ALDI Australia

The policy provides adequate transparency elements including clear scope, section overview, specific contact details, and introductory commitments. However, it lacks key transparency features like plain language commitment, definitions/glossary, version dating, and explicit availability statements beyond online access.

The policy provides comprehensive and specific purpose disclosures with detailed lists of primary and secondary uses, clear marketing consent conditions with opt-out rights, and explicit disclosure of AI/analytics uses and third-party sharing. While it covers all key APP 6 requirements effectively, it lacks an explicit commitment to purpose limitation beyond collection necessity.

The policy provides adequate coverage with a designated Data Protection team contact and basic governance framework, but lacks specific commitments like review frequency, detailed change notification procedures, or comprehensive compliance monitoring with timeframes.

Comprehensive and specific disclosures covering data types, collection methods (direct, third-party, automated), tracking technologies, and consent mechanisms with clear explanations of purposes and opt-out options. Strong granular enumeration of specific data types and collection scenarios, though could benefit from more explicit legal basis statements.

The policy provides clear disclosures with specific named parties (Google, Facebook), detailed purposes, contractual obligations on recipients, and opt-out mechanisms for advertising. However, some categories remain generic ("service providers") and overseas disclosure lacks specific country identification, preventing a higher score.

The claims provide basic security measures like encryption, access controls, and physical security, but lack specificity about encryption algorithms, certifications, breach notification procedures, or audit practices. The disclosures are largely generic with minimal technical detail beyond listing security categories.

The policy provides generic safeguards language but lacks specificity in naming countries/regions or adequacy mechanisms. While it mentions reasonable steps for compliance, it fails to identify specific destinations or detailed protection measures required under APP 8.

The policy provides clear and specific disclosures covering key consumer rights areas including access, correction, marketing opt-out, and complaint mechanisms with specific contact details and 30-day response timeframes. However, it lacks explicit deletion rights and could provide more detail on the access/correction process requirements.

The policy provides adequate disclosure of some automated decision-making activities including AI tool usage, targeted advertising profiling, and in-store tracking with specific opt-out mechanisms for tracking and advertising. However, it lacks specificity about AI decision types, logic transparency, human review rights, and provides only minimal detail about the nature and consequences of automated decisions.

The policy completely lacks children-specific provisions despite collecting date of birth data that could identify minors. No age verification, parental consent mechanisms, or child protections are mentioned, representing a significant gap in APP 3.5 compliance.