Privacy Policy

Our Privacy Policy seeks to safeguard the privacy of your personal information by observing the Australian Privacy Policy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act)

In addition to this policy, we may also have specific and additional privacy provisions which apply to certain activities and promotions. In the event of any inconsistency between the provisions of this Privacy Policy and those other specific and additional provisions, the specific and additional provisions will prevail.

This Privacy Policy (and our specific and additional privacy provisions) may be amended by the MRRU from time to time.


If you have any queries with respect to this Privacy Policy, please telephone our General Counsel: Michèle Williams on 03 9516 0000 or email or mail to P.O. Box 6176, St. Kilda Road Central, Victoria, 8008.


This Privacy Policy applies to personal information collected by MRRU and its associated entities.


4.1 Why we need personal information

The MRRU collects personal information in the course of administering the game of Rugby Union in Victoria, including without limitation when we provide you with services, these include:

(a) requesting of services;

(b) purchasing tickets for Rugby Union matches;

(c) entering competitions and promotions;

(d) subscribing to, or seeking to be registered in or for, our membership programmes or newsletters;

(e) accessing our websites (including cookies);

(f) application forms;

(g) email;

(h) over the phone; and/or

(i) when you purchase anything from us via your credit card.

In addition, there may also be certain laws which may require us to collect personal information from you. Where these apply, we will provide you with information about our legal requirements when we collect your personal information.

4.2 Collecting information from third parties

We endeavour to collect your personal information directly in the course of administering the game of Rugby Union; however there may be instances where we collect this information from other entities, including:

(a) third parties whose data is procured by MRRU;

(b) ticketing agent(s);

(c) our Members (including without limitation the Super Rugby Licensees and the State and Territory Unions); and/or

(d) MRRU contractors or service providers who have obtained your personal information.

4.3 What type of information do we collect?

We most commonly collect personal information in relation to rugby participants (both paid and unpaid), including without limitation players, officials, members, ticket purchasers, spectators, supporters, subscribers to our membership programmes, newsletters and promotional offers, and other persons.

The types of personal information we may collect depends on the purpose for which it has been collected, but may include your name, address, email address, telephone number, playing history, purchasing preferences and financial details, among other things.

4.4 What about ‘sensitive information’?

We will not ask you for information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or details of health, disability or sexual activity or orientation, unless:

(a) you consent to providing that information to us;

(b) the collection of that information is specifically authorised by law;

(c) the collection is necessary to lessen a serious or imminent threat to your health or safety or the health or safety of another person; or

(d) the collection of the information is necessary for the establishment, exercise or defence of a legal claim.

4.5 What happens if you do not provide personal information?

If you do not provide us with accurate or complete information when we request it, we may not be able to provide you with a proper level of service.

4.6 What about Credit Card details?

To safeguard your credit card details, we will not collect or store your credit card details on this website. Sensitive cardholder data is managed independently by the Australia and New Zealand Banking Group Ltd (ANZ) through the ANZ eGate internet payment facility.

All credit card transactions are SSL encrypted by the ANZ bank with Fraud Minimisation tools such as Verified by VisaTM (VbV) or MasterCard SecureCodeTM used for your added security.


5.1 Who may view your personal information?

We will only grant access to others to view your personal information where we believe it is necessary, and in your best interests, for those people to view your personal information. In general, only our employees or subcontractors may view your personal information.

We will only disclose personal information to a third party if:

(a) that disclosure is required to give effect to the purposes for which we collected the information;

(b) we have your consent to that disclosure;

(c) we believe that the disclosure may lessen a risk of harm to your health or safety, or to the health or safety of another person;

(d) we are required by law to disclose the information;

(e) the disclosure is required for the enforcement of a criminal law or a law imposing a pecuniary penalty or for the protection of public revenue; or

(f) the third party is our agent or contractor and is required by us to keep that personal information confidential and will only use that information for the purposes for which it is disclosed.

5.2 How your personal information will be used?

We will use personal information about you for the following primary purposes:

(a) promotion and administration of the game of Rugby Union;

(b) registration, selection and insurance purposes;

(c) provision of rugby activities and rugby-related services;

(d) assessing the level of interest in the game of Rugby Union; and

(e) provision of rugby-related information, materials and promotional opportunities by the MRRU to you.

5.3 Will we use your personal information for any other purpose?

We will not use personal information for secondary purposes (a purpose other than the primary purpose) unless:

(a) you have consented to a secondary use or disclosure;

(b) you would reasonably expect us to use or disclose your personal information for the secondary purpose that is related to the primary purpose;

(c) it is to conform with the requirements of the law or to comply with legal process served upon us;

(d) it is to fulfil a permitted general situation or health situation under the Privacy Act;

(e) it is to conform and protect our interests in regards to Regulation 6: Anti-Corruption and Betting of the World Rugby Organisation (;

(f) it is to protect or defend our legal rights or property, or

(g) it is to investigate, prevent or take action regarding illegal activities, suspected fraud, or violations of the terms and conditions of using the MRRU website.

5.4 Will your personal information be disclosed to anyone else?

Unless you inform us otherwise, we may disclose your information to our Members (including without limitation the Super Rugby Licensees and the State and Territory Unions) to enable them to promote and administer the game of Rugby Union in their area and provide rugby activities and rugby-related services.

We may from time to time disclose your personal information to our service providers, agents and contractors to help us provide and market services to you. For example, we use third parties to provide credit card payment gateway services on our website. If you pay for services via our website we will provide certain financial details to third parties to provide this service. If we disclose information to third parties, we generally require these parties to protect your information in the same way we do.

Unless you inform us otherwise, we may disclose your information to our sponsors and partners to enable them to provide you with information, materials and promotional opportunities.

5.5 Where is your personal information stored?

We may store your personal information in both hard copy and on computer. Hard copy information is kept under lock and key. Information stored on computer is generally password protected. The security of your personal information is very important to us, and we are committed to protecting the information that we collect. We have security measures in place at our facilities to protect against the loss, misuse or alteration of information that MRRU has collected from you at our website. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100 percent secure. As a result, while we strive to protect your personal information, MRRU cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk.

5.6 International transfers

In some cases we may transfer personal information about you to someone who is in a foreign country (for example for the purposes of storing information, administering our overseas supporters program, a foreign rugby union, the International Rugby Board, or a foreign anti-doping authority) As required by law, if we transfer personal information to a foreign country we will first obtain your written consent before doing so and will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles or this Privacy Policy.


Any personal information collected from you via our websites and via email are governed by this policy.

Where we communicate by email with you, we may ask you for personal information which is related to the purpose of that communication.

6.1 What is cookies?

When you visit our website, MRRU automatically collects certain non-personal data by various means, one of which is “cookies.” A cookie is an alphanumeric string of text (a unique identifier) that our web-server stores in your computer by means of your web-browser. The cookie allows us to recognize your computer when you revisit our site. We can then improve your use of the site, for example by providing quick log-in, displaying only products, and saving you from retyping information in a form. Cookies also allow us to analyse aggregate traffic on the site, in order to streamline navigation and keep the content accessible and valuable for all visitors. You can configure your browser to reject cookies, but doing so may disable some of our site’s features. Cookies do not contain personal data, nor can they read or transmit any data on your computer’s hard drive. They can, nonetheless, be combined with personal data that you knowingly provide, to create a profile. MRRU does not use cookies in this manner without your express consent. Regardless of cookies, all web-browsers transmit the IP address of the computer on which they are running (so that the web-server knows where to send the requested web page).

6.2 Can your viewing habits be tracked?

We may track your viewing habits to allow us to tailor your web surfing experience.

When you visit our website, Facebook page or other digital properties, the MRRU may track anonymous information which tells us about visitors’ online behaviour, but not the identity of those visitors.


If we collect personal information for direct marketing purposes (either to market ours or someone else’s products), then we will try to first obtain your consent before we market directly to you.

If we cannot practically obtain your consent, then we may still directly market to you, provided that:

(a) we advise you that you can be taken off the mailing list at any time;

(b) you have not previously asked to be taken off the mailing list; and

(c) we display our contact details clearly in each direct marketing publication.

If you wish to be taken off any mailing list, please contact our Privacy Officer.


8.1 When we can withhold your information

We may withhold access to your personal information in a number of circumstances. These include where:

(a) providing access would pose a serious and imminent threat to the life or health of a person;

(b) providing access would have an unreasonable impact on the privacy of others;

(c) the information is subject to confidentiality where the person who provided the information to us did so expressly on the condition that it remains confidential;

(d) the request is vexatious or frivolous;

(e) the information relates to legal proceedings between us and the information would not be required to be discovered to a court;

(f) we are in commercial negotiations with you and the information would reveal our intentions;

(g) providing access would be unlawful or we are required by a law to withhold access; or

(h) providing access could prejudice the investigation or detection by our organisation or by a government body of an unlawful activity or some serious or improper misconduct.

(i) the entity has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has been, is being or may be engaged in;

(j) giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or

(k) giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

(l) giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.

The MRRU is not under any obligation to provide personal information to you where we are not required to do so under the Australian Privacy Principles or otherwise at law.

8.2 Written reasons

Where we do withhold your personal information, we may instead choose to give you a summary of that information.

8.3 Third party intermediary

If we withhold access to your personal information, we will consider whether the provision of access to an independent third party will meet both of our needs.


The MRRU will also take reasonable steps to protect your personal information from misuse, loss and unauthorised access, modification, interference or disclosure. Your information shall be protected either at MRRU or in overseas storage facilities. However, as the internet is not a secure environment any information you send us via that method is sent at your own risk.

Our website may contain links which enable you to access other websites. We are not responsible for the content or privacy practices of those sites.

We will take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any legitimate purpose. This requirement does not apply where the information is contained in a Commonwealth record or where we are required by law or a court/tribunal order to retain the information.


The MRRU will take reasonable steps to make sure that the personal information we hold on you is accurate, complete and up-to-date. If you think that any information we hold about you is inaccurate, please contact us.


All correction and access requests should be placed in writing and should set out as much information as you can about the information you seek in order to help us retrieve it. We may charge an access fee to cover our costs of supplying personal information to you. In order that this information is made available to you some notice is required so that we may have the documentation ready for your inspection.


We may modify this Privacy Policy at any time in our sole discretion. We will make all modifications available on our websites.


If at any time you believe that the MRRU has wrongfully disclosed your personal information or has breached this privacy policy, then you may lodge a complaint with us by contacting us