What is a privacy statement? What do I need to include in a privacy statement?

A privacy statement is a statement that sets out what personal information a company, service provider, or other agency collects and what it will use it for. It may be published on a website, or included with a product or service. 

Principle 3 of the Privacy Act says that when an organisation, business or agency collects information from an individual, it should ensure that the individual is informed about what information is being collected and the purpose it is to be used for. You can learn more about principle 3 here(external link). 

A privacy statement ensures that people are aware:

• that you're collecting information about them (if it's not obvious)
• why you're collecting the information;
• what you're going to use it for;
• who you're going to give it to (if anyone);
• whether the person has to give you the information and what will happen if they don't;
• that they can access the information you hold about them, and they can correct it if it's wrong.

We have created a way for agencies to make their own privacy statement. You can learn about and use our online privacy statement generator, the Priv-o-matic, here(external link).

You can also use our website privacy statement as an example.