Privacy Notice

AGC collects and processes personal data to assist us to provide legal services to Government organisations. This might include advising and acting on behalf of Government organisations to help prevent and detect crime and to prosecute criminal offences, procure goods and services by Government Departments, Boards and Offices and provide services to support the above which includes:

• Accounts and records
• Administration of Justice including following instructions from a Court
• Advertising, marketing and public relations
• Archiving, transfer and preservation of public records
• Crime prevention and prosecution of offenders
• Research
• Staff administration
• To provide assistance to other countries in legal matters
  
  

In order to carry out the services outlined above, the AGC may obtain, use and disclose personal data relating to a variety of individuals including the following:

• Advisors, consultants and other professional experts
• Customers and clients
• Complainants, correspondents and enquirers
• Offenders and suspected offenders
• Staff including volunteers, agents, temporary and casual workers
• Suppliers to AGC and other Government organisations
• Witnesses and victims

We use your personal data in line with the rules set out in Manx Data Protection legislation for the following reasons:

• To allow Government Departments, Boards and Offices to communicate with you
• To provide legal advice to the public service on decisions it makes which may affect you personally, such as defending against litigation you take against a Department, Board or Office
• To process procurement applications that you make
• To safeguard vulnerable children and adults
• To represent our clients in court proceedings which involve you
  
  

Depending on which reason above applies to your data, we may process different data about you. Below you will find an overview of the categories of data that we may collect. This information may include information provided directly by you or by another government department or third party which it is necessary for us to process for the prevention of crime and prosecutions. If you use a link to any website operated by a Department, Board or Office of the Isle of Man Government, or any external website, you should make sure you read the privacy policy or fair processing notice on that website page to find out what it does with your information.

The following are examples of the categories and types of data you may provide to us directly.

We use an external website for Procurement services and e-tendering, hosted by In-tend.

When you visit or use our external website for procurement we may collect information sent to us by your computer, mobile phone, or other device. For example we may collect:

We will only process your personal data if there is a legal reason to do so. We may rely on:

• The need to meet the legal obligation in carrying out statutory government functions
• The need to meet a request you have made for information or a service
• The need to prevent or investigate suspected or actual violations of law
• Your consent – (although it is rare for us to rely on your consent, but where we do you may withdraw your consent at any time by contacting the Data Protection Officer for the relevant part of government.
• The need to protect public interest

The need to retain information for historical or archiving purposes by the Public Record Office under the Public Records Act 1999. For more information  you can follow the link on retention by the Public Record Office.

We will only keep your information for the minimum time necessary, this may be to:

• Provide a history of transactions for your Procurement account
• Until we have responded to an enquiry
• Conclude legal proceedings and allow reasonable time to seek further redress
• Confirm the transfer of your information to the Department, Office or Board providing a service you have requested.

You should note that a public record we create may be selected for permanent preservation under the Public Records Act 1999. Records are only retained for longer term periods if their retention can be justified for statutory, regulatory, and legal or security reasons or for their historic value.

Further information on Public Records can be found below under the heading 'Public Records'.

In order to carry our statutory functions, AGC may disclose personal data to a variety of recipients, including some within the EU or Worldwide. This includes those from whom personal data is obtained (as listed above) and may include the following:

• Criminal Justice partners, such as the police or law enforcement agencies where there is a legal requirement to do so
• Data processors
• To support Government organisations with debt collection and tracing agencies
• Trade, employer associations and professional bodies
• Elected Representatives in their capacity as a Member of a Government organisation
• Government organisations
• Local Authorities and Commissioners
• Auditors, insurance and other compliance or regulatory body
• Current, past or prospective employers of the data subject

Disclosures of personal data will be made on a case-by-case basis, using the personal data appropriate to a specific purpose and circumstances and with necessary controls in place.

• With or between other Government Departments, Boards and Offices to provide a service or information you have requested
• The courts on production of a valid court order or to file necessary information

The Attorney General’s Chambers will also disclose personal data to other bodies or individuals when required to do so by, or under, any act of legislation, by any rule of law and by Court Order.

AGC may check and verify the data you provide to us i.e. in application forms, legal proceedings or transactions such as property sale or acquisition. This may include checks of publicly available information but in some cases, where it is necessary and relevant to your application, the information you provide may be disclosed or shared with other organisations including our clients. This will only be done where there is a legal obligation or power for us to do so. We will do this to allow us to:

• Verify the information and documentation you have provided is correct
• Help prevent and detect crime including fraud, money laundering, identity theft or other criminal offences
  
  

AGC will:

• Keep your information safe and secure in compliance with its information security arrangements
• Only use and disclose your information as detailed above, where necessary
• Retain the information for no longer than is necessary and your information will be permanently deleted once the timeframes set out below have been reached (there is an authorisation process to dispose of this in line with our Records Management Policy and retention periods as outlined below (unless there is an over-riding reason to retain this information, such as for preservation as a public record).

We will not sell to, or share, your personal data with other companies, organisations or individuals. Individual Departments may share your personal data with other companies, organisations or individuals where there is a legal requirement to do so.  For information on how your information may be shared by an individual Department, please click on the relevant Department link.

AGC provides mutual assistance in criminal legal matters through a network of worldwide competent authorities. AGC assists other competent authorities and can make requests in relation to the suspected criminal activities of an individual. Should your data be transferred it will be protected by appropriate security measures and strict handling conditions regarding how the recipient may use that information.

You have a right to access your personal data to ensure that it is accurate, and to request that it is rectified, blocked, erased or destroyed if it is inaccurate.  We will review your request and may determine that exemptions apply in relation to the Law Enforcement Directive, particularly in relation to the prosecution function.

To make any request relating to your data held by us, please contact the Data Protection Officer (DPO) for the AGC at DPO-AGC@gov.im

You can review your personal information and ensure it is accurate

Where possible we will provide you with access to the information we hold about you so that you can view this information and provide a means for you to have this information changed if it is not accurate.

Alternatively you can ask for information we hold about you to be amended by sending your request to the DPO at DPO-AGC@gov.im

To remove your personal information

Where possible we will provide you with access to the information we hold about you so that you can view this information and request that your information is deleted.

Alternatively you can ask for information we hold about you to be deleted by sending your request to the DPO at DPO-AGC@gov.im

To ask if we hold personal information about you

You can ask to see what information we hold about you by submitting a Subject Access Request to the DPO at DPO-AGC@gov.im.

If you are unhappy with the way we deal with your personal information you can submit a complaint to the DPO for AGC, who will work with you to resolve any issues.

If you are not satisfied with the response you receive, you may also complain to the Information Commissioner  or the relevant supervisory authority. You may have a right to other remedies.

The Information Commissioner is the independent regulator responsible for enforcing the Manx Data Protection Legislation and can provide useful information about the data protection requirements on the Isle of Man. The Information Commissioner's Office may be contacted using the following:

Your personal data may be permanently retained for research use at the Isle of Man Public Record Office if the records containing your personal data are selected for permanent preservation under the Public Records Act 1999. The Isle of Man Public Record Office preserves records of Isle of Man public authorities that are of long-term historic and cultural value.

Further information on Public Records retention is available.

Access to and use of records at the Isle of Man Public Record Office is governed by legislation, in particular the Public Records Act 1999, the Public Records Order 2015 and the Freedom of Information Act 2015.

Some records are made available to the public for research use, whilst others are covered by access restrictions to ensure sensitive information that should be confidential for a period of time is protected. Where your personal data is included in records transferred to the Record Office, an assessment will be made of whether the records should be covered by an access restriction based on this legislation. Access restrictions will be applied to records as appropriate under this legislation to prevent unlawful access to your personal data. Your personal data will not be used by the Isle of Man Public Record Office for any automated decision making.

The Isle of Man Public Record Office is part of the Department for Enterprise and can be contacted at:

Email: public.records@gov.im

Unit 40A,
Spring Valley Industrial Estate,
Braddan,
Isle of Man,
IM2 2QS

The Department for Enterprise Data Protection Officer can be contacted by email at DPO-DfE@gov.im