Isle of Man Nationality Service Privacy Notice

The Isle of Man Nationality Service collects and processes personal information to fulfil its legal and statutory functions for each of the services it is responsible for. We only use, gather and share personal information where we have an appropriate legal basis to do so under the Annex to the Data Protection (Application of the GDPR) Order 2018 (SD 2018/0143) ('Applied GDPR').

The legal basis for the processing of personal data will be Article 6(1)(c) of the Applied GDPR, namely that processing is necessary for compliance with a legal obligation to which the controller is subject.

Personal data may also be processed in order to carry out a requested task for you or because is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller and where the official functions are underpinned by common law or statute.

Your personal data may also be processed in accordance with Article 6(1)(e) of the Applied GDPR, namely that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller and where the official functions are underpinned by common law or statute. 

• We will not sell your personal data to other companies, organisations or individuals
  
  
• We will share data for law enforcement purposes and to prevent fraud and to assist other organisations in delivering their statutory functions

These include, for example:

• law enforcement agencies to support the prevention of crime, or for national security purposes – this may include international agencies, for example, Interpol
  
  
• organisations involved in the prevention of fraud – for example credit reference agencies
  
  
• local authorities and charity organisations to assist them in delivering their statutory duties in particular protecting children and other vulnerable individuals in the community
  
  
• HMRC, DWP and the NHS in relation to rights to access public services
  
  
• Other government departments and agencies as necessary for them to deliver their statutory duties and public functions
  
  
• Isle of Man Courts and Tribunals Service in relation to appeals or legal actions
  
  
• Current, past and prospective employers

We have a duty to safeguard and ensure the security of your personal information. We do that by having systems and policies in place to limit access to your information and prevent unauthorised disclosure. Staff who access personal information have appropriate security clearance and a business need for accessing the information. Their activity is subject to audit and review. How we gather and use your personal information

The Treasury collects and processes personal information to fulfil its legal and statutory functions. We only use, gather and share personal information where we have an appropriate legal basis to do so under the Annex to the Data Protection (Application of the GDPR) Order 2018 (SD 2018/0143) ('Applied GDPR').

The legal basis for the processing of your data will be Article 6(1)(c) or Article 6(1)(e) of the Applied GDPR – namely that processing is necessary for compliance with a legal obligation to which the controller is subject or that the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller and where the official functions are underpinned by common law or statute.

The British Nationality Act 1981 sets out the statutory obligations to be followed in relation to naturalisation or registration as a British citizen.  

The Immigration (Isle of Man) (Amendment) Order 2019 (SI 2019 No. 562) extended sections 20 and 21 of the Immigration and Asylum Act 1999 (1999 c. 33) and provides a statutory basis for the Governor in respect of nationality purposes, to supply information to and receive information from, a public authority, the Secretary of State as well as, but not limited to:

• the Chief Constable, for police purposes
  
  
• the Attorney General for use in connection with his prosecution functions
  
  
• the Financial Intelligence Unit
  
  
• the Treasury or the Collector of Customs and Excise for customs purposes
  
  
• The Minister for immigration purposes

On occasion, for example when verifying your identity, we may also process special categories of personal data. In this case we would ensure that our processing was lawful under Article 9 of the Applied GDPR for example, on the basis of Article 9(2)(g) where the processing is necessary for reasons of substantial public interest. This may include information about political beliefs, sexual orientation, religious beliefs and biometrics and this is done with your explicit consent in the process of registering for Naturalisation.

We may also process personal data under the Data Protection (Application of the LED) Order 2018 (SD2018/0144), as applied to the Isle of Man for the purposes of prevention, detection, investigation or prosecution of crime.

Examples of ways in which we may gather your personal information include when:

• You enter the Common Travel Area by crossing the UK border e.g. an airport
  
  
• You make an application for Naturalisation, on paper or in person to this office
  
  
• You attend an interview
  
  
• We seek to verify your information, documents or identity
  
  
• You supply biometric information (for example, fingerprints or a facial photograph)
  
  
• We receive information from a third party in relation to your application
  
  
• We receive allegations or intelligence from law enforcement agencies and others involved in preventing abuse, crime and fraud
  
  
• We are notified of a relevant criminal conviction

We may also request information from third parties. For example, this might be for the purposes of verifying information you supplied in support of an application, obtaining information needed for a safeguarding purpose, obtaining new address details of people we are trying to trace, or undertaking other enforcement actions. This may involve, for example:

• Contacting any linked applicant
  
  
• Obtaining information from other government departments both on and off the Island – these may include, but are not restricted to the Treasury, The Secretary of State for the UK Home Office, Cabinet Office, The Department of Health and Social Care, The Department for Enterprise, The Isle of Man Constabulary
  
  
• Seeking to verify documents, information, or identity in relation to your application. This may include private and public authorities in other countries
  
  
• Local authority services

The main ways we process personal information are given in the table below:

 Please note: we will not share any of your information with authorities in your country of origin if this would put you or your family at risk.

Article 22 of the Applied GDPR provides the right not to be subject to a decision made solely on the basis of automated processing which produces legal or other significant effects. Parts of our processing may involve degrees of automation, but complex or adverse decisions will always be taken by a trained officer or caseworker.

We may use personal information, for example from previous applicants, to develop tools that allow us to assess and then process applications in a particular way. This helps us to target our resources and ensure our processing is efficient, allowing us to minimise costs while protecting the public effectively. However, a case officer would still decide these cases. Any profiling must comply with our wider obligations under equality legislation.

We may transfer personal information to authorities or organisations in countries outside the European Economic Area. When we do, this will be for specific purposes. These may include, for example, validating aspects of your application, preventing or detecting crime, including fraud. When we do this, we seek to take appropriate steps to safeguard your information, for example by agreeing the method and purpose of sharing by way of written Agreements. We may rely on the derogations in Article 49(1) of the Applied GDPR where necessary. Transfers for criminal law enforcement will be carried out under section 73 of the Data Protection Act 2018, where necessary we may rely on section 76, but only when the special circumstances conditions are met.

Beyond the normal processing of your application, we may use your personal information (for example, email address and mobile number) to send you prompts. For example, to inform you of any changes that will affect the processing of your application or when documents are ready for collection. In addition, we may use your details to seek feedback on the handling of your application to help us improve our Naturalisation Service.

We will keep your personal information for as long as it is necessary for permitted purposes. Personal data will typically be retained for 25 years after a decision to grant citizenship and for 15 years after the last action in other cases. We continue to keep retention periods under review.

Under the GDPR you also have the right to object to and ask to restrict our use of your personal information, and to ask us to rectify or delete your personal information. However, there may be a number of legal or other official reasons why we need to continue to keep or use your data. Under the Applied GDPR, Article 15 you have a right of access to your personal data and to check the accuracy of that data by making a Subject Access Request.

A subject access request is made by contacting the Treasury Data Protection Officer (DPO) as follows:

In writing to:
The Data Protection Officer
Treasury, Finance Governance Division
First Floor, Central Government Office.
Buck's Road, Douglas. IM1 3PX

By Email:  DPO-Treasury@gov.im
By telephone: +44 1624 686791

Subject access requests must be responded to promptly and in any event within a maximum of 1 month.

Under the GDPR you also have the right to object to and ask to restrict our use of your personal information, and to ask us to rectify or delete your personal information. However, there may be a number of legal or other official reasons why we need to continue to keep or use your data. If you want to exercise these rights please write to us at the above address.

The Information Commissioner is the independent authority responsible for upholding the public's information rights and promoting and enforcing compliance with the Island's information rights legislation. You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Isle of Man’s data protection legislation.

You also have the right to complain to the Information Commissioner’s Office about the way we handle your information or respond to your requests for access to your personal information or the exercise of your other rights under the Applied GDPR or any of the other data protection legislation in force on the Isle of Man.

Further information can be found on the Information Commissioner's website. 

The Isle of Man Government may necessarily update this privacy notice so you should check it regularly. Continuing to use the Isle of Man Government Website after a change has been made is deemed to be your acceptance of the change.