Privacy Policy


The purpose of this Privacy Policy is to:

  • clearly communicate the personal information handling practices of NEC ;
  • enhance the transparency of NEC’s operations, and
  • give individuals a better and more complete understanding of the sort of personal information that NEC holds, and the way we handle that information.

Part A - Our Personal Information Handling Practices

Our obligations under the Privacy (Enhancing Privacy Protections) Act 2012 (Cth)

This Privacy Policy sets out how we comply with our obligations under the Privacy (Enhancing Privacy Protections) Act 2012 (amended Privacy Act). As a body corporate trading in Australia, NEC is an ‘APP entity” as defined by the amended Privacy Act, so is bound by the Australian Privacy Principles (“APP’s”).

In this privacy policy, 'Personal Information' means “information or an opinion about an identified individual who is reasonably identifiable: whether the information is true or not; and whether the information or opinion is recorded in a material form or not.” (Section 6(1) Privacy Act).


We will only collect personal information from you or your authorised representative where such collection is necessary and directly related to our functions and activities.

Sometimes we may need to collect personal information from a third party or a publicly available source, but only if you have consented to such collection or would reasonably expect us to collect your personal information in this way, or if it is necessary for a specific purpose such as conducting a credit check or police check.

Use and disclosure

We only use personal information for the purposes for which it was given to us, or for purposes which are directly related to one of our functions or activities, and we do not give it to government agencies, private sector organisations or anyone else unless one of the following applies:

  • the individual has consented
  • the individual would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies
  • it is otherwise required or authorised by law
  • it will prevent or lessen a serious and imminent threat to somebody's life or health
  • it is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue.

Data quality

We take steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.

Data security

We take steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse. These steps include password protection for accessing our electronic IT system, securing paper files in locked cabinets and physical access restrictions.

When no longer required, personal information is destroyed in a secure manner.

We have developed a Data Breach Response Plan and where we have reasonable grounds to believe that there has been an eligible data breach, we will provide a statement to the OAIC as soon as practicable, and we will also notify each of the individuals to whom the relevant information relates and each of the individuals who are at risk from the eligible data breach.

Access and correction

If an individual requests access to the personal information we hold about them, or requests that we change that personal information, we will allow access or make the changes unless we consider that there is a sound reason under the amended Privacy Act or other relevant law to withhold the information, or not make the changes.

If we do not agree to make requested changes to personal information the individual may make a statement about the requested changes and we will attach this to the record.

Individuals can obtain further information about how to request access or changes to the information we hold about them by contacting us (see details below).

How to make a complaint

You can complain to us in writing about how we have handled your personal information. The NEC Privacy Officer will investigate your complaint and will endeavour to provide a written response within thirty (30) days of receipt of the complaint setting out NEC's decision.

If you are dissatisfied with NEC’s response to your complaint you can take your complaint to the Office of the Australian Information Commissioner (“OAIC”). The Australian Information Commissioner may then investigate and attempt to conciliate the matter.

How to contact us

If you have any questions in relation to privacy, please contact us on 13 16 32 between 9.00am and 5.00pm Monday to Friday. Alternatively you can write to Locked Bag 38003, Docklands VIC 8012 or email.

Part B - Information collected online by NEC

NEC’s website

NEC provides information about its products and services on its website. When you visit the NEC website, the web server may record anonymous information such as the time, date and URL of the visitor. The information that is collected is very limited and is used to assist NEC to improve the structure of its website and monitor the performance of the website.

We do not use the information that is collected to personally identify you or anyone else.


Our website may use “cookies”. A cookie is a small text file that the website may place on your computer to improve your experience of the NEC website. You may choose to disable cookies in your browser but by doing so, you may be unable to access some advanced functions on the website.

Use and disclosure

We do not give personal information collected online to other agencies, organisations or anyone else without your consent unless you would reasonably expect, or have been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.

Data quality

We will delete or correct any personal information that we hold about you on request. If you are on one of our automated email lists, you may opt out of further contact from us by clicking the 'unsubscribe' link at the bottom of the email.

Data security

We take all reasonable steps to manage data stored on our servers to ensure data security.