Privacy Policy

Privacy Policy
This Policy was last reviewed and updated on: [Date Month Year]
Privacy Policy
[Organisation] values and respects the privacy of the people we deal with. [Organisation] is committed to
protecting your privacy and complying with the Privacy Act 1988 (Cth) (Privacy Act) and other applicable
privacy laws and regulations.
This Privacy Policy (Policy) describes how we collect, hold, use and disclose your personal information, and
how we maintain the quality and security of your personal information.
What is personal information?
“Personal information” means any information or opinion, whether true or not, and whether recorded in a
material form or not, about an identified individual or an individual who is reasonably identifiable. In general
terms, this includes information or an opinion that personally identifies you either directly (e.g. your name) or
What personal information do we collect?
The personal information we collect about you depends on the nature of your dealings with us or what you
choose to share with us.
The personal information we collect about you may include:
● [name;
● mailing or street address;
● date of birth;
● email address;
● phone number
● [insert].]
[Guidance: The above list of personal information is non-exhaustive and serve as examples only. The list should
be tailored according to the types of personal information your organisation collects.]
[Guidance: If your organisation collects sensitive information, tailor the following 2 paragraphs according to the
types of sensitive information you collect, and how you handle such sensitive information. Delete the following 2
paragraphs if your organisation does not collect sensitive information.]
[Under certain circumstances, [Organisation] may need to collect sensitive information about you. This might
include any information or opinion about your racial or ethnic origin, political opinions, political association,
religious or philosophical beliefs, membership of a trade union or other professional body, sexual preferences,
criminal record, or health information.
If we collect your sensitive information, we will do so only with your consent, if it is necessary to prevent a
serious and imminent threat to life or health, or as otherwise required or authorised by law, and we take
appropriate measures to protect the security of this information.]
You do not have to provide us with your personal information. Where possible, we will give you the option to
interact with us anonymously or by using a pseudonym. However, if you choose to deal with us in this way or
choose not to provide us with your personal information, we may not be able to provide you with our services or
otherwise interact with you.
How do we collect your personal information?
We collect your personal information directly from you when you:
● [interact with us over the phone;
● interact with us in person;
● interact with us online;
● participate in surveys or questionnaires;
● attend a [Organisation] event;
● subscribe to our mailing list;
● apply for a position with us as an employee, contractor or volunteer;
● [insert].]
[Guidance: The above list is non-exhaustive and serve as examples only. The list should be tailored according
to how your specific organisation collects personal information.]
Collecting personal information from third parties
We may also collect your personal information from third parties or through publicly available sources, for
example from [insert third parties who your organisation collects personal information from]. We collect your
personal information from these third parties so that [insert the purpose for which your organisation collects
personal information from these third parties].
How do we use your personal information?
We use personal information for many purposes in connection with our functions and activities, including the
following purposes:
● [provide you with information or services that you request from us;
● deliver to you a more personalised experience and service offering;
● improve the quality of the services we offer;
● internal administrative purposes;
● marketing and research purposes;
● [insert].]
[Guidance: The above list is non-exhaustive and serve as examples only. The list should be tailored according
to how your specific organisation uses personal information.]
Disclosure of personal information to third parties
We may disclose your personal information to third parties in accordance with this Policy in circumstances
where you would reasonably expect us to disclose your information. For example, we may disclose your
personal information to:
● [our third party service providers (for example, our IT providers);
● our marketing providers;
● our professional services advisors;
● [insert]].
[Guidance: The above list is non-exhaustive and serve as examples only. The list should be tailored according
to the third parties your organisation discloses personal information to, as well as the reasons for such
Transfer of personal information overseas
Some of the third-party service providers we disclose personal information to may be based in or have servers
located outside of Australia, including in [insert overseas countries where third parties are located / have
Where we disclose your personal information to third parties overseas, we will take reasonable steps to ensure
that data security and appropriate privacy practices are maintained. We will only disclose to overseas third
parties if:
● you have given us your consent to disclose personal information to that third party; or
● we reasonably believe that:
○ the overseas recipient is subject to a law or binding scheme that is, overall, substantially similar to the
APPs; and
○ the law or binding scheme can be enforced; or
● the disclosure is required or authorised by an Australian law or court / tribunal order.
How do we protect your personal information?
[Organisation] will take reasonable steps to ensure that the personal information that we hold about you is kept
confidential and secure, including by:
● [having a robust physical security of our premises and databases / records;
● taking measures to restrict access to only personnel who need that personal information to effectively
provide services to you;
● having technological measures in place (for example, anti-virus software, fire walls);
[Guidance: The above list is non-exhaustive and serve as examples only. The list should be tailored according
to how your specific organisation protects personal information.]
Online activity
[Guidance: Delete / include / amend the following sections as appropriate.]
The [Organisation] website uses cookies. A cookie is a small file of letters and numbers the website puts on
your device if you allow it. These cookies recognise when your device has visited our website(s) before, so we
can distinguish you from other users of the website. This improves your experience and the [Organisation]
We do not use cookies to identify you, just to improve your experience on our website(s). If you do not wish to
use the cookies, you can amend the settings on your internet browser so it will not automatically download
cookies. However, if you remove or block cookies on your computer, please be aware that your browsing
experience and our website’s functionality may be affected.]
[Website analytics
Our website uses [insert relevant analytics service] to help us better understand visitor traffic, so we can
improve our services. Although this data is mostly anonymous, it is possible that under certain circumstances,
we may connect it to you.]
[Direct marketing
We may send you direct marketing communications and information about our services, opportunities, or events
that we consider may be of interest to you if you have requested or consented to receive such communications.
These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with
applicable marketing laws, such as the Australian Spam Act 2003 (Cth). You consent to us sending you those
direct marketing communications by any of those methods. If you indicate a preference for a method of
communication, we will endeavour to use that method whenever practical to do so.
You may opt-out of receiving marketing communications from us at any time by [following the instructions to
“unsubscribe” set out in the relevant communication] / [contacting us using the details set out in the “How to
contact us” section below].
In addition, we may also use your personal information or disclose your personal information to third parties for
the purposes of advertising, including online behavioural advertising, website personalisation, and to provide
targeted or retargeted advertising content to you (including through third party websites).]
Retention of personal information
We will not keep your personal information for longer than we need to. In most cases, this means that we will
only retain your personal information for the duration of your relationship with us unless we are required to
retain your personal information to comply with applicable laws, for example record-keeping obligations.
How to access and correct your personal information
[Organisation] will endeavour to keep your personal information accurate, complete and up to date.
If you wish to make a request to access and / or correct the personal information we hold about you, you should
make a request by contacting us and we will usually respond within [insert] days. We will deal with such a
request by following the procedure outlined below:
● [insert procedure]
Links to third party sites
[Organisation] website(s) may contain links to websites operated by third parties. If you access a third party
website through our website(s), personal information may be collected by that third party website. We make no
representations or warranties in relation to the privacy practices of any third party provider or website and we
are not responsible for the privacy policies or the content of any third party provider or website. Third party
providers / websites are responsible for informing you about their own privacy practices and we encourage you
to read their privacy policies.
Inquiries and complaints
For complaints about how [Organisation] handles, processes or manages your personal information, please
contact [insert Organisation contact]. Note we may require proof of your identity and full details of your request
before we can process your complaint.
Please allow up to [insert] days for [Organisation] to respond to your complaint. It will not always be possible to
resolve a complaint to everyone’s satisfaction. If you are not satisfied with [Organisation]’s response to a
complaint, you have the right to contact the Office of Australian Information Commissioner (at to lodge a complaint.
How to contact us
If you have a question or concern in relation to our handling of your personal information or this Policy, you can
contact us for assistance as follows:
[insert email address]
Contact number
[insert contact number]
Attention: [[Organisation] Privacy Officer]
Address: [insert office address]