Does a Freelancer or Sole Trader Need a Privacy Policy in Australia?

The $3 Million Turnover Threshold

The Australian Privacy Act 1988 applies to most businesses that collect personal data, but there's a key exception for small businesses: organisations with a turnover of less than $3 million in the previous financial year are exempt from most of the Act's provisions.

What this means:

• If your turnover is under $3M: The Privacy Act doesn't technically apply to you. Legally, you're not required to have a Privacy Policy.
• If your turnover is $3M or more: You must comply with the Privacy Act and have a Privacy Policy.

However, this exemption has important exceptions.

The $3M Exemption Has Exceptions

Even if you're under the $3M turnover threshold, the Privacy Act still applies if you operate as:

• A health service provider: Doctors, physiotherapists, psychologists, dentists, etc. — no turnover threshold. Always required to comply.
• A credit provider: If you provide credit or loans, Privacy Act applies regardless of turnover
• An Australian State or Territory health authority

If you're a health service provider or credit provider, you need a Privacy Policy even if you're just starting and earning very little.

Why Freelancers Should Have One Anyway

Even if you're under $3M and not in an excepted category, having a Privacy Policy is smart business practice:

Client Trust

Larger clients — corporates, enterprise companies, government agencies — often require all their contractors and vendors to have a Privacy Policy. Even if you're not legally required, a client contract might mandate it. Without one, you lose business.

Platform Requirements

If you use Upwork, Fiverr, Freelancer, or other gig platforms, and you direct clients to your own website, platform Terms require a Privacy Policy on that website.

Future-Proofing

If you grow above $3M turnover, you'll suddenly need one. Having it ready now prevents compliance issues later.

International Clients

If you have any clients in the EU or the US, they may operate under GDPR or CCPA, which require Privacy Policies. If you want international clients, you need one.

What Does a Freelancer's Privacy Policy Actually Need to Cover?

Good news: a freelancer's Privacy Policy is much simpler than a SaaS or ecommerce company's. You're collecting minimal data, so disclosure is straightforward.

Contact Information

Your name/company name, email address, and physical address (if you have one).

Contact Form Data

If your portfolio website has a contact form, you collect: name, email, message content. Disclose:

• You collect this information through the contact form
• It's used to respond to inquiries
• You keep it for [specify period, e.g., "12 months for record-keeping"]
• Which email service sends/stores the form (Gmail, Mailchimp, custom server, etc.)

Analytics

Most portfolio sites use Google Analytics to track visitors. Disclose:

• You use Google Analytics to understand visitor behaviour
• It collects: IP addresses, device type, pages viewed, time on site
• It sets cookies (Google's analytics cookies)
• Link to Google's Privacy Policy

Client Data Handling

This is crucial if you handle clients' data as part of your work (e.g., as a designer, developer, bookkeeper, virtual assistant):

• What data you receive from clients: "Clients may provide business records, financial data, contact lists, or other information during engagement"
• How you keep it secure: "We store client data on secure servers and use [specify: encrypted drives, password-protected systems, secure file transfer]"
• How long you keep it: "After project completion, we retain client data for [12 months/as agreed in contract] before secure deletion"
• Third parties you share it with: If you use a bookkeeper, accountant, or subcontractor, disclose that they may see client data

Subcontracting & Sharing

If you hire other freelancers or subcontractors who will see client data, you must disclose this:

"When we subcontract work, we may share client information with trusted subcontractors under confidentiality agreements."

Sample Freelancer Privacy Policy Structure

Example for a freelance designer/developer:

1. What We Collect
When you contact us or hire us, we collect: your name, email, company name, and project details. If you visit our website, we collect: IP address, pages viewed, time on site (via Google Analytics).

2. Why We Collect It
To respond to inquiries, manage projects, and understand how visitors use our website.

3. How Long We Keep It
Project data is kept for 12 months after completion. Website visitor data is kept for 26 months (Google Analytics default).

4. Who We Share It With
We may share your data with subcontractors under confidentiality agreements. We don't sell or share data for marketing purposes.

5. Your Rights
You can request access to or deletion of your personal data by emailing privacy@yourname.com.

6. Contact
Questions about this policy? Email privacy@yourname.com or contact us at [your address].

Information to Prepare Before Generating

• Your name and/or company name
• Your email address and physical address (if you have one)
• Estimated annual turnover (to confirm whether Privacy Act applies)
• Do you provide health services? (This changes requirements)
• What tools does your website use? Contact form platform, analytics, hosting provider
• What client data do you typically handle? Financial records, customer lists, business documents, etc.
• Do you use subcontractors? If so, briefly describe
• How long do you keep client project files? Most freelancers keep them 12 months, then delete