Fair Processing Notice

The Department of Home Affairs Communications Division (the Division) is a Data Controller and a Data Processor for the purposes of the Data Protection Act 2018.

Our contact details

Names

• Mark Bradley (Head of Division)
• Sara Halliday (Administration & Data Protection Officer)

Address

• Department of Home Affairs
  Communications Division
  Communications House
  Glencrutchery Road
  Douglas
  IM2 6RE

Telephone Number

• +44 1624 697300

Email Contacts

• Mark.Bradley@gov.im
• DPO-DHA@gov.im
• Sara.Renshaw@gov.im  

Privacy Notice Last Updated

• 5th May 2022

The Data Protection Officer for the Communications Division is Sara Halliday.

We currently collect and process the following information:

• Name(s)
• Address(es)
• Age
• Gender
• Telephone number(s)
• E-mail Addresses
• Unsolicited Disclosures

Data Use

How and why we use the personal data we collect about you which is often provided to us directly by you for one of the following reasons:

• Ensure continued Strategic Asset (Radio Site) Security
  The Division has a responsibility to ensure that access to sensitive Government Radio sites is properly maintained and controlled
  
  
• Ensure continued Strategic Asset (Radio Site) Management
  Through ongoing agreements with Landowners in the form of Leases to ensure that the TETRA Network Infrastructure is upheld
  
  
• Monitor the Health and Safety of all Site Workers
  There is a requirement to ensure all Climbers are sufficiently certified and supervised and all ground workers are fully competent and familiar with the Division’s Site Access Code of Practice
  
  
• Ensure the Correct Dispatch of Emergency Resources to an Incident
  999 calls for all 3 Emergency Services (Isle of Man Constabulary, Isle of Man Fire & Rescue Service and Isle of Man Ambulance & Paramedic Service) are logged and recorded. The Division acts as Data Processors on behalf of the Emergency Services who are the Data Controllers. Sometimes the Division is required to review incidents to ensure that the correct resources were sent at the correct times as directed by each of the Emergency Services
  
  
• Staff Training
  It is important that Emergency Services Joint Control Room Operators receive continual on-the-job training.  Therefore 999 calls are regularly audited by a qualified trainer and all staff of the DHA Communications Division undertake an annual GDPR refresher training course
  
  
• Criminal Investigation
  All calls taken on behalf of the Isle of Man Constabulary are recorded should they be required for Court Purposes or form part of a future Criminal Investigation. As Data Processors on behalf of the Isle of Man Constabulary we have no material interest in the Data we obtain
  
  
• Maintain Property Keyholder Database
  The Division keeps and manages a central database relating to a number of property owners on the Island and their contacts details should the ESJCR be required to contact them on behalf of the Emergency Services due to alarm activations
  
  
• Administer the Alarms Database
  The Division keeps and manages a central database relating to properties and businesses on the Island on behalf of the Isle of Man Constabulary who have a Burglar Alarm and/or Hold-Up Alarm installed and their relevant contact details for call-out in association with these alarms. This central database is audited with the corresponding Security Provider on an annual basis to ensure Compliance, Best Practice keep in line with GDPR
  
  
• Fire Alarm Testing
  The Division keeps and manages a central database relating to properties and businesses for those registering as a third party company such as a security services provider an employee or as a business property owner/employee.

How we will share the information we collect about you

Under the General Data Protection Regulation (GDPR), the lawful basis for which we rely on for processing this information are:

• Your consent, (you are able to remove your consent at any time. You can do this by contacting Sara Halliday)
• We have a contractual obligation
• We have a legal obligation
• We need it to perform a public task
• We have a legitimate interest

Third party sharing

We may share your data with:

• Isle of Man Constabulary as a Data Controller
• Isle of Man Ambulance & Paramedic Service as a Data Controller
• Isle of Man Fire & Rescue Service as a Data Controller
• Priority Dispatch – for the purposes of auditing Ambulance and Fire 999 Calls
• Security Providers – for the purposes of the fire alarm testing and maintenance, annual alarms auditing and updating of key holder details

Protecting and storing your information

The Division will:

• Keep your information safe and secure in compliance with its Policy & Procedures of Document Management along with GDPR
  
  
• Only use and disclose your information as detailed above, where necessary
  
  
• Retain the information for no longer than is necessary and your information will be permanently deleted or destroyed once the timeframes set out below have been reached (there will need to be an authorisation process, to dispose of this in line with our Records Management Policy and retention periods as outlined below (unless there is an overriding reason to retain this information).  We are also guided as Data Processor by our Data Controllers in respect of their requirements for Data Retention periods

Communications Division Retention Periods

Record Type	Retention Periods
999 Telephony Audio/Typed Chronologies	7 Years from time of Call being recorded
Site Access Permits	12 months from time of submission
Mast Access Request Forms/Civil Works Request Forms	4 years from time of submission
Site Leases	Duration of the Lease
Site Sharer Applications	Duration of the Agreement with the Site Sharer
Key Issue	Life of agreement with Site Sharer to have access to relevant sites
Climber Registration Documents	12 months (duration of the validity of certification)
Key Holder	Determined by Keyholder
Unique Reference Number (URN) for Alarms	Determined by the life of the Alarm, however these are annually audited to ensure GDPR accuracy
Fire Alarm Testing/Maintenance Logs	Determined by the duration of the test and maintenance required and then deleted within 30 days of the test & and maintenance completion log

More Information

You can find out more information

• Isle of Man Government Privacy Policy       

• Department of Health and Social Care Privacy Notice

• Isle of Man Fire and Rescue Service Privacy Notice 

• Isle of Man Constabulary Privacy Notice

• Making a Subject Access Request which is a request for all of the Personal Data the Division holds about you. It should be noted that where the Division is the Data Processor, all requests for the information it holds should be submitted in the first instance to the our Data Protection Officer, Sara Halliday.

Your Rights

Under GDPR Law, you have rights as follows

• Access Rights = You have the right to ask us for copies of your personal information
• Rectification Rights = You have the right to ask us to rectify inaccurate data and information you feel in not complete
• Right to Erasure = You have the right to ask us to erase your personal information in some circumstances
• Right to Restriction = You have the right to ask us to restrict the processing of your personal information in certain circumstances
• Objection to Processing = You have the right to object to the processing of your personal information in certain circumstances
• Data Portability = You have the right to ask that we transfer the personal information you gave us to another organisation/service provider in certain circumstances

Note: The above does not apply in instances whereby the Data we hold as Data Processors is for the Isle of Man Constabulary, Isle of Man Fire & Rescue Service or Isle of Man Ambulance & Paramedic Service as Data Controllers. Any enquiries in respect of this Data should be directed to the relevant Service as the Data Controllers.

Version Control: 02/18

Next Review Date: 1 April 2023