This privacy notice explains what information the Isle of Man Financial Intelligence Unit (FIU) collects and what that information is used for.

FIU is a data controller for the purposes of the Data Protection Act 2018 and the Data Protection (Application of GDPR) Order 2018 and the Data Protection (Application of LED) Order 2018, together with any regulations made under them (Manx Data Protection Legislation).

This Privacy Notice applies to the Isle of Man Government FIU.

When you use an Isle of Man Government FIU service we may ask you to share personal information with us.

When we collect your personal information we will:

• Only collect what we need and no more
• Keep your information secure
• Tell you how we will use your information
• Delete your information when it is no longer needed
• Only process your information in line with rules set out in Manx Data Protection legislation.

This Privacy Notice defines what happens when you give personal information to the FIU and will explain:

• What information is collected and why
• Who is collecting it
• How it is collected
• Why it is being collected
• How it will be used
• How long it will be kept
• Who it will be shared with
• How your information will be kept secure

If you have any questions or comments on this Privacy Notice please contact the FIU Data Protection Officer at the details below –

Email – DPO-FIU@gov.im, Phone - +44 1624 686000, Address - FIU DPO - PO Box 51, Douglas. Isle of Man. IM99 2TD

How and why we ask you to share your personal information

The Financial Intelligence Unit will use your information to:

• register you to report suspicious activity via the online reporting system Themis
• help prevent and detect crime - The Financial Intelligence Unit is a competent authority for the purposes of the Law Enforcement Directive and processes data on that basis

Our legal basis for processing your information

The Financial Intelligence Unit has a statutory function to receive, gather, analyse, store and share information about financial crime. In some cases, where it is necessary and relevant, the information you provide (as identified above), may be disclosed or shared with other organisations.

This will only be done where there we consider it is necessary and relevant for us to do so in accordance with our functions.

Types of personal information we collect about you

Depending on how you interact with us we may process different information about you. Below you will find an overview of the categories of information that we may collect.

Information you provide to us directly

Information we collect automatically

When you visit or use our website, or Themis system we may collect information sent to us by your computer, mobile phone, or other device. For example we may collect:

How we will share the information we collect about you -

Third parties we may share your data with include, for example:

• local law enforcement agencies
• external law enforcement agencies or external Financial Intelligence Units
• regulators (the Isle of Man Financial Services Authority and Gambling Supervision Commission) and off Island regulators

Information obtained by the Financial Intelligence Unit is shared under Section 23 of the Financial Intelligence Unit Act 2016 (the Act). It is an offence under section 26 of the Act for anyone in receipt of information from the Financial Intelligence Unit under section 23 of the Act to further disclose the information save in accordance with Section 25, which requires the written consent of the Financial Intelligence Unit. A person guilty of an offence under Section 26 of the Act is liable on summary conviction to custody for a term not exceeding 2 years and to a fine not exceeding £10,000 or to both.

How we keep your personal information secure

The Financial Intelligence Unit will:

• keep your information safe and secure in compliance with its information security policy
• only use and disclose your information as detailed above, where necessary
• retain the information for no longer than is necessary. Your information will be permanently deleted once the timeframes set out below have been reached

Transfer of Information outside EEA

The Financial Intelligence Unit shares information with jurisdictions outside the EEA. The information is shared with strict handling conditions regarding how the recipient can use that information.

How long do we keep your personal information

We will only keep your information for the minimum time necessary.

This may be to:

• Respond to an enquiry from you
• Meet Isle of Man Government Financial Regulations
• Meet statutory requirements
• To analyse the use and quality of our services and to make improvement

Records are only retained for longer term periods if their retention can be justified for statutory, regulatory, legal or security reasons or for their historic value.

You can review your personal information and ensure it is accurate

Where possible we will provide you with access to the information we hold about you so that you can view this information and provide a means for you to have this information changed if it is not accurate. Alternatively you can ask for the information we hold about you to be changed by making a request to the Financial Intelligence Unit DPO.

To remove your personal information

In certain circumstances you can ask for your information to be deleted. Please note that as part of the Isle of Man Government statutory functions some information may need to be retained. You can request this by contacting the Financial Intelligence Unit DPO.

To make a complaint

If you are unhappy with the way we deal with your personal information you can submit a complaint to the FIU Data Protection Officer who will work with you to resolve any issues.

Email – DPO-FIU@gov.im | Phone - +44 1624 686000 | By Post FIU DPO, PO Box 51, Douglas, Isle of Man. IM99 2TD

The Isle of Man’s Information Commissioner is the independent supervisory body responsible for upholding the public's information rights and promoting and enforcing compliance with the Island's information rights legislation.

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Manx Data Protection Legislation.

How to request your personal information

Under the Data Protection Act 2018 you have a right of access to your personal data and to check the accuracy of that data by making a Data Subject Access Request.

A subject access request is made by filling in our Subject Access Request Form or contacting the Data Protection Officer (DPO) of the Department, Office or Board that collects the information.

We have a guidance sheet that gives you details on the process.

To make a request of the DPO for the FIU contact:

Email – DPO-FIU@gov.im | Phone - +44 1624 686000 | By Post FIU DPO, PO Box 51, Douglas, Isle of Man. IM99 2TD

Subject access requests must be responded to promptly and in any event within a maximum of 1 month.

The Information Commissioner is the independent authority responsible for upholding the public's information rights and promoting and enforcing compliance with the Island's information rights legislation. Further information can be found on the Information Commissioner's website.

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Data Protection Act 2018.

Will this privacy notice change?

This Privacy Notice may change. We will not reduce your rights under this Privacy Notice without your consent. If any significant change is made to this Privacy Notice we will provide a prominent notice on this website so that you can review the updated Privacy Notice. 

This Privacy Notice may be replaced, or more information added, when you send feedback, ask to use a service online or make a payment for a service through our website.

This privacy notice was last updated in May 2021