Privacy Policy
The Isle of Man Government Department for Enterprise (known as “DfE”) is responsible for delivering a diverse economy where people choose to work, live and invest. iomdfenterprise.im is the official website of DfE. This privacy notice tells you what to expect when we use this website to collect personal information.
How we use your information
This privacy notice tells you what to expect when DfE collects personal information on this website. It applies to information we collect when people:
- Visit our website
- contact us by email, in person or over the phone or on our webform
- consent to the use of cookies or passive technologies on your browser
Visiting our website
If we do want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
The only people who have access to personal information submitted on this website are those who have a legitimate need to; this includes the Marketing and Business Intelligence Directorate where the Marketing Team are responsible for the running and maintenance of the website.
Isle of Man Government website
DfE also has a sub-site on The Isle of Man Government website, gov.im/dfe; this website is owned by the Cabinet Office. Their Privacy Notice in relation to how you use gov.im can be found at the top of each page next to the Terms and Conditions or following this link: https://www.gov.im/about-this-site/privacy-notice/.
Contact us by email, in person or over the phone, or on our webform
We will only ask for your name and postal or email contact details. You may choose to provide extra information if you are making an enquiry.
Email mailboxes are accessed by only a select number of staff central to DfE who are able to allocate enquiries out to the team who will be able to address your enquiry or request. Such emails will only be shared outside the Department with your knowledge, and only do so in order to address your enquiry or request.
We securely store personal information electronically and manually:
- Ongoing email communications are stored on our Isle of Man Government email system, Microsoft Outlook
- We have three main records management tools across DfE all specifically designed for the type and use of the information recorded; depending on the nature and destination of your communication, your information will likely be stored in either: Microsoft Dynamics CRM, DMS or the Isle of Man Government secure network.
In normal circumstances we will only keep a record of this communication in an active area (e.g. emails will be used in Outlook) until the request or enquiry has been fulfilled; after this time they will be kept for 6 months in one of our records management systems.
Consenting to the use of cookies and passive technologies on your browser
What is a Cookie?
Cookies and passive technologies are pieces of information that a website transfers to your computer. Cookies can make the web more useful by storing information about your preferences on particular sites, enabling us to provide more useful features for you. They contain no name or address information or any information that will enable anyone to contact you via telephone, email or any other means, the cookies used are listed by in What Personal Information we might collect and why
Most browsers are initially set to accept cookies. If you would prefer, you can set your browser to disable cookies or inform you when they are set. However, given that we may sometimes use cookies to ensure and enhance the performance of our websites, you may not be able to take full advantage of our website if you do disable them.
Passive technologies
iomdfenterprise.im uses also third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either us or any third party.
Freedom of Information Act 2015
Under the Freedom of Information Act 2015 every person who is resident on the Isle of Man has a legally enforceable right to obtain access to information held by a public authority, subject to certain exemptions and practical refusal reasons.
Before completing the form please read the Guidance Notes.
This form should not be used for requesting personal information about yourself, as this cannot be provided under the Freedom of Information Act 2015. These requests should be made under the Data Protection Act 2018 as a Subject Access Request.
Freedom-of-Information-FOI-form.pdf
Legal basis for processing your information
We need your personal information (such as your name and contact details) to process and respond to you about your Freedom of Information request. In some cases, we may ask for proof of identification, and proof of residency, so that we can comply with the Act.
We must have a legal basis (a lawful reason) to process your personal data, which is submitted by you when you make a Freedom of Information request. The legal basis for processing your information when you make a request is that it is necessary for us to comply with the law (FOIA), or that it is necessary for us to perform a public task in the public interest. This is set out in Articles 6(1)(c) and (e) of the Schedule to the Data Protection (Application of GDPR) Order 2018 – this legislation is sometimes called “the Applied GDPR”).
Sharing information
FOI requests have to be submitted on a form prescribed by the Chief Executive Officer (Isle of Man Government) in order to be valid and accepted under the FOIA. You can either submit a request using the form online or a paper version, which is available by contacting our Data Protection Officer (see below for contact details).
When we process FOI requests made using the Online Services Portal on the Isle of Man Government website, a system called iCasework is used to process your request. The iCasework system is provided by a company called Civica UK Limited. This system stores information such as:
- Your name
- Your address
- Your telephone and email address
- Your company name, if you are requesting information on behalf of an organisation
- Your request – we do not recommend putting any personal information into your request, if you are unsure what to include in your request, please refer to the guidance notes available on the Freedom of Information webpage
- If requested proof of residency from you
Civica UK Limited act as a Processor on behalf of all the Public Authorities. Civica UK Limited use the information held in the iCasework system for the purpose of providing a system to manage freedom of information requests and to transfer this information to the relevant public authority. The information you provide to Civica UK Limited will be kept secure and confidential.
Access to your information is limited to authorised staff members within this Department. The Department of Home Affairs (DHA), through the Office of Cyber Security & Information Assurance (OCSIA), has been contracted by the Public Authorities to manage system access on their behalf. The DHA through OCSIA will only access personal data held on the iCasework system when explicit written instructions are provided by a Public Authority.
Storing your information
Your personal information will be held in iCasework for 12 months after we have closed your request. After this time, the request will remain on the iCasework system, but all your personal information you provided at the time of the request will be deleted.
Additional information
Isle of Man Government Freedom of Information
Freedom of Information Act 2015 - legislation
Information Commissioner’s Office – Freedom of Information guidance page
Consenting to cookie and passive technology use
The first time you visit each of our website, you will be provided with an option to approve (or “opt-in”) to the use of all cookies on the website with a pop up in the bottom right-hand corner. We have no way of knowing whether you allow cookies or not, and no way to trace your selection back to you. Instead, your own internet browser remembers the selection so it will treat that cookie the same each time (until you change your cookie settings).
Withdrawing consent to cookie and passive technology use
You can usually manage and disable all cookies and passive technologies directly through your internet browser; you may therefore find it helpful to check the guidance provided by your internet browser provider. The most common providers and links to their guidance on cookies and passive technologies have been provided below:
|
Google Chrome |
|
|
Microsoft Internet Explorer |
support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies |
|
Microsoft Edge |
privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy |
|
Mozilla Firefox |
support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences |
|
Apple Safari |
|
|
Opera |
What cookies do we use?
|
Cookie |
Issued |
Purpose |
Expires |
|
ASPSESSIONID |
sharedjs.nmspace.net |
These cookies identify a user, making it easier for them to use the dynamic features of the site without having to provide the same information again as they move from one page to another. |
Until the website browser is closed |
|
Ci_Id |
|
|
6 months from when set or updated. Can be removed by user |
|
firsttime |
By this website |
|
Until the website browser is closed |
|
Google Analytics __utma |
|
Performance: to measure and improve site quality through analysis of visitor behaviour. |
2 years from when set or updated. Can be removed by user |
|
Google Analytics __utmb __utmc |
|
Performance: These cookies are used to record how long a visitor remains on the site. Used to measure and improve site quality through analysis of visitor behaviour. |
Until the website browser is closed. |
|
Google Analytics __utmz |
By this website |
Performance: This cookie is used to record where a visitor came from - e.g. search engine traffic, ad campaigns and page navigation. Used to measure and improve site quality through analysis of visitor behaviour. |
6 months from when set or updated. Can be removed by user |
|
PHPSESSID |
By this website |
Identification. These cookies identify a user, making it easier for them to use the dynamic features of the site without having to provide the same information again as they move from one page to another. |
Until the website browser is closed |
Why will we process personal data (AKA the "Legal Basis")
We will only process your personal information if a lawful basis exists:
|
Consent |
if we rely on your consent to process your information, we will make it obvious what we are asking for consent to do and always tell you how you can withdraw your consent e.g. registering for services, newsletters and competitions. |
|
|
Public task |
|
if it is the public interest for us to collect or store e.g. when handling enquiries from members of the public |
How will we securely process personal data?
All personal information is kept with the highest standards and safeguards in place. This includes technical security, preventing unauthorised access, undertaking audits and maintaining backups:
Emails - Email communications are stored on our Isle of Man Government email system, Microsoft Outlook We encrypt and protect all our emails in line with government standards. If your email service does not support this encryption, you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Microsoft Dynamics CRM - Only certain members of staff will have access to your personal information on CRM and there is security in place to ensure this. Most of DfE’s marketing lists are held on CRM. The administration of CRM is undertaken by Government Technology Services in the Cabinet Office; however, they are unable to access the content of any records and so will not be able to access your personal information.
Isle of Man Government Secure Network – There are strict access controls in place meaning that only those within specific Divisions can access team folders; in addition, only the teams within the Divisions who are able to access personal information, are those that have a business need to do so. The administration of the IOMG Secure Network is undertaken by Government Technology Services in the Cabinet Office; however, they are unable to access the content of any records and so will not be able to access your personal information
Manual records - We do not routinely store manual records, however, those that are already in storage and a new records we are required to hold any manually are either stored on site or in a third-party storage facility with whom we have a data protection agreements in place.
Your rights as a data subject and access to personal information
Under the Data Protection Act, you have rights as an individual which you can exercise in relation to the information we hold about you. At any point while we are in possession of or processing your personal information, you, the data subject, have the following rights:
|
Access |
You have the right to request a copy of the information that we hold about you |
|
Rectification |
You have a right to correct data that we hold about you that is inaccurate or incomplete |
|
Erasure |
In certain circumstances you can ask for the data we hold about you to be erased from our records |
|
Restriction of processing |
Where certain conditions apply, you have a right to restrict the processing of your data |
|
Portability |
You have the right to have the data we hold about you transferred to another organisation |
|
Objection |
You have the right to object to certain types of processing such as direct marketing |
|
Objection to automated processing |
You also have the right to be subject to the legal effects of automated processing including profiling |
|
Judicial review |
In the event that the Department for Enterprise refuses your request under rights of access, we will provide you with a reason as to why. You then have the right to complain as outlined in Complaints |
You can find out more about these rights here – or by contacting our Data Protection Officer using the details at the end of this notice.
Complaints
In the event that you wish to make a complaint about the level of service you have received or manner in which you have been treated or any other matter relating to the business of the Department for Enterprise, please click below:
For complaints about how your personal information is being processed by the Department (or third parties) you should lodge a complaint directly with our Data Protection Officer, in the first instance. You also have the right to lodge such a complaint directly with the Isle of Man Information Commissioners, contact details for the aforementioned are listed below.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of the Department's collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
Miscellaneous
UNDER WHAT CIRCUMSTANCES CAN DFE CONTACT ME?
Our aim is never to be intrusive, and we aim to always avoid asking irrelevant or unnecessary questions. Moreover, any information you provide us will always be subject to rigorous measures and procedures to maintain your privacy. You will never be contacted by a means you did not consent to when providing us with your data.
RETENTION PERIOD
We only use personal information for as long as it is needed and will store it for the shortest amount of time possible, in accordance with the law. See our Retention of Records Procedure on our Information Governance and Privacy page.
PROCESSING SPECIAL CATEGORY (SENSITIVE) DATA AND THE DATA OF CHILDREN (UNDER 16S)
We have to put additional measures in place if we plan to process any special category personal data[1], including ethnic origin or religion; however, DfE does not process any special category personal information using this website. In order to process the personal information of children, we would have to put additional measures in place because they may be less aware of the risks involved [2]. DfE does not target any services to children and does not process the personal information of children for marketing purposes, competitions or registering for services or user profiles.
SENDING US A PRIVATE MESSAGE ON SOCIAL MEDIA
In addition to this website, DfE also has several social media platforms. We include them in this notice for completeness: You may choose to provide us with personal information on our social media platforms; we ask that you do also check the platform’s privacy policy and terms of service prior to sending us anything.
Social media message boxes are accessed by the team responsible for that service/product; this includes the Marketing and Business Intelligence Division, who have responsibility for maintaining DfE’s social media platforms. Such messages will only be shared outside DfE with your knowing, and only in order to address your enquiry or request. The Marketing and Business Intelligence Division may at certain times require a third party to manage DfE’s social media; if this happens this policy will be revised.
Social media messages will only be kept for a month after the conclusion of the enquiry.
CONTACT
For any privacy enquiries, please feel free to contact our Data Protection Officer, or the Isle of Man Information Commissioner:
DEPARTMENT FOR ENTERPRISE DATA PROTECTION OFFICER: |
|||
|
Address |
St George’s Court, Upper Church |
Tel |
+44 1624 686733 |
|
|
|||
ISLE OF MAN INFORMATION COMMISSIONER: |
|||
|
Address
|
Isle of Man Information Commissioner, |
Tel |
+44 1624 693260 |
|
|
|||
|
Web |
|||
NOTICE ISSUED UNDER DFE DATA PROTECTION POLICY ON 17-MAY-2018; SUBJECT TO ANNUAL REVIEW
[1] for more information visit the UK ICO website
[2] for more information visit the UK ICO website