Privacy Statement

Our statement

• Our commitment

  Commitment to protecting an individual’s rights to privacy

  The Victorian Convention and Event Trust (VCET), operator of the Melbourne Convention and Exhibition Centre (MCEC) and Nyaal Banyul Geelong Convention and Event Centre on behalf of the State Government of Victoria, provides a range of services for customers, contractors, employees, and the general public.

  VCET recognises the importance of protecting the privacy and the rights of an individual in relation to their personal information. The protection of an individual’s information is an integral part of VCET’s commitment towards complete accountability and integrity in its activities and programs. VCET is committed to the responsible handling of all information collected in compliance with its obligations as required by the Privacy Act 1988 (Cth), the Privacy and Data Protection Act 2014 (Vic),and the Health Records Act 2001 (Vic).

  This statement outlines VCET’s policy on how it collects, manages, and uses an individual’s information (including personal information, sensitive information and health information) and what to do if an individual has questions, concerns or complaints about MCET’s handling of it.

• Information collection

  What is Personal Information?

  When used in this privacy statement, the term “personal information” has the meaning given to it in the Privacy and Data Protection Act 2014 (Vic). In general terms, it is any information that can be used to personally identify a person and may include “sensitive information”, such as information about your health, racial or ethnic origin, political opinions, association memberships, religious affiliation, sexual orientation, criminal history, genetic or biometric information.

  ---

  How VCET collects an individual’s information

  VCET may collect an individual’s information directly, for example:

  • In person

  • Via mail

  • Via email

  • Via People and Culture services portal

  • From enquiries on MCEC’s and Nyaal Banyul’s websites.

  In the event VCET collects information from a third party, VCET will ensure the information is collected in accordance with its obligations under applicable law. When collecting information from a minor, parent/guardian consent will be obtained.

  Our Website - Use of ‘cookies’ and analytics

  Cookies – MCEC’s and Nyaal Banyul’s websites may use ‘cookies’ which are an industry standard and used by most major websites. Cookies may be used for a variety of purposes, for example, to recognise a computer that has previously visited the website and to understand preferences and site behaviour.

  Online activity – MCEC and Nyaal Banyul may use Google Analytics and other web server applications to track visits to its website. MCEC’s and Nyaal Banyul’s websites use this information to track the effectiveness of its website such as visits, lengths of visits, viewed pages. This data is mainly anonymous.

  ---

  Information collection

  Personal Information is only collected as is necessary to enable VCET to carry out its functions or activities. These could include:

  • fulfilling VCET’s functions and powers under applicable law including the Victorian Convention and Events Trust Act 1996 (Vic)

  • handing enquiries or complaints from customers and potential customers and the general public, visitors and the receipt of correspondence and other unsolicited information

  • conducting audits and inspections

  • receiving or processing requests for access to information, including requests under the Freedom of Information Act 1982 (Vic) or in response to the requirements of courts and tribunals

  • compilation of analysis of information and statistics

  • receiving applications for employment from individuals

  • collecting responses to surveys, event invitations and research conducted by VCET or on its behalf

  • communicating with individuals through various publications and social media and

  • marketing to individuals with new business updates, offerings, and services

  When collecting information, VCET will take reasonable steps to inform the individual from whom information is collected of what information is being sought, for what purpose, whether any law requires the collection of the information and the main consequences, if any, of not providing the information.

• Use and disclosure

  Use and disclosure 

  VCET will only use an individual’s personal information for the primary purpose for which it was given and/or is required by the Privacy and Data Protection Act 2014 (Vic). At the time of collection, using a Collection Notice, VCET will take reasonable steps to ensure that it makes an individual aware of how the information collected will be used. 

  Secondarily, Personal Information that is collected by VCET may be disclosed to VCET employees and relevant service providers whose duties require them to use, protect and handle an individual’s information in accordance with the Privacy and Data Protection Act 2014 (Vic) and any other applicable legislation regulating the collection, use, disclosure, storage and disposal of personal, sensitive or health information.

  Personal Information provided by an individual will not be used and/or disclosed by VCET for any purpose other than for the purposes of the transaction entered into unless such a disclosure is required or authorised by the Privacy and Data Protection Act 2014 or another law, for example, law enforcement purposes or to reduce the threat of harm.

  ---

  Third party access

  VCET may engage external suppliers to assist it in its activities (for example, for marketing purposes), and may provide an individual’s information to them to achieve this. VCET will use all reasonable endeavours to ensure that third party suppliers keep an individual’s information confidential.

  VCET does not sell or share its databases with any third party but may share information about events with other government departments responsible for tourism, the arts or events within the State of Victoria.

  ---

  Unique identifiers

  VCET does not use unique identifiers from other organisations (such as Centrelink or Australian Taxation Office) to identify individuals.

  ---

  Anonymity

  VCET will respect an individual’s choice to remain anonymous. However, an individual’s right to remain anonymous may limit the actions that VCET is able to take or limit VCET’s ability to provide information it may be asked to produce. VCET may be unable to investigate and manage a complaint under the Privacy and Data Protection Act 2014 (Vic) and applicable internal policies where the complainant wishes to remain anonymous. Please consult VCET’s Public Interest Disclosure Policy and Guidelines on either of its intranets or websites about the making of a public interest disclosure regarding improper conduct or detrimental action of a member of VCET’s staff.

  ---

  Direct marketing

  VCET will only send an individual direct marketing materials if it believes an individual would reasonably expect to receive them or where they have consented by requesting directly to be added to our mailing list, receiving our electronic newsletters, or opting in through our website subscription form.

  MailChimp

  MailChimp collects Personal Information, including email addresses, and all information relating to those email addresses and it is used for the distribution and management of MCEC’s and Nyaal Banyul’s newsletters and to measure the performance monitoring of email campaigns.

  For more information on the information MailChimp will collect, please refer to the MailChimp’s Privacy Policy and the MailChimp Terms of Use.

  Opting Out

  An individual can ‘opt out’ of receiving marketing communications from VCET by:

  • Advising VCET they no longer wish to receive marketing calls

  • Using the ‘unsubscribe’ facility that MCET will include in its electronic marketing messages

  • Contacting VCET Privacy officer via the contact details below

• Data quality, security and breaches

  Data quality and security

  VCET takes reasonable steps to ensure the information it holds remains accurate, complete and up to date. Where possible, VCET will check the accuracy of personal information with an individual before it is used.

  VCET uses several procedural, physical, software and hardware safeguards, together with access controls, secure methods of communication, back-up and disaster recovery systems to protect information from misuse and loss, unauthorised access, modification and disclosure.

  Links - Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website and we are not responsible for the privacy policies or the content of any third-party website. Third party websites are responsible for informing about their own privacy practices.

  ---

  Transborder data flows

  VCET uses technology delivered in a Software as a Service (SaaS) model to enable the organisation to undertake its functions. All reasonable endeavours are made to ensure that personal, and health related information remains stored in Victoria in line IPP 9 of the Privacy and Data Protection Act (Vic) or within Australia in line with APP 8 of the Privacy Act (Cth).

  From time to time there may be a compelling case for the use of a particular SaaS product/vendor, where information is not stored within Victorian or Australian borders. VCET must ensure that the protections of the information will remain substantially similar to the Privacy Act (Cth) or the Privacy and Data Protection Act (Vic) requirements and that the SaaS vendor has the ability to deliver that protection.

  MailChimp is based in the United States of America (USA) and is subject to the laws of the USA. Your information (including your IP address) will be transmitted to and stored by MailChimp on servers located outside Australia.

  Complaints and data breaches

  All complaints will be investigated and responded to within a reasonable period of time from the date of receipt. Information breaches regarding privacy are governed at VCET by the organisation’s Information Breach Response Plan (Procedure) and managed in accordance with the requirements of the State and Commonwealth privacy regulators.

  Any complaints about the way VCET manages an individual’s privacy can be made by contacting the VCET Privacy Officer via the contact details below.

  If a complainant is not satisfied with the outcome of their complaint with VCET with regard to a privacy matter, the matter can referred to the Office of the Victorian Information Commissioner, see website https://ovic.vic.gov.au/ telephone 1300 006 842 , email to enquiries@ovic.vic.gov.au .

  How we comply with the Notifiable Data Breaches Scheme

  VCET will notify affected people in the event of an information breach that involves their personal information. This notification will include recommendations about the steps should take in response to the breach. VCET will also notify the Office of Australian Information Commissioner and the Office of the Victorian Information Commissioner of eligible information breaches. Any suspected information breach reported to us will be assessed to determine it’s impact and whether it is a Notifiable Breach.

• Access and correction

  Access and correction

  VCET endeavours to maintain accurate records. Subject to law, VCET will provide individuals with reasonable access to information about them upon written request to the Privacy Officer via contact details below, identifying the scope and type of documentation or information requested. VCET will take steps to verify the identity of any individual who requests access to, or correction of, their information before considering the request. VCET will resolve the request within 28 days of receipt of the request, if possible, otherwise VCET will provide reasons for any delay in responding. In this instance the request will be completed as soon as practicable, but no later than 45 days after its receipt.

  Requests for access to or correction of an individual’s information will be handled in accordance with the Freedom of Information Act 1982 (Vic).

  Although VCET will not charge a fee for access to or correction of an individual’s information, VCET may charge a reasonable fee to retrieve and copy that material. Where a request seeks the production of an amount of information that is extensive, VCET will endeavour to advise an estimated cost in advance.

• Privacy impact assessment

  Privacy impact assessment

  During the planning phase of new VCET programs or initiatives which involve the collection, storage, or use of personal, or health information, a Privacy Impact Assessment may be undertaken. Assessments will consider compliance with relevant privacy laws, privacy risks and risk mitigation strategies.

  ---

  Changes to our privacy policy

  We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website.

• Contact

  Contact information

  If you have any questions in relation to privacy or this policy, please contact VCET at:

  Privacy Officer

  Victorian Convention and Event Trust

  GPO BOX 777 , MELBOURNE, VICTORIA 3001, AUSTRALIA

  Tel: (+61) 03 9235 8000

  Email: privacy@mcec.com.au

• References and procedure details

  References

  External

  • Privacy and Data Protection Act 2014 (Vic)

  • Privacy Act 1988 (Cth)

  • Health Records Act 2001 (Vic)

  • Public Interest Disclosures Act 2012 (Vic)

  • Freedom of Information Act 1982 (Vic)

  Internal

  • Information Governance Framework

  • Privacy Impact Assessment Template

  • Information Breach Response Plan (Procedure)

  • P&C Privacy Use and Disclosure Statement

  • Grievance Policy and Procedure

  • Acceptable Use Policy

  • Generative Artificial Intelligence Policy

  ---

  Procedure details

  Division name – Strategy & Governance​

  Department - ​​Governance & Compliance ​

  Responsible Officer - ​​Manager - Governance & Compliance ​

  Review Frequency - ​​Two Yearly​

  Policy ID - ​​VCET-725537380-7340​ 

  Version - 2.0

  Approved Date – 22/05/2025

  Next Review Date - 22/05/2027