Version as at 9 November 2023
Melbourne and Olympic Parks Trust ABN 95 023 915 528 (M&OP) acknowledges the importance of individual privacy and the obligations the organisation has to protect the privacy of all individuals it engages with. M&OP is required under the Privacy and Data Protection Act 2014 (Vic) (PDP Act) to adhere to the ten Victorian Information Privacy Principles (IPPs), and to the extent it deals with health information, comply with the Health Records Act (Vic) (Health Records Act) and the relevant Health Privacy Principles (HPPs) (together, the Privacy Laws). M&OP is committed to openness and transparency with all individuals regarding their personal information and the way it is handled by the organisation.
This policy outlines M&OP’s approach to privacy including the ways in which the organisation collects, stores, uses, shares, and disseminates personal information, sensitive information and health information in accordance with the Privacy Laws.
This policy may change from time to time. You may obtain a copy of our current policy from our website or by contacting us on the details below. This policy was last updated on the date specified at the beginning of this document.
2. M&OP Core Functions and Personal Information
Section 3 of the Melbourne and Olympic Parks Act 1985 (Vic) establishes the purpose of M&OP as the facilitation of tennis, other sports, recreation, and entertainment. The collection of personal information is required by M&OP to properly carry out several of its primary activities. The information collected and held about you by M&OP will vary depending on the circumstances of collection and may include, but is not limited to, the following:
- Personal information collected through M&OP providing services to customers/patrons utilising infrastructure at the site, including car parking services and the M&OP Wi-Fi service (which will include an individual’s approximate location, to assist M&OP with analysing crowd density and traffic flow for the purposes of improving services);
- Health information for the provisions of First Aid Services (including those provided by M&OP’s nominated First Aid Service Partner – St John) or for recording if an incident has occurred at a Venue, where consent is provided;
- Images and video footage of individuals attending M&OP’s venues, including images and video footage collected for promotional purposes or collected using security cameras for security or operational purposes, including facial recognition technology (see section 12 (Surveillance) for further information);
- Personal information such as (but not limited to): name, address and date of birth requested by an Authorised Officer (as authorised under the Major Events Act 2009 (Vic)) or Victoria Police, if a person breaches the Conditions of Entry or Venue Hirer Terms of Admission or otherwise engages in unlawful activity;
- Other information provided voluntarily by an individual, for example in response to surveys or competitions, or when a person makes an enquiry to M&OP;
- Personal information of employees for payroll, taxation, and other management purposes, including your name, address, contact information, and Tax File Number;
- Background checks (including police checks and working with children checks) if an individual applies for employment or a volunteer position with M&OP;
- Personal information concerning contractors who have been engaged to provide services at M&OP venues; and
- Personal information provided as part of completing an induction training for our venue(s), which may include role-specific information.
M&OP collects this personal information in a number of ways, including:
- Directly: M&OP may collect information directly from a person, including for example: by phone, email, in an application form or competition entry form, when an individual submits information through or accesses our websites (including without limitation mopt.vic.gov.au, aamipark.com.au, rodlaverarena.com.au, margaretcourtarena.com.au, johncainarena.com.au, centrepiecemelbourne.com (together, the “M&OP Websites”)), or when an individual contacts us via our social media pages (e.g. Facebook etc). We may collect personal information regarding a child from the parent or other responsible person associated with that child.
- From third parties: M&OP may collect information from various third parties, including third party service providers, security providers, venue hirers (and, where relevant, its associated Sporting Administrators), ticket partners, commercial partners, Victoria Police and data providers.
3. Use and Disclosure of Personal Information
M&OP will only use personal information and health information provided for the purposes for which it was collected and for secondary purposes related to the primary purpose (provided an individual would reasonably expect such secondary purposes, or where otherwise required or permitted under the Privacy Laws or other applicable laws).
Such primary and related secondary purposes may include, without limitation, use of your personal information or health information to:
- administer your request for tickets to an event held at our venues (including to process payment and deal with any permitted refunds or exchanges as required);
- provide you services at our venues, including public wi-fi and parking (when requested);
- inform you of important event or venue-related information, for example time or event changes, transport information or related events;
- investigate and take action in the event the Conditions of Entry are breached, or as part of investigations of inappropriate or unlawful conduct, or if M&OP reasonably suspect a breach of an applicable law;
- manage entry to, monitor activity within and maintain the security of M&OP’s venues, including enforcing Conditions of Entry or venue bans, detecting unlawful activity or serious threats to safety, preventing crowd disturbances, resolving complaints and to assist law enforcement and M&OP’s security supplier in carrying out their responsibilities;
- provide communications an individual requests from M&OP;
- carry out market research and surveys;
- verify an individual’s identity or ability to work for M&OP;
- where applicable, complete background checks and/or working with children checks;
- administer and manage the M&OP Websites and provide individuals with access to those websites;
- track and analyse activity on the M&OP Websites;
- where an individual has opted-in, keep them informed of news and information (such as advance notice of ticket sales) relating to events at the venues; and
- research, develop, run, administer and market new competitions, activities and other events relating to our venues.
In order to provide these services, M&OP may disclose an individual’s information to:
- venue hirers (and/or, where relevant, its associated Sporting Administrators) or venue management that are responsible for the event an individual may be attending;
- third party service providers and companies (Providers) that M&OP has engaged or used to carry out functions and activities on M&OP’s behalf, including Providers involved in:
- security and monitoring of the M&OP venues / precinct;
- providing services at the venues (such as car park booking services and wi-fi providers);
- advertising and marketing our events and venues;
- employment and induction training services;
- data aggregation, enrichment, augmentation, processing, analytics and research; and
- the design, implementation, maintenance and hosting of any database on our behalf;
- Clubs involved in the event an individual attended at a venue (where permitted to do so);
- M&OP’s professional advisers, including accountants, auditors and lawyers;
- M&OP’s insurers; and
- Governmental bodies including without limitation the federal, state and territory law enforcement and security agencies such as the Australian Security Intelligence
- Organisation, the Australian Federal Police, and State and Territory policing organisations, contracted service providers to the Australian Government, and other entities, government departments and agencies.
M&OP may also disclose personal information to third parties, where required or permitted under the Privacy Laws or other applicable law, including where:
- M&OP believe the use or disclosure is reasonably necessary to assist a law enforcement body or agency (as detailed above); or
- M&OP is required or authorised by law to disclose the information.
If you subscribe to receive email communications from us and wish to unsubscribe, you can do so by using the unsubscribe link at the bottom of the email or by unsubscribing through M&OP’s online preference centre.
4. Compulsory Collection of Information
Whilst M&OP respects an individual’s right to privacy, if an individual does not provide some or all of the information that M&OP requests from them, this may affect M&OP’s ability to communicate with that individual or provide the requested products or services.
By not providing requested information, an individual may not be able to attend events at M&OP’s venues, participate in programs or competitions or apply for employment or volunteer positions with M&OP. If it is impracticable for M&OP to deal with an individual as a result of them not providing the requested information or consent, M&OP may refuse to do so.
M&OP will only share personal information with third parties in circumstances other than those detailed in a collection notice or information request where:
- the individual provides free consent for M&OP to do so;
- where M&OP is required by law to share personal information (such as to the Victorian Department of Health or Victoria Police); or
Where there is a legal requirement for an individual to share personal information with M&OP, the organisation will include legislative grounds for compulsory collection in the information request or the collection notice.
5. Security of Personal Information
M&OP stores personal information in a number of ways, including in electronic databases and systems and in paper form. M&OP has implemented technology and security policies, rules and measures to protect the personal information that we have under our control from unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss.
A range of security measures and processes are used by M&OP, including strict confidentiality requirements of M&OP’s respective employees, volunteers and service providers, security measures for system access and security measures for M&OP Websites, employee training, regular security audits and software updates, plus ensuring all data is stored on secure servers and behind firewalls.
M&OP’s Privacy Officer is responsible for controlling access to personal information within the organisation, and will work closely with the relevant departments (including, in particular, IT and security) in this regard.
6. Transborder Data Flows
M&OP will share information with parties outside of Victoria in circumstances where it is permitted by Privacy Laws to do so, including where:
- M&OP reasonably believes the recipient is subject to law, binding scheme, or contract which effectively upholds principles consistent with the Privacy Laws;
- The individual consents to the transfer;
- If consent cannot be achieved, where it is reasonably expected that the individual would consent; and/or
- The transfer is necessary for the execution of a contract between the individual and the organisation.
In circumstances where personal information is stored by M&OP in cloud servers that stores or processes information outside of Victoria, M&OP will ensure that the provider adheres to privacy and information security standards that are consistent with the Privacy Laws.
7. Destruction and Disposal of Personal Information
In accordance with the Records Management Policy, the Public Records Act 1973 (Vic) and the Privacy Laws (together, the “Documents”), M&OP will take reasonable steps to permanently de-identify or securely destroy personal information if it is no longer needed for any purpose. The length of storage will also be dependent on the type of personal information being stored.
M&OP’s Privacy Officer is responsible for ensuring the destruction or de-identification of personal information in accordance with the above Documents.
8. Privacy Complaints and Enquiries
Individuals wishing to enquire about accessing or correcting their personal information or the types of personal information M&OP collects, uses or discloses should contact M&OP by sending an email to [email protected] or by writing to:
Melbourne & Olympic Parks Trust
Individuals who would like to make a complaint about M&OP’s handling of their personal information, or who believe their privacy has been breached by M&OP or someone acting on behalf of M&OP, should lodge the complaint with M&OP by sending an email to pri[email protected] or by writing to the address set out above.
9. Sensitive Information
Sensitive information includes information regarding an individual’s racial or ethnic origin, political beliefs, membership of a political association, religious beliefs, philosophical beliefs, membership of a trade association or union, sexual practices or preferences, criminal record or health information. Financial information about a person is not considered sensitive information.
M&OP will not collect sensitive information about an individual unless:
- The individual gives consent;
- M&OP is required or authorised by law;
- It is necessary to prevent or lessen a serious threat to life or the health of any individual; or
- It is necessary for legal or equitable claims.
10. Emergency Exemptions
It some circumstances, including emergencies, M&OP may need to collect personal information about individuals where there is no time to appropriately inform individuals of all details required in a collection notice. In such circumstances, M&OP will ensure that individuals are provided with the necessary information about the use and disclosure of their personal information as soon as practical after it has been collected.
Collection of Anonymous Data
M&OP also collects anonymous data through its web server which includes the number, time and date of visits to the site and its pages.
This anonymous information is used for statistical purposes and to ensure the M&OP Websites are providing information relevant to our users.
A cookie is a block of data that is shared between a web server and a user’s browser.
Cookies can provide various types of information, depending on how they are used.
This may include information about a user’s identity and website visiting patterns and preferences.
Users may set their browser to identify the presence of cookies and to give them the option of accepting or rejecting them.
No personal information is collected and you can delete or block cookies through your browser settings. You can opt-out at any time by visiting optout.aboutads.info
To opt-out of Google Analytics tracking, you can download the browser plugin.
M&OP uses remarketing services (sometimes called interest-based advertising) to show relevant content on sites across the internet to previous visitors to our websites and newsletter subscribers.
These services allow us to tailor our advertising and marketing content so that it is relevant and suits your needs.
This is done using browser cookies, pixels and related technologies that identify whether the computer or mobile device you are using has previously interacted with particular web pages, web services or advertisements.
We may also use data provided by Ticketek to conduct remarketing based on tickets that you have purchased to events at MOPT venues.
M&OP uses Google and Facebook to collect this information on our behalf. You can ‘opt-out’ at any time by visiting www.aboutads.info/choices
Facebook Custom Ads Audiences
M&OP may use Facebook’s Custom Audiences to deliver advertisements to our subscribers on Facebook.
Your personal information is not shared with Facebook; your email address is converted to a unique number that is matched with another unique number to identify you within Facebook.
You can opt-out of Facebook Audience ads.
As referred to above, M&OP operates surveillance cameras (including via closed circuit television) which may incorporate facial recognition technology in the M&OP precinct (including at each of its venues, and in the precinct generally) for security and monitoring purposes (“CCTV”), including (but not limited to):
- managing entry to M&OP’s venues;
- monitoring activity within M&OP’s venues (which may include population movement, density & queue management);
- minimising and detecting unlawful activity;
- preventing or lessening serious threats to safety of persons or security of infrastructure;
- resolving complaints;
- investigating and enforcing disciplinary actions; and
- monitoring, preventing and responding to crowd disturbances.
The personal information collected by CCTV (including still images and recordings) may be provided to:
- law enforcement and regulatory agencies responsible for government and public security / safety;
- third party service providers responsible for security and/or monitoring of the precinct / venues; and/or
- the relevant venue hirer (and/or, where relevant, its associated Sporting Administrators) responsible for the event,
We may use facial recognition technology through the surveillance cameras within the M&OP precinct in limited circumstances, for the purposes set out above, as well as for other purposes with which you have agreed such as entering our venues. Please see the Conditions of Entry for further information.