9.4 Legal Compliance Checklist

Currently required under the Australian Privacy Act 1988 if your business has over $3M annual turnover, handles health/financial data, or is a health service provider. However: the small business exemption is being removed from July 2026, meaning ALL businesses that collect personal information will need to comply. Your policy should cover:

• What personal information you collect (name, email, phone, IP address, cookies)
• How you collect it (forms, cookies, third-party tools)
• Why you collect it (to provide services, marketing, analytics)
• How you store and protect it
• Who you share it with (email platform, ad networks, payment processors)
• How people can access, correct, or delete their data
• Your contact details for privacy complaints
• Free generators: Privacy Policy Generator or TermsFeed (free basic version)

Not legally required but strongly recommended. Protects you in disputes:

• Acceptable use of your website
• Intellectual property (your content is yours)
• Limitation of liability
• Governing law (State of [your state], Commonwealth of Australia)
• Dispute resolution process
• For e-commerce: refund policy, delivery terms, consumer guarantees under Australian Consumer Law

Australia doesn't have GDPR-style cookie laws, but best practice (and required if you have EU visitors):

• Add a cookie consent banner explaining you use cookies for analytics and advertising
• Allow users to accept or reject non-essential cookies
• List cookies in your Privacy Policy: GA4, Meta Pixel, GTM, any other tracking
• Free implementation: CookieYes (free up to 100 pages) or Osano (free tier)
• If you serve EU customers (even occasionally), GDPR compliance is required -- consent before tracking, not just notification.

Covered in detail in section 7.4. Quick checklist:

• Express consent for all commercial emails and SMS
• Business identified in every message (name, ABN, contact details)
• Working unsubscribe in every message, honoured within 5 business days
• No purchased email lists

If you sell products or services online:

• Consumer guarantees: Products must be of acceptable quality, fit for purpose, match descriptions. Services must be provided with due care and skill.
• Refund rights: Customers have refund rights for faulty products/services regardless of your refund policy. You cannot override ACL with your T&Cs.
• Pricing: Prices must include GST (if registered). No hidden fees. Total price must be clear before purchase.
• Testimonials and reviews: Must be genuine. Fake reviews violate ACL (fines up to $10M for companies).
• ABN on website: If you have an ABN, display it on your website (usually in the footer).

Add these pages and link them from your footer on every page:

• Privacy Policy (link: /privacy or /privacy-policy)
• Terms of Service (link: /terms or /terms-of-service)
• Cookie consent banner (auto-displays)
• Review annually and update when you add new tools, change data practices, or regulations change