Crest
Isle of Man Government
Reiltys Ellan Vannin
Isle of Man Government Crest

O.D.P.S.

Office of the Data Protection SupervisorOffice of the Data Protection SupervisorOik Oaseir Coadey Fysseree Ellan Vannin
You are here: www.gov.im - ODPS - Your Rights
Background
Legislation
Business Advice
How to Notify
Your Rights
Register of Data Controllers
Reports
Notices
Links
Contact Us

Introduction to the Act

YOUR RIGHTS

when.... information is not treated with the utmost care and confidentiality, the consequences can be disastrous’
Robert Marleau, Privacy Commissioner of Canada, Annual Report 2004

This section descibes in brief your rights under the Data Protection Act 2002.

It is important to remember that the Act only applies to personal data as defined in the Act and there are occasions when these rights do not apply or are limited, for example, when personal data is processed for the purpose of the prevention or detection of crime.

In general, any business or organisation that processes your personal data in the Isle of Man must do so in accordance with the Act and, in particular, the Eight Data Protection Principles.

In summary these are:

The Data Protection Principles
Personal data must be
1. Used fairly and lawfully
2. Used for specific and lawful purposes, in a manner that is compatible with those purposes
3. Adequate, relevant and not excessive
4. Accurate and where necessary kept up to date
5. Kept for no longer than necessary
6. Used in accordance with the rights of individuals under the Act
7. Kept secure to avoid unauthorised or unlawful use, accidental loss, or damage
Personal data must not be
8. Transferred to another country unless that country has an adequate level of protection.

To learn more about the principles, click on each principle above ( Not yet active)

Request for Assessment

If you believe that you have been directly affected by any processing of your personal data by a business or organisation in the Isle of Man, you have the right to request the Supervisor to undertake an assessment as to whether the processing has been carried out in accordance with the provisions of the Act.

An assessment will only be undertaken following a request made in writing. For a complaint form and further information on how to make a complaint please click here or alternatively you may contact the Office.

Individual Rights

The Act also sets out a number of specific rights.

Your Rights
Right of access to personal information known as a Subject Access Request
Right to prevent processing for Direct Marketing purposes
Right to prevent processing likely to cause substantial damage or distress
Rights in relation to automated decision making
Right to seek compensation for any damage or distress caused by the failure of a Data Controller to comply with the requirements of the Act
Right to take action to rectify, block, erase or destroy inaccurate data

A brief guide to your rights can be downloaded here (Microsoft Word document). Further advice in relation to these rights is provided below.

Right of Access to Personal Information

The following documents provide advice on how to access your personal data. Please refer to the credit problems advice note if you want to access the information held by a Credit reference Agency.

Click on the document below to download a copy in Adobe Acrobat PDF file format.

How can I find out what information is held about me?
Credit Problems
Subject Access Requests and Job References

Right to prevent processing for Direct Marketing purposes

This is an absolute right.

You are entitled to write to any business or organisation and inform that business that you require it to cease, or not to begin, processing your personal data for the purposes of direct marketing. You can exercise this right in the UK as well as the Isle of Man.

You must give the business a reasonable period to comply with your request.

Even if you had previously consented to a business sending you direct marketing material you can exercise this right and prevent future direct marketing material.

JUNK MAIL

If you would like to prevent "junk mail" being sent to your home address you may like to consider registering with the Mail Preference Service.

Click here to learn more about the Mail Preference Service

TIP

When completing an application form for goods or services please check the form. You will normally find that there is an "opt out box" which if ticked means you will not be sent direct marketing material from that company.

UNWANTED TELEPHONE SALES

If you would like to prevent telephone sales calls to your home telephone number or your mobile telephone number you may like to consider registering with the Telephone Preference Service.

Click here to learn more about the Telephone Preference Service

Business users can register a business telephone number with the Corporate Telephone Preference Service

JUNK FAXES

If you would like to prevent "junk faxes" you may like to consider registering your fax number with the Fax Preference Service.

Click here to learn more about the Fax Preference Service

JUNK EMAIL, SPAM and UNSOLICTED COMMERCIAL EMAIL

There is also an Email preference service. Click here to learn more about the Email Preference Service.

Under the European Directive on Privacy and Electronic Communications a business operating within the European Union, including the UK, cannot send emails and SMS text messages to a person without either prior consent or a prior business relationship. While this directive will not prevent SPAM from countries outside the EU, many countries, including the USA and the Isle of Man, are now introducing similar laws.

Right to prevent processing likely to cause substantial damage or distress

You are entitled to write to any business or organisation and inform that business that you require it to cease, or not to begin processing your personal data for a particular purpose, or in a particular way, where the processing is likely to cause substantial damage or substantial distress and such damage or distress would be unwarranted.

You must give the business a reasonable period to comply with your request.

You cannot exercise this right if you have given consent or if the processing is necessary to protect your vital interests, for the performance of a contract or entering into a contract, or for the compliance with a legal obligation imposed on the business.

There are also certain exemptions from this right, such as processing that is necessary for the prevention or detection of crime or the assessment or collection of tax.

If you exercise this right, a business is required to respond to your written notice within 21 days stating that the business has complied, is intending to comply, or stating reasons why it does not intend to comply with your request.

Rights in relation to automated decision making

In general terms this right allows you to have a decision that has significantly affected you and was made by automatic means to be reconsidered by a person.

You are entitled to write to a business to ensure that no decision is made by that business which significantly affects you solely by automated processing, for example, you have applied for credit and a computer works out a credit score based on answers you have provided. This right would also apply to automated systems that monitor your performance at work.

There are however certain exemptions. This right does not apply when the decision was taken by the data controller either with a view to entering into a contract with you, for the performance of such a contract or to comply with a legal obligation. It also does not apply if the effect of the decision is to grant your request or if steps have been taken to safeguard your legitimate interests, for example by allowing you to make representations.

If you exercise this right, a business is required to respond to your written notice within 21 days stating the steps that the business intends to take to comply.

Right to seek compensation for any damage or distress caused by the failure of a Data Controller to comply with the requirements of the Act

You are entitled to seek compensation through the High Court if you suffer damage due to the contravention of any of the requirements of the Act by a business or organisation. You are also entitled to seek compensation for distress if you have either, also suffered damage , or the contravention was caused by processing for Journalism, Literature or Art, or if the distress was caused by a business unjustifiably failing to comply with a Subject Access Request (Right of Access to Personal Data).

Please note: The Office of the Data Protection Supervisor cannot assist you with an application to the High Court. The Office recommends that any person considering legal action should seek the services of a Manx Advocate.

Right to take action to rectify, block, erase or destroy inaccurate data

You are entitled to apply to the High Court to have any inaccurate personal data that is being, or has been processed by a business, rectified, blocked, erased or destroyed.

Please note: The Office of the Data Protection Supervisor cannot assist you with an application to the High Court. The Office recommends that any person considering legal action should seek the services of a Manx Advocate.

 
banner
 

To download these documents you will need the Adobe Acrobat Reader. This is available free of charge from Adobe by using the following link:

Get Acrobat Reader

TitleFile SizeFormatDocument Title
How can I find out what information is held about me? (78 kb)Microsoft WordA guide to making and understanding a Subject Access Request
Passenger Name Records EU Working party opinion (146 kb)Acrobat PDF FilePassenger name records

Material on the Data Protection Supervisor's site is independent of that hosted by the Isle of Man Government and is protected by copyright. The copyright owner is the Isle of Man Data Protection Supervisor. You may not make alterations or additions to the material on this site, or sell it or misappropriate it. Material may be downloaded or copied for personal use. However, appropriate acknowledgement of the copyright owner is required if material is re-published in any format.