The Isle of Man Government Department of Home Affairs (DHA) is a data controller for the purposes of the Data Protection Act 2018 and the Data Protection (Application of GDPR) Order 2018 and the Data Protection (Application of LED) Order 2018, together with any regulations made under them (Manx Data Protection Legislation). The DHA is registered with the Information Commissioner’s Office as a data controller with registration number R000840.
Keeping people safe in the Isle of Man is our primary aim and we use data to keep our island safe
The Office of Cyber Security & Information Assurance (OCSIA), is offering a Suspicious Email Reporting Service (SERS) and Cyber Concern Online Reporting Form. These allow Isle of Man residents and businesses to forward any emails they consider to be suspicious to SERS@OCSIA.IM and submit any concerns to us using our Cyber Concerns Online Reporting Form. Once received they will be reviewed and used to form part of the intelligence used by the UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA) to disrupt criminal activity.
How and why we process your personal information
We collect and process information, including personal information, to provide an effective and efficient service;
- To allow suspicious emails to be reported
- Protecting Isle of Man residents and businesses from potential criminal activity
- To support the NCSC and the NCA in their attempts to disrupt criminal activity
- To allow this office to communicate with you
- Identify the sources of suspicious emails
- Assist law enforcement agencies
- Monitor and improve our service
- Conduct research/collate statistics for publication and/or for the purposes of policy formulation
Our legal basis for processing your information
As reporting is voluntary, our legal basis for processing your personal information is based on your consent for us to do so.
You may withdraw your consent at any time by contacting the Office of Cyber-Security & Information Assurance (OCSIA) by email email@example.com or telephone +44 1624 685557
Types of personal information we collect about you
Depending on how you interact with us, we may process different information about you. There is no requirement to provide us with any personal information.
By virtue of this service, we will record your email address, however, further personal information may be included in the contents of the suspicious email submission. This may include:
Category of information
Name, email address, telephone number, address
Personal identification information
Date of birth, nationality, gender
Partial bank details
Information we collect automatically
Information about you may be recorded automatically by the email system such as your IP address.
How long do we keep your personal information?
We will only keep your information for the minimum time necessary to process your suspicious email submission.
Where further investigation is required we will only keep your personal information for as long as it is required to complete the investigation.
Where possible, your personal information will be redacted and deleted from any communication received. This includes cases where further investigation is required.
How we keep your personal information secure
The security and confidentiality of your information is very important to us.
We will ensure that:
- Safeguards are in place to make sure your personal information is kept securely.
- Only authorised staff are able to view your information.
- Assurances are acquired from the service provider storing your information is in line with the ISO 27001 standard.
- We comply with the requirements of the Information Commissioner.
Who we share personal data with
Your suspicious email submission will be shared with the UK National Cyber Security Centre (NCSC).
Where legally obliged to do so, your personal information will be shared with law enforcement agencies for the purposes of the prevention and detection of crime.
Will this privacy notice change?
This Privacy Notice may change. We will not reduce your rights under this Privacy Notice without your consent if we still hold your data. If any significant change is made to this Privacy Notice we will provide a prominent notice on the following webpages, www.ocsia.im/sers and www.ocsia.im/cyber-concerns so that you can review the updated Privacy Notice.
Retention of personal data
We will only hold your personal data for as long as we need to. Depending on why the information is held the time we hold it for differs. The details of this are included in our retention policy which can be provided to you on request.
You have the following rights in relation to your personal information:
- Right to be informed about the personal information we collect, how this is being used, and to or from whom we share any details with.
- Right to access the personal information we hold about you by making a ‘subject access request’. If you agree, we'll try to deal with your request informally, for example by providing you with the specific information you need over the telephone, or we can email this to you where you have given us an email address.
- Right to request the correction of personal data we hold about you if you think it is incorrect.
- Right to request erasure of your personal data.
- Right to object to processing and the right to restriction of processing in some circumstances.
- Right to request portability, where you have supplied information to us, and you wish to transfer that information to another organisation or service provider.
- Right to withdraw your consent at any time.
To exercise any of the rights mentioned, or if you have any questions relating to your rights, please contact the Data Protection Officer at DPO-DHA@gov.im
Contacting the DHA Data Protection Officer
For any Data Protection related question and enquiry you can contact the Data Protection Officer at the following address:
The Department of Home Affairs HQ
If you are unhappy with the way we deal with your personal information you can submit a complaint to the DHA Data Protection Officer who will work with you to resolve any issues.
The Department of Home Affairs HQ
You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Manx Data Protection Legislation. Further information regarding complaints to the ICO can be obtained through its website or by calling +44 (0)1624 693260.