This privacy notice aims to explain what personal data the Isle of Man Courts and Tribunals (General Registry) collects and what that data is used for. We are committed to processing your personal data fairly and transparently - we fully respect your right to privacy when using our services and website.
The Isle of Man Courts and Tribunals (General Registry) holds both information for the General Data Protection Regulation (‘GDPR’) and the Law Enforcement Directive (‘LED’). The majority of the information held is within the Law Enforcement Directive and it is important to understand that processing requirements placed on the Isle of Man Courts and Tribunals (General Registry) in respect of the LED information are different from those under the GDPR.
Our Privacy Notice is designed to help you understand how we collect and use your data in accordance with data protection requirements and we recommend you take time to read this notice.
You can search the Isle of Man Information Commissioner’s public register of data controllers at http://www.inforights.im/.
Our data protection registration number is N000752
Information we may collect on you – your data
We have the power to collect and process your data in relation to the work of the Isle of Man Courts and Tribunals (General Registry), to the extent that it is necessary for the delivery of the administration of justice and only if we have lawful grounds and legitimate business reasons to do so – this is our Lawful Purpose.
The list of relevant legislation from which the Isle of Man Courts and Tribunals derives the power to process personal data is too long and varied to list here, but should you require further, more specific information, please see our website or contact us.
We may collect and process the following personal data from Court and Tribunal users:
Identity data that you provide by filling in our forms requesting Courts and Tribunal services and includes first name, maiden name, last name; username or other unique identifier, marital status, title, date of birth, gender, as well as images recorded on CCTV cameras.
If you contact us either on the telephone, in writing (including e-mail), or via our website, we may keep a record of that correspondence and any data provided to us during that or any subsequent communication and includes billing address, delivery address, email address and telephone numbers;
Financial and transaction data you may carry out direct with us, via online services or at an Isle of Man Post Office facility includes bank account and payment card details as well as details about payments to and from you;
We may collect the following non-personal data from court users who visit our website:
Details of your visits to our website including, but not limited to traffic data,
Information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any person .
Where you provide personal data about others you must have their consent or are otherwise entitled to provide this data to us (e.g. for joint applications including information on defendants, respondents, witnesses etc.).
Categories of personal data we are processing
We may also process the following more sensitive special category data:
We may use and where required by law (for example by a legal court order) or to prevent fraud or other crime, share your data with other third parties for the following purposes:
- Complying with the law.
- Managing and administering the courts and tribunals services.
- Managing and administering the collection of fines, including debt management, enforcement and recovery.
- Prevention and detection of crime or for the apprehension or prosecution of offenders, or where necessary to safeguard national security, including compliance with the international sanctions regime.
- Ensuring that content of the Courts.im website is presented in the most effective manner for you.
- Conducting court user customer satisfaction surveys.
- To let you know about changes to our service.
- Helping us to improve products and services for all court users.
Personal data that is necessary for the purposes of the Administration of Justice is shared with the following organisations. Please note that certain parts of Courts and Tribunals will process personal data in connection with the Law Enforcement Directive.
The Attorney Generals Chambers – Prosecutions Division;
The Isle of Man Constabulary, Prison and Probation Services;
The Isle of Man Government;
Suppliers and services providers.
Personal data is only shared when it is necessary.
In some cases your personal data may be transferred to other countries particularly in relation to criminal offences, the prevention or detection of crime and the protection of the vital interests of individuals.
Personal data may be shared with other jurisdictions bound by the 2007 Hague Convention or the 2007 Hague Protocol concerning the cross-border recovery of child support and other forms of family maintenance.
Where this is the case, all appropriate technical and legal safeguards will be put in place to make sure that you are given the same level of protection as within the European Economic Area.
We will only keep your personal data for as long as:
- it is needed for the purposes set out in this document, and
- the law requires us to.
In general, this means that we will only hold your personal data relating to, for example:
- Financial management records - for six years plus the current financial year and or In compliance with the Isle of Man Public Records Act and relevant Retention and Disposal Schedules as agreed with the Public Records Office;
- Court files – in compliance with the Isle of Man Public Records Act and relevant Retention and Disposal Schedules as agreed with the Public Records Office;
- Tribunal files - in compliance with the Isle of Man Public Records Act and relevant Retention and Disposal Schedules as agreed with the Public Records Office;
- Probate files - in compliance with the Isle of Man Public Records Act and relevant Retention and Disposal Schedules as agreed with the Public Records Office.
Our services are not intended for, or intentionally targeted at, children. However, in the course of providing our services, court users may provide us with data relating to children.
Our aim is to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.
When you use our services you will provide your personal data for processing, for example, this could be done via a court or tribunals form you fill in or by visiting our website and contacting us. We may receive your personal data in hard (paper) copy or it may be electronically transmitted.
When personal data is provided to us, we will:
only collect what we need or are required by law or for reasonable business purposes to collect and no more;
store your data securely;
delete and destroy your data securely when it is no longer required to hold it;
only process your data in line with rules set out under Data Protection Legislation and for the performance of the Administration of Justice or to comply with legislation underpinning our functions.
Your personal data may be permanently retained for research use at the Isle of Man Public Record Office if the records containing your personal data are selected for permanent preservation under the Public Records Act 1999. The Isle of Man Public Record Office preserves records of Isle of Man public authorities that are of long-term historic and cultural value.
Access to and use of records at the Isle of Man Public Record Office is governed by legislation, in particular the Public Records Act 1999, the Public Records Order 2015 (as amended) and the Freedom of Information Act 2015.
Some records are made available to the public for research use, whilst others are covered by access restrictions to ensure sensitive information that should be confidential for a period of time is protected. Where your personal data is included in records transferred to the Record Office, an assessment will be made of whether the records should be covered by an access restriction based on this legislation. Access restrictions will be applied to records as appropriate under this legislation to prevent unlawful access to your personal data. Your personal data will not be used by the Isle of Man Public Record Office for any automated decision making.
The Isle of Man Public Record Office is part of the Department for Enterprise and can be contacted by email, or Unit 40A Spring Valley Industrial Estate, Braddan, Isle of Man, IM2 2QS. The Department for Enterprise Data Protection Officer can be contacted by email.
The security and confidentiality of your data is very important to us.
We will ensure that:
Safeguards are in place to make sure personal data is kept securely;
Your data will only be held on secure servers;
Only vetted and authorised employees, members of the Courts judiciary and appointed Tribunal members and chairs are able to view your data;
The security of the systems which hold personal data is maintained in line with industry standards.
We may share your data:
With or between the Government and other third parties, e.g. approved credit reference agencies and the Registry Trust, if the law requires us to do so;
With the Police or others who enforce the law;
With anybody on the production of a legal court order;
With contracted technical support in order to maintain and improve vitally important court information and communication technology;
We will not sell to or share your personal data with other organisations or individuals unless the law requires us to do so.
We take the security of your personal data seriously and we are committed to keeping it secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data, e.g. access to your data is strictly controlled and restricted to only those who need to see it.
We also take steps to make sure that any third party we deal with keep all personal data they process on our behalf secure.
Personal data within the Isle of Man Courts and Tribunals (General Registry) is primarily processed in relation to the work of the courts and the tribunals Services as is necessary for the performance of the administration of justice or to comply with legislation underpinning our functions. We will only process your personal data if a lawful basis exists . We may rely on:
The need to meet a legal obligation in carrying out Administration of Justice. Due to the nature of the processing we do the requirement to have your consent is not a factor in the majority of cases.
Your consent – for information obtained under your consent you may withdraw your consent at any time by contacting the Data Protection Officer.
The need to meet a request you have made for information or a service.
The need to prevent or investigate suspected or actual violations of law.
The need to protect public interest.
There are exemptions and limits that can, in some circumstances, be legitimately applied by us to prevent you exercising some of your rights. For example, the GDPR and LED Implementing Regulations 2018 provides for a specific exemption in relation to judicial appointments, independence and proceedings. This exemption applies if you process personal data:
for the purposes of assessing a person’s suitability for judicial office or the office of Queen’s Counsel;
as an individual acting in a judicial capacity; or
as a court or tribunal acting in its judicial capacity.
It exempts you from the GDPR’s provisions on:
the right to be informed;
all the other individual rights, except rights related to automated individual decision-making including profiling; and
all the principles, but only so far as they relate to the right to be informed and the other individual rights.
Additionally, even if you do not process personal data for the reasons above, you are also exempt from the same provisions of the GDPR to the extent that complying with them would be likely to prejudice judicial independence or judicial proceedings.
Unless subject to an exemption you have a number of rights, these are:
In some circumstances you have the right to be informed about the collection and use of your personal data. You can ask to see what information we hold about you by making a Subject Access Request to our Data Protection Officer.
In some circumstances you have the right of access to your personal data – also known as the ‘right to access’. A copy of your personal information will be provided by us free of charge.
In some circumstances you have a right to withdraw your consent to the processing of your personal data at any time.
You have the right to ask that we correct your personal data if it is found to be inaccurate, incomplete or out of date – also known as the ‘right to rectification’.
In some circumstances you have a right to have personal data deleted to prevent further processing – also known as ‘the right to be forgotten’.
In some circumstances, where there is a dispute in relation to the accuracy or processing of your personal data, you have a right to ask to ‘block’ or restrict further processing - also known as the ‘right to restrict processing’.
In some circumstances you have the right to data portability.
In some circumstances you have the right to object to the processing.
You have rights in relation to automated decision making and profiling. Where a decision is taken by solely automated means (without any human involvement), you have the right to ask for human involvement, express your point of view and to get an explanation of the decision and challenge it.
You can exercise the above mentioned rights by contacting our Data protection Officer.
It is important to note that subject access rights and the rights to rectification, erasure and limitation do not apply to the processing of ‘relevant personal data’ in the course of a criminal investigation or criminal proceedings.
‘Relevant personal data’ means personal data contained in a judicial decision or in other documents relating to the investigation or proceedings which are created by or on behalf of a court or other judicial authority.
Access to ‘relevant personal data’ is governed by the appropriate legislation covering the disclosure of information in criminal proceedings. This provision only applies if the judge or other judicial authority is the controller and the relevant personal data is contained in a judicial decision or in other documents which are created during a criminal investigation or proceedings and made by or on behalf of the judge or judicial authority. For example, the ‘relevant personal data’ may be contained in judge’s notes.
Please note the Isle of Man Courts and Tribunals (General Registry) delivers statutory functions that require the lawful processing of personal data for law enforcement purposes.
Due to the specific nature of police and judicial activities in criminal matters and to ensure criminal justice agencies can continue to:
process and share data to investigate crime;
bring offenders to justice; and
keep communities safe
different legal rules on the protection of personal data have been made under the Law Enforcement Directive. The individual rights supporting those data processing (previously dealt with under the Isle of Man Data Protection Act 2002 and now separated and updated under the LED), remain similar in many ways to the rights of data subjects as described under this GDPR. The LED places certain further limits on those rights, but only where needed and fair.
The right of access allows data subjects to be aware of and confirm that their personal data is being processed in a lawful and fair manner. In order to do this, data subjects have the right to access their personal data to ensure that it is accurate and to request that it is rectified/corrected, blocked, erased/removed or destroyed if it is wrong.
Under the GDPR the Isle of Man Courts (General Registry) must provide data subjects with a copy of their personal data being processed upon request. It must be provided in a structured, commonly used, machine readable format that supports its reuse (when personal data is transferred from one data controller to another with minimal interference).
The data subject has the right to request the following:
Confirmation of whether, and where, the controller is processing their personal data.
Information about the purposes of the processing.
Information about the groups of data being processed.
Information, were appropriate, about third party receivers with whom the personal data may be shared (especially receivers in countries outside the EU) and the safeguards in place to protect the personal data being transferred.
Information about how long personal data would be stored (or the standards used to decide that period).
Information about the presence of the rights to erasure, to rectification, to restriction of processing and to object to processing.
Information about the presence of the right to complain to the Information Commissioner.
Where the personal data were not collected directly from the data subject, but was previously collected from third party source, information as to the source of the data.
Information about the presence of, and an explanation of the logic involved in, any automated processing that has a major effect on data subjects.
You can ask to see what information is held about you by submitting a Subject Access Request (‘SAR’) to the Isle of Man Courts and Tribunal (General Registry) DPO.
The Isle of Man Courts and Tribunal (General Registry) must ensure all personal data stored is correct and complete.
The data subject has the right to make a request via the Isle of Man Courts and Tribunal (General Registry) DPO to rectify (correct) inaccurate or incomplete personal data (including by means of providing an accompanying statement).
Requests for rectification will be completed within a one (1) month period of receipt of the request. In situations where the rectification is complex, the one month period can be extended by a further two (2) months. The data subject will be told why an extension period is necessary within one (1) month of the receipt of the request. Confirmation of the completion of the rectification will also be provided.
Should the Isle of Man Courts and Tribunal (General Registry) decide not to take action regarding the rectification, the data subject will receive notification of this action, including an explanation why the decision was taken.
You can request for inaccurate or incomplete information to be rectified by submitting a Subject Access Request (‘SAR’) to the Isle of Man Courts and Tribunal (General Registry) DPO.
Upon request, and subject to certain conditions and exemptions, the Isle of Man Courts and Tribunal (General Registry) is required to delete personal data without unnecessary delay if the continued processing of those data is not required (as a result failing to satisfy the requirements of the GDPR).
Data subjects have the right to stop further processing of those data by requesting removal of personal data, also known as the ‘right to be forgotten’, in the following specific circumstances:
When the data are no longer necessary for their original purpose for which they were collected or processed (and no new lawful purpose exists requiring the continued processing).
If the data subject withdraws their expressed consent to processing (and there is no other reason for continued processing).
The data subject exercises the right to object to the processing (and the data controller cannot demonstrate that there are no overriding valid grounds for the continuing the processing).
The data have been processed unlawfully (in breach of the GDPR requirements).
The data has to be erased in order to comply with a legal requirement (where legislation states that data should be deleted after a stated period of time).
The right to erase shall not apply to the point that processing is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal requirement which requires processing by Manx law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority assigned to the data controller;
for reasons of public interest in the area of public health (in accordance with the GDPR legislation);
for Public Records Office archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with the GDPR legislation; or
for the establishment, exercise or defence of legal claims.
There are extra requirements when the request for erasure relates to children’s personal data, reflecting the GDPR importance on the improved protection of such information, especially in online situations, e.g. where a child has given consent to processing and they later request erasure of the data (regardless of age at the time of the request). This is because a child may not have been fully aware of the risks involved in the processing at the time of consent.
You can request for your information to be deleted (‘right to be forgotten’) by submitting a Subject Access Request (‘SAR’) to the Isle of Man Courts and Tribunal (General Registry).
In addition to the ‘right to erasure’, data subjects have the right to restrict (block or suppress) the processing of personal data. This means, if personal data is ‘restricted’ the General Registry is only allowed to store the personal data and it may only be processed for limited purposes (i.e. to ensure there is enough personal data stored to make sure the restriction in place is respected in the future).
Upon request from a data subject, the General Registry is required to restrict the processing of personal data in the following circumstance:
Where the accuracy of the personal data stored is disputed (processing will be limited until the General Registry has confirmed the accuracy of the personal data);
Where the processing is considered unlawful and the data subject requests restriction (rather than exercising the right to erasure);
If the data controller no longer needs the data for their original purpose, but the data subject required the data to be stored in order to establish, exercise or defend legal rights; or
Where the data subject objects to the processing (based on the grounds of legitimate interests), they can require the data to be limited while the data controller confirms the grounds for processing.
The General Registry may only remove the limit and further process the data with the expressed consent of the data subject.
If personal data have been shared with a third party data controller (or processor), where possible (unless it is impossible or requires a disproportionate effort to do so), the General Registry will inform the third party controller/processor of the rectification, erasure or restriction. This requirement to inform does not apply if processing is necessary:
for the exercise of the right of freedom of expression and information;
for compliance with a Union, Member State, or Isle of Man legal requirement;
for performance of a public interest task or exercise of official authority;
for public health reasons;
for archival, research or statistical purposes (if any relevant conditions for this type of processing are met); or
if required for the establishment, exercise or defence of legal claims.
You can request for your information to be restricted (block or suppress) by submitting a Subject Access Request (‘SAR’) to the Isle of Man Courts and Tribunal (General Registry).
The provisions of the Data Protection (Application of the LED) Order 2018 (‘the Applied LED’) and the relevant regulations in the GDPR and LED Implementation Regulations 2018 (‘Implementing Regulations’), only apply to controllers who are ‘competent authorities’ in respect of processing relating to criminal matters, i.e. ‘the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.’
Competent authorities are prescribed in schedule 1 to the Implementing Regulations and are government departments and bodies etc. The only exception is in the case where a person ‘... has entered into a contract with any other competent authority that has responsibility for securing electronic monitoring, parole or bail conditions of a natural person.’
The requirement for any controllers outside the public sector to comply with the Applied LED and associated related Implementation Regulations is, therefore, extremely limited.
We will respond to a request without delay and at the latest within one calendar month, from the first day after the request was received, e.g. if we receive your request on 30 June the time limit will start on 1 July and the deadline will be 1 August, subject to some allowances for the shorter months, weekend and Public Holidays.
If requests are clearly groundless or too much, in particular because they are repetitive, we can:
charge a reasonable fee taking into account the administrative costs of providing the information, or
refuse to respond.
You can ask to see what information we hold about you by making a Subject Access Request.
We may need additional information from you to confirm your identity or to assist with identification of what is sought.
Please contact the Data Protection Officer (DPO) if you:
have any questions about anything in this notice; or
think that your personal data has been misused or mishandled
The Data Protection Officer will work with you to resolve any issues.
GR Data Protection Officer
Isle of Man Courts & Tribunals (General Registry)
Courts of Justice
Telephone: +44 1624 685979
Email the DPO
You can also make a complaint to the Information Commissioner, who is an independent regulator.
Isle of Man Information Commissioner
P.O. Box 69
Telephone: +44 1624 693260
Courts.im contains links to other third-party websites. Clicking on those links, including any links to other Government websites, may allow third parties to collect or share data about you. We do not control these third-party websites and they will have their own terms and conditions and privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Following a link to another website
If you go to another website from this one, read the privacy notice on that website to find out what it does with your information.
Following a link to Courts.im from another website
If you come to www.courts.im from another website, we may receive information from the other website. We don’t use this data. You should read the privacy notice of the website you came from to find out more about this.
This privacy notice may change. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, we will take reasonable steps to let you know.
This privacy notice was last updated on 02 October 2019.
You can ask to see previous privacy notice versions by writing to the Data Protection Officer.
This Privacy Notice applies to the www.courts.im website, which is owned by the Isle of Man Court and Tribunals (General Registry). Any data you submit or send via this website is sent at your own risk.
Biometric Data - any personal data relating to the physical, physiological, or behavioural characteristics of an individual which allows their unique identification
Consent - freely given, specific, informed and explicit consent by statement or action signifying agreement to the processing of their personal data
Data Concerning Health - any personal data related to the physical or mental health of an individual or the provision of health services to them
Data Portability - the requirement for controllers to provide the data subject with a copy of his or her data in a format that allows for easy use with another controller
Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data
Data Processor - the entity that processes data on behalf of the Data Controller
Data Protection Officer - an expert on data privacy who works independently to ensure that an entity is adhering to the policies and procedures set forth in data protection legislation
Data Subject - a natural person whose personal data is processed by a controller or processor
Directive - a legislative act that sets out a goal that all EU countries must achieve through their own national laws
European Economic Area - the Agreement on the European Economic Area, which entered into force on 1 January 1994, brings together the EU Member States and the three EEA EFTA States - Iceland, Liechtenstein and Norway - in a single market
Genetic Data - data concerning the characteristics of an individual which are inherited or acquired which give unique information about the health or physiology of the individual
Lawful basis of data processing - is the need to have a valid lawful reason to process personal data. This could be consent, a legitimate interest or contractual necessity.
Legitimate Interest – gives the data controller the lawful basis for processing where processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This does not apply to processing carried out by public authorities in the performance of their tasks.
Natural Person -an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
Personal Data - any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person
Processing - any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.
Profiling - any automated processing of personal data intended to evaluate, analyse, or predict data subject behaviour
‘Pubic Interest’ – means anything affecting the rights, health, or finances of the public at large.
Right to access (subject access right) - entitles the data subject to have access to and information about the personal data that a controller has concerning them
Right to be forgotten - also known as Data Erasure, it entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data
Right to be informed - is the right a data subject has to know how a company will process their personal data. Any information a company gives to the data subject must be concise, clear, understandable and easily accessible. It should also be written in clear, plain language and be free of charge
Right to rectification - gives a data subject the right to ask a company to change their personal data if it’s inaccurate or incomplete
Right to restrict processing - gives a data subject the right to suppress or block a company from processing their personal data
Right to object - gives a data subject the right to object to the processing of their information. They can object to: processing based on authentic interests or the performance of a task in the public interest/use of official authority; direct marketing; processing for purposes of research and statistics.