Privacy Statement

The Great Ocean Road Coast and Parks Authority (the Authority) is committed to protecting your personal information by complying with the information privacy principles set out in the Privacy and Data Protection Act 2014 (PDPA), and where relevant, the health privacy principles set out in the Health Records Act 2001 (HRA) - collectively the ‘Acts’.

The Authority uses the words ‘personal information’ to include personal information and health information. The term ‘users’ in this statement refers to anyone who wishes to access information concerning the Authority by using this website or anyone that provides information to the Authority as part of any of its functions.

Functions of the Authority

The Authority is a statutory authority governed by a Board of Directors that was established on 1 December 2020 and operates under the Great Ocean Road and Environs Protection Act 2020.

The Authority manages, protects, rehabilitates and fosters resilience of the natural, cultural and heritage values of coastal Crown land and marine waters along the Great Ocean Road. Further information about our functions can be found on the About section of our website.


The Authority will only collect personal information that is necessary for it to perform its functions and activities. Examples of when the Authority may collect personal information includes to:

  • enable you to use or access a service provided by the Authority,
  • resolve any queries you may have,
  • make a payment for an activity or service by credit card, or
  • enable you to participate in an activity or consultation facilitated by the Authority.

In most cases, the Authority will collect personal information directly from you. That could occur when you deal with it over the telephone, send correspondence (by letter or e-mail) or by direct entry into the Authority’s systems via a web service. The information may include your name, home or work address and telephone number, emergency contact details, and e-mail address. In some situations, it may also include sensitive or health information such as disability needs.

Use and Disclosure

The primary purpose of collecting personal information is to enable the Authority to carry out its functions and activities. Personal information will be used for that purpose, and in other cases where consent has been given.

Your personal information may be disclosed to, or stored by, the Authority’s contractors (third-party service providers) where necessary for it to perform its functions or activities – for example when the Authority contracts a company to conduct a survey of visitors, or an IT services contract. Those contractors are required to be bound by the information privacy principles in the same way and to the same extent as the Authority is bound.

The Authority may otherwise use or disclose your personal information where required or authorised by law, which may include emergency situations and assisting law enforcement agencies.

The Authority may also use your personal information to provide you with information about other services or activities offered or available through the Authority. This type of communication will provide you the option to ‘opt-out’ at any time.

Subscriptions and electronic direct mail may be supported by third-party vendors. The Authority only shares details with these vendors to assist with managing delivery, technical issues and the prevention of fraud or security issues. Your information will be stored on secure databases which may reside overseas. If you do not want your personal information being stored offshore, please do not submit personal information to us or ‘opt-out’ of these services.

Protection of personal information

Where necessary, the Authority will securely retain information as part of its obligations under the Public Records Act 1973. The Authority will take reasonable steps to:

  • protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure; and
  • destroy or permanently de-identify personal information if it is no longer needed for any purpose.
Access to your personal information

The Authority will (unless an exemption applies) at your request provide you with access to the personal information it holds about you as quickly as possible. If you need to access or correct any personal information we hold about you, please contact the Authority by writing.

You should provide the Authority with as much detail as possible about the particular information you seek, in order to assist to retrieve it. A reasonable access fee may be charged to cover the Authority’s costs of providing the information to you. In certain circumstances, the Authority may not be required by law to provide access or to correct your personal information. If that is the case you will be provided with reasons for that course of action.

For access to your personal information, to make a complaint about a breach of your privacy, or for advice on how your personal information is collected or used, please contact the Authority in writing:

Great Ocean Road Coast and Parks Authority
Phone: 1300 736 533
Mail: P.O. Box 53, Torquay VIC 3228

Using this site

You can access and browse this website anonymously, without disclosing your personal information. This website does not retrieve or record any personal information except that which you provide freely in response to a specific query via one of the site's feedback or registration forms or registering to be a portal user. Any personal information you provide will be managed in accordance with the Privacy Statement. Users should be aware that there are inherent risks in transmitting information across the Internet.

The Authority uses third-party vendor re-marketing tracking cookies, including the Google Ads and Facebook Ads tracking cookies. This means the Authority will continue to show ads to you across the internet. This may be through Google Search, the Google Display Network, Facebook or Instagram. As always, the Authority respects your privacy and are not collecting any personal information through use of these third-party remarketing systems.

The third-party vendors, including Google and Facebook, will place cookies on web browsers in order to serve ads based on past visits to our website. This allows the Authority to continue to market our accommodation and services to those who have shown interest in them. You can opt out of personalised advertising via your Google Ad settings or Facebook Ad settings.


The website is not knowingly linked to sites that are insecure or invasive of privacy. However, when you link to another site, the Authority recommends you validate the security settings and read the privacy statement of that site to familiarise yourself with its privacy provisions. The Authority cannot guarantee your privacy will be protected when you link to another site.