Deeds and Probate Registry privacy notice

Visit our website

If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it; it will be kept securely, and the only people who have access to personal information are those who have a legitimate need to.

The Deeds & Probate Registry website is part of the Isle of Man Government website, www.gov.im, which is owned by the Cabinet Office. Their Privacy Notice in relation to how you use gov.im and the use of cookies, can be found at the top of each page next to the Terms and Conditions.

Contact us by email, in person, by post or over the phone

If you contact us to make an enquiry about our services you will need to provide us with your name, contact details and any other information necessary to enable us to help you. We process this information to answer your enquiry.  

Details of any financial transaction will be retained within our daily accounting records for 6 years. Such data will be treated with the utmost confidentiality and respect. Only Central Registry team members can access the information; it will be held securely, for a minimum of 6 years and a maximum of 25 years, according to the retention periods defined by our retention schedule.

How we securely process personal data

All personal information is kept with the highest standards and safeguards in place. This includes technical security, preventing unauthorised access, undertaking audits and maintaining backups:

• Emails - Email communications are stored on our Isle of Man Government email system, Microsoft Outlook for the duration of your enquiry/request. Email mailboxes are accessed by the team responsible for that service/product. Such emails will only be shared with your knowing, and only in order to address your enquiry or request.
  
  We encrypt and protect all our emails in line with government standards. If your email service does not support this encryption, you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
  
  
• Isle of Man Government Secure Network – There are strict access controls in place meaning that only the Central Registry team and senior managers have access to their folders on the network; in addition, only the teams within the Central Registry who are able to access personal information, are those that have a business need to do so. The administration of the IOMG Secure Network is undertaken by Government Technology Services in the Cabinet Office; however, they are unable to access the content of any records and so will not be able to access your personal information.
  
  
• Manual records – If we need to hold your personal information manually, we will hold it on site in our own secure, restricted access storage areas.

If a member of the Central Registry team believes your communication identifies criminal or other illegal activity they may notify the Police or other regulators on the Isle of Man. We will not seek your consent for this disclosure.

How we receive your person data

The Probate Registry is responsible for the safekeeping of probate records following the issue of a Grant of Probate from the High Court. A deed is any legal instrument in writing which passes, affirms or confirms an interest, right, or property and that is signed, attested, delivered, and in some jurisdictions, sealed. We collect and receive this information directly from applicants, and sometimes from other organisations, such as Advocates, Accountant or other financial institutions. This section of the privacy notice sets out how the Registrar General (“the registrar”) handles the personal data and sets out how the registrar ensures that the Deeds and Probate Registers comply with the requirements of the General Data Protection Regulation (GDPR).

As a registration authority, we have a statutory obligation to compile and maintain public registers, and to make these registers available for public inspection. This is essential to ensure the information is transparent and readily available by placing certain information in the public domain.

The Deeds & Probate Registry is responsible for maintaining the following registers:

• Register of Deeds under the Registration of Deeds Act 1961
• Register of Grants of Probate under the Registration of Deeds Act 1961

To compile these registers we collect information that is prescribed within the appropriate acts of Tynwald. Deeds and Grants of Probate are delivered to the Deeds & Probate Registry where they are made available for public inspection. We keep this data permanently as part of our statutory obligations.

Identity of controller and Data Protection Officer (DPO)

The Registrar General (The registrar) is the controller of your personal data. This means it is the registrar who decides how and why your personal data is processed. The registrar does this by referring to the statutory provisions within the Acts that establish the respective registers.

Department for Enterprise Data Protection Officer:

St George’s Court, 
Upper Church Street, 
Douglas, 
Isle of Man, 
IM1 1EX

Tel: +44 1624 686733
Email: DPO-DfE@gov.im 

Isle of Man Information Commissioner:

Isle of Man Information Commissioner, 
P.O. Box 69, 
Douglas, 
Isle of Man, 
IM99 1EQ

Tel: +44 1624 693260 
Email: ask@inforights.im  
Web: inforights.im

Purpose for processing

Personal data featuring on the public registers maintained by the registrar is processed for the purpose of making data available for public inspection under a statutory obligation. The registrar’s legal basis for processing is described in more detail in the attached schedule.

Lawful basis for processing

The registrar is required by provisions with the Registration of Deeds Act 1961 to receive and make information, including personal data, publicly available.

The Data Protection Act 2018 introduces some domestic exemptions. In the GDPR and LED Implementing Regulation (Schedule 9, Part 1, Para 6) Information required to be disclosed by law etc. or in connection with legal proceedings.

“The listed GDPR provisions do not apply to personal data consisting of information that the controller is obliged by an enactment to make available to the public, to the extent that the application of those provisions would prevent the controller from complying with that obligation.”

Since the registrar is required to make information available to the public, they are entitled to rely on this exemption. Therefore, they have an exemption from some elements of the GDPR, including:

• the requirement to provide ‘privacy notices’ to individuals
• the requirement to provide personal data in response to subject access requests
• the requirement to rectify personal data when it is inaccurate
• the requirement to comply with requests to be ‘forgotten’
• other principles of the GDPR

This means it is unlikely the registrar will be required, or able, to comply with any exercise of these GDPR rights in respect of personal data appearing on the public register. For example, the registrar will be unable to comply with any request for an individual to be ‘forgotten’ from the public register where there is a legal obligation on the registrar to continue to make this personal data available.

The registrar is also under no obligation to provide information free of charge if a statutory fee is prescribed to provide the information. The information will be provided upon payment of the prescribed statutory fee.

The registers maintained by the registrar may be available through the Isle of Man Government online services website which is owned by the Cabinet Office:

If you have any queries or concerns about this, please contact the DPO at:

Email: DPO-DfE@gov.im

Presenters’ details

If you file a deed or grant of probate it may include certain contact details for the presenter of the form. If you include these presenter details, they’ll be placed onto the public record in the same way as all other information contained within deed or grant of probate.

What we do with your data

We’re required by law to publish some of your personal data on the register. The register is publicly available and accessible by anyone.

Commercial organisations sometimes use data from the register to create their own online products. These organisations then become controllers of your personal data. These organisations must establish how they comply with the data protection law as set out in the GDPR. If you have any concerns about company data on third party products and websites, please contact the organisation directly. We are not able to advise other organisations on GDPR compliance, and we cannot advise you on whether other organisations are complying with the law.

Non-public data

All information is available to the general public.

Data processors

Since the registrar is a controller for personal data appearing on the register, the registrar is not acting as a data processor (as defined by the GDPR) when maintaining a public register. Individuals, companies, agents and other representatives provide personal data for the public register because they’re required to by law, and not for the registrar to process personal data on their behalf.

Overseas transfers

The registers maintained by the Deeds & Probate Registry are freely accessible and available to the public, including overseas. Article 15(1)(g) of the GDPR states that a transfer of personal data overseas can take place in the absence of specific safeguards where the transfer is made from a register intended to provide information to the public. This means we do not need to consider the adequacy of data protection regimes in all countries before making the public register freely available online.

Retention of personal data

We keep this data permanently as part of our statutory obligations.

Complaints

If you have a complaint about the way we are managing your personal data, you can let us know in the first instance by writing to: DPO-DfE@gov.im

If you are still dissatisfied, you can raise your concerns with:

Isle of Man Information Commissioner:

Isle of Man Information Commissioner,
P.O. Box 69, 
Douglas, 
Isle of Man, 
IM99 1EQ

Tel: +44 1624 693260 
Email: ask@inforights.im 
Web: inforights.im

If you have contacted us with a complaint or enquiry

You may have written to us, or contacted us by phone, because you have a complaint, or to ask a question. This section of the privacy notice sets out how we comply with GDPR in handling your correspondence.

If you contact us by phone or in writing, we have no control over the personal data you include in your correspondence, or that you tell us about. We would always advise you to limit the amount of personal data you include in your correspondence, as much as possible. Once received, your personal data will be handled in line with the following privacy notice. This also applies to the personal data of any third-parties that can be identified from your correspondence.

Identity of controller and Data Protection Officer (DPO-DFE)

The registrar is the controller of your personal data. This means it is the registrar who decides how and why your personal data is processed. As the registrar is responsible for operating the register, they are also responsible for handling complaints and queries about the register.

Purpose for processing

When you write to us or call us with a complaint or enquiry, your personal data will only be used for the purpose of handling, investigating and resolving your issue. We will use the contact details provided to respond to your correspondence. If you have made a complaint about a third-party, we may use the contact details you have provided for them to investigate your issue.

Call recording

Telephone calls are not recorded by the Central Registry. An answer phone may be used during busy periods and any recording is deleted as soon as the enquiry is dealt with.

Lawful basis for processing

Our core public function is to provide a public register that are available for anyone to inspect. We consider the handling of complaints and enquiries about the public register a necessary process for this public function.

Retention of personal data

The Registrar general retains written correspondence from customers but does not make this information available to the public. Correspondence may be retained for a minimum of 6 years and a maximum of 25 years, according to the retention periods defined by our retention schedule. 

Individual rights

The GDPR provides certain rights that individuals may exercise in respect of their own personal data. If you want to exercise any of these rights, you can contact the DPO-DFE.

There may be some circumstances in which we cannot comply with your request. Such as, if we have a legal duty to keep data, or to process it in a particular way. We will handle all requests to exercise GDPR rights on a case-by-case basis.

Complaints

If you have a complaint about the way we are managing your personal data, you can let us know in the first instance by writing to DPO-DfE@gov.im

If you are still dissatisfied, you can raise your concerns with:

Isle of Man Information Commissioner:

Isle of Man Information Commissioner,
P.O. Box 69,
Douglas,
Isle of Man,
IM99 1EQ

Tel: +44 1624 693260
Email: ask@inforights.im
Web: inforights.im

If you are a subscriber to our web services, or Conduct searchers of the public register

All searches and web services are conducted through the Isle of Man Government online services website which is owned by the Cabinet Office. The privacy notice for this service is available here:

https://services.gov.im/terms-and-conditions/privacy-notice

If you have any questions on this Privacy Notice please email the Cabinet Office Data Protection Officer. Email: DPO-CabOff@gov.im   

In respect of payment for services supplied to you by the Central Registry - either to debit the account maintained by you with the search / transaction fees incurred by you, or to debit your debit/credit card if you opt to use same to pay for those services. Our policy is to retain the minimum amount of information necessary to be able to deal with any subsequent queries regarding the transaction.