Harvey Norman

Policy provides clear scope, plain language commitment, definitions, specific contact details, and version tracking. However, lacks table of contents and comprehensive introductory summary.

Clear primary and secondary purposes stated, marketing consent mechanisms, and commitment not to use for other purposes without consent. Some purposes could be more specific.

Named privacy officer with contact details, version tracking, and complaint handling timeframes. However, lacks specific review frequency commitments and comprehensive governance framework details.

Comprehensive enumeration of specific data types collected, clear collection methods, sensitive data handling with consent requirements, and detailed notification requirements at collection time.

Detailed disclosure of recipient categories with some named parties (Harvey Norman Holdings), specific purposes, contractual obligations requiring APP compliance, and clear consent mechanisms.

Basic security measures mentioned (locks, firewalls, passwords, access controls) but lacks specific technical details, certifications, or breach notification procedures. Generic security commitments.

Clear disclosure of overseas transfers with specific countries named (US, UK), APP 8.1 compliance commitments, and reasonable steps to ensure recipient compliance with APPs.

Comprehensive rights framework with specific access/correction procedures, clear timeframes (48 hours acknowledgment, 10 days resolution), detailed opt-out mechanisms, and OAIC escalation pathway.

Very limited disclosure - only mentions cookies for tailoring services and fraud checks. No specific ADM disclosure, opt-out rights, or human review mechanisms provided.

No relevant claims found in policy.

No specific findings.