Public Health - Marketing Statement

The Cabinet Office is committed to protecting your privacy.  The Cabinet Office is a data controller for the purposes of the Data Protection Act 2018 and the Data Protection (Application of GDPR) Order 2018 and the Data Protection (Application of LED) Order 2018, together with any regulations made under them (Manx Data Protection Legislation).

For more details on how your personal data is handled by the Cabinet office.

Public Health also needs to collect information such as your name, age, address, gender, and possibly sensitive personal information concerning your health and wellbeing, ethnic origin and religious views.

In order to provide complete care we may also collect some information about family members and carers.

The following menus provide details on the types of personal data we collect and how this is processed.

This marketing statement tells you what to expect when you:

• Visit the Isle of Man Government COVID-19 Coronavirus website
• contact us by email, in person or over the phone or on our web subscription form
• consent to the use of cookies or passive technologies on your browser

Isle of Man Government website

Public Health also has a sub-site on The Isle of Man Government website, gov.im/publichealth; this website is owned by the Cabinet Office. Their Privacy Notice in relation to how you use gov.im can be found at the top of each page next to the Terms and Conditions.

Terms and conditions of gov.im

Methods of communications currently used by our directorate include: 

Email, Fax, Telephone, Post, Text Messages (SMS) and may also include communications made on other electronic or digital platforms.

We will only ask for your name and postal or email contact details. You may choose to provide extra information if you are making an enquiry.

Email mailboxes are accessed by only a select number of staff central to Public Health who are able to allocate enquiries out to the team who will be able to address your enquiry or request.  Such emails will only be shared outside the Department with your knowledge, and only do so in order to address your enquiry or request.

We securely store personal information electronically and manually:

• Ongoing email communications are stored on our Isle of Man Government email system, Microsoft Outlook

• We have three main records management tools across the Public Health Directorate all specifically designed for the type and use of the information recorded; depending on the nature and destination of your communication, your information will likely be stored in either: Microsoft Dynamics, DMS or the Isle of Man Government secure network.

In normal circumstances we will only keep a record of this communication in an active area (e.g. emails will be used in Outlook) until the request or enquiry has been fulfilled; after this time they will be kept for 6 months in one of our records management systems.

What is a Cookie?

Cookies and passive technologies are pieces of information that a website transfers to your computer. Cookies can make the web more useful by storing information about your preferences on particular sites, enabling us to provide more useful features for you. They contain no name or address information or any information that will enable anyone to contact you via telephone, email or any other means, the cookies used are listed by in What

Personal Information we might collect and why

Most browsers are initially set to accept cookies. If you would prefer, you can set your browser to disable cookies or inform you when they are set. However, given that we may sometimes use cookies to ensure and enhance the performance of our websites, you may not be able to take full advantage of our website if you do disable them.

Passive technologies

Public Health uses also third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either us or any third party.

Consenting to cookie and passive technology use

The first time you visit our website, you will be provided with an option to approve (or “opt-in”) to the use of all cookies on the website with a pop up in the bottom right-hand corner. We have no way of knowing whether you allow cookies or not, and no way to trace your selection back to you. Instead, your own internet browser remembers the selection so it will treat that cookie the same each time (until you change your cookie settings).

Withdrawing consent to cookie and passive technology use

You can usually manage and disable all cookies and passive technologies directly through your internet browser; you may therefore find it helpful to check the guidance provided by your internet browser provider. The most common providers and links to their guidance on cookies and passive technologies have been provided below:

 What cookies do we use?

Direct Marketing involves obtaining and using/or processing data collected on spreadsheets and electronic databases for the purpose of direct marketing.

Direct Marketing Rules state that a ‘Not-for-Profit Organisation’ can no longer send campaigning texts or emails without specific consent, even to existing supporters, as this is not the commercial marketing of services or products.

For further details on Direct Marketing

In addition to the Data Protection Act 2018 and the Direct Marketing Rules, the EU is also in the process of replacing the ePrivacy Directive (PECR) with a new ePrivacy Regulation (ePR).  This was not agreed by the EU before the Isle of Man, GDPR regulation came into force on 1 August 2018. Until the ePR is finalised the existing PECR rules will apply using the GDPR definition of Consent.

To assist with the delivery of direct marketing, we use MailChimp to store personal information (your name, email address, job title, phone number and postal address) which allows us to contact clients, professionals and the public of a regular basis. MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. MailChimp may require this data to be stored on servers outside of the EEA.

The Directorate’s aim is never to be intrusive, and we will always avoid asking irrelevant or unnecessary questions. Moreover, any information you provide to us will always be subject to rigorous measures and procedures to maintain your privacy. You will never be contacted by a means you did not Consent to when providing us with your data.

Direct Marketing Consent (opt-in and opt-out)

Public Health is legally required in instances where we have no statutory reason to use or hold your information (known as “processing”), to ask you for your explicit consent.

We have to provide you with all the information we can about what we will do with your information in order that you can make an informed decision as to whether or not you agree to us having your information by giving you the opportunity to “opt-in”.

You will definitely know if you are opting-in to us using your information; the request to use your information (opt-in options) are very clearly marked, as are the purposes for us wanting to use your information. There is no way for you to accidentally provide us with information, or to accidentally consent to you using it.

Individuals will now opt-in to receive marketing communications from the Public Health Directorate.

Methods of communications currently used by our directorate include Email, SMS, Mailchimp, Facebook (open and closed groups), Eventbrite, Survey Monkey, Consultation platforms.

At the bottom of all direct marketing emails there will be an option to "Update your preferences" and "Unsubscribe from Public Health emails".

Consent – can also be withdrawn by the individual at any time by emailing our directorate at: publichealth@gov.im and asking for your consent information to be updated, removed or changed.

Events, Training or Survey Participation

It is your right whether you participate in promotions or submit any information within a survey. However, if you choose to do so, you will only be asked for your name, so we can identify you; your contact information - so we can contact you, and any other relevant information that you agree to provide (i.e. phone or email address). You may choose to provide extra information if you are making a health enquiry.

The information you provide will be treated in the same way as personal information submitted in any other way.

Why will we process personal data(AKA “the legal basis”)

We will only process your personal information if a lawful basis exists:

Market Research

Direct marketing rules do not apply if an organisation contacts customers to conduct genuine market research (purpose to make decisions for commercial or public policy). However, any market research undertaken by the Directorate will comply, to ensure that we process any identifiable research data, fairly, securely and only for research purposes.

The Directorate currently uses the central property database held in the public domain. Occupiers of properties registered at the addresses listed are contacted to assist with survey and data collection to support the Health Intelligence team.

The Isle of Man Post Office assists the directorate will these mailings.

Public Health does not purchase third party database listings for marketing purposes.

How will we securely process personal data?

All personal information is kept with the highest standards and safeguards in place. This includes technical security, preventing unauthorised access, undertaking audits and maintaining backups:

Emails - Email communications are stored on either our Isle of Man Government email system, Microsoft Outlook or on Isle of Man Government Secure Network. We encrypt and protect all our emails in line with government standards. If your email service does not support this encryption, you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Microsoft Dynamics - Only certain members of staff will have access to your personal information held on this platform and there is security in place to ensure this. The administration of dynamics is undertaken by Government Technology Services in the Cabinet Office; however, they are unable to access the content of any records and so will not be able to access your personal information.

Isle of Man Government Secure Network – There are strict access controls in place meaning that only those within specific Divisions can access team folders; in addition, only the teams within the Divisions who are able to access personal information, are those that have a business need to do so. The administration of the IOMG Secure Network is undertaken by Government Technology Services in the Cabinet Office; however, they are unable to access the content of any records and so will not be able to access your personal information

Manual records - We do not routinely store manual records, however, those that are already in storage and as new records are created, we are required to hold any manually kept items either in a stored on site or in a third-party storage facility with whom we have a data protection agreements in place.

Under the Data Protection Act, you have rights as an individual which you can exercise in relation to the information we hold about you. At any point while we are in possession of or processing your personal information, you, the data subject, have the following rights:

You have the right to request a copy of the information that we hold about you and this is free of charge.

You also have the right for personal data to be erased. The right to erasure is also known as ‘the right to be forgotten’. Individuals can make a request for erasure by contacting the DHSC, Data Protection Officer by email: DPO-DHSC@gov.im 

You can find out more by contacting our Data Protection Officer using the details at the end of this notice.

Processing Special Category (Sensitive) Data and the Data of Children (Under 16s)

If you’re 16 or under: you have the same rights as adults over your personal data. These include the right to access your personal data; request rectification; object to processing and have your personal data erased.

We have to put additional measures in place if we plan to process any special category personal data^[1], including ethnic origin or religion; however, Public Health does not process any special category personal information when using gov.im.

In order to process the personal information of children, we would have to put additional measures in place because they may be less aware of the risks involved^[2]. The Public Health Directorate does not target any services to children and does not process the personal information of children for marketing purposes, competitions or registering for services or user profiles.

[1]     For more information visit the Isle of Man Information Commissioner website https://www.inforights.im/organisations/data-protection-law-2018/principles-of-data-protection/lawfulness-fairness-and-transparency/lawfulness/special-categories/

[2]      For more information visit the UK ICO website
https://www.inforights.im/organisations/data-protection-law-2018/childrens-data/

In the event that you wish to make a complaint about how your personal information is being processed by the Public Health Directorate (or third parties), or how your complaint has been handled, you have the right to lodge a complaint directly with our Data Protection Officer in the first instance; as well as the Isle of Man Information Commissioner.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Public Health's collection and use of personal information.

However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

Under what circumstances can Public Health contact me?

Our aim is never to be intrusive, and we aim to always avoid asking irrelevant or unnecessary questions. Moreover, any information you provide us will always be subject to rigorous measures and procedures to maintain your privacy. You will never be contacted by a means you did not consent to when providing us with your data.

Retention Period

We only use personal information for as long as it is needed and will store it for the shortest amount of time possible, in accordance with the law. We will not retain personal data if you have unsubscribed from one of our mailing lists, our Retention of Records Procedure can be requested from publichealth@gov.im

Sending us a private message on socila media 

Public Health also has several social media platforms. We include them in this notice for completeness: You may choose to provide us with personal information on our social media platforms; we ask that you do also check the platform’s privacy policy and terms of service prior to sending us anything.

Social media message boxes are accessed by the team responsible for that service/product; this includes the Social Marketing and Business Support Team, who have responsibility for maintaining the Public Health Directorate’s social media platforms. Such messages will only be shared outside Public Health with your knowing, and only in order to address your enquiry or request. The Social Marketing and Business Support Teams may at certain times require a third party to manage Public Health’s social media; if this happens this policy will be revised.

Social media messages will only be kept for a month after the conclusion of the enquiry.

For any privacy enquiries, please feel free to contact our Data Protection Officer, or the Isle of Man Information Commissioner:

Subject to Annual review

This Marketing Statement was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Public Health’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to publichealth@gov.im

Reviewed April 2020