Privacy Statement
This statement outlines MCET’s policy on how it collects and uses an individual’s information (including personal information, sensitive information and health information) and what to do if an individual has questions, concerns or complaints about MCET’s handling of it.
Our statement
Commitment to protecting an individual’s rights to privacy
The Melbourne Convention and Exhibition Trust (MCET) operates the Melbourne Convention and Exhibition Centre (MCEC) on behalf of the State Government of Victoria, providing a range of services for customers, contractors, employees, and the general public.
The protection of an individual’s information is an integral part of MCET’s commitment towards complete accountability and integrity in its activities and programs. MCET is committed to the responsible handling of all information collected in compliance with its obligations as required by the Privacy and Data Protection Act 2014 (Vic), the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic).
Our statement
Commitment to protecting an individual’s rights to privacy
The Melbourne Convention and Exhibition Trust (MCET) operates the Melbourne Convention and Exhibition Centre (MCEC) on behalf of the State Government of Victoria, providing a range of services for customers, contractors, employees, and the general public.
The protection of an individual’s information is an integral part of MCET’s commitment towards complete accountability and integrity in its activities and programs. MCET is committed to the responsible handling of all information collected in compliance with its obligations as required by the Privacy and Data Protection Act 2014 (Vic), the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic).
Information is only collected as is necessary to enable MCET to carry out its functions or activities. These could include:
fulfilling MCET’s functions and powers under applicable law including the Melbourne Exhibition and Convention Centre Trust Act 1996 (Vic)
responding to complaints about MCET and its officers
handing enquiries from customers and potential customers and the general public, visitors and the receipt of correspondence and other unsolicited information
conducting audits and inspections
receiving or processing requests for access to information, including requests under the Freedom of Information Act 1982 (Vic) or in response to the requirements of courts and tribunals
compilation of analysis of information and statistics
receiving applications for employment from individuals
collecting responses to surveys, event invitations and research conducted by MCET or on its behalf
communicating with individuals through various publications and social media.
When collecting information, MCET will take reasonable steps to inform the individual from whom information is collected of what information is being sought, for what purpose, whether any law requires the collection of the information and the main consequences, if any, of not providing the information.
How MCET collects an individual’s information
MCET will collect an individual’s information directly, for example:
In person
Via mail
Via email
Via People and Culture services portal
From enquiries on MCET’s website
In the event MCET collects information from a third party, MCET will ensure the information is collected in accordance with its obligations under applicable law. When collecting information from a minor, parent/guardian consent will be obtained.
Use of ‘cookies’ and analytics
Cookies
MCET’s website may use ‘cookies’ which are an industry standard and used by most major websites. Cookies may be used for a variety of purposes, for example, to recognise a computer that has previously visited the website and to understand preferences and site behaviour.
Online activity
MCET may use Google Analytics and other web server applications to track visits to its website. MCET can use this information to track the effectiveness of its website such as visits, lengths of visits, viewed pages. This data is mainly anonymous.
MCET will only use an individual’s personal information for the purpose (primary) for which it was given and/or required by the Privacy and Data Protection Act 2014 (Vic). At the time of collection, using a Collection Notice, MCET will take reasonable steps to ensure that we make an individual aware of how the information collected will be used.
Personal information that is collected by MCET may be disclosed to MCET employees and contractors whose duties require them to use protect and handle an individual’s information in accordance with the Privacy and Data Protection Act 2014 (Vic) and any other applicable legislation regulating the collection, use, disclosure, storage and disposal of personal, sensitive or health information.
Personal information provided by an individual will not be used and/or disclosed by MCET for any purpose other than that for the purposes of the transaction entered into unless such a disclosure is required or authorised by the Privacy and Data Protection Act 2014 or another law, for example, law enforcement purposes or to reduce the threat of harm.
Third party access
MCET may engage external suppliers to assist it in its activities (for example, for marketing purposes), and may provide an individual’s information to them to achieve this. MCET will use all reasonable endeavours to ensure that third party suppliers keep an individual’s information confidential.
MCET does not sell or share its databases with any third party but may share information about events with other government departments responsible for tourism, the arts or events within the State of Victoria.
Direct marketing
MCET will only send an individual direct marketing materials if it believes an individual would reasonably expect to receive them or where they have consented.
Opting Out
An individual can ‘opt out’ of receiving marketing communications from MCET by:
Advising MCET they no longer wish to receive marketing calls
Using the ‘unsubscribe’ facility that MCET will include in its electronic marketing messages
Contacting us:
By email at privacy@mcec.com.au
By letter addressed to: Privacy Officer - Melbourne Convention and Exhibition Trust, GPO BOX 777, MELBOURNE, VICTORIA 3001 AUSTRALIA
Calling us on 03 9235 8000 Monday to Friday 9am to 5pm (excluding public holidays).
MCET takes reasonable steps to ensure the information it holds remains accurate, complete and up to date. Where possible, MCET will check the accuracy of personal information with an individual before we use it.
MCET uses a number of procedural, physical, software and hardware safeguards, together with access controls, secure methods of communication, back-up and disaster recovery systems to protect information from misuse and loss, unauthorised access, modification and disclosure.
Unique identifiers
MCET does not use unique identifiers from other organisations (such as Centrelink or Australian Taxation Office) to identify individuals.
Anonymity
MCET will respect an individual’s choice to remain anonymous. However, an individual’s right to remain anonymous may limit the actions that MCET is able to take or limit MCET’s ability to provide information it may be asked to produce. MCET is unable to investigate and manage a complaint under the Privacy and Data Protection Act 2014 (Vic) where the complainant wishes to remain anonymous.
Transborder data flows
MCET uses technology delivered in a Software as a Service (SaaS) model to enable the organisation to undertake its functions. All reasonable endeavours are made to ensure that personal, sensitive and health related information remains stored in Victoria in line IPP 9 of the Privacy and Data Protection Act (Vic) or within Australia in line with APP 8 of the Privacy Act (Cth).
From time to time there may be a compelling case for the use of a particular SaaS product/vendor, where information is not stored within Victorian or Australian borders. MCET must ensure that the protections of the information will remain substantially similar to the Privacy and Data Protection Act (Vic) or the Privacy Act (Cth) requirements and that the SaaS vendor has the ability to deliver that protection.
Complaints and data breaches
Complaints about the way MCET manages an individual’s privacy can be made:
By phone on (+61) 03 9235 8000
By email at privacy@mcec.com.au or
By post at: Privacy Officer - Melbourne Convention and Exhibition Trust, GPO BOX 777, MELBOURNE, VICTORIA 3001 AUSTRALIA
All complaints will be investigated and responded to within a reasonable period of time from the date of receipt. Data breaches regarding privacy are governed at MCET by the organisation’s Data Breach Response Plan (Procedure) and managed in accordance with the requirements of the State and Commonwealth privacy regulators.
If a complainant is not satisfied with the outcome of their complaint with MCET with regard to a privacy matter, the matter can referred to the Office of the Victorian Information Commissioner, see website https://ovic.vic.gov.au/ telephone 1300 006 842 , email to enquiries@ovic.vic.gov.au .
MCET endeavours to maintain accurate records. Subject to law, MCET will provide individuals with reasonable access to information about them upon written request to the Privacy Officer identifying the scope and type of documentation or information requested. MCEC will take steps to verify the identity of any individual who requests access to, or correction of, their information before considering the request. MCET will resolve the request within 28 days of receipt of the request, if possible, otherwise MCET will provide reasons for any delay in responding. In this instance the request will be completed as soon as practicable, but no later than 45 days after its receipt.
Requests for access to or correction of an individual’s information will be handled in accordance with the Freedom of Information Act 1982 (Vic).
Although MCET will not charge a fee for access to or correction of an individual’s information, MCET may charge a reasonable fee to retrieve and copy that material. Where a request seeks the production of an amount of information that is extensive, MCET will endeavour to advise an estimated cost in advance.
During the planning phase of new MCET programs or initiatives which involve the collection, storage, or use of personal, sensitive or health information, a Privacy Impact Assessment will be undertaken. Assessment will consider compliance with relevant privacy laws, privacy risks and risk mitigation strategies.
If you have any questions in relation to privacy or this policy, please contact MCET at:
Privacy Officer
Melbourne Convention and Exhibition Trust
GPO BOX 777
MELBOURNE, VICTORIA 3001
AUSTRALIA
Tel: (+61) 03 9235 8000
Email: privacy@mcec.com.au
External references
Privacy Act 1988 (Cth)
Health Records Act 2001 (Vic)
Privacy and Data Protection Act 2014 (Vic)
Internal references
Privacy Impact Assessment template
Data Breach Response Plan (Procedure)
Procedure Details
Division name – Corporate Governance
Sponsor - Chief Financial Officer
Responsible Officer - Head of Legal, Risk and Compliance
Review Frequency - Annually
Policy ID - MCET-725537380-3056
Approved Date – 30/01/2023
Version – 3.0