News Corp Australia

Comprehensive scope statement covering multiple user types and services, clear table of contents, specific privacy officer contact details, and policy availability in multiple formats. Strong structural elements with definitions and introductory sections.

Primary and secondary purposes are disclosed with some specificity, including marketing, research, and advertising uses. Consent requirements are mentioned for certain uses, but purpose limitation commitments could be stronger.

Clear update notification process with version tracking by date stamp. Specific privacy officer contact details with multiple channels and defined complaint response timeframes. Staff training commitment and specialized contact channels for published content concerns.

Detailed enumeration of personal information types collected through various methods including direct, automated, and third-party sources. Good disclosure of sensitive information handling and biometric collection, though some collection methods could be more granular.

Clear identification of third-party categories and specific countries for data sharing, with stated purposes and contractual obligations. Good coverage of various sharing scenarios including service providers, advertising networks, and related companies.

Basic security measures disclosed including encryption, firewalls, access controls, and staff training. Physical security and third-party requirements mentioned, but lacks specific certifications, breach notification commitments, or detailed technical safeguards.

Specific countries named (UK, USA, Singapore) for both service providers and related companies. Clear disclosure of hosting locations and user consent requirements, with contractual safeguards for third parties mentioned.

Clear access and correction rights with specific contact methods and information requirements. Good complaint process with defined timeframes (7 days initial, 30 days final) and OAIC escalation. Limited deletion rights are honestly disclosed.

Automated advertising targeting and profiling systems like Intent Connect are disclosed with some specificity. Opt-out mechanisms provided through preferences portal and cookie blocking, but lacks detail on decision logic and human review options.

No specific provisions for children's data protection identified. Policy lacks age verification, parental consent mechanisms, age thresholds, or child-specific protections despite collecting birthday information.