The Isle of Man is now welcoming back fully vaccinated visitors.
Who can travel to the Isle of Man
You are here: Home > Book Online > Data Protection Terms and Conditions
Privacy Notice
Visit Isle of Man is an Executive Agency of the Isle of Man Government Department for Enterprise. The purpose of Visit Isle of Man is to realise the fullest economic growth potential of the Island as a visitor destination. For any privacy enquiries, please feel free to contact our Data Protection Officer, or the Isle of Man Information Commissioner:
Department for Enterprise Data Protection Officer:
St George’s Court, Upper Church Street, Douglas, Isle of Man, IM1 1EX
Tel: +44 (0) 1624 686733
Email: DPO-DfE@gov.im
Isle of Man Information Commissioner:
P.O. Box 69, Douglas, Isle of Man, IM99 1EQ
Tel: +44 (0) 1624 693260
Email: ask@inforights.im
Web: inforights.im
1 Your rights as a data subject
Under the Data Protection Act, you have rights as an individual which you can exercise in relation to the information we hold about you. At any point while we are in possession of or processing your personal information, you, the data subject, have the following rights:
Access - You have the right to request a copy of the information that we hold about you (see section 1.3)
Rectification - You have a right to correct data that we hold about you that is inaccurate or incomplete.
Erasure - In certain circumstances you can ask for the data we hold about you to be erased from our records.
Restriction of processing - Where certain conditions apply, you have a right to restrict the processing of your data.
Portability - You have the right to have the data we hold about you transferred to another organisation
Objection - You have the right to object to certain types of processing such as direct marketing.
Objection to automated processing - You also have the right to be subject to the legal effects of automated processing including profiling.
Judicial review - In the event that the Department for Enterprise refuses your request under rights of access, we will provide you with a reason as to why. You then have the right to complain as outlined in section 1.2.
You can find out more about these rights here or by contacting our Data Protection Officer.
1.1 Retention Period
We only use personal information for as long as it is needed and will store it for the shortest amount of time possible, in accordance with the law. See our Retention of Records Procedure on our Information Governance and Privacy Page.
1.2 Complaints
In the event that you wish to make a complaint about how your personal information is being processed by the Visit Isle of Man (or third parties), or how your complaint has been handled, you have the right to lodge a complaint directly with the Department’s Data Protection Officer and the Isle of Man Information Commissioner.
1.3 Under what circumstances can Visit Isle of Man contact me?
Our aim is never to be intrusive, and we aim to always avoid asking irrelevant or unnecessary questions. Moreover, any information you provide us will always be subject to rigorous measures and procedures to maintain your privacy. You will never be contacted by a means you did not consent to when providing us with your data.
2 About our websites
Visit Isle of Man has two websites, one for consumers and one for trade. If we do want to collect personally identifiable information through our websites, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it (see section 4). However, our websites also collect other data but this data is not personal information and there is no way you can be identified from this information.
2.1 Isle of Man Government Website
The Isle of Man Government website is owned by the Cabinet Office. Their Privacy Notice in relation to how you use gov.im can be found at the top of each page next to the Terms and Conditions.
2.2 Giving consent (“opting-in”) and withdrawing consent (“opting-out”)
Visit Isle of Man is legally required in instances where we have no statutory reason to use or hold your information (known as “processing”), to ask you for your explicit consent. We have to provide you with all the information we can about what we will do with your information in order that you can make an informed decision as to whether or not you agree to us having your information by giving you the opportunity to “opt-in”.
You will definitely know if you are opting-in to us using your information; the request to use your information (opt-in options) are very clearly marked, as are the purposes for us wanting to use your information. There is no way for you to accidentally provide us with information, or to accidentally consent to you using it.
For Visit Isle of Man to process both sensitive and non-sensitive personal information, we must have your explicit given. Where we are asking you for sensitive personal information we will always tell you why and how the information will be used.
When we ask for information from you it will usually be on a form, web-form or when you sign up to direct marketing (newsletters) however, there may be other times such as over the phone or in person. We will always attempt to provide you with a Privacy Notice before you submit any information.
The easiest way is by contacting the Department’s Data Protection Officer
At the bottom of all of Visit Isle of Man marketing emails it says: “click here to unsubscribe”. This then takes you to a new internet browser window that reads: “You are requesting to unsubscribe your@email.address.im from receiving future email messages. Please click the confirm button below if this is correct. [unsubscribe]”. This will automatically remove you from the mailing list for that newsletter, preventing us from processing your personal information any further.
3 Cookies and passive technologies
Cookies and passive technologies are pieces of information that a website transfers to your computer. Cookies can make the web more useful by storing information about your preferences on particular sites, enabling us to provide more useful features for you. They contain no name or address information or any information that will enable anyone to contact you via telephone, email or any other means, the cookies used are listed in section 4.
Most browsers are initially set to accept cookies. If you would prefer, you can set your browser to disable cookies or inform you when they are set. However, given that we may sometimes use cookies to ensure and enhance the performance of our websites, you may not be able to take full advantage of our website if you do disable them.
The first time you visit each of our Visit Isle of Man websites, you will be provided with an option to approve (or “opt-in”) to the use of all cookies on the website with a pop up in the bottom right-hand corner. Visit Isle of Man has no way of knowing whether you allow cookies or not, and no way to trace your selection back to you. Instead, your own internet browser remembers the selection so it will treat that cookie the same each time (until you change your cookie settings).
You can usually manage and disable all cookies and passive technologies directly through your internet browser; you may therefore find it helpful to check the guidance provided by your internet browser provider. The most common providers and links to their guidance on cookies and passive technologies have been provided below:
4 What personal information we might collect and why
This refers to whether or not we have received the information directly from you (e.g. if you signed up to a newsletter online), or from a third party (e.g. another Government Department)
For example, this might include your name, contact details or date of birth
In the few cases we would require any sensitive (or “special category”) information from you, we will always have a legal basis to do so
We will only process your personal information if a lawful basis exists:
Consent - If we rely on your consent to process your information, we will make it obvious what we are asking for consent to do and always tell you how you can withdraw your consent
Contract - If we have a contract to process your personal information
Law Enforcement - If we need to process information to prevent or investigate suspected or actual violations of law
Legal Obligation - If we process information to meet a legal obligation in carrying out statutory government functions; including permanent preservation as in the Public Records Act 1999
Public Task - If it is the public interest for us to collect or store
Vital Interests - If we need to hold the information in order to “protect life”
We have several means of securely storing electronic and manual information
The only people who have access to personal information are those who have a legitimate need to; this includes Visit Isle of Man staff and any Department staff, contractors or third parties with whom we have a data protection agreement
We will only share personal information where we have a legitimate need to do so. All sharing is based upon the legal bases listed above. We ensure that we have proper data protection agreements in place with all those with whom we share, requiring them to uphold the highest privacy standards
All personal information is kept with the highest standards and safeguards in place. This includes technical security, preventing unauthorised access, undertaking audits and maintaining backups
Throughout the Department
Department – Privacy Information
How will we collect it?
When you send us an email enquiry/request:
Over the phone or in person:
Filling in forms on both our websites:
Registering to use our Trade website:
When you submit responses to questionnaires, research and surveys:
Posting material or requesting further services:
Entering a competition or promotion:
If you have signed up to receive marketing from Visit Isle of Man:
Visit Isle of Man – Cookies and Passive Technology
Visitisleofman.com & visitisleofman.com/trade
Cookie: ASPSESSIONID*
ASP.NET_*
Issued by this website.
Purpose: Identification. These cookies identify a user, making it easier for them to use the dynamic features of the site without having to provide the same information again as they move from one page to another.
Expiration: Until the website browser is closed.
Cookie: Google Analytics
__utma
Purpose: Performance: to measure and improve site quality through analysis of visitor behaviour.
Expiration: 2 years from when set or updated. Can be removed by user in browser settings.
Cookie: Google Analytics
__utmb __utmc
Purpose: Performance: These cookies are used to record how long a visitor remains on the site. Used to measure and improve site quality through analysis of visitor behaviour.
Expiration: Until the website browser is closed.
Cookie: Google Analytics
__utmz
Issued by this website.
Purpose: Performance: This cookie is used to record where a visitor came from - e.g. search engine traffic, ad campaigns and page navigation. Used to measure and improve site quality through analysis of visitor behaviour.
Expiration: 6 months from when set or updated. Can be removed by user in browser settings.
Cookie: ASPSESSIONID
Shared by js.nmspace.net
Purpose: These cookies identify a user, making it easier for them to use the dynamic features of the site without having to provide the same information again as they move from one page to another.
Expiration: Until the website browser is closed.
Definitions
Under the EU’s General Data Protection Regulation (GDPR) definitions are as follows:
Consent - Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal information relating to him or her;
Data Subject - The individual whom the information or data is about (i.e. you)
Personal Information - Personal information is defined as “any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The Department for Enterprise frequently refers to “personal information”; it is not intended to be a distinct definition of its own, but is thought to be more accessible terminology.
Processing - Processing refers to any operation or set of operations which is performed on personal information or on sets of personal information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Profiling - Profiling refers to any form of automated processing of personal information consisting of the use of personal information to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Third Party - ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal information;