Privacy Notice

AGC collects and processes personal data to assist with providing legal services to Government organisations. This might include advising and acting on behalf of Government organisations to help prevent and detect crime and to prosecute criminal offences, procure goods and services by Government Departments, Boards and Offices and provide services to support the above which includes:

• Accounts and records
• Administration of Justice including following instructions from a Court
• Discharging obligations in respect of statutory functions e.g to represent our clients in court proceedings which involve you
• Advertising, marketing and public relations
• Archiving, transfer and preservation of public records
• Crime prevention and prosecution of offenders
• Research
• Staff administration
• To provide assistance to other countries in legal matters

In order to carry out the services outlined above, the AGC may obtain, use and disclose personal data relating to a variety of individuals including the following:

• Advisors, consultants and other professional experts
• Charity trustees
• Customers and clients
• Complainants, correspondents and enquirers
• Offenders and suspected offenders
• Staff including volunteers, agents, temporary and casual workers
• Suppliers to AGC and other Government organisations
• Witnesses and victims

Depending on which reason above applies to your data, we may process different data about you. Below you will find an overview of the categories of data that we may collect. This information may include information provided directly by you or by another government department or third party which it is necessary for us to process to fulfil one of our functions.

The following are examples of the categories and types of data you may provide to us directly.

We use an external website for storage of Procurement services administered prior to 3 October 2022 when AGC oversaw the Procurement and e-tendering function of government, hosted by In-tend.

When you visited or used our external website for procurement we may have collected information sent to us by your computer, mobile phone, or other devices. For example we may have collected:

We will only process your personal data if there is a legal reason to do so. We may rely on:

• The need to meet the legal obligation in carrying out statutory functions
• The need to meet a request you have made for information or a service
• The need to prevent or investigate suspected or actual violations of law
• Your consent – (although it is rare for us to rely on your consent, but where we do you may withdraw your consent at any time by contacting the AGC DPO on the contact details provided further up this page.
• The need to protect public interest

The need to retain information for historical or archiving purposes by the Public Record Office under the Public Records Act 1999. For more information you can follow the link on retention by the Public Record Office.

We will only keep your information for the minimum time necessary, this may be to:

• Provide a pre-3 October 2022 history of transactions for your Procurement account to Treasury upon request
• Until we have responded to an enquiry
• Conclude legal proceedings and allow reasonable time to seek further redress
• Confirm the transfer of your information to the Department, Office or Board providing a service you have requested.

You should note that a public record we create may be selected for permanent preservation under the Public Records Act 1999. Records are only retained for longer term periods if their retention can be justified for statutory, regulatory, and legal or security reasons or for their historic value.

Further information on Public Records can be found below under the heading 'Public Records'.

In order to carry our statutory functions, AGC may disclose personal data to a variety of recipients, including some within the EU or Worldwide. This includes those from whom personal data is obtained (as listed above) and may include the following:

• Criminal Justice partners, such as the police or law enforcement agencies where there is a legal requirement to do so
• Data processors
• To support Government organisations with debt collection and tracing agencies
• Trade, employer associations and professional bodies
• Elected Representatives in their capacity as a Member of a Government organisation
• Government organisations
• Local Authorities and Commissioners
• Auditors, insurance and other compliance or regulatory body
• Current, past or prospective employers of the data subject

Disclosures of personal data will be made on a case-by-case basis, using the personal data appropriate to a specific purpose and circumstances, and with necessary controls in place;

• With or between other Government Departments, Boards and Offices to provide a service or information you have requested
• The courts on production of a valid court order or to file necessary information

The AGC will also disclose personal data to other bodies or individuals when required to do so by, or under, any act of legislation, by any rule of law and by Court Order.

AGC may check and verify the data you provide to us i.e. in application forms, legal proceedings or transactions such as property sale or acquisition. This may include checks of publicly available information but in some cases, where it is necessary and relevant to your application, the information you provide may be disclosed or shared with other organisations including our clients. This will only be done where there is a legal obligation or power for us to do so. We will do this to allow us to:

• Verify the information and documentation you have provided is correct
• Help prevent and detect crime including fraud, money laundering, identity theft or other criminal offences

AGC will:

• Keep your information safe and secure in compliance with its information security arrangements
• Only use and disclose your information as detailed above, where necessary
• Retain the information for no longer than is necessary

We will not sell to, or share, your personal data with other companies, organisations or individuals. Individual Departments may share your personal data with other companies, organisations or individuals where there is a legal requirement to do so.

AGC provides mutual assistance in criminal legal matters through a network of worldwide competent authorities. AGC assists other competent authorities and can make requests in relation to the suspected criminal activities of an individual. Should your data be transferred it will be protected by appropriate security measures and strict handling conditions regarding how the recipient may use that information.

You have the following rights in relation to your personal data;

• Right to information about processing
• Right of access
• Right to rectification
• Right to erasure (’right to be forgotten’)
• Right to restriction of processing
• Right to data portability
• Right to object to processing

To make any request relating to your personal data processed by AGC, please contact the AGC DPO using the contact details provided further up this page. We will review your request and may determine that restrictions apply in relation to the Data Protection Legislation, particularly in relation to the prosecution function.

• Your name
• Your address
• Your telephone and email address
• Your company name, if you are requesting information on behalf of an organisation
• Your request – we do not recommend putting any personal information into your request, if you are not sure what to include in your request, please contact us on agcicaseworkfoi@attgen.gov.im for assistance.
• If requested, proof of residency from you

Civica UK Limited act as a Processor on behalf of all the Public Authorities. Civica UK Limited use the information held in the iCasework system for the purpose of providing a system to manage FOI requests and to transfer this information to the relevant public authority. The information you provide to Civica UK Limited will be kept secure and confidential.

Access to your information is limited to authorised staff members within our Office. The Department of Home Affairs ('DHA'), through the Office of Cyber Security & Information Assurance ('OCSIA'), has been contracted by the Public Authorities to manage system administration on their behalf.

If you are unhappy with the response to your Freedom of Information request

If you are dissatisfied with the response to your request for information, or the way your request was handled, you have the right to request the public authority to undertake a review.

If you are still unhappy following the review, you can complain about your request to the Information Commissioner’s Office. In this case the Public Authority to whom you have submitted your request will need to share information, such as emails we have sent or received from you with them so that the Information Commissioner can investigate the complaint.

Storing your information

Your personal information will be held in iCasework for 12 months after the Public Authority has closed your request, or if you requested a review of your request, your personal information will be held in iCasework for 36 months after the Public Authority has closed your request.

After this time, the request will remain on the iCasework system, but all your personal information you provided at the time of the request will be deleted.

Your rights

The Applied GDPR (data protection legislation) provides you as a data subject with some rights to be informed of the processing of your personal data, including the right to access that data and information about the purposes for processing. 

This includes a right to correct (rectify) any information a public authority holds, or to restrict it in certain circumstances. 

As the public authority is processing your data in order to comply with its legal obligations, certain of the data protection rights do not apply, including the right to have your data deleted (erasure), transferred to another provider, the right to object to the processing, and be informed about automated decision making.  When using the iCasework site or dealing with FOI requests, a Public Authority does not make automated decisions or profile your data.

Data Protection Officer

If you have any questions about how we process your personal information, you can speak to our Data Protection Officer regarding your rights.

Email: DPO-AGC@gov.im

Phone: +44 1624 686991

In writing to:

Data Protection Officer,
Crown Division,
Attorney General’s Chambers,
Ground Floor,
Belgravia House,
34-44 Circular Road,
Douglas,
Isle of Man,
IM1 1AE

Details of rights under the data protection legislation can be found in our general privacy notice. 

If you have submitted a request to another Public Authority (including the Isle of Man Constabulary, the Chief Constable being a separate controller), you should review the privacy information for that Public Authority.

Additional information

Isle of Man Government Freedom of Information

Freedom of Information Act 2015 - legislation

Information Commissioner’s Office – Freedom of Information guidance page

If you are unhappy with the way we deal with your personal data you can submit a complaint to the AGC DPO using the contact details provided further up this page, who will work with you to resolve any issues.

If you are not satisfied with the response you receive, you may also complain to the Information Commissioner or the relevant supervisory authority. You may have a right to other remedies.

The Information Commissioner is the independent regulator responsible for enforcing the Manx Data Protection Legislation and can provide useful information about the data protection requirements on the Isle of Man. The Information Commissioner's Office may be contacted using the following:

Your personal data may be permanently retained for research use at the Isle of Man Public Record Office if the records containing your personal data are selected for permanent preservation under the Public Records Act 1999. The Isle of Man Public Record Office preserves records of Isle of Man public authorities that are of long-term historic and cultural value.

Access to and use of records at the Isle of Man Public Record Office is governed by legislation, in particular the Public Records Act 1999, the Public Records Order 2015 and the Freedom of Information Act 2015.

Some records are made available to the public for research use, whilst others are covered by access restrictions to ensure sensitive information that should be confidential for a period of time is protected. Where your personal data is included in records transferred to the Record Office, an assessment will be made of whether the records should be covered by an access restriction based on this legislation. Access restrictions will be applied to records as appropriate under this legislation to prevent unlawful access to your personal data. Your personal data will not be used by the Isle of Man Public Record Office for any automated decision making.

The Isle of Man Public Record Office is part of the Department for Enterprise and can be contacted at:

Email: public.records@gov.im

Unit 40A,
Spring Valley Industrial Estate,
Braddan,
Isle of Man,
IM2 2QS

The Department for Enterprise DPO can be contacted by email at DPO-DfE@gov.im