Origin Energy

Policy demonstrates strong transparency with clear scope statement, specific contact details including dedicated Privacy Officer, numbered sections for navigation, current version tracking, and multiple access formats. Minor gaps in glossary/definitions prevent a higher score.

Purposes are stated but somewhat generic, with primary focus on identification and business operations. Marketing opt-out mechanisms are provided, but explicit consent requirements for secondary uses and clearer purpose boundaries would strengthen this dimension.

Clear policy maintenance framework with version tracking, designated Privacy Officer contact details, staff confidentiality requirements, and Privacy Act compliance commitment. Missing specific review frequency and change notification mechanisms prevents a higher score.

Good specificity in data types collected with granular enumeration including financial details, qualifications, and service information. Collection methods are clearly disclosed including direct, third-party, and automated collection, though sensitive information handling could be more explicit.

Comprehensive disclosure of third-party categories with specific service types listed and contractual obligations requiring Privacy Act compliance. Overseas disclosure is acknowledged with reference to Collection Statements, though specific countries and safeguards could be more detailed.

Adequate security measures disclosed including technical solutions, employee confidentiality requirements, physical security, and website encryption. However, lacks specific certifications, detailed breach notification procedures, and audit practices that would demonstrate comprehensive security.

Adequate disclosure that overseas transfers occur with reference to Collection Statements for specific countries, but lacks detailed safeguards, adequacy mechanisms, or binding corporate rules. Legal disclosure requirements are mentioned but protection measures are vague.

Strong coverage of consumer rights including detailed access and correction processes, multiple opt-out mechanisms for marketing, internal complaint procedures, and clear escalation path to OAIC. Specific timeframes for some processes would enhance the score.

Very weak disclosure with no explicit mention of automated decision-making, AI/ML use, or related rights. Only generic references to data processing without specific ADM transparency or opt-out mechanisms.

No relevant claims found in policy.

No specific findings.