Skip to main content
We are continuing to get a large number of reports of emails imitating Manx Telecom being sent to @manx.net addresses and are aware of over 35 subsequent account compromises.

The Department of Home Affairs (DHA) is a controller for the purposes of the Data Protection Act 2018 and the Data Protection (Application of GDPR) Order 2018 and the Data Protection (Application of LED) Order 2018, together with any regulations made under them (Manx Data Protection Legislation). The DHA is registered with the Information Commissioner’s Office as a controller with registration number R000840.

Keeping people safe in the Isle of Man is our primary aim and we use data to keep our island safe

The Office of Cyber Security & Information Assurance (OCSIA), is offering a Suspicious Email Reporting Service (SERS) and Cyber Concerns Online Reporting Form. These allow Isle of Man residents and businesses to forward any emails they consider to be suspicious to SERS@OCSIA.IM and submit any concerns to us using our Cyber Concerns Online Reporting Form. Once received they will be reviewed and used to form part of the intelligence used by the UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA) to disrupt criminal activity.

How and why we process your personal information

We collect and process information, including personal information, to provide an effective and efficient service;

  • To allow suspicious emails to be reported
  • Protecting Isle of Man residents and businesses from potential criminal activity
  • To support the NCSC and the NCA in their attempts to disrupt criminal activity
  • To allow this office to communicate with you
  • Identify the sources of suspicious emails
  • Assist law enforcement agencies
  • Monitor and improve our service
  • Conduct research/collate statistics for publication and/or for the purposes of policy formulation

Our legal basis for processing your information

As reporting is voluntary, our legal basis for processing your personal information is based on your consent for us to do so.

You may withdraw your consent at any time by contacting the Office of Cyber-Security & Information Assurance (OCSIA) by email ocsia@gov.im or telephone +44 1624 685557

Types of personal information we collect about you

Depending on how you interact with us, we may process different information about you. There is no requirement to provide us with any personal information.

By virtue of this service, we will record your email address, however, further personal information may be included in the contents of the suspicious email submission. This may include:

Category of information

Examples

Personal details

Name, email address, telephone number, address

Personal identification information

Date of birth, nationality, gender

Other information

Partial bank details

Information we collect automatically

Information about you may be recorded automatically by the email system such as your IP address.

How long do we keep your personal information?

We will only keep your information for the minimum time necessary to process your suspicious email submission. 

Where further investigation is required we will only keep your personal information for as long as it is required to complete the investigation.

Where possible, your personal information will be redacted and deleted from any communication received. This includes cases where further investigation is required.

If you sign up to our mailing list, your information will be kept for as long as consent is given. OCSIA may send periodic opt-in emails to ensure you still consent to your information being held.

How we keep your personal information secure

The security and confidentiality of your information is very important to us.

We will ensure that:

  • Safeguards are in place to make sure your personal information is kept securely.
  • Only authorised staff are able to view your information.
  • Assurances are acquired from the service provider storing your information is in line with the ISO 27001 standard.
  • We comply with the requirements of the Information Commissioner.

Who we share personal data with

Your suspicious email submission will be shared with the UK National Cyber Security Centre (NCSC).

If you choose to sign up to our mailing list, your details will be passed onto MailChimp for processing. Mailchimp's privacy policy can be found here: https://www.intuit.com/privacy/statement/

Where legally obliged to do so, your personal information will be shared with law enforcement agencies for the purposes of the prevention and detection of crime.

Will this privacy notice change?

This Privacy Notice may change. We will not reduce your rights under this Privacy Notice without your consent if we still hold your data. If any significant change is made to this Privacy Notice we will provide a prominent notice on the following webpages, www.ocsia.im/sers and www.ocsia.im/cyber-concerns so that you can review the updated Privacy Notice.

Retention of personal data

We will only hold your personal data for as long as we need to. Depending on why the information is held the time we hold it for differs. The details of this are included in our retention policy which can be provided to you on request.

Your rights

You have the following rights in relation to your personal information:

  • Right to be informed about the personal information we collect, how this is being used, and to or from whom we share any details with.

  • Right to access the personal information we hold about you by making a ‘subject access request’. If you agree, we'll try to deal with your request informally, for example by providing you with the specific information you need over the telephone, or we can email this to you where you have given us an email address.

  • Right to request the correction of personal data we hold about you if you think it is incorrect.

  • Right to request erasure of your personal data.

  • Right to object to processing and the right to restriction of processing in some circumstances.

  • Right to request portability, where you have supplied information to us, and you wish to transfer that information to another organisation or service provider.

  • Right to withdraw your consent at any time.

To exercise any of the rights mentioned, or if you have any questions relating to your rights, please contact the Data Protection Officer at DPO-DHA@gov.im

Contacting the DHA Data Protection Officer

For any Data Protection related question and enquiry you can contact the Data Protection Officer at the following address:

Data Protection Officer,
Department of Home Affairs, 
2nd Floor, Head Office,
Tromode Road,
Douglas,
IM2 5PA

Email: DPO-DHA@gov.im

Complaints

If you are unhappy with the way we deal with your personal information you can submit a complaint to the Data Protection Officer who will work with you to resolve any issues.

Data Protection Officer,
Department of Home Affairs, 
2nd Floor, Head Office,
Tromode Road,
Douglas,
IM2 5PA

Email: DPO-DHA@gov.im

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Manx Data Protection Legislation. Further information regarding complaints to the ICO can be obtained through its website or by calling +44 1624 693260.

 

This page was last updated on 22nd May 2023