The law that protects consumers in Victoria is the Australian Consumer Law and Fair Trading Act 2012.

Consumer laws put restrictions on your business to ensure you're fair in the way you:

  • trade (online and in-person)
  • advertise
  • operate in the market

Complying with these laws can improve customer relations and give your business a reputation as one that deals fairly with your customers, suppliers and competitors. Breaching the Act is illegal and can cost you a lot of money in long-term legal expenses.

Fair trading laws

When running your business, you must meet certain standards in providing:

  • fair contracts
  • receipts and itemised bills
  • refunds and exchanges
  • gift cards

These laws apply whether you're trading online or in a brick and mortar premises. Online businesses must also comply with the laws in the:

Fair contracts

Your contracts must be clear and fair. Fair means there is a healthy balance between you and the consumer.

Learn more about unfair contract terms on the Consumer Affairs website.

Receipts and itemised bills

You must provide:

  • a receipt for amounts over $50 or if the consumer asks for one
  • itemised receipts if the consumer asks for one

Learn more about receipts and itemised bills on the Consumer Affairs website.

Refunds and exchanges

Your refund and exchange policy must be clearly spelled out and comply with the Act.

Adding a 'no refunds or exchange' note to your website doesn't prevent you from having to offer a refund or exchange if the goods:

  • are faulty
  • don't match the product description
  • are unfit for their intended purpose

Learn more about refunds, repairs and exchanges on the Consumer Affairs website.

Gift cards

The Australian Consumer Law (ACL) was amended to provide protections for gift card consumers across Australia.

Changes to the gift card laws include:

  • Gift cards must have a minimum 3-year expiry period.
  • Gift cards must display expiry dates.
  • Most post purchase fees on gift cards such as activation fees and balance enquiry fees are banned.

Consumer guarantees

Under Australian Consumer Law, businesses must automatically guarantee most products and services that they sell, hire or lease. Consumer guarantees apply regardless of any other warranties you place on the product or service.

What is guaranteed?

Products and services, including those bundled, discounted or on sale, are automatically guaranteed if they are:

  • under $100,000
  • over $100,000 and generally used for personal or household use
  • business vehicles and trailers used to transport goods (regardless of cost)

Minimum requirements for products and services

Products must:

  • be safe and of acceptable quality and appearance
  • do all the things a person would normally expect
  • match any description, demonstration or promise made by the business, salesperson, label or advertising
  • not come with hidden debts or charges
  • have spare parts and repair facilities available for a reasonable time unless specified otherwise

Services must be:

  • provided with acceptable care, skill and technical knowledge and taking all necessary steps to avoid loss and damage
  • fit for the purpose or give the agreed results
  • delivered within a reasonable time when there is no agreed end date

Visit the Australian Competition and Consumer Commission (ACCC) website for more about consumer guarantees on products and services, including exceptions, compensation and repairs, replacements and refunds.

Fair advertising laws

Product and service descriptions must be correct and you must give your contact details.

The price of goods and services must stay the same for a reasonable length of time and you must have reasonable quantities available.

No unconscionable conduct

You must not display 'unconscionable conduct'. Unconscionable conduct includes:

  • pressuring customers into purchases
  • dishonest or unethical behaviour
  • creating a false sense of urgency
  • using unacceptable verbal or physical behaviour

These requirements mean your website must display:

  • your full business address or telephone number
  • the total price of any goods and services you're selling
  • how much you charge for postage and delivery fees

Fair market practices

The Australian Consumer Law (ACL) website has information about:

  • unfair market practices
  • industry codes of practice
  • company mergers and acquisitions
  • product safety
  • collective bargaining
  • product labelling
  • price monitoring
  • industry regulation such as telecommunications, electricity and airports

Small businesses that buy or sell goods by weight, volume or length must also comply with the National Measurement Act 1960 and the National Trade Measurement Regulations 2009.

Businesses that short-measure their customers can be fined up to $170,000 per offence.

Visit the National Measurement Institute website for more information.

Spam and privacy laws

If you're running any aspect of your business online, the main laws that apply to you are the:

Protect customer privacy

Businesses have an obligation to protect customer privacy, especially if your customers are buying online. Customers need to know that you're protecting their information.

The Privacy Act regulates information privacy and covers many different activities and sectors. Even if your business isn't captured under the Privacy Act, you must maintain best practice privacy practices to keep your credibility in the marketplace.

Find out more about the Privacy Act on the Office of the Australian Information Commissioner (OAIC) website.

Collecting customer information

If you're collecting information about your customers, it should be:

  • accurate
  • up to date
  • secure from unauthorised access – even by employees and contractors who don't need to see that information as part of their job

Provide a privacy statement and policy

Your business privacy statement should outline:

  • whether you collect personal information, what personal information you collect and how you store it
  • what you do and don't do with the information – for example, whether you share it with other organisations
  • how people can contact you regarding the information you hold about them
  • how you will correct inaccuracies or delete information you hold about a customer

Our Privacy policy template can help you create a privacy policy that you can display on your website.

Reporting data breaches

If your business experiences a cyber attack where personal information is accessed or disclosed, you have a responsibility to notify customers and others whose personal data may be involved.

Depending on your business, you might also have to report the breach to the OAIC under the Notifiable Data Breaches (NDB) scheme.

What to do if there's a data breach

In the event of a data breach:

  1. Contain the data breach to prevent any further compromise of personal information.
  2. Assess the data breach by gathering the facts and evaluating the risks, including potential harm to affected individuals. Where possible, take action to remediate any risk of harm.
  3. Notify the individuals involved, as well as the OAIC if you're required to by the NDB scheme.
  4. Review the incident and consider what actions you can take to prevent future breaches.

Avoid sending spam

If you plan on sending marketing messages or emails as part of your business, you must first receive permission from the person who receives them. This permission can be:

  • express – if the recipient filled in a form, ticked a box on a website or otherwise gave permission for you to send emails or messages.
  • inferred – if the recipient has knowingly provided their email address or phone number and it is reasonable to expect they would receive emails or messages from your business

Once you have permission, any marketing emails or messages you send must:

  • identify you as the sender
  • contain your contact details
  • make it easy to unsubscribe

Find out more about the Spam Act and how to avoid sending spam on the Australian Communications and Media Authority (ACMA) website.