Privacy Statement
This statement outlines MCET’s policy on how it collects, manages, and uses an individual’s information (including personal information, sensitive information and health information) and what to do if an individual has questions, concerns or complaints about MCET’s handling of it.
Our statement
Commitment to protecting an individual’s rights to privacy
The Melbourne Convention and Exhibition Trust (MCET), operator of the Melbourne Convention and Exhibition Centre (MCEC) and Nyaal Banyul on behalf of the State Government of Victoria, provides a range of services for customers, contractors, employees, and the general public.
MCET recognises the importance of protecting the privacy and the rights of an individual in relation to their personal information. The protection of an individual’s information is an integral part of MCET’s commitment towards complete accountability and integrity in its activities and programs. MCET is committed to the responsible handling of all information collected in compliance with its obligations as required by the Privacy Act 1988 (Cth), the Privacy and Data Protection Act 2014 (Vic), and the Health Records Act 2001 (Vic).
Our statement
Commitment to protecting an individual’s rights to privacy
The Melbourne Convention and Exhibition Trust (MCET), operator of the Melbourne Convention and Exhibition Centre (MCEC) and Nyaal Banyul on behalf of the State Government of Victoria, provides a range of services for customers, contractors, employees, and the general public.
MCET recognises the importance of protecting the privacy and the rights of an individual in relation to their personal information. The protection of an individual’s information is an integral part of MCET’s commitment towards complete accountability and integrity in its activities and programs. MCET is committed to the responsible handling of all information collected in compliance with its obligations as required by the Privacy Act 1988 (Cth), the Privacy and Data Protection Act 2014 (Vic), and the Health Records Act 2001 (Vic).
What is Personal Information?
When used in this privacy statement, the term “personal information” has the meaning given to it in the Privacy and Data Protection Act 2014 (Vic). In general terms, it is any information that can be used to personally identify a person and may include “sensitive information”, such as information about your health, racial or ethnic origin, political opinions, association memberships, religious affiliation, sexual orientation, criminal history, genetic or biometric information.
How MCET collects an individual’s information
MCET may collect an individual’s information directly, for example:
In person
Via mail
Via email
Via People and Culture services portal
From enquiries on MCEC’s and Nyaal Banyul’s websites.
In the event MCET collects information from a third party, MCET will ensure the information is collected in accordance with its obligations under applicable law. When collecting information from a minor, parent/guardian consent will be obtained.
Our Website - Use of ‘cookies’ and analytics
Cookies – MCET’s website may use ‘cookies’ which are an industry standard and used by most major websites. Cookies may be used for a variety of purposes, for example, to recognise a computer that has previously visited the website and to understand preferences and site behaviour.
Online activity – MCET may use Google Analytics and other web server applications to track visits to its website. MCET can use this information to track the effectiveness of its website such as visits, lengths of visits, viewed pages. This data is mainly anonymous.
Information collection
Personal Information is only collected as is necessary to enable MCET to carry out its functions or activities. These could include:
fulfilling MCET’s functions and powers under applicable law including the Melbourne Exhibition and Convention Centre Trust Act 1996 (Vic)
handing enquiries or complaints from customers and potential customers and the general public, visitors and the receipt of correspondence and other unsolicited information
conducting audits and inspections
receiving or processing requests for access to information, including requests under the Freedom of Information Act 1982 (Vic) or in response to the requirements of courts and tribunals
compilation of analysis of information and statistics
receiving applications for employment from individuals
collecting responses to surveys, event invitations and research conducted by MCET or on its behalf
communicating with individuals through various publications and social media and
marketing to individuals with new business updates, offerings, and services
When collecting information, MCET will take reasonable steps to inform the individual from whom information is collected of what information is being sought, for what purpose, whether any law requires the collection of the information and the main consequences, if any, of not providing the information.
MCET will only use an individual’s personal information for the primary purpose for which it was given and/or is required by the Privacy and Data Protection Act 2014 (Vic). At the time of collection, using a Collection Notice, MCET will take reasonable steps to ensure that it makes an individual aware of how the information collected will be used.
Secondarily, Personal Information that is collected by MCET may be disclosed to MCET employees and relevant service providers whose duties require them to use, protect and handle an individual’s information in accordance with the Privacy and Data Protection Act 2014 (Vic) and any other applicable legislation regulating the collection, use, disclosure, storage and disposal of personal, sensitive or health information.
Personal Information provided by an individual will not be used and/or disclosed by MCET for any purpose other than for the purposes of the transaction entered into unless such a disclosure is required or authorised by the Privacy and Data Protection Act 2014 or another law, for example, law enforcement purposes or to reduce the threat of harm.
Third party access
MCET may engage external suppliers to assist it in its activities (for example, for marketing purposes), and may provide an individual’s information to them to achieve this. MCET will use all reasonable endeavours to ensure that third party suppliers keep an individual’s information confidential.
MCET does not sell or share its databases with any third party but may share information about events with other government departments responsible for tourism, the arts or events within the State of Victoria.
Unique identifiers
MCET does not use unique identifiers from other organisations (such as Centrelink or Australian Taxation Office) to identify individuals.
Anonymity
MCET will respect an individual’s choice to remain anonymous. However, an individual’s right to remain anonymous may limit the actions that MCET is able to take or limit MCET’s ability to provide information it may be asked to produce. MCET may be unable to investigate and manage a complaint under the Privacy and Data Protection Act 2014 (Vic) and applicable internal policies where the complainant wishes to remain anonymous. Please consult MCET’s Public Interest Disclosure Policy and Guidelines on its Intranet or website about the making of a public interest disclosure regarding improper conduct or detrimental action of a member of MCET’s staff.
Direct marketing
MCET will only send an individual direct marketing materials if it believes an individual would reasonably expect to receive them or where they have consented by requesting directly to be added to our mailing list, receiving our electronic newsletters, or opting in through our website subscription form.
MailChimp
MailChimp collects Personal Information, including email addresses and all information relating to those email addresses and is used for the distribution and management of MCEC’s and Nyaal Banyul’s newsletters and to measure the performance monitoring of email campaigns.
For more information on the information MailChimp will collect, please refer to the MailChimp’s Privacy Policy and the MailChimp Terms of Use .
Opting Out
An individual can ‘opt out’ of receiving marketing communications from MCET by:
Advising MCET they no longer wish to receive marketing calls
Using the ‘unsubscribe’ facility that MCET will include in its electronic marketing messages
Contacting MCET Privacy officer via the contact details below:
By email at privacy@mcec.com.au
By letter addressed to: Privacy Officer - Melbourne Convention and Exhibition Trust, GPO BOX 777, MELBOURNE, VICTORIA 3001 AUSTRALIA
Calling us on 03 9235 8000 Monday to Friday 9am to 5pm (excluding public holidays).
MCET takes reasonable steps to ensure the information it holds remains accurate, complete and up to date. Where possible, MCET will check the accuracy of personal information with an individual before it is used.
MCET uses several procedural, physical, software and hardware safeguards, together with access controls, secure methods of communication, back-up and disaster recovery systems to protect information from misuse and loss, unauthorised access, modification and disclosure.
Links - Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website and we are not responsible for the privacy policies or the content of any third-party website. Third party websites are responsible for informing about their own privacy practices.
Transborder data flows
MCET uses technology delivered in a Software as a Service (SaaS) model to enable the organisation to undertake its functions. All reasonable endeavours are made to ensure that personal, and health related information remains stored in Victoria in line IPP 9 of the Privacy and Data Protection Act (Vic) or within Australia in line with APP 8 of the Privacy Act (Cth).
From time to time there may be a compelling case for the use of a particular SaaS product/vendor, where information is not stored within Victorian or Australian borders. MCET must ensure that the protections of the information will remain substantially similar to the Privacy Act (Cth) or the Privacy and Data Protection Act (Vic) requirements and that the SaaS vendor has the ability to deliver that protection.
MailChimp is based in the United States of America (USA) and is subject to the laws of the USA. Your information (including your IP address) will be transmitted to and stored by MailChimp on servers located outside Australia.
Complaints and data breaches
All complaints will be investigated and responded to within a reasonable period of time from the date of receipt. Data breaches regarding privacy are governed at MCET by the organisation’s Information Breach Response Plan (Procedure) and managed in accordance with the requirements of the State and Commonwealth privacy regulators.
Any complaints about the way MCET manages an individual’s privacy can be made contacting MCEC Privacy Officer via the contact details below:
By phone on (+61) 03 9235 8000
By email at privacy@mcec.com.au or
By post at: Privacy Officer - Melbourne Convention and Exhibition Trust, GPO BOX 777, MELBOURNE, VICTORIA 3001 AUSTRALIA
If a complainant is not satisfied with the outcome of their complaint with MCET with regard to a privacy matter, the matter can referred to the Office of the Victorian Information Commissioner, see website https://ovic.vic.gov.au/ telephone 1300 006 842 , email to enquiries@ovic.vic.gov.au .
How we comply with the Notifiable Data Breaches Scheme
MCET will notify people affected in the event personal information is involved in a data breach that is likely to result in serious harm. This notification will include recommendations about the steps should take in response to the breach. MCET will also notify the Office of Australian Information Commissioner of eligible data breaches. Each suspected data breach reported to us will be assessed to determine whether it is likely to result in serious harm, and as a result, require notification.
MCET endeavours to maintain accurate records. Subject to law, MCET will provide individuals with reasonable access to information about them upon written request to the Privacy Officer via contact details below identifying the scope and type of documentation or information requested. MCET will take steps to verify the identity of any individual who requests access to, or correction of, their information before considering the request. MCET will resolve the request within 28 days of receipt of the request, if possible, otherwise MCET will provide reasons for any delay in responding. In this instance the request will be completed as soon as practicable, but no later than 45 days after its receipt.
Requests for access to or correction of an individual’s information will be handled in accordance with the Freedom of Information Act 1982 (Vic).
Although MCET will not charge a fee for access to or correction of an individual’s information, MCET may charge a reasonable fee to retrieve and copy that material. Where a request seeks the production of an amount of information that is extensive, MCET will endeavour to advise an estimated cost in advance.
During the planning phase of new MCET programs or initiatives which involve the collection, storage, or use of personal, or health information, a Privacy Impact Assessment may be undertaken. Assessment will consider compliance with relevant privacy laws, privacy risks and risk mitigation strategies.
If you have any questions in relation to privacy or this policy, please contact MCET at:
Privacy Officer, Strategy and Governance
Melbourne Convention and Exhibition Trust
GPO Box 777, Melbourne VIC 3001, Australia
Tel: (+61) 03 9235 8000
Email: privacy@mcec.com.au
References
External
Privacy and Data Protection Act 2014 (Vic)
Privacy Act 1988 (Cth)
Health Records Act 2001 (Vic)
Public Interest Disclosures Act 2012 (Vic)
Freedom of Information Act 1982 (Vic)
Internal
Information Management Policy
Privacy Impact Assessment Template
Information Breach Response Plan (Procedure)
P&C Privacy Use and Disclosure Statement
Fraud and Corruption Control Policy
Compliance Policy
Grievance Procedure Policy
Acceptable Use Policy
Information Security Policy
Procedure details
Division name – Finance
Department - Legal, Risk & Compliance
Sponsor - Chief Financial Officer
Responsible Officer - Head of Legal, Risk and Compliance
Review Frequency - Annual
Policy ID - MCET-725537380-6502
Approved Date – 10/07/2024
Next Review Date - 09/07/2025
Version – 1.0