Officeworks

Comprehensive scope statement covering multiple channels, clear definitions section, specific contact details with multiple methods, current date stamp, and good introductory section explaining policy purpose and commitments.

Comprehensive list of primary purposes clearly stated, secondary use disclosure with reasonable expectation standard, consent requirements mentioned for some uses, but could be clearer about purpose limitation commitments.

Clear change notification method, current date stamp, specific contact details, complaints handling process with escalation, but lacks specific review frequency commitments or named privacy officer details.

Detailed enumeration of specific data types collected including location, transaction, usage data, and digital analytics with specific technologies mentioned. Clear disclosure of third-party sources and sensitive data handling with consent requirements.

Good mix of specific named parties (Flybuys, OnePass, major platforms) and categories, clear purposes stated, contractual obligations mentioned, but could be more specific about consent mechanisms for all sharing scenarios.

Specific mention of SSL encryption, access controls, physical security measures, and employee confidentiality obligations, but lacks detail on certifications, breach notification procedures, and audit practices.

Specific countries named (USA, Singapore, Japan) for both sharing and storage, notification provided, but limited detail on adequacy mechanisms or specific safeguards beyond general confidentiality obligations.

Clear access and correction rights with specific contact methods, marketing opt-out mechanism, complaint process with OAIC escalation, but response timeframes are vague ('reasonable time') rather than specific.

No explicit disclosure of automated decision-making processes despite extensive profiling activities mentioned. Only marketing opt-out provided, no human review rights or transparency about automated logic disclosed.

Clear age threshold of 18, explicit parental consent requirements, involvement requirements, and knowledge-based protection trigger. Comprehensive child-specific protections that exceed typical requirements.