Health and Social Care - Privacy Notice

The Department of Health and Social Care (DHSC) functions are primarily set out in the Manx Care Act 2021.

The duties and responsibilities of DHSC are:

• Promotion of comprehensive health and social care services
• Improvement in quality of services
• Promotion of autonomy
• Obtaining of appropriate advice
• Public involvement and consultation
• Promoting education and training (within health and social care)
• Reducing inequalities
• Candour (exercise of our functions in an open and transparent way)

Find out more about all our functions visiting DHSC's homepage. 

We respect an individual’s fundamental right to privacy and will only collect and use personal information when it is necessary and will do so in accordance with the Data Protection Legislation, the Human Rights Act 2001, the common law duty of confidentiality and in keeping with any relevant professional codes of conduct.

We use your personal information when we:

• Investigate complaints
• Undertake Regulatory functions under the Regulation & Inspection Team 
• Consult on future legislation, strategy or policy
• Deal with litigation or legal claims
• And our involvement with COVID-19

You can find out more about the use of your personal information by clicking on the links above. Our retention policy details how long we keep your personal information.

As from the 1 April 2021 the DHSC does not provide direct health or social care services and therefore does not hold or have any access to individual health or social care records.

You have certain rights when we use your personal information, including the right of access to that information.

If you would like access to your personal information, you can make a request:

• By emailing, or writing to our data protection officer
• By completing the online form
• Verbally to the data protection officer (but we recommend this is followed up in writing or by email)

You can also:

• Ask us to rectify inaccurate information.
• Ask us to stop processing information about you
• Ask us to erase personal data we hold about you
• Object to how we process your data.

No right is absolute and we may need to verify your identity.  More information about your rights can be found at: Your individual rights page.   

Cookies are small computer files that are used to track your use of a website. The DHSC website uses cookies; further information can be found on our Cookies page.

This privacy notice does not cover the links to other websites within this site. We encourage you to read the privacy statements on other websites you visit.

You can contact the DHSC’s data protection officer (DPO) if you need help with:

• understanding how we use your personal information,
• exercising your rights or
• making a complaint about the use of your personal information

Our DPO can be contacted as below:

We would like the opportunity to resolve any concerns before you take further action.

However, if we have been unable to do so, you have the right to make a complaint to the Information Commissioner’s office.

The Information Commissioner’s website contains general guidance about the data protection legislation, your rights, and how to make complaints to that office. Contact details for the Information Commissioner’s office are:

We keep our privacy notice under regular review. This privacy notice was last reviewed on 17 Janaury 2022

Isle of Man Freedom of Information Act 2015 ('FOIA')

The Freedom of Information Act 2015 (FOIA) gives Isle of Man residents a legally enforceable right to obtain access to information held by a Public Authority.

Find out more information on the FOIA including how to make a request to us. You can also use this link to view previous requests and their responses.

We are the controller for the personal data you provide to us when making a FOI request to the DHSC.

Legal basis for processing your information

Our legal basis for processing your information when you make a request is:

• Article 6(1)(c) Legal obligation of the Applied GDPR applies, that the processing is necessary for the Department to comply with the law (not including contractual obligations)
  
  
• Article 6(1)(e) Public Task of the Applied GDPR applies, that the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

We need your information in order to process and respond to you directly about your request and in some cases we may request proof of residency so that we comply with the FOI legislation.

Sharing information

FOI requests have to be submitted on a form prescribed by the Chief Executive Officer in order to be valid and you can either submit a request using the form online or a paper version, which is available by contacting our Data Protection Officer (see below for contact details).

When we process your FOI request, we will use a system called iCaseworker which is administered by the Department of Home Affairs ('the processor'). This system stores information such as:

• Your name
• Your address
• Your telephone and email address
• Your company name, if you are requesting information on behalf of an organisation
• Your request – we do not recommend putting any personal information into your
  request, if you are not sure what to include in your request, please contact us on dhscicaseworkfoi@gov.im for assistance
• If requested proof of residency from you 

Only authorised staff from our Department can access your information and the processor (Department of Home Affairs - DHA) will only access your information on our written instructions. Details of their privacy notice can be found on DHA's website.

If you have been unhappy with a response we have provided and have exhausted our complaints procedure, you may complain about your request to the Information Commissioner's Office. In this case we will need to share information such as emails we have sent or received from you with them so that they can investigate the complaint.

Storing your information

Your personal information will be held in iCaseworker for 12 months after we have closed your request. After this time, the request will remain on the system, but all your personal information you provided at the time of the request will be deleted.

Unauthorised access to FOI requests

The Information Commissioner has investigated incidents of unauthorised access by one government employee to FOI requests during the period 1 April 2022 to 22 March 2023, which includes some requests that were submitted to Manx Care. If you are concerned that you may be affected by this, you can contact our Data Protection Officer for further information, the contact details are given below.

The Information Commissioner’s Office issued a news release on the 19 June 2023.

Your rights

Under Article 6(1)(c) data subjects have the right to:

• Be informed
• Right to access
• Right to rectification
• Right to restrict processing

The following rights do not apply:

• Right to erasure
• Right to portability
• Right to object

The following right is not applicable:

Right to be informed of automated decision making including profiling.

Data Protection Officer

If you have any questions about how we process your personal information, you can speak to our Data Protection Officer regarding your rights.

Email: DPO-DHSC@gov.im

Phone: +44 1624 685013

In writing to: 

Data Protection Officer,
Department of Health and Social Care,
1st Floor Belgravia House,
Circular Road,
Douglas,
IM1 1AE

Details of rights under the data protection legislation can be found in our general privacy notice at DHSC Privacy Notice.

Additional information 

Isle of Man Government Freedom of Information

Freedom of Information Act 2015 - legislation

Information Commissioner’s Office – Freedom of Information guidance page