY customer or website visitor information (IP addresses or cookies data).
  • Regardless of turnover, the Privacy Act also requires private sector health service providers, including hospitals, doctors’ clinics, and similar traditional and allied health and wellbeing service providers, gyms, weight loss clinics, childcare centres who may collect private and sensitive health information to have a Privacy Policy.

General Data Protection Regulations (GDPR) and Australian Businesses

The General Data Protection Regulations (GDPR) are laws set to protect residents’ privacy and personal information in the European Union (EU).

Importantly, these laws also apply to organisations that operate outside the EU (like many of our Love Your Legals clients) and have users/clients/customers/contacts/website visitors who reside in the EU.

You may not be selling to the EU, not have a physical office or an agent in the EU, and you may not be marketing to the EU. However, you are likely to be present in social media groups with a global membership who may visit your website. You have no control over the location of the IP address of visitors to your website.

One of the requirements under GDPR is for businesses to have a compliant privacy policy. Specifically, this includes that the privacy policy should be written in easy-to-understand language. However, just having a Privacy Policy does not make your business GDPR compliant; it is merely one important part of the puzzle. Other operational measures must be taken as well. For more information, get my GDPR compliance checklist here.


How to Create an Effective Privacy Policy

There are many requirements for collecting and managing personal data under GDPR or any other privacy laws across the globe.

It generally won’t mean you need to re-work your entire business process. Instead, focus on understanding how and why you collect personal information and how to secure that information.

Key questions to consider for creating or updating your privacy policy include:

  • Do you collect any personal information? (Names, phone numbers, email addresses etc.)
  • How is this information collected? (Form submission, payment gateway, client intake form etc.)
  • Why is this information collected? (To deliver purchases, to email files, to perform services etc.)
  • How is this information stored? (I.e. paper files in a draw, online database, CRM etc.)
  • How do you keep this information safe? (Password protected accounts, 2FA, key-locked draw etc.)
  • How long is this information kept? (This may be dependant on obligations such as tax and accounting needs.)
  • Do you share or sell this information? (If you do, to whom, and why?)
  • Do third parties have access to this information? (Service providers, for example.)
  • Do you use cookies? (If so, do you have a cookie opt-in option, with cookies triggering AFTER opt-in is approved?)
  • How do users control these aspects? (Can users request the removal of data?)


Should You Use a Privacy Policy Template?

Privacy Policy templates can be a practical and economic resource for start-ups and small businesses. A template means you don’t need to start from scratch, or pay expensive legal fees, to get an effective policy in place.

In the case of privacy policy templates, there are a few details you will need to complete based on the operations and data collection requirements for your business. However, it’s much more straightforward than figuring it out for yourself.

I’ve created an easy-to-implement Privacy Policy Template suitable for Australian start-ups, small businesses, and online blogs. It comes with 14 days of free email support for basic queries and straightforward instructions to get started.

Not sure if it’s right for you? Email me at, and I’ll be happy to help.