Menu

Privacy Notice

This privacy notice explains what personal data the Communications and Utilities Regulatory Authority ('the Authority') collects and what it is used for.

The Communications and Utilities Regulatory Authority ('the Authority') is the data controller for the purposes of the Data Protection Act 2018, the Data Protection (Application of GDPR) Order 2018 and the Data Protection (Application of LED) Order 2018, together with any regulations made under them (Manx Data Protection legislation).

This Privacy Notice may change. We will not reduce your rights under this Privacy Notice without your consent. If any significant change is made to this Privacy Notice we will provide a prominent notice on this website so that you can review the updated Privacy Notice. 

This Privacy Notice was last updated on 16th October 2023.

When we collect your personal data we will:

  • Only collect what we need and no more
  • Keep it secure
  • Tell you how we will use it
  • Delete it when no longer needed
  • Only process it in line with rules set out in the Manx Data Protection legislation

This Privacy Notice explains:

  • What personal data is collected and why
  • Who is collecting it
  • How it is collected
  • Why it is being collected
  • How it will be used
  • How long it will be kept
  • Who it will be shared with
  • How it will be kept secure
  • Your rights, including how to access and update information

Freedom of Information Requests (FOI): 

To make a Freedom of Information (FOI) request or learn more about Freedom of Information please click this link

Data Protection Officer

If you have any questions or comments on this Privacy Notice please contact the Data Protection Officer ('DPO') for the Authority:

Email: dpo@cura.im
Phone +44 1624 677022

Data Protection Officer,
Communications and Utilities Regulatory Authority,  
Ground Floor, Murray House,
Mount Havelock, 
Douglas,
IM1 2SF

We collect and process information, including personal information, to provide effective and efficient services.

We use your personal data in line with the rules set out in the General Data Protection Regulation (Isle of Man) Order 2018 for the following reasons:

  • To carry out our Statutory function
  • To allow this office to communicate with you
  • To review your query/complaint in order to provide assistance within our legal powers
  • To analyse use of the website and make improvements

We will only process your personal information if there is a legal reason for us to do so. We may rely on:

  • Your consent – if we rely on your consent to process your information you may withdraw your consent at any time by contacting the Data Protection Officer
  • The processing is necessary for us to comply with the law
  • The need to prevent or investigate suspected or actual violations of law
  • The need to retain information for historical or archiving purposes by the Public Record Office under the Public Records Act 1999 – more information on retention is available from the Public Record Office

Depending on how you interact with us we may process different data about you. Below you will find an overview of the categories of data that we may ask you to provide.

 

Information you provide to us directly

Including as part of a request to provide advice or regulatory services.

Category of information Example of that type of Information
Personal Details Name, email address, telephone number, address
Financial Information Amounts, and financial documentation in support of any Complaint or query
Other Information Feedback, comments, complaints, enquiries
Personal Identification Information Title, gender
Telecommunications Identifiers Account details, complaint number

 

We may also process certain special categories of data as defined in the GDPR (Isle of Man) Order, and/or protected characteristics as defined in the Equality Act 2017 for specified and limited purposes. We will only process special categories of information where we have obtained you explicit consent or are otherwise lawfully permitted to do so.

This may include:

  • Information about racial or ethnic origin
  • Political opinions
  • Sexual orientation
  • Trade union membership
  • Religious or philosophical belief
  • Genetic data, biometric data
  • Criminal proceedings, outcomes and sentences;
  • Age
  • Disability and health in general
  • Gender reassignment
  • Marriage and civil partnership
  • Pregnancy and maternity

 

Information we collect automatically

When you visit or use our website we may collect information sent to us by your computer, mobile phone, or other device. For example we may collect:

 

Category of information Example of that type of Information
Device Information Hardware model, operating system version, IP Address
Log Information Time and duration of visit
Other Information Links you click, location
Tracking information When you visit this site we use cookies that do not collect any personal information

                                           

Read more about how we use Cookies

We will only keep your information for the minimum time necessary, this may be to:

  • Respond to an enquiry from you
  • Meet Fire or Health & Safety Regulations
  • To analyse the use and quality of our services and to make improvements

You should note that a public record we create may be selected for permanent preservation under the Public Records Act 1999. Records are only retained for longer term periods if their retention can be justified for statutory, regulatory, and legal or security reasons or for their historic value.

Further information on Public Records can be found below under the heading 'Public Records'

 

 

The security and confidentiality of your information is very important to us.

We will ensure that:

  • Safeguards are in place to make sure personal information is kept securely
  • Only authorised staff are able to view your information
  • We comply with the requirements of the Information Commissioner

It may also be shared with other bodies where it is necessary to do so and where we are legally required or permitted to do so such as Fire or Health & Safety Regulations.

This may include relevant public authorities and legal advisors.

We will not sell to, or share, your personal information with other companies, organisations or individuals. CURA may share your personal information with other companies, organisations, Government Departments or individuals where there is a legal requirement to do so. Your personal information will not be disclosed to any third party without your prior consent or where required to do so by law.

You may have the following rights in relation to your personal information:

  • right to be informed about the personal information we collect, how this is being used, and to or from whom we share any details with
  • right to access the personal data we hold about you by making a ‘subject access request’. If you agree, we'll try to deal with your request informally, for example by providing you with the specific information you need over the telephone, or we can email this to you where you have given us an email address. In certain circumstances a charge may apply. To assist we provide an information sheet that gives you details on the process and an application form to help in framing any request. You are not required to use this form. If you wish to make a request by phone please contact the Data Protection Officer
  • right to request the correction of personal data we hold about you that you think is incorrect
  • right to request erasure of your personal data in some circumstances
  • right to object to processing and the right to restriction of processing of your personal data in some circumstances
  • right to request portability, where you have supplied information to us, and you wish to transfer that information to another organisation or service provider
  • right to withdraw your consent at any time

 

It’s worth noting that the benefits afford by these rights are limited in some circumstances, and may depend on the legal reason why we collected your personal data. If this is the case, we'll explain why.

To exercise any of the rights mentioned, or if you have any questions relating to your rights, please contact the Data Protection Officer.

If you are unhappy with the way we deal with your personal information you can submit a complaint to the CURA Data Protection Officer who will work with you to resolve any issues.

Email address: DPO@cura.im

Telephone: +44 1624 677022

Communications and Utilities Regulatory Authority
Ground Floor
Murray House
Mount Havelock
Douglas
Isle of Man
IM1 2SF

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Manx Data Protection Legislation. Further information regarding complaints to the ICO can be obtained through its website or by calling +44 1624 693260.

Under the Data Protection Act 2018 you have a right of access to your personal data and to check the accuracy of that data by making a Subject Access Request.

A subject access request is made by contacting the Data Protection Officer (DPO) of the Department, Office or Board that collects the information, or by filling out a subject access request application form. To assist we provide an information sheet that gives you details on the process.

To make a request of the DPO for CURA contact:

Communications and Utilities Regulatory Authority
Ground Floor
Murray House
Mount Havelock
Douglas
Isle of Man
IM1 2SF

Email: DPO@cura.im
Phone: +44 1624 677022

Subject access requests must be responded to promptly and in any event within a maximum of 1 month.

The Information Commissioner is the independent authority responsible for upholding the public's information rights and promoting and enforcing compliance with the Island's information rights legislation. Further information can be found on the Information Commissioner's website.

You have the right to request the Information Commissioner to undertake an assessment as to whether the processing of your personal data has been carried out in accordance with the provisions of the Data Protection Act 2018.

This Privacy Notice may change. We will not reduce your rights under this Privacy Notice without your consent. If any significant change is made to this Privacy Notice we will provide a prominent notice on this website so that you can review the updated Privacy Notice. 

This Privacy Notice may be replaced, or more information added, when you send feedback, ask to use a service online or make a payment for a service through our website.

This privacy notice was last updated in October 2023.