Add To Cart: Australia’s eCommerce Show
Add To Cart is Australia’s leading eCommerce podcast
Hosted by eCommerce expert Nathan Bush, this show express-delivers insights, strategies, and stories from the frontlines of online retail. Tune in every Monday for deep-dive interviews with eCommerce leaders, and every Friday for our signature 'Checkout' episodes - quick, actionable takes on what’s trending in eCommerce, retail, and digital marketing.
If you're growing a Shopify store, leading a retail team, or just trying to stay one step ahead, Add To Cart helps you stay sharp, confident, and up-skilled without the guesswork.
🎧 500+ episodes and counting
📬 Join our free eCommerce community, newsletter, and courses at addtocart.com.au
Hosted on Acast. See acast.com/privacy for more information.
Add To Cart: Australia’s eCommerce Show
How to Turn Your Privacy Policy Into a Trust Builder #564
Privacy policies might be the most ignored part of an ecommerce site, but they’re also one of the most important. In today's playbook, Marianne Marchesi, founder of Legalite, is turning the traditional approach on its head: “Don’t even bother with T&Cs and privacy policies if you’re not going to do the work in the background to make sure that you’re actually practicing what you preach.”
In today’s Playbook
- How to write a privacy policy that reflects your real data practices
- The simple audit every ecommerce brand should run before updating policies
- Why “cleaning out your data” could save your business
- How to get clear, explicit consent from customers before privacy laws change
- What Legalite, Civic Data and IAB Australia all agree builds true trust
Connect with Marianne
Explore Legalite
Episode #119 with Civic Data
Episode #444 with IAB Australia
Want to level up your ecommerce game? Come hang out in the Add To Cart Community. We’re talking deep dives, smart events, and real-world inspo for operators who are in it for the long haul.
Connect with Nathan Bush
Contact Add To Cart
Join the Community
Calling all brands looking to dominate search rankings in 2025. Studio Hawk is Australia's largest dedicated SEO agency working with brands like Officeworks, City Beach, Age, Clarks, Pet Stock, and New Balance. And they have an exclusive offer for AdDeCart Listing. Sign up for an ongoing SEO campaign and receive the Content Boost Package, a professionally written copy for 40 category pages free of charge. If you want to rank and convert better in 2025, head on over to studiohawk.com.au and mention add to cart when inquiring to claim this offer. Plus, receive a free SEO audit of your website. Hey there, it's Bushy here, joining you for another special playbook episode of Add to Cart. Hope you're enjoying this format. It's relatively new for us. We thought we'd kick it off where we dive deep into a topic that we discussed previously. Try and connect some of the ideas that we've had from previous guests of Ad to Cart to help you on something very specific for your e-commerce business. Today, we are tackling something that most of us in e-commerce really try and avoid. We're talking privacy policies. Yeah, I know. No one likes reading them, no one likes writing them, but they are actually, if you think about it, really important. They are linked on every single page in our footer and could be a savior when it comes to any breaches or any concerns from your customers. They are hugely important, but they're not fun. And I get that. Today I want to bring to the forefront some conversations that we've had about privacy policies to try and make it as simple as possible for you and actually not be the chore that we think it is. Also, I think it's really important that we don't make it a box-ticking exercise. I think when we create sites, it's like, yes, we need a privacy policy, we need terms and conditions, we need a shipping policy, and we try and do them as quickly as possible. Privacy policies actually need a bit of thought in how they apply to your business. No longer can you just copy a competitor's privacy policy, paste it into GPT, make some little refinements, and then spit it onto your website because that is probably more dangerous than not having one at all. With the upcoming changes to Australia's Privacy Act, privacy policies are becoming non-negotiable for building trust. Customers actually do care about them, and for keeping your business out of hot water. The penalties can be severe. And where most businesses get into trouble is not necessarily not having privacy policies, but it's in having privacy policies that don't actually match what they do in the business. That's when things get really messy. Luckily, I recently had a chat with Marianne Marchesi, founder of Legalite. And she gave us a total mindset shift on how to approach privacy policies. She's actually the first lawyer that we've ever had on Ad Descartes, but trust me, she doesn't do proper lawyer speak. She makes it as simple and straightforward and human as possible. Here's a clip from our chat where she flips the whole privacy policy process on its head. Some of the most basic things in e-commerce that we see in every footer of every e-commerce page that they don't get a lot of conversation about because they're not the sexiest things. Things like terms and condition pages and privacy policies. Do you feel like they need to be heavily customized for each brand? Or is there sort of a template that you can use?
SPEAKER_00:There are absolutely there are templates. There are so many online now. But more importantly, I would now encourage businesses to don't even bother with T's and C's and privacy policies if you're not going to do the work in the background to make sure that you're actually practicing what you preach. So for example, businesses will have a privacy policy and it says, This is how we collect information, this is how it's stored, this is how we, you know, delete your personal data. They don't do any of that. Don't have the privacy policy because you're you're outright just contradicting yourself with what you're actually doing in practice. So get the foundations right first, do the practical stuff first, and that's best practice. And then just document what you're already doing.
SPEAKER_01:Yes, okay.
SPEAKER_00:Same thing with T's and C's, you know, like you might have a refund policy in there and there are laws around when you do need to refund. And often businesses will have the correct wording in their Ts and C's, but then they don't actually comply with their own refund policy. So just get it right first, otherwise, honestly, don't even bother.
SPEAKER_01:Okay, that makes a lot of sense. And I suppose then it becomes easier for a third party to even write them for you because you can go that third party party can go, what are you doing at the moment? Tell me what you're doing, and then I'll translate that into a policy rather than going having someone create them that you're just not not doing the same thing in in-house.
SPEAKER_00:Yeah, yeah.
SPEAKER_01:You talked about returns there.
SPEAKER_00:Yep.
SPEAKER_01:From a returns policy, we're seeing a big change in returns around Australia. And I think it's a little bit different in fashion, obviously, because there's still that expectation that I can send back change of mind or does not fit. But I don't think a lot of retailers understand the difference between change of mind refunds versus I don't know, what do you call it? You call it quality or or breakages.
SPEAKER_00:Repairs. Repairs. Um product.
SPEAKER_01:Exactly.
SPEAKER_00:So legally there is no obligation to refund for a change of mind. Retailers will do it as a nice to have and as a value proposition. Legally, what you do when you do have to refund, it's because the product was faulty or it didn't match the description. And if it's a major problem, the customer can choose whether they would like a refund or a replacement. If it's a minor problem, usually the retailer will choose what they would like to do, whether it's to refund it or not. But retailers do get this wrong very often. Faulty products are not subjective. If something's faulty, it's faulty. To give you an example, I was I bought a pair of shoes online when they arrived. The shoes were absolutely fine, but the shoelaces were torn and they were pink shoes. And pink shoelaces. So it's not like I could just go out and buy, you know, replacement shoelaces. So I wrote to the retailer and I said, I'm happy to keep the shoes, but can you send me shoelaces to replace them? And they said, Oh, we don't have shoelaces, just like, you know, to replace. And so I said, Okay, well, what are you recommending? And they said, nothing, essentially. They weren't gonna refund, they weren't gonna replace the entire, you know, shoes, pair of shoes. And the problem with that is I know that's illegal, but I'm not gonna I can't be bothered having a fight about shoelaces. So I copped it. You know, their behaviour was illegal, but I copped it and I went out and you know, found pink shoelaces online. So it's something that and this was a big retailer, it's something that big, small retailers get wrong very often. And I will never buy from that retailer again. So even if you've broken the law and you've had no repercussions legally, that's one thing. But the other thing is the customer experience and your reputation in the market.
SPEAKER_01:Yeah. Some of the best brands that are known for their customer service. I've had this come up twice now, is one of their key policies around customer service is if you're in doubt, be generous.
SPEAKER_00:Yes. And it's not that hard. And you'll keep coming back. So yeah, there are lots of retailers that do that really well and go above and beyond the minimum legal requirements. So to see.
SPEAKER_01:I really love that approach from Marianne. And if you're after more legal advice, if you like what Marianne's putting down there, you're going to enjoy our main episode where we cover all aspects of legal compliance for e-commerce. But while we're on privacy policies, I just want to expand on what Marianne said around don't even bother with the privacy policy if you're not going to do the work in the background to make sure that you're actually practicing what you preach. Such a great line, such a great philosophy. It's simple, but it's a powerful reframe rather than just seeing privacy policy as a task. Rather than starting with a legal document, start with your actions. What does your business actually do with data and then tell people about it? Sounds pretty simple when you put it like that. It actually reminds me of a chat that I had with Chris Brinkworth from Civic Data way back in episode 119. Back then, we felt that there were huge reforms coming in Australian data following what had happened in Europe. They haven't fully arrived yet. But his advice is still really powerful because even if the reforms aren't here, getting this right now will get you ahead of what is to come, plus get you your trust with your customers. He warned us that with the new regulations coming, any data that you've collected without clear permission is basically a sunk cost and a huge risk for your business. So simple things like if your privacy policy says that you need to opt in to receive communications, but then you're actually sending follow-up emails after orders with marketing messages, not just order messages, you're already breaching that policy and the law. And again, this isn't just about what you do or what you say. It's also about what you don't do. Gay LaRoy from IAB Australia joined us on episode 444. And her advice was just as direct. Clean out your data and get rid of anything you don't need. Don't just leave it hanging around just in case. If you're not using it, get rid of it because it is actually an overhead and a liability to your business. In this new world of privacy reform and us not knowing how it's going to be enacted, holding on to data just in case is a risk that you actually don't need. If your privacy policy says that you only keep data for as long as necessary, but you've got customer details from 2013 still sitting in an old MailChimp account, you've got a problem. So here are three actionable takeaways I want you to take with you to make sure that your privacy policies are more than just words in your website footer. And these are really easily applied. Number one, start with practice, not policy. Before you write a single line of privacy policy, map out what you actually do with your customer data. Where do you collect it? What do you ask for? What do customers consent to? Where is it stored? Australia, overseas, who has access to this data? How is it used for marketing? Do you share it with third parties? Having answers to some of these questions will help you then form the basis of your privacy policy. Now, if you've already got a privacy policy, still do that exercise. Write down exactly how you collect data, what you do with it, who can access it, where it's stored, and see if it's reflected in your privacy policy. Start with what you do, not what you want to do in writing a fresh privacy policy. Number two, do a big audit of your data and Marie Kondo it. Get rid of anything that you're not using. If you've got customers from 10 years ago that haven't shopped with you, remove them. If you've got old email platforms that you just hung on to in case you need to go back to them, get rid of them. Having data that's hanging around in the background is a liability. If you don't need it, if you're not using it in the last 12 months, don't hold on to it. Because this isn't just good practice. It's your best defense mechanism against future privacy headaches. Don't leave yourself open to it. A lean database is a safe database. And thirdly, get explicit consent now. Don't wait for the government to force your hand. Who knows when that's going to happen? We thought it was going to happen three years ago that we'd follow Europe's lead. It's been a bit softer since then, but it's very clear that we're moving towards a more privacy-focused world. Start by getting clear, explicit opt-in consent from your customers today. If you have any areas where you're unsure whether customers have actually explicitly opted into marketing communications, maybe just pull the pin and ask them to re-consent to it. Just to leave yourself in a safe space. Chris actually warned that when the new laws hit, every brand in Australia will be scrambling to re-engage their databases and ask for that consent. If you can get ahead of the game, you're well ahead of the pack. And then map it out again from point one. Whenever you are collecting data, make sure that that consent is opted in. So you actually never have to do that reconsent exercise ever again. That's it for the playbook this week. If you have topics that you would love to see us cover on the playbook and go back through the archives to see who has given us some great lessons on them, make sure you reach out to us. You can drop us a note on hello at adtocart.com.au or hit any of our socials. We would love to know the topics that you want us to dive back into to give you some tips on how to approach it for your e-commerce business. As always, if you want to come and continue this conversation around privacy and what other people are doing with their privacy policies, great place to do that is the Add to Cart community. It's free to join, and we have over 500 e-commerce professionals in there sharing tips, asking for advice. It's a brilliant, open, safe space for you to put it out there and ask for some help and some guidance. We have so many people in there waiting to help you. All right, that's it for this week. As always, if you liked what you heard, make sure you subscribe. Whether you're listening on Spotify, Apple, or on YouTube. We'd love you to hit that subscribe button so we can bring you future playbooks. See you next time.