As operators of the future Nyaal Banyul Geelong Convention and Event Centre, we Acknowledge the Traditional Owners of Djilang (Geelong), the Wadawurrung people of the Kulin Nation. We pay respects to their Elders past and present, and thank them for gifting the centre its name, returning language to Country. Meaning ‘open your eyes to the hills’, once open, Nyaal Banyul will encourage visitors to the centre to look deeply and appreciate the landscapes and history of Wadawurrung Country.

Geelong's new event venue opens July 2026.

Book now.

Privacy Statement

This statement outlines MCET’s policy on how it collects, manages, and uses an individual’s information (including personal information, sensitive information and health information) and what to do if an individual has questions, concerns or complaints about MCET’s handling of it.

Our statement

  • Commitment to protecting an individual’s rights to privacy

    The Melbourne Convention and Exhibition Trust (MCET), operator of the Melbourne Convention and Exhibition Centre (MCEC) and Nyaal Banyul Geelong Convention and Event Centre (Nyaal Banyul) on behalf of the State Government of Victoria, provides a range of services for customers, contractors, employees, and the general public.

    MCET recognises the importance of protecting the privacy and the rights of an individual in relation to their personal information. The protection of an individual’s information is an integral part of MCET’s commitment towards complete accountability and integrity in its activities and programs. MCET is committed to the responsible handling of all information collected in compliance with its obligations as required by the Privacy Act 1988 (Cth), the Privacy and Data Protection Act 2014 (Vic), and the Health Records Act 2001 (Vic).

  • What is Personal Information?

    When used in this privacy statement, the term “personal information” has the meaning given to it in the Privacy and Data Protection Act 2014 (Vic). In general terms, it is any information that can be used to personally identify a person and may include “sensitive information”, such as information about your health, racial or ethnic origin, political opinions, association memberships, religious affiliation, sexual orientation, criminal history, genetic or biometric information.

    How MCET collects an individual’s information

    MCET may collect an individual’s information directly, for example:

    • In person

    • Via mail

    • Via email

    • Via People and Culture services portal

    • From enquiries on MCEC’s and Nyaal Banyul’s websites.

    In the event MCET collects information from a third party, MCET will ensure the information is collected in accordance with its obligations under applicable law. When collecting information from a minor, parent/guardian consent will be obtained.

    Our Website - Use of ‘cookies’ and analytics

    Cookies – MCET’s website may use ‘cookies’ which are an industry standard and used by most major websites. Cookies may be used for a variety of purposes, for example, to recognise a computer that has previously visited the website and to understand preferences and site behaviour.

    Online activity – MCET may use Google Analytics and other web server applications to track visits to its website. MCET can use this information to track the effectiveness of its website such as visits, lengths of visits, viewed pages. This data is mainly anonymous.

    Information collection

    Personal Information is only collected as is necessary to enable MCET to carry out its functions or activities. These could include:

    • fulfilling MCET’s functions and powers under applicable law including the Melbourne Exhibition and Convention Centre Trust Act 1996 (Vic)

    • handing enquiries or complaints from customers and potential customers and the general public, visitors and the receipt of correspondence and other unsolicited information conducting audits and inspections

    • receiving or processing requests for access to information, including requests under the Freedom of Information Act 1982 (Vic) or in response to the requirements of courts and tribunals

    • compilation of analysis of information and statistics

    • receiving applications for employment from individuals

    • collecting responses to surveys, event invitations and research conducted by MCET or on its behalf

    • communicating with individuals through various publications and social media

    • and marketing to individuals with new business updates, offerings, and services

    When collecting information, MCET will take reasonable steps to inform the individual from whom information is collected of what information is being sought, for what purpose, whether any law requires the collection of the information and the main consequences, if any, of not providing the information.

  • MCET will only use an individual’s personal information for the primary purpose for which it was given and/or is required by the Privacy and Data Protection Act 2014 (Vic). At the time of collection, using a Collection Notice, MCET will take reasonable steps to ensure that it makes an individual aware of how the information collected will be used.

    Secondarily, Personal Information that is collected by MCET may be disclosed to MCET employees and relevant service providers whose duties require them to use, protect and handle an individual’s information in accordance with the Privacy and Data Protection Act 2014 (Vic) and any other applicable legislation regulating the collection, use, disclosure, storage and disposal of personal, sensitive or health information.

    Personal Information provided by an individual will not be used and/or disclosed by MCET for any purpose other than for the purposes of the transaction entered into unless such a disclosure is required or authorised by the Privacy and Data Protection Act 2014 or another law, for example, law enforcement purposes or to reduce the threat of harm.

    Third party access

    MCET may engage external suppliers to assist it in its activities (for example, for marketing purposes), and may provide an individual’s information to them to achieve this. MCET will use all reasonable endeavours to ensure that third party suppliers keep an individual’s information confidential.

    MCET does not sell or share its databases with any third party but may share information about events with other government departments responsible for tourism, the arts or events within the State of Victoria.

    Unique identifiers

    MCET does not use unique identifiers from other organisations (such as Centrelink or Australian Taxation Office) to identify individuals.

    Anonymity

    MCET will respect an individual’s choice to remain anonymous. However, an individual’s right to remain anonymous may limit the actions that MCET is able to take or limit MCET’s ability to provide information it may be asked to produce. MCET may be unable to investigate and manage a complaint under the Privacy and Data Protection Act 2014 (Vic) and applicable internal policies where the complainant wishes to remain anonymous. Please consult MCET’s Public Interest Disclosure Policy and Guidelines on its Intranet or website about the making of a public interest disclosure regarding improper conduct or detrimental action of a member of MCET’s staff.

    Direct marketing

    MCET will only send an individual direct marketing materials if it believes an individual would reasonably expect to receive them or where they have consented by requesting directly to be added to our mailing list, receiving our electronic newsletters, or opting in through our website subscription form.

    MailChimp

    MailChimp collects Personal Information, including email addresses and all information relating to those email addresses and is used for the distribution and management of MCEC’s and Nyaal Banyul’s newsletters and to measure the performance monitoring of email campaigns.

    For more information on the information MailChimp will collect, please refer to the MailChimp’s Privacy Policy and the MailChimp Terms of Use.

    Opting Out

    An individual can ‘opt out’ of receiving marketing communications from MCET by:

    Advising MCET they no longer wish to receive marketing calls

    Using the ‘unsubscribe’ facility that MCET will include in its electronic marketing messages

    Contacting MCET Privacy officer via the contact details below:

    • By letter addressed to: Privacy Officer, Strategy and Governance, Melbourne Convention and Exhibition Trust, GPO Box 777, Melbourne VIC 3001, Australia

    • Calling us on 03 9235 8000 Monday to Friday 9am to 5pm (excluding public holidays).

  • MCET takes reasonable steps to ensure the information it holds remains accurate, complete and up to date. Where possible, MCET will check the accuracy of personal information with an individual before it is used.

    MCET uses several procedural, physical, software and hardware safeguards, together with access controls, secure methods of communication, back-up and disaster recovery systems to protect information from misuse and loss, unauthorised access, modification and disclosure.

    Links - Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website and we are not responsible for the privacy policies or the content of any third-party website. Third party websites are responsible for informing about their own privacy practices.

    Transborder data flows

    MCET uses technology delivered in a Software as a Service (SaaS) model to enable the organisation to undertake its functions. All reasonable endeavours are made to ensure that personal, and health related information remains stored in Victoria in line IPP 9 of the Privacy and Data Protection Act (Vic) or within Australia in line with APP 8 of the Privacy Act (Cth).

    From time to time there may be a compelling case for the use of a particular SaaS product/vendor, where information is not stored within Victorian or Australian borders. MCET must ensure that the protections of the information will remain substantially similar to the Privacy Act (Cth) or the Privacy and Data Protection Act (Vic) requirements and that the SaaS vendor has the ability to deliver that protection.

    MailChimp is based in the United States of America (USA) and is subject to the laws of the USA. Your information (including your IP address) will be transmitted to and stored by MailChimp on servers located outside Australia.

    Complaints and data breaches

    All complaints will be investigated and responded to within a reasonable period of time from the date of receipt. Data breaches regarding privacy are governed at MCET by the organisation’s Information Breach Response Plan (Procedure) and managed in accordance with the requirements of the State and Commonwealth privacy regulators.

    Any complaints about the way MCET manages an individual’s privacy can be made contacting MCET Privacy Officer via the contact details below:

    • By phone on (+61) 03 9235 8000

    • By post at: Privacy Officer - Melbourne Convention and Exhibition Trust, GPO BOX 777, MELBOURNE, VICTORIA 3001 AUSTRALIA

    If a complainant is not satisfied with the outcome of their complaint with MCET with regard to a privacy matter, the matter can referred to the Office of the Victorian Information Commissioner, see website https://ovic.vic.gov.au / telephone 1300 006 842 , email to enquiries@ovic.vic.gov.au .

    How we comply with the Notifiable Data Breaches Scheme

    MCET will notify people affected in the event personal information is involved in a data breach that is likely to result in serious harm. This notification will include recommendations about the steps should take in response to the breach. MCET will also notify the Office of Australian Information Commissioner of eligible data breaches. Each suspected data breach reported to us will be assessed to determine whether it is likely to result in serious harm, and as a result, require notification.

  • MCET endeavours to maintain accurate records. Subject to law, MCET will provide individuals with reasonable access to information about them upon written request to the Privacy Officer via contact details below identifying the scope and type of documentation or information requested. MCET will take steps to verify the identity of any individual who requests access to, or correction of, their information before considering the request. MCET will resolve the request within 28 days of receipt of the request, if possible, otherwise MCET will provide reasons for any delay in responding. In this instance the request will be completed as soon as practicable, but no later than 45 days after its receipt.

    Requests for access to or correction of an individual’s information will be handled in accordance with the Freedom of Information Act 1982 (Vic).

    Although MCET will not charge a fee for access to or correction of an individual’s information, MCET may charge a reasonable fee to retrieve and copy that material. Where a request seeks the production of an amount of information that is extensive, MCET will endeavour to advise an estimated cost in advance.

  • During the planning phase of new MCET programs or initiatives which involve the collection, storage, or use of personal, or health information, a Privacy Impact Assessment may be undertaken. Assessment will consider compliance with relevant privacy laws, privacy risks and risk mitigation strategies.

  • If you have any questions in relation to privacy or this policy, please contact MCET at:

    Privacy Officer, Strategy and Governance

    Melbourne Convention and Exhibition Trust

    GPO Box 777, Melbourne VIC 3001, Australia

    Tel: (+61) 03 9235 8000

  • References

    External

    • Privacy and Data Protection Act 2014 (Vic)

    • Privacy Act 1988 (Cth)

    • Health Records Act 2001 (Vic)

    • Public Interest Disclosures Act 2012 (Vic)

    • Freedom of Information Act 1982 (Vic)

    Internal

    • Information Management Policy

    • Privacy Impact Assessment Template

    • Information Breach Response Plan (Procedure)

    • P&C Privacy Use and Disclosure Statement

    • Fraud and Corruption Control Policy

    • Compliance Policy

    • Grievance Procedure Policy

    • Acceptable Use Policy

    • Information Security Policy

    Procedure Details

    Division name – Finance

    Department - Legal, Risk & Compliance

    Sponsor - Chief Financial Officer

    Responsible Officer - Head of Legal, Risk and Compliance

    Review Frequency - Annual

    Policy ID - MCET-725537380-6502

    Approved Date – 10/07/2024

    Next Review Date - 09/07/2025

    Version – 1.0