Kmart Australia

Policy provides comprehensive scope statement, clear definitions, specific privacy officer contact details, current version date, and strong introductory section with data handling principles. Missing plain language commitment and section overview.

Extensive list of primary purposes clearly stated, secondary uses explicitly disclosed including data analysis and marketing, opt-out mechanisms provided. Some broad catch-all clauses present but overall very comprehensive.

Clear policy update notification process, current version availability commitment, specific privacy officer contact details, and complaint handling process with OAIC escalation. Missing specific review frequency and detailed governance framework.

Exceptionally detailed enumeration of personal information types collected, comprehensive disclosure of collection methods including automated technologies, clear sensitive data handling, and specific third-party data sources. Exceeds minimum requirements with granular specificity.

Comprehensive disclosure with named third parties (Flybuys, OnePass, Google), specific advertising networks, detailed purposes for sharing, contractual obligations for overseas recipients, and clear opt-out mechanisms. Exceeds minimum requirements.

Generic security commitment with basic measures mentioned (secured servers, controlled facilities). Lacks specific encryption details, certifications, breach notification procedures, or audit practices beyond general statements.

Specific destination countries named (US, UK, European countries, Asia Pacific including China, India, Bangladesh, Singapore, Vietnam, Hong Kong), contractual obligations for overseas recipients clearly stated with purpose limitation and confidentiality requirements.

Access and correction rights clearly stated with specific contact mechanisms, marketing opt-out provided, complaint process described with OAIC escalation. However, response timeframes are vague ('reasonable time') and no deletion rights mentioned.

Good disclosure of profiling activities, automated advertising decisions, and facial recognition processing with opt-out mechanisms provided. However, lacks human review rights and detailed algorithmic transparency about decision logic.

Very weak provisions with no age verification, parental consent mechanisms, or child-specific protections. Only mentions collecting age/date of birth and student ID numbers without any special safeguards for minors.