Privacy Policy

Small Business Australia is committed to providing quality communication, products and services to you. This Privacy Policy provides details of the personal data we collect from you, what we do with it, how you might access it and who it might be shared with.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at

Small Business Australia
Suite 13, 397 Smith Street, Fitzroy VIC 3065 Australia

The personal data we collect from you will depend on our interaction with you.

Website visit only

If you visit our website to view the content only you do not need to provide us with any personal data. However, your browser transmits some data automatically, such as the date and time of retrieval of one of our web pages, your browser type and settings, your operating system, the last page you visited, the data transmitted, the access status, and your IP address.

Contact via telephone, email or form submission

To communicate with us, request information (e.g. free report, e-book) or make an appointment you will be required to provide personal data. We use this data to fulfil your request.

Blog comment

If you leave a comment on our site you may opt-in to save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.

Visitor comments may be checked through an automated spam detection service.

Purchase a service or product

If you purchase a product or service from us you will be required to provide personal data to fulfil the requirements of a contractual or service relationship, which may exist between you and our organisation.

If your purchase requires an account on our website, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Personal Information is obtained in many ways including interviews, correspondence, transactional data (such as purchase information), by telephone, by email, via our website, from your website, from media and publications, from other publicly available sources, from cookies and from third parties. We don’t guarantee website links or policy of authorised third parties.

We process personal data only of the purpose for which they are collected. We use this personal data for the provision of the service or the performance of the contract. We may use your personal data for other similar purposes, including marketing and communications. You can unsubscribe from these emails at any time, please see ‘How to unsubscribe’ below for further information.

From our customers and clients we process and retain personal data for the following purposes.

Processing purpose Retention period
Communications, marketing and intelligence Until consent withdrawn
Customer support Until consent withdrawn
Sales and distribution of products and services Until consent withdrawn

When your personal data is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal data. However, most of the personal data is or will be stored in client files which will be kept by us for a minimum of 7 years.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

To maintain and improve our services, your personal data may need to be shared with or disclosed to service providers, other controllers or, in some cases, public authorities. We may be mandated to disclose your personal data in response to requests from a court, police services or other regulatory bodies. Where feasible, we will consult with you prior to making such disclosure and, in order to protect your privacy, we will ensure that we will disclose only the minimum amount of your information necessary for the required purpose.

We transfer personal data to the following organisations:

Data subject type Organisation name Type
Customers and clients ITRegister Pty Ltd Processor
Customers and clients WPForms Processor
Customers and clients WooCommerce Processor
Customers and clients Stripe Processor
Customers and clients HubSpot Processor

We limit the amount of personal data collected and it is stored in a manner that reasonably protects it from unauthorised access, damage, loss, modification or disclosure. We retain personal data only for as long as described above, to respond to your requests, or longer if required by law.

You may access the personal data we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your personal data, please contact us in writing.

It is important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Small Business Australia will not charge any fee for your access request but may charge an administrative fee for providing a copy of your personal data.

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

In order to protect your personal data, we may require identification from you before releasing the requested information.

Our communications and marketing emails supply an option at the bottom of the emails to either ‘unsubscribe’ or ‘manage preferences’ in relation to your communication subscription. Alternatively, you can make a request from our company website.

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by us only:

  • For the primary purpose for which it was obtained
  • For a secondary purpose that is directly related to the primary purpose
  • With your consent; or where required or authorised by law.
  • Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances, we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

This Policy may change from time to time and is available on our website.

If you have any queries or complaints about our Privacy Policy please contact us at:

Small Business Australia
Suite 13, 397 Smith Street, Fitzroy VIC 3065 Australia