Gov.im uses cookies to make the site simpler. Find out more about cookies

Privacy Notice – Isle of Man CAA & Isle of Man Aircraft Registry

The Isle of Man Civil Aviation Administration (IOMCAA) and Isle of Man Aircraft Registry (IOMAR) are a division of the Isle of Man Government Department for Enterprise (known as "DfE"). This Privacy Notice tells you what to expect when the IOMCAA and IOMAR collects and uses personal information, including how we use our websites.

Notice Issued under DfE Data Protection Policy on 17-May-2018; subject to annual review

How we use your information

This privacy notice tells you what to expect when IOMCAA and IOMAR collects personal information on our websites. It applies to information we collect when people:

  • Visit any of our websites, www.gov.im/caa, www.iomaircraftregistry.com, or https://ardis.aircraft.im
  • Contact us by email, in person or over the phone
  • Consent to the use of cookies or passive technologies on your browser
  • Make a subject access request or other data subject rights request
  • Make a request under the Code of Practice for Access to Government Information (“Access Code”) or Freedom of Information Act 2015

This Privacy Notice also provides information on:

Visit our Websites

HowWhatSpecial Category data?Legal basis
When you make a notification  to us or make an application for:         
  • Permissions 
  • Registration 
  • Authorisations 
  • Variations 
  • Exemptions 
  • Validations 
  • Approvals 
  • Issuance of any other certificate or document
Your name and contact details and if applicable license / training / photographic identification / nationality / date of birth / medical details in support of your application / notification  In certain circumstances, medical details may be collected to satisfy a requirement under the Air Navigation (Isle of Man) Order 2015 as amended for provision of the service requested Statutory Obligations resultant from:
  • The Civil Aviation Act 1982 as amended and as applied to the Isle of Man
  • The Airports and Civil Aviation Act 1987 (ATO10 of 1987)
Or in order to fulfil our Public Task to notify you as necessary of any safety, regulatory, industry or registry changes which may affect the continued compliance of your aircraft whilst on the register, or any information/processes for application/ notification to us
When you make a payment (including all methods of payment) on https://ardis.aircraft.im   Your name, contact details and any other personal information you provide in order to complete the payment No In order to fulfil our Public Task to process your personal information in order to complete your payment for services we have provided to you
When you request a service via ARDIS https://ardis.aircraft.im Your name and contact details and any other personal information you provide in order to complete your request No We process your information in order to fulfil your request.

Stored and secured

We securely store personal information electronically and manually:

  • Ongoing email communications are stored on our Isle of Man Government email system, Microsoft Outlook; and dependent on the nature of your enquiry, in one of our
  • Records management tools: ARDIS, or the Isle of Man Government secure network.
  • All our online services and websites are secure.

Access by

Employees of the IOMCAA, IOMAR and their contracted suppliers for the provision of specific services and authorised online services users have access.

Shared to

By law we may be required to share some information with other regulatory or enforcement authorities for legitimate interests. Non-sensitive personal information may be shared in order to support and enable the interaction of aviation activities e.g. with specific airport and/or air traffic control organisations or with the registered owner, operator, flight operations representative, or nominated airworthiness technical representative for a particular aircraft; with other regulatory authorities for legitimate interests.

Retention

Retention details are held within our Information and Records Management Policy – Retention of Records Procedure. Please contact our Data Protection Officer for more information.

Contact us by email, in person or over the phone or on our webform

We will only ask for your name and contact details. You may choose to provide extra information if you are making an enquiry.

Email mailboxes are accessed by only staff of IOMCAA and IOMAR who are able to allocate enquiries out to the team who will be able to address your enquiry or request.  Such emails will only be shared outside the Department with your knowing, and only do so in order to address your enquiry or request.

We securely store personal information electronically and manually:

  • Ongoing email communications are stored on our Isle of Man Government email system, Microsoft Outlook
  • We have two main records management tools both specifically designed for the type and use of the information recorded; depending on the nature and destination of your communication, your information will likely be stored in either: ARDIS or the Isle of Man Government secure network.

In normal circumstances we will only keep a record of this communication in an active area (e.g. emails will be used in Outlook) until the request or enquiry has been fulfilled; after this time they will be kept in accordance with our document retention policy.

When you make a request under the Code of Practice for Access to Government Information ('Access Code') or Freedom of Information 2015

How

You may decide to write to us to request information in accordance with the Access Code (for information created before 10-Oct-2011) or send us a paper or electronic form in accordance with the Freedom of Information (FOI) Act 2015 (for information created after 10-Oct-2011)

What

In order for us to fulfil your request, you will be asked for your name, address; telephone number or email address (to contact you about your request); any other information to allow us to identify you or your information. By providing this personal information to us you consent to us using the personal information for the purpose of processing your request. We do not need any other personal information in order to process your request and you should only submit the information requested above.

Legal basis

DfE collects and processes your personal information to allow us to respond to requests for information made under the Freedom of Information Act 2015 or the Access to Government Information Code

Stored and secured

  • Access Code: DfE manages requests entirely on the secure Government network.
  • FOI: electronic requests are automatically submitted to DfE via the secure FOI management system, iCasework; paper requests are sent to DfE’s Information Governance and Privacy Team, where requests are then manually added and managed on iCasework. Here your data will be stored and held as is set out in the Cabinet Office Privacy Policy.

Access by

  • Access Code: Only the DfE Information Governance and Privacy Team
  • FOI: As the Cabinet Office manage iCasework, the Cabinet Office are joint controllers for this information; iCasework Limited act as a Data Processor on behalf of the Cabinet Office. The Cabinet Office therefore have access to the personal information; iCasework have access to the system in order to maintain it.

Shared to

Neither Access Code nor FOI requests are routinely shared with anyone; occasionally the requests themselves may be shared with other Government bodies in order to provide or advise on an answer, but no personal information would be shared. In addition, FOI request responses are routinely added to the Isle of Man Government FOI Request Publication Log online; again, no personal information is included here.

Retention

Your personal information will be held for a period of one year after your request has been closed; on the DfE network for Access Code requests, and on iCasework for FOIs.

When you make a Data Subject Rights request (e.g. a subject access request)

How

Under the Data Protection Act, you have rights as an individual which you can exercise in relation to the information we hold about you. At any point while we are in possession of or processing your personal information, you, the data subject, have the following rights:

Access

You have the right to request a copy of the information that we hold about you

Rectification

You have a right to correct data that we hold about you that is inaccurate or incomplete

Erasure

In certain circumstances you can ask for the data we hold about you to be erased from our records

Restriction of processing

Where certain conditions apply, you have a right to restrict the processing of your data

Portability

You have the right to have the data we hold about you transferred to another organisation

Objection

You have the right to object to certain types of processing such as direct marketing

Objection to automated processing

You also have the right to be subject to the legal effects of automated processing including profiling

Judicial review

In the event that the Department for Enterprise refuses your request under rights of access, we will provide you with a reason as to why. You then have the right to complain as outlined in Complaints

You can make any of these requests by contacting any member of DfE staff, contractors or our third parties, or contacting our Data Protection Officer directly using the details at the end of this notice. You may wish to speak to the Data Protection Officer about your request in person or over the phone ahead of making your request.

What

In order for us to fulfil your request, you will be asked for the following; your: name; address; telephone number or email address (to contact you about your request); any other information to allow us to identify you or your information

Shared to

Your personal information for the purposes of a Data Subject Rights request will only be shared if your are requesting one of the above rights be extended to our third parties or contractors that may be processing your personal data on our behalf (i.e. they are our Data Processors). We will contact the data processors to advise them of your request in order for them to fulfil your request also. You will be advised if this is the case.

Retention

Data Subject Rights requests and any disclosure correspondence will be kept for three years following the closure of the request. However, requests where there has been a subsequent appeal (either to the DfE Data Protection Officer or the Isle of Man Information Commissioner) will be kept for 6 years following the closure of the appeal.

Consenting to the use of Cookies and Passive Technologies on your Browser

What is a Cookie?

Cookies and passive technologies are pieces of information that a website transfers to your computer. Cookies can make the web more useful by storing information about your preferences on particular sites, enabling us to provide more useful features for you.

Withdrawing consent to cookie and passive technology use

You can usually manage and disable all cookies and passive technologies directly through your internet browser; you may therefore find it helpful to check the guidance provided by your internet browser provider. The most common providers and links to their guidance on cookies and passive technologies have been provided below:

Google Chrome

support.google.com/chrome/answer/95647?hl=en

Microsoft Internet Explorer

support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Microsoft Edge

privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy

Mozilla Firefox

support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Apple Safari

support.apple.com/kb/ph21411?locale=en_US

Opera

opera.com/help/tutorials/security/privacy

Cookies we use

WebsiteCookieNamePurposeExpires
www.iomaircraftregistry.com Cloudflare _crduid This cookie is part of our content delivery network. It is used to override any security restrictions based on the IP address you are coming from and protect website availability and performance. This cookie does not store any personally identifiable information about you. 6 years
ISA Web Publishing Load Balancing ISAWPLB When using an ISA Server to handle load balancing and web requests an ISA server will place Cookies to allow ISA Server to internally configure routes for internal requests. This cookie is deleted when you close your browser. Session
Google Analytics _ga Used to distinguish users. You can opt out of Google Analytics cookie. 2 years
Google Analytics cookies _gat Used to throttle request rate. 10 minutes
Google Analytics cookies _utma Determines the number of unique visitors to the site 2 years
Google Analytics cookies _utmb This works with _utmc to calculate the average length of time you spend on our site 30 minutes
Google Analytics cookies _utmc This works with _utmb to calculate when you close your browser when you close your browser
Google Analytics cookies _utmvz This provides information about how you reached the site (e.g. from another website or a search engine)  6 months
www.gov.im/categories/business-and-industries/civil-aviation-administration-caa Cloudflare cookie _crduid This cookie is part of our content delivery network. It is used to override any security restrictions based on the IP address you are coming from and protect website availability and performance. This cookie does not store any personally identifiable information about you. 6 years
Device cookie Device If you decide to switch to the mobile site (or to the desktop site from mobile), then we use a cookie to remember this choice in order to serve your preferred layout of the site.  6 months
ISA Web Publishing Load Balancing cookie ISAWPLB When using an ISA Server to handle load balancing and web requests an ISA server will place Cookies to allow ISA Server to internally configure routes for internal requests. This cookie is deleted when you close your browser. Session
Page Rating cookies PageRating1234 A cookie is set when you rate a page. The cookie stores the date and time you rated the page. The cookie is used to track which pages have been rated. The number in the name of the cookie is the ID of the page, i.e. "PageRating6397". 2 weeks
AddThis cookies Various We use AddThis to enable you to share our pages with social media sites such as Facebook and Twitter. AddThis uses several cookies to generate statistics on social media sharing. 2 years
Google Analytics cookies _ga Used to distinguish users. You can opt out of Google Analytics cookie. 2 years
  _utma Determines the number of unique visitors to the site 2 years
  _utmb This works with _utmc to calculate the average length of time you spend on our site 30 minutes
  _utmc This works with _utmb to calculate when you close your browser End of session
  _utmvz This provides information about how you reached the site (e.g. from another website or a search engine) 6 months
https://ardis.aircraft.im Debugging fw-debugxml Determines whether XML debugging is allowed Session
AJAX calls fw-uic2ajax Determines whether AJAX calls are allowed Session
Encrypted User Name u Encrypted user name (to authenticate user) Session
Encrypted password p Encrypted password ( to authenticate user) Session
Request token __RequestVerificationToken Request token (to prevent cross site request forgery) Session
Web Session ID fw-session Determines web session identification Session

Why will we process personal data (aka “the legal basis”)

We will only process your personal information if a lawful basis exists:

Consent

if we rely on your consent to process your information, we will make it obvious what we are asking for consent to do and always tell you how you can withdraw your consent e.g. registering for services, newsletters and competitions.

Public task

if it is the public interest for us to collect or store e.g. when handling enquiries from members of the public

Statutory obligation

Information Rights requests (e.g. data subject rights requests) are made using provisions within either the Freedom of Information Act 2015 or Data Protection Act 2002. We are unable to fulfil these requests without processing your personal information.

How will we securely process personal data?

All personal information is kept with the highest standards and safeguards in place. This includes technical security, preventing unauthorised access, undertaking audits and maintaining backups:

  • Emails - Email communications are stored on our Isle of Man Government email system, Microsoft Outlook. We encrypt and protect all our emails in line with government standards. If your email service does not support this encryption, you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law

  • IOMCAA and IOMAR Secure Networks – There are strict access controls in place meaning that only those within specific Divisions can access team folders; in addition, only the teams within the Divisions who are able to access personal information, are those that have a business need to do so. The administration of the IOMCAA and IOMAR Secure Networks is undertaken by Government Technology Services in the Cabinet Office and PDMS Ltd as an authorised contracted supplier

  • Manual records - We do not routinely store manual records, however, those that are already in storage and an new records we are required to hold any manually are either stored onsite or in a third party storage facility with whom we have a data protection agreements in place.

Miscellaneous

Under what circumstances can DfE, IOMCAA or IOMAR contact me?

Our aim is never to be intrusive, and we aim to always avoid asking irrelevant or unnecessary questions. Moreover, any information you provide us will always be subject to rigorous measures and procedures to maintain your privacy. You will never be contacted by a means you did not consent to when providing us with your data.

Retention period

We only use personal information for as long as it is needed and will store it for the shortest amount of time possible, in accordance with the law. 

Public Records and Law Enforcement

Your personal information may be permanently retained for research use at the Isle of Man Public Record Office if the records containing your personal data are selected for permanent preservation under the Public Records Act 1999. The Isle of Man Public Record Office preserves records of Isle of Man public authorities that are of long-term historic and cultural value. To find our more, please contact the Public Records Office or the DfE Data Protection Officer.

Your personal information may also be processed by, and therefore shared to, competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties. To find our more, please contact the Isle of Man Information Commissioner or the DfE Data Protection Officer.

Processing special category (sensitive) data and the data of children (under 16s)

We have to put additional measures in place if we plan to process any special category personal data, including ethnic origin or religion; however, DfE, IOMCAA and IOMAR do not process any special category personal information using our websites. In order to process the personal information of children, we would have to put additional measures in place because they may be less aware of the risks involved. DfE, IOMCAA and IOMAR do not target any services to children and do not process the personal information of children for marketing purposes, competitions or registering for services or user profiles.

Sending us private message on social media

In addition to this website, DfE, IOMCAA and IOMAR also have social media platforms. You may choose to provide us with personal information on our social media platforms; we ask that you do also check the platform’s privacy policy and terms of service prior to sending us anything.

Social media message boxes are accessed by the team responsible for that service/product; this includes the Marketing and Business Intelligence Division, who have responsibility for maintaining DfE’s social media platforms. Such messages will only be shared outside DfE with your knowing, and only in order to address your enquiry or request. The Marketing and Business Intelligence Division may at certain times require a third party to manage DfE’s social media; if this happens this policy will be revised.

Contact details

For any privacy enquiries, please feel free to contact our Data Protection Officer, or the Isle of Man Information Commissioner:

Department for Enterprise Data Protection Officer
St George's Court 
Upper Church Street 
Douglas 
Isle of Man, IM1 1EX

Email: DPO-DfE@gov.im
Tel: +44 1624 686733

Isle of Man Information Commissioner
Isle of Man Information Commissioner
P.O. Box 69
Douglas 
Isle of Man, IM99 1EQ

Web: inforights.im
Email: ask@inforights.im
Tel: +44 1624 693260

Complaints

In the event that you wish to make a complaint about how your personal information is being processed by the DfE, IOMCAA or IOMAR (or third parties), or how your complaint has been handled, you have the right to lodge a complaint directly with our Data Protection Officer in the first instance; as well as the Isle of Man Information Commissioner.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of DfE’s, IOMCAA’s or IOMAR’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the Data Protection Officer using the above contact details.

Did you find what you were looking for?
Back to top