Privacy Notice

How

• When you visit our websites (links to and from our website may lead to externally hosted sites which are not under our control. You are encouraged to read the privacy statement on that website)
• When you contact us for any reason whether in person, on paper, by phone or by any electronic means (eg email or website contact pages)
• When you complete a form, enter a competition or complete a survey (in person, on paper, or electronically)
• When you make a request under current Data Protection legislation, the Freedom of Information Act, and the Code of Practice on Access to Government Information
• Where you have agreed to the process
• When you make a payment by the various methods available
• When you request our services whether in person, by phone, on paper or electronically
• When you apply for grants or assistance under any scheme
• When you are subject to contract with us or are suppliers or sub-contractors
• CCTV at our sites or premises, or when you use our services or assets
• Automatic Number Plate Recognition (ANPR)
• Any other way you provide your personal information to us

We may also receive personal information indirectly such as where a third party refers to you in correspondence with us; when we contact a third party or organisation about an enquiry or complaint and they give us your personal information in their response; when a third party gives your contact details as an emergency contact or as a referee 

Equally, before you provide us with any personal data about a third party you must consider if it is appropriate for you to do so, particularly bearing in mind that they may be entitled to know that we are processing their information

We may also collect information about you from third parties such as Land Registry, for example, where we need to establish ownership of land, or where we need additional information to provide you with advice or a service.

Why

• To comply with any legal obligation we may have
• To allow the DOI to communicate with you
• To process invoices for services we provide
• To make payments to you
• For job applicants and our current and former employees
• For general administration, staff administration, education and training, accounts and records, advertising, marketing and public relations
• Giving advice or rendering professional services and provision of services of an advisory, consultancy or intermediary nature, such as pre-planning advice on highways issues
• To analyse the use and quality of our services and to make improvements
• For the prevention and detection of crime
• To help prevent and detect debt, fraud and loss
• For carrying out research and statistical analysis including risk management, economic and social research in relation to residents, visitors and our services (where no decision is made about you)
• For the provision of any service to others, such as providing bus services to organisations supporting people with particular needs

• The exercise of official authority or for the performance of a task carried out in the public interest
• The need to meet a legal obligation in carrying out statutory government functions
• The need to meet a request you have made for information or a service
• It will also be lawful for us to process data where it is necessary to protect an interest which is essential for your life or that of another person (for example a medical emergency)
• To enter into or perform a contract, or steps taken at your request prior to a contract
• Your consent – if we rely on your consent to process your information you may withdraw your consent at any time by contacting our DPO
• The need to prevent or investigate suspected or actual violations of law

The need to retain information for historical or archiving purposes by the Public Record Office under the Public Records Act 1999 – more information on retention is available from the Public Record Office

Depending on how you interact with us we may process different information about you. Below you will find an overview of the categories of information that we may collect.

When you visit or use our website we may collect information sent to us by your computer, mobile phone, or other device. For example we may collect:

We will only keep your information for the minimum time necessary and in accordance with our Information Compliance Policy and associated documents.

This may be to:

• Respond to an enquiry from you
• Continue to give you access to a service you have requested
• Comply with any legal obligations

We may retain your data for a short time (up to 6 months) beyond any specified retention period, to allow for information to be reviewed and any deletion to take place. In some instances, laws may require us to hold certain information for specific periods other than those listed above.

The Isle of Man Public Record Office holds selected records of Isle of Man public authorities that are of long-term historic and cultural value, for permanent preservation. Access to and the use of records at the Isle of Man Public Record Office is governed by legislation under the Public Records Act 1999 - more information on retention is available from the Public Record Office.

The security and confidentiality of your information is very important to us. To protect it from access by unauthorised persons and against unlawful processing, destruction and damage the DOI will:

• Have safeguards in place to make sure personal data is kept secure in compliance with any security policies and procedures;
• Ensure that your data remains under the control of our authorised controllers and processors with adequate safeguards to protect your rights
• Ensure staff are only able to view your data where it is a requirement of their role
• Not make your information available for commercial use
• Only ask you for what is needed
• Only keep it for as long as required and then dispose of it securely

All information is stored on servers that are under the control of the Isle of Man Government Technology Services, or with other system providers where we can be certain that your data remains within the jurisdiction of the Isle of Man, UK or the wider European Economic Area (EEA), or in countries that either hold Adequacy Status or have data protection legislation equivalent to, or greater than the GDPR.

We may share your information with third parties, such as:

• Other Isle of Man Government Departments, Boards and Offices to provide a service or information you have requested, or where it is otherwise lawful to do so
• With our contractors or selected third parties in order to provide services to you
• In the event of an emergency situation and with appropriate safeguards if we believe that doing so is in your vital interests, we may share your information with external public sector bodies (including other ISLE OF MAN Government Departments, local authorities, police, fire ambulance, civil defence)
• With our professional advisors for legal matters
• Any officer of any court, Government department or office, Local Authority, statutory board or governing body (such as the CAA); and the Driver & Vehicle Licensing Agency (DVLA), both in the Isle of Man and the UK, in connection with vehicle and driver licensing
• Medical practitioners, in connection with special driving licence conditions (with your prior consent)
• Insurance companies in the Isle of Man and the UK
• The police or law enforcement agencies in any country to meet international obligations e.g. for the prevention or detection of crime, this includes CCTV images or any other recordings
• Advocates and lawyers, if it is required in connection with legal proceedings or prospective legal proceedings
• The Courts and tribunals on production of a valid court order
• Isle of Man Post, for the provision of counter services on our behalf
• External organisations, who maintain and develop our information and communications infrastructure, with whom we have, or plan to have a contract agreement

We will not sell your personal data to other companies, organisations or individuals.

The DOI will only share your personal data with other companies, governments, competent authorities, organisations or individuals where it is fair and lawful for us to do so.

Under the Data Protection Act, you have rights as an individual which you can exercise in relation to the information we hold about you.  At any point while we are in possession of or processing your personal information, you have the following rights:

Access

You have the right to request a copy of the information that we hold about you.  This would be in the form of a subject access request. If we do hold information about you we'll provide you with a copy and information about what we do with it. Unless you ask us to provide it in a different way we will email this to you where you have given us an email address. You have the right to see CCTV images of yourself and, in certain situations, be provided with a copy of the images. A subject access request does not have to be in a particular format. However, to assist, we provide an information sheet that gives you details on the process and an application form to help you in forming your request. You are not required to use this form, and if you wish to make a request by phone please contact our DPO. Where you agree, we may try to deal with your request informally, for example by providing you with the specific information you need over the telephone

Rectification

You have the right to ask us to correct data that we hold about you if it is inaccurate or incomplete

Erasure (the right to be forgotten)

In certain circumstances you can ask for the data we hold about you to be deleted. Please note that as part of any contract we have with you, any service we still provide to you, for legal reasons, or as part of Isle of Man Government statutory functions, some information may need to be retained;

Restriction of processing

Where certain conditions apply, you have the right to restrict the processing of your data

Objection

You have the right to object to certain types of processing such as direct marketing

Objection to automated processing

Although the DOI is unlikely to carry out any automated decision-taking that does not involve some human element, under DP legislation, and subject to certain exemptions, an individual has the right to request a manual review of the accuracy of any automated decision that would significantly affect them, if they are unhappy with it

To make a complaint

In the event that the DOI refuses your request under rights of access, we will provide you with a reason why.

If you are unhappy with the way we deal with your personal information you can submit a complaint through our DPO who will work with you to resolve any issues. 

If you want to request information about our privacy policy, exercise you rights or discuss data protection in general you can email, write or speak to our DPO.

The Information Commissioner is the independent authority responsible for upholding the public's information rights and promoting and enforcing compliance with the Island's information rights legislation. Further information can be found on the Information Commissioner's website.

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of current Data Protection legislation.