Covid-19 Coronavirus

Privacy Notice

This privacy notice explains what information Treasury collects and what that information is used for.

The Treasury (including the Assessor of Income Tax and Collector of Customs and Excise) is a data controller for the purposes of the Data Protection Act 2018 and the Data Protection (Application of GDPR) Order 2018 and the Data Protection (Application of LED) Order 2018, together with any regulations made under them (Manx Data Protection Legislation).

Please note the Social Security Division has its own privacy notice.

When we collect your personal data we will:

  • Only collect what we need and no more
  • Keep your information secure
  • Tell you how we will use your information
  • Delete your information when it is no longer needed
  • Only process your information in line with the Manx Data Protection Legislation.

This Privacy Notice defines what happens when you give personal information to the Treasury and will explain:

  • What information is collected and why
  • Who is collecting it
  • How it is collected
  • Why it is being collected
  • How it will be used
  • How long it will be kept
  • Who it will be shared with
  • How your information will be kept secure
  • Your choices, including how to access and update information

If you have any questions or comments on this Privacy Notice please email the Data Protection Officer for the Treasury.

To contact the Data Protection Officer for the Treasury:

Email: DPO-Treasury@gov.im 

Phone: +44 1624 686791

Financial Governance Division,
First Floor,
Central Government Offices,
Bucks Road,
Douglas,
IM1 3PX,
Isle of Man

We will be alert to any guidance from the regulator, the Information Commissioner, as the situation changes, to ensure that we comply with any guidance or changes to information rights.

For more information on Coronavirus (COVID-19), see gov.im/coronavirus.

How and why we ask you to share your personal information

We collect and process information, including personal data, to provide effective and efficient services and so that we may carry out our lawful functions.

We use your personal data in line with the rules set out in the Manx Data Protection Legislation for the following reasons:

  • Where you have agreed to the process
  • To allow Treasury to communicate with you
  • To process payments you make to Treasury
  • To make payments to you
  • To provide access to other services provided by Treasury
  • To analyse the use and quality of our services and to make improvements

Treasury holds your information for the following purposes:

  • Assessment and collection of tax, national insurance contributions, rates, VAT, customs and excise duties and other indirect taxes;
  • Making refunds and repayments of tax, national insurance contributions, rates, VAT, customs and excise duties and other indirect taxes
  • Assessing entitlement to social security benefits, state pensions and other payments out of the national insurance fund, and making payments as appropriate
  • Enforcing import and export legislation and financial sanctions
  • Administering the national minimum wage, grants and loans, the legal aid system, courts (civil, family, summary and high court), tribunals and discharge of court business, criminal injuries compensation panel, government debts including factoring of debts and international tax exchange agreements
  • Prevention and detection of crime
  • Carrying out research and statistical analysis including insurance risk management, economic and social research in relation to residents and visitors
  • General administration, staff administration, education and training, accounts and records and advertising, marketing and public relations.
  • To advertise tenders and enter into contracts with suppliers
  • Giving advice or rendering professional services and provision of services of an advisory, consultancy or intermediary nature, including Isle of Man job centre careers advice
  • The provision of any service to others, including disability employment services register of local disabled people looking for employment and monitoring of employed disabled people

What types of personal data do we collect about you

Category of dataExamples of that type of data
Personal details Name, email address, telephone number, address
Personal details of third parties, including members of your family spouse, civil partner, your children and anyone else who lives with you Their name, address, date of birth, gender
Personal identification data Name, title, date of birth, gender
Government identifiers Tax Reference Number, National Insurance Number,
Financial details Invoice number, income and expenditure details, wealth, debts, bank account details
Employment details  Past, current and prospective employers, amounts paid, pension scheme details
Goods or services provided  details of the goods or services supplied such as licences issued, agreements and contracts.
Education and training details  Academic qualifications, training courses undertaken or to be undertaken, CPD details
Family, lifestyle and social circumstances Dependents, marital status, next of kin and contact details
Other information Feedback, comments, complaints

We may also process certain special categories of information for specific and limited purposes such as detecting and preventing crime. We will only process special categories of information where we have obtained your explicit consent or are otherwise lawfully permitted to do so. This may include:

  • Information about racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data, biometric data
  • Data concerning health
  • Criminal proceedings, outcomes and sentences;
  • Details of Civil, Family and Tribunal cases
  • Offences (including alleged offences)

Legal basis we use to process your personal data

Treasury will only process your personal data if it is lawful to do so. We may rely on:

  • Your consent – if we rely on your consent to process your data you may withdraw your consent at any time by contacting the Data Protection Officer for the Treasury
  • The need to meet a legal obligation in carrying out our statutory functions
  • The need to meet a request you have made for information or a service
  • The need to prevent or investigate suspected or actual violations of law
  • The need to protect the public interest
  • The need to retain information for historical or archiving purposes by the Public Record Office under the Public Records Act 1999

How long do we keep your personal data?

We will only keep your information for the minimum time necessary in accordance with Treasury’s retention periods.

This may be to:

  • Respond to an enquiry from you
  • To meet a legal obligation in carrying out our statutory functions
  • Conclude financial end of year processing
  • Review an award of a Social Security benefit or a state pension
  • Provide a history of transactions for your Procurement account

The default standard retention period for Treasury records is 6 years plus current year, otherwise known as 6 years +1. This is defined as 6 years after the last entry in a record followed by first review and/or destruction to be carried out in the additional current (+1) accounting year.

Records are only retained beyond the default Treasury retention period if their retention can be justified for statutory, regulatory, legal or security reasons or for their historic value.

Protecting your information

The security and confidentiality of your information is very important to us.

Treasury will:

  • Ensure safeguards are in place to make sure personal data is kept secure in compliance with our information security policy and standards;
  • Ensure that your data remains under the control of our authorised controllers and processors with adequate safeguards to protect your rights
  • Ensure only authorised staff are able to view your data
  • Not make your information available for commercial use
  • Only ask you for what is needed

Sharing the information we collect about you

We may share your information with third parties, such as:

  • Other IoM Government Departments, Boards and Offices to provide a service or information you have requested, or where it is otherwise lawful to do so
  • UK Government Departments, such as HMRC, the Home Office, HM Treasury and the Department for Work and Pensions, for taxation, National Insurance, benefits and state pension purposes
  • Foreign tax and customs authorities; state pensions and benefits purposes
  • TV Licensing on behalf of the BBC, in relation to an age-related concession
  • Medical practitioners and other health care professionals, in connection with claims for certain Social Security benefits
  • The police or law enforcement agencies in any country to meet international obligations, e.g. for the prevention or detection of crime;
  • Fraud prevention agencies
  • Advocates and lawyers, if it is required in connection with legal proceedings or prospective legal proceedings
  • The Courts and tribunals
  • IoM Post, for mailing and benefit payment purposes
  • External contractors, who maintain and development our information and communications infrastructure
  • Merchant service providers for the purpose of making / receiving online payments

We will not sell your personal data to other companies, organisations or individuals.

Treasury will only share your personal data with other companies, governments, competent authorities, organisations or individuals where it is fair and lawful for us to do so.

Your personal information will not be disclosed to any third party not mentioned above without your prior consent or where Treasury is required to do so by law.

Your Rights

To ask if we hold personal information about you

You can ask to see any information we hold about you by making a Subject Access Request.

You can review your personal information and ensure it is accurate

Where possible we will provide you with access to the information we hold about you so that you can view this information and provide a means for you to have this information changed if it is not accurate.

To remove your personal information

In certain circumstances you can ask for your information to be deleted. Please note that as part of the Treasury’s statutory functions some information may need to be retained.

To make a complaint

If you are unhappy with the way we deal with your personal information you can submit a complaint to the Data Protection Officer for the Treasury who will work with you to resolve any issues.

Email: DPO-Treasury@gov.im
Telephone: +44 1624 686791

Financial Governance Division,
First Floor,
Central Government Offices,
Bucks Road,
Douglas,
IM1 3PX,
Isle of Man

The Isle of Man’s Information Commissioner is the independent authority responsible for upholding the public's information rights and promoting and enforcing compliance with the Island's information rights legislation.

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Manx Data Protection Legislation .

Will this privacy notice change?

This Privacy Notice may change. We will not reduce your rights under this Privacy Notice without your consent. If any significant change is made to this Privacy Notice we will provide a prominent notice on the Treasury Privacy Notice webpage so you can review changes.

Fair Processing Notice – Loan Guarantee Arrangement

The Isle of Man Government, through the Treasury (‘the controller’), is offering a Loan Guarantee Arrangement (‘the Arrangement’) as part of a number of financial measures that are being put in place in order to provide financial assistance to local individuals and businesses that have been affected by the COVID-19 pandemic.

1. The Data Protection Law

The controller acknowledges its obligations pursuant to the Data Protection (Application of GDPR) Order 2018 and the GDPR and LED Implementing Regulations 2018 (‘the Data Protection Law’) which provides a number of requirements in terms of processing activities involving personal data.  The controller further acknowledges the general principles of processing as well as the rights of a data subject, which are contained in the Data Protection Law, at Articles 5 to 22 of the Data Protection (Application of GDPR) Order 2018 in the Annex.

2. Information to be given to Data Subjects

The Data Protection Law outlines the information that must be given to data subjects before or at the time the personal data is collected from the data subject.  This information can be summarised as follows:

The identity and contact details of the controller and data protection team

See the details in section 3 of this notice

Whether any of the personal data is special category data

None of the personal data collected by the controller for the Arrangement constitutes special category data, as defined by the Data Protection Law.

The source of the personal data

None of the personal data processed for the purpose of the Arrangement has been collected from a publically available source.  All of the personal data has been collected directly from the respective lenders (banks and other lending companies) or their professional advisors which collected the personal data directly from the individual(s) requesting financial support via the Arrangement.

The purposes and the legal basis of the processing

The personal data collected for the purposes of the Arrangement is:

  • the full name of the applicant and in the case of a body corporate this will include the directors and other significant living individuals who control the applicant’s business
  • accompanying financial information including the amount of new loan or overdraft under the Arrangement and the purposes for which it is to be used
  • Whether the applicant has previously applied for a loan or overdraft and any information as to why it was refused or approved
  • the amount of existing borrowing facilities and current sums advanced or committed
  • repayment term of loan (length of period)
  • details of any security taken against the new borrowing
  • confirmation that the payments on existing borrowings are up to date, or details of any arrears, any holiday period that has been granted and any revised terms during the life of the loan.

The controller may also hold and process personal data belonging to employees of:

  • Applicants and their professional advisors
  • Lenders and their professional advisors

The lending companies will process applications received from customers, including determining whether the application is eligible for the Arrangement, and will make a decision whether to approve or decline the application.  There may be an automated process for some of the Arrangement which is operated by the lending company, and the applicant will need to review the lending company’s privacy statement to find out if any decisions are subject to automated decision making. 

The lending companies will then provide details of the customer applications, both approved and declined, in order that the controller can monitor and calculate their exposure and therefore future liability under the Arrangement.  Once an application has been approved, the controller will then process the personal data in order to give effect to the support offered by the Arrangement.

The lawful basis for the processing by the controller is that processing is necessary for the exercise of performance by a public authority of a function that is of a public nature, or a task carried out in the public interest (contained in Article 6(e) of the Data Protection (Application of GDPR) Order 2018)).  In provision of the Arrangement, the controller intends to provide for financial assistance in the exceptional circumstances of the COVID-19 pandemic, using powers in the Financial Provisions and Currency Act 2011.

Where the lawfulness of processing is based on the processing being necessary for the legitimate interests of the controller or a third party, the legitimate interests concerned

The controller is not relying on “legitimate interest” as a lawful basis for processing.

The recipients or categories of recipients of the personal data, if any

The personal data may be disclosed to:

  • Other Departments, Boards or Offices of the Isle of Man Government; and/or
  • Professional advisors of the Isle of Man Government;
  • Banks and other financial institutions engaged by the Isle of Man Government in relation to the Arrangement

Personal data transferred to an authorised or an unauthorised jurisdiction

Personal data may be transferred to the following jurisdictions under the Arrangement: 

  • Jersey,
  • Guernsey,
  • United Kingdom. 

Although Isle of Man branches of a bank may administer the application process, certain levels of approvals are often sought, or advice in other jurisdictions from ‘group’ arrangements such that branches in the Isle of Man will locally administer but may transfer data outside of the Isle of Man.

The period for which the personal data is expected to be stored

The personal data will be stored by the controller 6 years following the date of the loan being repaid by the applicant under the Arrangement or written off by the controller.  Full privacy information, including the retention schedule for documents held by the controller which can be found here.

The data subject rights under the Data Protection Law

For more information in relation to the data subject rights:

Where the lawfulness of processing is based on consent, the existence of the right to withdraw consent at any time

When applying for financial support under the Arrangement, individuals provide their consent to processing until such a time as their application is approved by the controller.  Individuals can withdraw their consent at any time and their application will be withdrawn.  Once an application has been approved, the lawful basis for processing relates to the contractual agreement in place between the controller/lender, and the applicant.

The right to complain to the Information Commissioner

Please see section 3 of this notice

Decisions made based on automated processing

No processing decisions will be based on automated processing.

3. Contact Details

The contact details of the controller are as follows:

Financial Governance Division
Treasury
First Floor
Central Government Office
Bucks Road
Douglas
Isle of Man
IM1 3PX 

The contact details for the controller’s Data Protection Officer are as follows:

Email:DPO-Treasury@gov.im
Website: www.gov.im/about-the-government/departments/the-treasury/privacy-notice/
Telephone: +44 1624 686791

The contact details for the Isle of Man Information Commissioner are as follows:

The Office of the Information Commissioner
Prospect Hill
Douglas
Isle of Man
IM1 1ET

E-mail ask@inforights.im
Website: www.inforights.im 
Telephone: +44 1624 693260

 Isle of Man Disruption Loan Guarantee Scheme

Fair Processing Notice - Working Capital Loan Guarantee Arrangement

The Isle of Man Government, through the Treasury (‘the controller’), is offering a Working Capital Loan Guarantee Arrangement (‘the Arrangement’) as part of a number of financial measures that are being put in place in order to provide financial assistance to local individuals and businesses that have been affected by the COVID-19 pandemic.

1.     The Data Protection Law

The controller acknowledges its obligations pursuant to the Data Protection (Application of GDPR) Order 2018 and the GDPR and LED Implementing Regulations 2018 (‘the Data Protection Law’) which provides a number of requirements in terms of processing activities involving personal data. The controller further acknowledges the general principles of processing as well as the rights of a data subject, which are contained in the Data Protection Law, at Articles 5 to 22 of the Data Protection (Application of GDPR) Order 2018 in the Annex.

2.     Information to be given to Data Subjects

The Data Protection Law outlines the information that must be given to data subjects before or at the time the personal data is collected from the data subject. This information can be summarised as follows:

  • The identity and contact details of the controller and data protection team

See the details in section 3 of this notice

  • Whether any of the personal data is special category data

None of the personal data collected by the controller for the Arrangement constitutes special category data, as defined by the Data Protection Law.

  • The source of the personal data

None of the personal data processed for the purpose of the Arrangement has been collected from a publically available source. All of the personal data has been collected directly from the respective lenders (banks and other lending companies) or their professional advisors which collected the personal data directly from the individual(s) requesting financial support via the Arrangement.

  • The purposes and the legal basis of the processing

The personal data collected for the purposes of the Arrangement is:

    • the full name of the applicant and in the case of a body corporate this will include the directors and other significant living individuals who control the applicant’s business
    • accompanying financial information including the amount of new loan  under the Arrangement and the purposes for which it is to be used
    • Whether the applicant has previously applied for a loan  and any information as to why it was refused or approved
    • the amount of existing borrowing facilities and current sums advanced or committed
    • repayment term of loan (length of period)
    • details of any security taken against the new borrowing
    • confirmation that the payments on existing borrowings are up to date, or details of any arrears, any holiday period that has been granted and any revised terms during the life of the loan.

The controller may also hold and process personal data belonging to employees of:

    • Applicants and their professional advisors
    • Lenders and their professional advisors

The lending companies will process applications received from customers, including determining whether the application is eligible for the Arrangement, and will make a decision whether to approve or decline the application. There may be an automated process for some of the Arrangement which is operated by the lending company, and the applicant will need to review the lending company’s privacy statement to find out if any decisions are subject to automated decision making. 

The lending companies will then provide details of the customer applications, both approved and declined, in order that the controller can monitor and calculate their exposure and therefore future liability under the Arrangement. Once an application has been approved, the controller will then process the personal data in order to give effect to the support offered by the Arrangement.

The lawful basis for the processing by the controller is that processing is necessary for the exercise of performance by a public authority of a function that is of a public nature, or a task carried out in the public interest (contained in Article 6(e) of the Data Protection (Application of GDPR) Order 2018)). In provision of the Arrangement, the controller intends to provide for financial assistance in the exceptional circumstances of the COVID-19 pandemic, using powers in the Financial Provisions and Currency Act 2011.

  • Where the lawfulness of processing is based on the processing being necessary for the legitimate interests of the controller or a third party, the legitimate interests concerned

The controller is not relying on “legitimate interest” as a lawful basis for processing.

  • The recipients or categories of recipients of the personal data, if any

The personal data may be disclosed to:

    • Other Departments, Boards or Offices of the Isle of Man Government; and/or
    • Professional advisors of the Isle of Man Government;
    • Banks and other financial institutions engaged by the Isle of Man Government in relation to the Arrangement
  • Personal data transferred to an authorised or an unauthorised jurisdiction

Personal data may be transferred to the following jurisdictions under the Arrangement: 

    • Jersey,
    • Guernsey,
    • United Kingdom. 

Although Isle of Man branches of a bank may administer the application process, certain levels of approvals are often sought, or advice in other jurisdictions from ‘group’ arrangements such that branches in the Isle of Man will locally administer but may transfer data outside of the Isle of Man.

The period for which the personal data is expected to be stored

The personal data will be stored by the controller 6 years following the date of the loan being repaid by the applicant under the Arrangement or written off by the controller.  Full privacy information, including the retention schedule for documents held by the controller which can be found here.

  • The data subject rights under the Data Protection Law

For more information in relation to the data subject rights:

When applying for financial support under the Arrangement, individuals provide their consent to processing until such a time as their application is approved by the controller.  Individuals can withdraw their consent at any time and their application will be withdrawn.  Once an application has been approved, the lawful basis for processing relates to the contractual agreement in place between the controller/lender, and the applicant.

  • The right to complain to the Information Commissioner

Please see section 3 of this notice

  • Decisions made based on automated processing

No processing decisions will be based on automated processing.

3.     Contact Details

The contact details of the controller are as follows:

Financial Governance Division
Treasury
First Floor
Central Government Office
Bucks Road
Douglas
Isle of Man
IM1 3PX

The contact details for the controller’s Data Protection Officer are as follows:

Email: DPO-Treasury@gov.im
Website: www.gov.im/about-the-government/departments/the-treasury/privacy-notice/
Telephone: +44 1624 686791

The contact details for the Isle of Man Information Commissioner are as follows:

The Office of the Information Commissioner
Prospect Hill
Douglas
Isle of Man
IM1 1ET

E-mail ask@inforights.im
Website: www.inforights.im 
Telephone: +44 1624 693260

Information we collect automatically

We use an external website for Procurement services and e-tendering, hosted by In-tend. When you visit or use our external website for procurement we may collect information sent to us by your computer, mobile phone, or other device.

For example we may collect:

  • Category of data
  • Examples of that type of data
  • Device information
  • IP address, Hardware model, operating system version
  • Log information
  • Time and duration of visit


Other information

  • Links you click, location
  • Tracking information
  • When you visit this site we use cookies that do not collect any personal data.

Read more about how we use Cookies

Privacy Notice in relation to Freedom of Information

Isle of Man Freedom of Information Act 2015 (“FOIA”)

The Freedom of Information Act 2015 (FOIA) gives Isle of Man residents a legally enforceable right to obtain access to information held by a Public Authority.  This is subject to certain exemptions and practical refusal reasons. 

You can find out more information on the FOIA including how to make a request to us here: Isle of Man Government - Freedom of Information and you can also use this link to view previous requests and their responses. 

We are the controller for the personal data you provide to us when making a FOI request to the Treasury. 

Legal basis for processing your information

We need your personal information (such as your name and contact details) to process and respond to you about your Freedom of Information request.  In some cases, we may ask for proof of identification, and proof of residency, so that we can comply with the FOIA. 

We must have a legal basis (a lawful reason) to process your personal data, which is submitted by you when you make a Freedom of Information request.  The legal basis for processing your information when you make a request is that it is necessary for us to comply with the law (FOIA), or that it is necessary for us to perform a public task in the public interest.  This is set out in Articles 6(1)(c) and (e) of the Schedule to the Data Protection (Application of GDPR) Order 2018 – this legislation is sometimes called “the Applied GDPR”. 

Sharing information

FOI requests have to be submitted on a form prescribed by the Chief Executive Officer (Isle of Man Government) in order to be valid and accepted under the FOIA.  You can either submit a request using the form online or a paper version, which is available by contacting our Data Protection Officer (see below for contact details). 

When we process FOI requests made using the Online Services Portal on the Isle of Man Government website, a system called iCasework is used to process your request. The iCasework system is provided by a company called Civica UK Limited.  This system stores information such as: 

  • Your name
  • Your address
  • Your telephone and email address
  • Your company name, if you are requesting information on behalf of an organisation
  • Your request – we do not recommend putting any personal information into your request, if you are not sure what to include in your request, please contact us on treasuryicaseworkfoi@gov.im for assistance
  • If requested proof of residency from you 

Civica UK Limited act as a Processor on behalf of all the Public Authorities. 

Access to your information is limited to authorised staff members within the Treasury. The Department of Home Affairs (DHA), through the Office of Cyber Security & Information Assurance (OCSIA), manages system access on behalf of the Treasury. The DHA through OCSIA will only access personal data held on the iCasework system when explicit written instructions are provided by the Treasury. 

If you are unhappy with our handling of your request

If you have are unhappy with our handling of your request, or with our decision to refuse to give you the information you have requested, you may submit a complaint via an internal review request to the Treasury.  

If you are unhappy with the outcome of the internal review you may then submit a complaint to the Information Commissioner’s Office. https://www.inforights.im/complaint-handling/how-to-make-a-complaint-to-the-information-commissioner/. When a complaint is submitted to the Information Commissioner’s Office we will need to share the information we hold in respect of your request, such as emails we have sent or received from you, with the Information Commissioner’s Office, so that they can investigate the complaint. 

Storing your information

Your personal information will be held in iCasework for 12 months after we have closed your request or 36 months if the case is escalated to complaint stage. After this time, the request will remain on the iCasework system, but all your personal information you provided at the time of the request will be deleted. 

Your rights

The Applied GDPR (data protection legislation) provides you as a data subject with some rights to be informed of the processing of your personal data, including the right to access that data and information about the purposes for processing. 

This includes a right to correct (rectify) any information a public authority holds, or to restrict it in certain circumstances.  

As the public authority is processing your data in order to comply with its legal obligations, certain data protection rights do not apply, including the right to have your data deleted (erasure), transferred to another provider, the right to object to the processing, and be informed about automated decision making.  When using the iCasework site or dealing with FOI requests, the Treasury does not make automated decisions or profile your data.

Data Protection Officer

If you have any questions about how we process your personal information, you can speak to our Data Protection Officer regarding your rights. 

Email: DPO-Treasury@gov.im

Phone: +44 1624 686393

In writing to: 

Data Protection Officer, Treasury
Financial Governance Division
First Floor, Central Government Offices
Bucks Road
Douglas
Isle of Man
IM1 3PX 

Details of rights under the data protection legislation can be found in our general privacy notice at: /about-the-government/departments/the-treasury/privacy-notice/

If you have submitted a request to another Public Authority you should review the privacy information for that Public Authority

Additional information

Isle of Man Government Freedom of Information

Freedom of Information Act 2015 - legislation

Council of Ministers Freedom of Information Act 2015 Code of Practice

Information Commissioner’s Office – Freedom of Information guidance page

Back to top