Privacy Notice

• When you visit our websites (links to and from our website may lead to externally hosted sites which are not under our control. You are encouraged to read the privacy statement on that website)
• When you use our Apps (such as Report a Problem)
• When you contact us for any reason whether in person, on paper, by phone or by any electronic means (eg email or website contact pages)
• When you complete a form, enter a competition or complete a survey (in person, on paper, or electronically)
• When you make a request under current Data Protection legislation, the Freedom of Information Act, and the Code of Practice on Access to Government Information
• Where you have agreed to the process
• When you make a payment by the various methods available
• When you request our services whether in person, by phone, on paper or electronically
• When you apply for grants or assistance under any scheme
• When you are subject to contract with us or are suppliers or sub-contractors
• CCTV at our sites or premises, or when you use our services or assets
• Automatic Number Plate Recognition (ANPR)
• Any other way you provide your personal information to us

We may also receive personal information indirectly such as where a third party refers to you in correspondence with us; when we contact a third party or organisation about an enquiry or complaint and they give us your personal information in their response; when a third party gives your contact details as an emergency contact or as a referee 

Equally, before you provide us with any personal data about a third party you must consider if it is appropriate for you to do so, particularly bearing in mind that they may be entitled to know that we are processing their information

We may also collect information about you from third parties such as Land Registry, for example, where we need to establish ownership of land, or where we need additional information to provide you with advice or a service.

• To comply with any legal obligation we may have
• To allow the DOI to communicate with you
• To process invoices for services we provide
• To make payments to you
• For job applicants and our current and former employees
• For general administration, staff administration, education and training, accounts and records, advertising, marketing and public relations
• Giving advice or rendering professional services and provision of services of an advisory, consultancy or intermediary nature, such as pre-planning advice on highways issues
• To analyse the use and quality of our services and to make improvements
• For the prevention and detection of crime
• To help prevent and detect debt, fraud and loss
• For carrying out research and statistical analysis including risk management, economic and social research in relation to residents, visitors and our services (where no decision is made about you)
• For the provision of any service to others, such as providing bus services to organisations supporting people with particular needs
  
  

• The exercise of official authority or for the performance of a task carried out in the public interest
• The need to meet a legal obligation in carrying out statutory government functions
• The need to meet a request you have made for information or a service
• It will also be lawful for us to process data where it is necessary to protect an interest which is essential for your life or that of another person (for example a medical emergency)
• To enter into or perform a contract, or steps taken at your request prior to a contract
• Your consent – if we rely on your consent to process your information you may withdraw your consent at any time by contacting our DPO
• The need to prevent or investigate suspected or actual violations of law

The need to retain information for historical or archiving purposes by the Public Record Office under the Public Records Act 1999 – more information on retention is available from the Public Record Office

Depending on how you interact with us we may process different information about you. Below you will find an overview of the categories of information that we may collect.

When you visit or use our website we may collect information sent to us by your computer, mobile phone, or other device. For example we may collect:

We will only keep your information for the minimum time necessary and in accordance with our Information Compliance Policy and associated documents.

This may be to:

• Respond to an enquiry from you
• Continue to give you access to a service you have requested
• Comply with any legal obligations

We may retain your data for a short time (up to 6 months) beyond any specified retention period, to allow for information to be reviewed and any deletion to take place. In some instances, laws may require us to hold certain information for specific periods other than those listed above.

The Isle of Man Public Record Office holds selected records of Isle of Man public authorities that are of long-term historic and cultural value, for permanent preservation. Access to and the use of records at the Isle of Man Public Record Office is governed by legislation under the Public Records Act 1999 - more information on retention is available from the Public Record Office.

The security and confidentiality of your information is very important to us. To protect it from access by unauthorised persons and against unlawful processing, destruction and damage the DOI will:

• Have safeguards in place to make sure personal data is kept secure in compliance with any security policies and procedures;
• Ensure that your data remains under the control of our authorised controllers and processors with adequate safeguards to protect your rights
• Ensure staff are only able to view your data where it is a requirement of their role
• Not make your information available for commercial use
• Only ask you for what is needed
• Only keep it for as long as required and then dispose of it securely

All information is stored on servers that are under the control of the Isle of Man Government Technology Services, or with other system providers where we can be certain that your data remains within the jurisdiction of the Isle of Man, UK or the wider European Economic Area (EEA), or in countries that either hold Adequacy Status or have data protection legislation equivalent to, or greater than the GDPR.

We may share your information with third parties, such as:

• Other Isle of Man Government Departments, Boards and Offices to provide a service or information you have requested, or where it is otherwise lawful to do so
• With our contractors or selected third parties in order to provide services to you
• In the event of an emergency situation and with appropriate safeguards if we believe that doing so is in your vital interests, we may share your information with external public sector bodies (including other ISLE OF MAN Government Departments, local authorities, police, fire ambulance, civil defence)
• With our professional advisors for legal matters
• Any officer of any court, Government department or office, Local Authority, statutory board or governing body (such as the CAA); and the Driver & Vehicle Licensing Agency (DVLA), both in the Isle of Man and the UK, in connection with vehicle and driver licensing
• Medical practitioners, in connection with special driving licence conditions (with your prior consent)
• Insurance companies in the Isle of Man and the UK
• The police or law enforcement agencies in any country to meet international obligations e.g. for the prevention or detection of crime, this includes CCTV images or any other recordings
• Advocates and lawyers, if it is required in connection with legal proceedings or prospective legal proceedings
• The Courts and tribunals on production of a valid court order
• To airlines or handling agents to comply with any obligations under court orders for child protection or other security matters
• Isle of Man Post, for the provision of counter services on our behalf
• External organisations, who maintain and develop our information and communications infrastructure, with whom we have, or plan to have a contract agreement

We will not sell your personal data to other companies, organisations or individuals.

The DOI will only share your personal data with other companies, governments, competent authorities, organisations or individuals where it is fair and lawful for us to do so.

COVID-19

Due to the unprecedented circumstances of COVID-19 we are working hard to prioritise the delivery of essential front-line services to our most vulnerable people and communities. 

Public authorities, especially those providing frontline and critical services, may need to divert resources to priority work areas with consequential impacts on other areas such as the handling of Subject Access Requests. Your statutory rights are important to us and remain unchanged. Please note however that you may experience delays in our response to your request. We will inform you of any extension to the period for responding and the reasons for the delay.

If you are able to narrow the scope of your request that would be very helpful and may mean we can respond to you more quickly. In addition you may want to reconsider whether your request can be resubmitted at a later date once the impact of COVID-19 has eased.

We will be alert to any guidance from the regulator, the Information Commissioner, as the situation changes, to ensure that we comply with any guidance or changes to information rights.

For more information on Coronavirus (COVID-19), see gov.im/coronavirus.

Under the Data Protection Act, you have rights as an individual which you can exercise in relation to the information we hold about you.  At any point while we are in possession of or processing your personal information, you have the following rights:

Access

You have the right to request a copy of the information that we hold about you.  This would be in the form of a subject access request. If we do hold information about you we'll provide you with a copy and information about what we do with it. Unless you ask us to provide it in a different way we will email this to you where you have given us an email address. You have the right to see CCTV images of yourself and, in certain situations, be provided with a copy of the images. A subject access request does not have to be in a particular format. However, to assist, we provide an information sheet that gives you details on the process and an application form to help you in forming your request. You are not required to use this form, and if you wish to make a request by phone please contact our DPO. Where you agree, we may try to deal with your request informally, for example by providing you with the specific information you need over the telephone

Rectification

You have the right to ask us to correct data that we hold about you if it is inaccurate or incomplete

Erasure (the right to be forgotten)

In certain circumstances you can ask for the data we hold about you to be deleted. Please note that as part of any contract we have with you, any service we still provide to you, for legal reasons, or as part of Isle of Man Government statutory functions, some information may need to be retained;

Restriction of processing

Where certain conditions apply, you have the right to restrict the processing of your data

Objection

You have the right to object to certain types of processing such as direct marketing

Objection to automated processing

Although the DOI is unlikely to carry out any automated decision-taking that does not involve some human element, under DP legislation, and subject to certain exemptions, an individual has the right to request a manual review of the accuracy of any automated decision that would significantly affect them, if they are unhappy with it

To make a complaint

In the event that the DOI refuses your request under rights of access, we will provide you with a reason why.

If you are unhappy with the way we deal with your personal information you can submit a complaint through our DPO who will work with you to resolve any issues. 

If you want to request information about our privacy policy, exercise you rights or discuss data protection in general you can email, write or speak to our DPO.

The Information Commissioner is the independent authority responsible for upholding the public's information rights and promoting and enforcing compliance with the Island's information rights legislation. Further information can be found on the Information Commissioner's website.

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of current Data Protection legislation.

• Your name
• Your address
• Your telephone and email address
• Your company name, if you are requesting information on behalf of an organisation
• Your request – we do not recommend putting any personal information into your request.
• If requested, proof of residency from you. 

Civica UK Limited act as a Processor on behalf of all the Public Authorities. Civica UK Limited use the information held in the iCasework system for the purpose of providing a system to manage FOI requests and to transfer this information to the relevant public authority. The information you provide to Civica UK Limited will be kept secure and confidential. 

Access to your information is limited to authorised staff members within our Department. The Department of Infrastructure (DOI), through the Office of Cyber Security & Information Assurance (OCSIA), has been contracted by the Public Authorities to manage system administration on their behalf. 

If you are unhappy with the response to your Freedom of Information request

If you are dissatisfied with the response to your request for information, or the way your request was handled, you have the right to request the public authority to undertake a review.

If you are still unhappy following the review, you can complain about your request to the Information Commissioner’s Office. https://www.inforights.im/complaint-handling/how-to-make-a-complaint-to-the-information-commissioner/. In this case the Public Authority to whom you have submitted your request will need to share information, such as emails we have sent or received from you with them so that the Information Commissioner can investigate the complaint. 

Storing your information

Your personal information will be held in iCasework for 12 months after the Public Authority has closed your request, or if you requested a review of your request, your personal information will be held in iCasework for 36 months after the Public Authority has closed your request.

After this time, the request will remain on the iCasework system, but all your personal information you provided at the time of the request will be deleted. 

 Your rights

The Applied GDPR (data protection legislation) provides you as a data subject with some rights to be informed of the processing of your personal data, including the right to access that data and information about the purposes for processing. 

This includes a right to correct (rectify) any information a public authority holds, or to restrict it in certain circumstances. 

As the public authority is processing your data in order to comply with its legal obligations, certain of the data protection rights do not apply, including the right to have your data deleted (erasure), transferred to another provider, the right to object to the processing, and be informed about automated decision making.  When using the iCasework site or dealing with FOI requests, a Public Authority does not make automated decisions or profile your data. 

Data Protection Officer

If you have any questions about how we process your personal information, you can speak to our Data Protection Officer regarding your rights.

Email: DPO-DOI@gov.im

Phone: +44 1624 686785

In writing to: 

Data Protection Officer
Department of Infrastructure
Sea Terminal Building
Douglas
Isle of Man
IM1 2RF

Details of rights under the data protection legislation can be found in our general privacy notice 

If you have submitted a request to another Public Authority (including the Isle of Man Constabulary, the Chief Constable being a separate controller), you should review the privacy information for that Public Authority. 

Additional information

Isle of Man Government Freedom of Information

Freedom of Information Act 2015 - legislation

Information Commissioner’s Office – Freedom of Information guidance page