Start by clicking on "Fill out the template"
Answer a few questions and your document is created automatically.
Your document is ready! You will receive it in Word and PDF formats. You will be able to modify it.
This Cookies Policy is designed for use by website owners. It tells users of the website what cookies are active on the website, what they do, and what website users can do about them.
Cookies are small files which websites use in order to monitor the use of a website, and to provide a more personalised experience to website users.
Businesses that are subject to the Australian Privacy Principles may be legally required to tell users about the types of cookies (and other data) that they collect, and how these cookies and data are used.
Furthermore, many Australian businesses find that even if they are not strictly required by law to provide a cookies policy or to obtain informed consent from their users, by using this cookies policy, they are able to answer their customers' questions about cookies, which helps to build trust with their customers.
European data protection laws may apply
Australian websites that target customers in the European Union (EU) or the United Kingdom (UK) may need to comply EU privacy laws, such as the EU ePrivacy Directive and the EU General Data Protection Regulation (GDPR).
As of 25 May 2018, the European Union General Data Protection Regulation (GDPR) contains new data protection requirements that may apply to Australian businesses.
Australian businesses (regardless of size) may need to comply with the GDPR if they have an establishment in the EU or UK, if they offer goods and services in the EU or UK, or if they monitor the behaviour of individuals in the EU or UK.
Under EU and UK privacy law, websites with a presence in the EU or UK, or which sell to customers in the EU or UK are required to obtain informed consent from website users before storing a cookie on their device. As a result, many businesses affected by these laws, use a popup box to obtain informed consent to cookies from website users when they first visit the website.
Informed consent (such as by way of a popup box) is not strictly required under Australian law, but many Australian businesses are choosing to comply with it anyway, to make sure that they are covered in the event that they fall under the EU's jurisdiction (for example, if a customer based in the EU or UK accesses their website).
How to use this document
Once this document has been prepared, it needs to be published on the website and needs to be made freely available for users.
If the website owner thinks that EU or UK law might apply, they should review the information provided by the Office of the Australian Information Commissioner as well as the UK's Information Commissioner's Office. These resources provide information about what website owners need to do in order to comply with those relevant laws.
If the website owner requires popup functionality (in order to comply with UK/EU law), this functionality will need to be created separately. This document does not have popup functionality built into it.
We have an alternative Cookies Policy (which operates under UK/EU law rather than Australian law), available on our UK site.
The primary legislation in relation to privacy law in Australia is the Commonwealth Privacy Act 1988. This has been amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 also sets out a set of Australian Privacy Principles which apply to Australian organisations and provide guidance as to how businesses should handle cookies. Further information about the Australian Privacy Principles is available via the Office of the Australian Information Commissioner.
Other relevant laws include the Privacy Regulation 2013, and the Privacy (Credit Reporting) Code 2014. A number of industries also have additional privacy rules. For example, specific laws may impose additional privacy requirements in relation to:
- email marketing
- criminal records
- data matching
- anti-money laundering
- health records, Medicare, the pharmaceutical benefits scheme, or the eHealth system
- biometric information
- the Personal Property Securities Register
- credit reporting
- financial services
- tax file numbers
- information relating to racial or ethnic origin
- information relating to political opinions
- membership of a political association, professional or trade association or trade union
- religious beliefs or affiliations
- philosophical beliefs
- sexual orientation or practices
As mentioned above, the EU ePrivacy Directive and the EU General Data Protection Regulation (GDPR) may also apply. This policy does not deal with UK/EU law. It is only designed for compliance under Australian law.
Further information about how the GDPR may affect Australian businesses is available through the Office of the Australian Information Commissioner.
How to modify the template?
You fill out a form. The document is created before your eyes as you respond to the questions.
At the end, you receive it in Word and PDF formats. You can modify it and reuse it.