Myer

Policy provides clear scope statement, specific contact information including dedicated privacy officer and access request emails, and numbered sections for navigation. However, lacks last updated date, definitions section, and table of contents.

Detailed enumeration of primary collection purposes, clear marketing consent mechanisms with multiple opt-out methods, research and analytics uses disclosed, and secondary use conditions specified. Strong commitment to purpose-based processing with consent requirements.

Named privacy officer with specific contact details, complaint handling timeframe of 30 days, policy availability disclosed, and staff security training requirements. However, lacks policy review frequency, advance notice of changes, and formal governance framework.

Comprehensive enumeration of specific data types collected, detailed collection methods including automated collection, sensitive data handling, and third-party sources. Strong disclosure of cookies, CCTV, and technical data collection with clear consent mechanisms.

Clear disclosure of third-party categories and purposes, specific overseas countries named, contractual security obligations for service providers, and government disclosure circumstances. However, some categories remain broad rather than naming specific recipients.

Basic security measures disclosed including access controls, service provider requirements, and user responsibilities. However, lacks specific technical measures, encryption details, certifications, or breach notification commitments beyond user reporting obligations.

Specific countries named for data transfers, clear notification of overseas service providers, contractual privacy law compliance requirements for recipients, and purpose disclosure for technology and data storage services.

Comprehensive access and correction rights with specific contact methods, detailed opt-out mechanisms across multiple channels, complaint process with 30-day timeframe, and OAIC escalation pathway. Includes verification requirements and fee disclosure.

No explicit disclosure of automated decision-making, profiling, or AI use despite evidence of customization and targeted advertising activities. Lacks transparency about decision logic, opt-out rights, or human review mechanisms.

No relevant claims found in policy.

No specific findings.