`

privacy policy

Terms of Service

Can I copy another website’s terms of service?

Being an entrepreneur is all about innovation and efficiency. What some people call "shortcuts" you would call "smart business". That's part of what makes launching a business so exciting – but also risky.

So when the day finally comes to launch online, in an attempt to be more efficient it might be tempting to just copy another website's terms of service. It saves time, and anyway, no one really reads them.

Right?

Wrong. While it might seems like a time-saver in the short-term, copying another website's terms of service can have serious legal consequences down the track. This post will outline why it's a bad idea to take this particular shortcut, and why it's well worth the investment of getting legal advice on your Terms of Service.

1. "Terms of Service" are legal documents

The terms of service are a legal agreement between you and the user. That's why it is always important to know what clauses are in there – no matter which side of the agreement you are on. Once you've had to write your own, it's likely that you'll start to read other Terms of Service agreements a lot more closely.

As a contract between you and the user, it will outline things like:

  • Data collection
  • Responsibility for the data you store
  • How you will use the data
  • Payment terms

If anything goes wrong and you face legal action from a user, the Terms of Service document becomes crucial to show what each party agreed to in advance.

2. Breaching copyright

Another reason not to copy is pretty obvious – you are breaching the other website's copyright. Just like other written content, you retain copyright in terms of service, even if they all look pretty similar at a glance. It's possible to find some open-source terms of service, but it's always best to consult a lawyer to look into using one of these or drafting an original one.

3. Data Use

It's common practise for websites to collect and store, or even on-sell, user data. However, unless there is consent from the user this collection could be in breach of the Australian Privacy Principles.

Clearly, a website that sells clothing will need to have different terms of service to that of a ride-sharing app, for example. It's important to make sure your Terms of Service are specific enough that the user knows what is really happening to their data. Otherwise, they are not consenting to the use you intended.

If you are collecting large amounts of data, it's also worth looking into having a separate privacy policy. Some businesses need to have privacy policies simply because of the other applications and software they use. 

So there you have the main reasons it is well worth the time and effort of drafting your own Terms of Service. Like all legal documents, it's best to have these done or at least vetted by a lawyer. It's an up-front investment that can save you time, money and liability down the track.

Who needs a privacy policy?

Who needs a privacy policy?

Privacy Policies. They sound like a pain – and if you've ever tried to read (or decode) one, you'll know that they can be pretty arduous to make sense of.

But for many small companies, they are essential – especially if you're start-up is an app or an online service that handles personal information. Under the Australian Privacy Principles, if you are an APP Entity, you need to have a Privacy Policy.

APP Entities include:

  • Businesses with an annual turnover of more than $3million (not including assets held, capital gains or proceeds of capital sales)  
  • Small businesses with a turnover of less than $3 million are not considered APP Entities. However, it will still need a privacy policy if:
    • Your business collects and trade personal information without the consent of the individual
    • Your small business is a health service provider
    • Your small business is required to comply with the data retention provisions under Part 5-1A of the Telecommunications (Interception and Access) Act 1979

No matter which category you fall into, it is still a good idea to have a Privacy Policy in place. It increases consumer trust in your business and how it handles and protects personal information.

Similarly, if you your business uses external services, you may be required to have a privacy policy under their terms. For example, section 7 of Google Analytics' terms of service requires that you have a privacy policy in place.

What is a privacy policy, exactly?

A privacy policy is a document that outlines how your company collects and uses personal information. There are topics that it needs to cover under Australian privacy laws, and should be easily accessible to anyone – the idea is that you show how you manage personal information in a transparent way.

On that note, it's not a document that should be drafted to mitigate risk in heavy legalese. It's something that should build trust between the company and people whose information you are collecting. It should be easy to read and reflect the company and its values.

Topics that a Privacy Policy must cover include:

  1. The kinds of information you collect and hold
  2. How you collect personal information
  3. How you hold personal information
  4. The purposes for which you collect, hold, use and disclose personal information
  5. How an individual may access and correct their personal information
  6. How an individual can complain if you, or a contractor, breaches the apps or a binding registered app code
  7. Whether you are likely to disclose information to an overseas recipient

The best way to present this information is in layers. Use headings such as "scope", "collection of personal information" and "disclosure" to make it easier to understand for the user.

Personal Information

So what is personal information? It's a very broad term, and captures any information (or opinion) about a person who is reasonably identifiable, or is identified.

Examples include:

  • Name
  • Address
  • Phone number
  • Bank account details
  • Opinions

What happens if I don't have a Privacy Policy?

If you don't comply with the Privacy Act 1988 as required by law, an individual can make a complaint about your company to the OAIC. They have the power to investigate, conciliate and make determinations based on the complaint.

Breaches of the Australian Privacy Principles can result in civil penalties, and repeated breaches of the law in large fines. This can be $360,000 for individuals and up to $1.8 million for corporations.

So even though it might take a little time or initial cost to produce a great privacy policy, it's clear that the effort is well worth it. It's not just about avoiding penalties, but making your company trusted and transparent in it's information dealings.