We collect and process information, including personal information, to provide effective and efficient services.

We use your personal data in line with the rules set out in the General Data Protection Regulation (Isle of Man) Order 2018 for the following reasons:

• To carry out our Statutory function
• To allow this office to communicate with you
• To review your query/complaint in order to provide assistance within our legal powers
• To analyse use of the website and make improvements

We will only process your personal information if there is a legal reason for us to do so. We may rely on:

• Your consent – if we rely on your consent to process your information you may withdraw your consent at any time by contacting the Data Protection Officer
• The processing is necessary for us to comply with the law
• The need to prevent or investigate suspected or actual violations of law
• The need to retain information for historical or archiving purposes by the Public Record Office under the Public Records Act 1999 – more information on retention is available from the Public Record Office

Depending on how you interact with us we may process different data about you. Below you will find an overview of the categories of data that we may ask you to provide.

Information you provide to us directly

Including as part of a request to provide advice or regulatory services.

We may also process certain special categories of data as defined in the GDPR (Isle of Man) Order, and/or protected characteristics as defined in the Equality Act 2017 for specified and limited purposes. We will only process special categories of information where we have obtained you explicit consent or are otherwise lawfully permitted to do so.

This may include:

• Information about racial or ethnic origin
• Political opinions
• Sexual orientation
• Trade union membership
• Religious or philosophical belief
• Genetic data, biometric data
• Criminal proceedings, outcomes and sentences;
• Age
• Disability and health in general
• Gender reassignment
• Marriage and civil partnership
• Pregnancy and maternity

Information we collect automatically

When you visit or use our website we may collect information sent to us by your computer, mobile phone, or other device. For example we may collect:

Read more about how we use Cookies

We will only keep your information for the minimum time necessary, this may be to:

• Respond to an enquiry from you
• Meet Fire or Health & Safety Regulations
• To analyse the use and quality of our services and to make improvements

You should note that a public record we create may be selected for permanent preservation under the Public Records Act 1999. Records are only retained for longer term periods if their retention can be justified for statutory, regulatory, and legal or security reasons or for their historic value.

Further information on Public Records can be found below under the heading 'Public Records'

The security and confidentiality of your information is very important to us.

We will ensure that:

• Safeguards are in place to make sure personal information is kept securely
• Only authorised staff are able to view your information
• We comply with the requirements of the Information Commissioner

It may also be shared with other bodies where it is necessary to do so and where we are legally required or permitted to do so such as Fire or Health & Safety Regulations.

This may include relevant public authorities and legal advisors.

We will not sell to, or share, your personal information with other companies, organisations or individuals. CURA may share your personal information with other companies, organisations, Government Departments or individuals where there is a legal requirement to do so. Your personal information will not be disclosed to any third party without your prior consent or where required to do so by law.

You may have the following rights in relation to your personal information:

• right to be informed about the personal information we collect, how this is being used, and to or from whom we share any details with
• right to access the personal data we hold about you by making a ‘subject access request’. If you agree, we'll try to deal with your request informally, for example by providing you with the specific information you need over the telephone, or we can email this to you where you have given us an email address. In certain circumstances a charge may apply. To assist we provide an information sheet that gives you details on the process and an application form to help in framing any request. You are not required to use this form. If you wish to make a request by phone please contact the Data Protection Officer
• right to request the correction of personal data we hold about you that you think is incorrect
• right to request erasure of your personal data in some circumstances
• right to object to processing and the right to restriction of processing of your personal data in some circumstances
• right to request portability, where you have supplied information to us, and you wish to transfer that information to another organisation or service provider
• right to withdraw your consent at any time

It’s worth noting that the benefits afford by these rights are limited in some circumstances, and may depend on the legal reason why we collected your personal data. If this is the case, we'll explain why.

To exercise any of the rights mentioned, or if you have any questions relating to your rights, please contact the Data Protection Officer.

If you are unhappy with the way we deal with your personal information you can submit a complaint to the CURA Data Protection Officer who will work with you to resolve any issues.

Email address: DPO@cura.im

Telephone: +44 1624 677022

Communications and Utilities Regulatory Authority
Ground Floor
Murray House
Mount Havelock
Douglas
Isle of Man
IM1 2SF

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Manx Data Protection Legislation. Further information regarding complaints to the ICO can be obtained through its website or by calling +44 1624 693260.

Under the Data Protection Act 2018 you have a right of access to your personal data and to check the accuracy of that data by making a Subject Access Request.

A subject access request is made by contacting the Data Protection Officer (DPO) of the Department, Office or Board that collects the information, or by filling out a subject access request application form. To assist we provide an information sheet that gives you details on the process.

To make a request of the DPO for CURA contact:

Communications and Utilities Regulatory Authority
Ground Floor
Murray House
Mount Havelock
Douglas
Isle of Man
IM1 2SF

Email: DPO@cura.im
Phone: +44 1624 677022

Subject access requests must be responded to promptly and in any event within a maximum of 1 month.

The Information Commissioner is the independent authority responsible for upholding the public's information rights and promoting and enforcing compliance with the Island's information rights legislation. Further information can be found on the Information Commissioner's website.

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Data Protection Act 2018.

This Privacy Notice may change. We will not reduce your rights under this Privacy Notice without your consent. If any significant change is made to this Privacy Notice we will provide a prominent notice on this website so that you can review the updated Privacy Notice. 

This Privacy Notice may be replaced, or more information added, when you send feedback, ask to use a service online or make a payment for a service through our website.

This privacy notice was last updated in October 2023.