Privacy Notice

Read our Child Friendly Privacy Notice for Pupils (PDF 261KB)

Fair Processing Notice

Your information is being collected by Castle Rushen High School which is a data controller for the purposes of current Data Protection Legislation as applied in the Isle of Man.

Our websites contain links to other websites which you may find useful; when you follow these links, the websites should have their own privacy policy. Castle Rushen High School cannot accept any responsibility or liability for the content of any personal data provided to them. We advise you to check these policies before you submit any personal data to these websites.

The Headteacher in the name of Castle Rushen High School as Data controller

If you have any questions or comments on this Privacy Notice please contact the Data Controller, namely the Head Teacher at Arbory Road, Castletown, Isle of Man IM9 1RE.

In addition to the information set out in the Department of Education, Sport and Culture’s (DESC) Privacy Notice, we may also collect the following information about your child as required by the Education Act 2001 and the Registration of Pupils Regulations 2016:

full legal name and where known, any former name or names;
gender;
date of birth;
unique pupil number;
ethnic group and by whom that information was provided;
first language;
date of admission to the school;
year group;
the address and postcode of the pupil's usual residence and any other properties at which the pupil is also known to reside on occasion;
the name and address of every person known to the school to be a parent of the pupil and at least one emergency contact telephone number;
the name and address of any other schools the pupil is known to have attended, if any, and in the case of guest registration, any other schools at which the pupil is registered;
full-time or part-time;
day pupil or boarder;
date of leaving the school;
usual mode of transport to and from school;
for any pupil who is known to the head teacher to be or to have been looked after by an appropriate organisation, the name of that organisation;
(where applicable) that the pupil has been found eligible for free school meals;
Attendance;
Medical information for the vital interests of children where appropriate;
Educational psychologists reports and supporting documents;
Academic achievements;
Skills and abilities;
Educational progress;
Special educational needs information;
Suspension information; and
Course information.

Should you have any enquiries or comments regarding this information, please contact the Data Protection Officer (DPO) for the Department of Education, Sport and Culture. By email DPO-DESC@gov.im or by post to Data Protection Officer, Thie Slieau Whallian, Foxdale Road, St John's, Isle of Man, IM4 3AS or by telephone on (01624) 685828.

How we will use the information we collect about you

Castle Rushen High School may use your information to:

register your child at the school;
record attendance information;
produce an educational record containing:
- Information about your child
- Personal education plans
- Educational psychologist's reports and accompanying documents
produce a curricular record containing:
- Academic achievements;
- Skills and abilities; and
- Educational progress
produce a record of special educational needs and special needs provision, if appropriate detailing:
- The type of special need;
- A ranking of the special needs if there is more than one;
- The special needs provision being made; and
- Whether teaching is in a special education needs unit or elsewhere
record details of suspensions
produce a record of the studies undertaken;
help prevent and detect crime

Castle Rushen High School has a statutory obligation to check and verify the data you provide to us on registration documents and on consent forms. This may include checks of publicly available information but in some cases, where it is necessary and relevant, the information you provide may be disclosed or shared with other organisations.

How we will share the information we collect about you

App or Service	Details	Consent Required
Accelerated Reader more information	Data Shared: Name, DOB, Year group, Gender, Reading Level and Reading Age. Year 7 and possibly Year 8 students only. Security Protocols: An appropriate level of network and account security are in place. Access Conditions: Supervised Teacher Access: Yes Server/Data Location: EEA Retention Period: Data will be removed within 12 months of the students no longer using the software.	Yes
BSquared more information	Data Shared: Name, DOB, Medical, SEN data Sharing Basis: Carried out in the public interest / exercise of official authority vested in the controller Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: EEA Retention Period: Student record held for DOB +25years.	No
DESC Attendance	Data Shared: Name, School, Attendance data if less than 80% Sharing Basis: Public interest + official authority of the DC Security Protocols: Secure access or information sent by email password protected Server/Data Location: EEA Retention Period: As needed while resolving issues	No
DESC Department of Education, Sport and Culture more information	Data Shared: 1. Attendance information 2. Exam information – pseudonymised so no person identified to DESC 3. Careers - Name, contact details, year group 4. Destination data - Year group, course being undertaken pseudonymised so no person identified to DESC. 5. Subject collaboration between schools - Name, DOB, teacher names, timetables, attendance, attainment and effort grades. 6. Youth Service - Name and contact details to participate in surveys. Sharing Basis: Carried out in the public interest / exercise of official authority vested in the controller Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: IOM Retention Period: 1. As needed if attendance falls below 80% 2. Public record of aggregated results 3. August after leaving school 4. January following leaving school. 5. DOB + 25 years unless subject to legal action 6. Within one month	No
DHA IOM Constabulary	Data Shared: Name, age, address, contact details. Sharing Basis: Legal / carried out in public interest Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: IOM Retention Period: As determined by legal proceedings.	Yes
DHSC more information	Data Shared: To receive information about HPV Department of Health and Social Care -Girls name, DOB, contact data Sharing Basis: Carried out in the public interest / exercise of official authority vested in the controller. Vital interests of the data subject Security Protocols: An appropriate level of network and account security are in place Access Conditions: NA Teacher Access: NA Server/Data Location: IOM Retention Period: August after information sent.	No
DHSC - CAMHS	Data Shared: Name, DOB, contact details, attendance data Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: IOM Retention Period: DOB + 25 years	Yes
DHSC - Child Protection cases	Data Shared: Name, DOB, contact details, attendance data, pupil record, incident and accident reports, communications between school and parent Sharing Basis: Vital interests of the data subjects Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: IOM Retention Period: Deleted one year after coming off child protection.	No
DHSC Community nurses more information	Data Shared: Name, DOB, contact details, Attendance data Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: IOM Retention Period: August after reaching 16	Yes
DHSC Dental Survey more information	Data Shared: Child’s name, date of birth Security Protocols: Information sent password protected with the password sent via an alternative means of communication Server/Data Location: EEA Retention Period: Current year	Yes
DHSC Dental Survey more information	Sharing Basis: For completion of the Dental Survey Security Protocols: An appropriate level of network and account security are in place Access Conditions: NA Teacher Access: NA Server/Data Location: IOM Retention Period: August after the information supplied	Yes
DHSC School / Community Nurses more information	Data Shared: Child's name, date of birth, current address, previous address, current school and previous school Security Protocols: Information sent password protected with the password sent via an alternative means of communication Server/Data Location: EEA Retention Period: Current year	Yes
Drug & Alcohol Team (DTA) more information	Data Shared: Name, DOB, contact details, attendance data Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: IOM Retention Period: August after reaching 16 or until consent withdrawn.	Yes
Easytrace/Infinity to provide a student ID card more information	Data Shared: Full Name, DOB, Year group Sharing Basis: Carried out in the public interest / exercise of official authority vested in the controller Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: EEA Retention Period: Deleted within 24 months of leaving date	No
employed.im more information	Data Shared: Name, email, password. Information data subject supplies. Sharing Basis: Public interest + official authority of the DC Access Conditions: Supervised and unsupervised Teacher Access: Limited access to enable placements Server/Data Location: IOM Retention Period: For as long as data subjects wish to use the services	No
Empowering Education International Limited (EEIL) more information	Data Shared: May include fields such as: title, first name, last name, position, contact information, location data, ID data, opinions, comments, viewpoints, discussions, student academic data, self-evaluation data, career intentions, disability, ethnicity/race, medical (health or learning difficulty) goods and services provided, and internet protocol address. Please note that Ethnicity/Race and Medical (Heath or Learning Difficulty) data are special category data and adequate safeguards are in place to address them. Sharing Basis: Public interest + official authority of the DC Security Protocols: Tribal’s internal and customer hosting services are outsourced to our business partners (AWS, Microsoft and Rackspace) as applicable to the software services required. All three companies IT infrastructure is designed and managed in alignment with security best practices. Their compliance with international and industry-specific IT security standards is detailed in a series of control definition reports. Access Conditions: No Teacher Access: No Server/Data Location: UK Retention Period: Any personal data provided to EEIL will only be retained for the duration of the EEIL engagement with DESC.	No
Evolve more information	Data Shared: Name, contact details, trip information and risk assessments Sharing Basis: Public interest + official authority of the DC Security Protocols: Advanced firewalls, enterprise-level virus protection on all servers, HTTPS encryption for all communication between our servers and users, regular data backup, username/password/PIN to control access, failed log-in attempt logging, automatic suspicious activity detection and logging Server/Data Location: UK Retention Period: Current year + 6 years	No
Examination Boards	Data Shared: Name, DOB, Gender, Examination number, Subject information, Examination results, Exam papers and course work CAMBRIDGE http://www.cambridgeinternational.org/privacy-and-legal/ PEARSON https://www.pearson.com/us/privacy-statement.html AQA http://www.aqa.org.uk/about-us/privacy-notice OCR http://www.ocr.org.uk/about/our-policies/website-policies/privacy-policy/ SQA https://www.sqa.org.uk/sqa/36588.html WJEC http://www.wjec.co.uk/home/privacy-policy.html ASDAN https://www.asdan.org.uk/terms-and-conditions Sharing Basis: Carried out in the public interest / exercise of official authority vested in the controller. Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: EEA Retention Period: DOB + 25 years (to be confirmed by exam boards)	No
Examination Result Summaries	Data Shared: Name, number of examinations A-G, or particular achievements Sharing Basis:* Examination results summaries for publication of results and awards Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: IOM Retention Period: Into public domain	Yes
Facebook more information	Data Shared: Photos, names Security Protocols: Password protected, Two-factor authentication. Server/Data Location: Worldwide including the US Retention Period: Current year	Yes
Fusion 360 from Autodesk more information	Data Shared: Student Gmail address Sharing Basis: To support the learning of students studying Design and Technology Security Protocols: Appropriate and suitable safeguards and technical measures are in place to protect your personal data Access Conditions: Supervised and unsupervised Teacher Access: Yes Server/Data Location: Global Retention Period: 12 months from the date of student leaving the school	Yes
Google	Data Shared: No personal information should be stored on Google servers by staff apart from a name, class grouping, email address and information regarding work completed or to be completed Sharing Basis: Public interest + official authority of the DC Security Protocols: Google adheres to several self regulatory frameworks, including the EU-US Privacy Shield arrangement. Access Conditions: No Teacher Access: Limited to areas set up by staff such as Google Classrooms and shared areas Server/Data Location: Worldwide including the US Retention Period: DOB + 21 years or 3 years since the last log on	Yes
Information relating to student trips	Data Shared: Full name, DOB contact details, nationality. Medical and allergy information relevant to student and trip. Sharing Basis: To provide trips to students we will need to share information with Ferry Companies, Airlines, Hotels, Tour operators in respect of trips. Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: Dependent upon source of request Retention Period: As per privacy statement for those providers	Yes
Integral (Mathematics, Education, Innovation) more information	Sharing Basis: To support the learning of Mathematics at A Level Security Protocols: An appropriate level of network and account security are in place Access Conditions: N/A Server/Data Location: EEA Retention Period: 12 months from student leaving school	No
ItsLearning	Data Shared: Name, class, school work Sharing Basis: Public interest + official authority of the DC Security Protocols: Username and password Access Conditions: No Teacher Access: Yes Server/Data Location: EEA Retention Period: End of Use + 12 months	No
Junior Achievement more information	Data Shared: Name. class, year group Security Protocols: Hold your information securely to maintain safety of your personal information. Your information whether public or private will never be sold, exchanged, transferred, or given to another company for any reason whatsoever, other than for the purpose of delivering purchased products or vetting of volunteers Retention Period: Until after event	Yes
Junior Achievement IOM more information	Data Shared: Forename and Surname Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: IOM Retention Period: Until completion of Junior Achievement programme	Yes
Kahoot	Data Shared: Name, Email address, user name, google analytics identifiers Security Protocols: Reasonable organizational, technical and administrative measures Access Conditions: Supervised Teacher Access: Yes Server/Data Location: Worldwide Retention Period: End of use + 12 months	Yes
Lettings Information	Data Shared: None Security Protocols: On password protected machines held on a secure network. Access Conditions: Only used by administration staff Teacher Access: N/A Server/Data Location: IOM Retention Period: Retention period - Current year +1 year	No
Microsoft Teams	Data Shared: Census data: AppName, DeviceModel, OSName, OSVersion, UserLanguage, UserID, DeviceID. Census data DOES NOT contain any information that identifies your organisation or users. Usage data: includes information such as number of calls made, number of IMs sent or received, number of meetings joined, frequency of features used and stability issues. Usage data DOES NOT contain any information that identifies users. Anyone in a team can see all members of a team, including guests Sharing Basis: Public interest to assist with remote education during period of school closures. Security Protocols: Teams enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest. Files are stored in SharePoint and are backed by SharePoint encryption. Access Conditions: Supervised and unsupervised. Teacher Access: Yes Server/Data Location: EEA Retention Period: August after pupil leaves school	No
Motiv8 (Alcohol Advisory Service) more information	Data Shared: Name, DOB, contact details, attendance data Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: EEA Retention Period: August after reaching 16 or until consent withdrawn.	Yes
MyMaths more information	Data Shared: Name, email address Security Protocols: Appropriate and suitable safeguards and technical measures are in place to protect your personal data Access Conditions: Supervised Teacher Access: Yes Server/Data Location: Worldwide Retention Period: End of use + 12 months	Yes
Parentpay more information	Data Shared: ParentPay obtain (either from the Customer and/or from you directly) and process the following information: Data Subject (Who) Data Category (What) Description Pupil Student Forename This is the forename of the pupil. Pupil Student Surname This is the surname of the pupil. Pupil Student Known as This is the name that the pupil is known as. Pupil Student DOB This is the date of birth of the pupil. Pupil Student Gender This is the pupil’s gender Pupil Student Groups Registration group (if any), year, other groups Pupil Student Salutation This is the pupil’s salutation. Pupil Student Dietary Requirements This is the pupils special dietary requirements Pupil Student Postal Address The student’s postal address Pupil Student Identifiers Roll/Admission number, UPN, management system identifier Pupil Student Meal Selections and spend history This is a history of a pupil’s meal selections and spends for school meals or non-meal-related items, including free school meals Pupil Student Trip information Trip details collected from parents, e.g. emergency contacts, medical details, dietary requirements, doctor’s contact, EHIC and Passport Parents Contacts Title This is the contact’s title (Mr, Mrs, Ms, etc). Parents Contacts Forename This is the contact’s forename. Parents Contacts Surname This is the contact’s surname. Parents Contacts Authentication data Username and password, single-sign-or multi-factor-authentication tokens Parents Contacts Gender The contact’s gender (Salutation) Parents Contacts House Name The text entered as the contact’s house name. Parents Contacts Street The text entered as the contact’s street. Parents Contacts Locality The text entered as the contact’s locality. Parents Contacts Town The text entered as the contact’s town. Parents Contacts Postcode The text entered as the contact’s post code. Parents Contacts Day Telephone The contact’s daytime telephone number. Parents Contacts Home Telephone The contact’s home telephone number. Parents Contacts Mobile Telephone This is the contact’s mobile telephone number used to receive alerts from Parentpay and for school communications Parents Contacts Email This is the contact’s E-mail address used to receive communications from Parentpay and for school communications. Parents Contacts Payment History and balances This is the contact’s history of payment transactions, including reversals, refunds and withdrawals of funds. Parents Contacts Payment card details Payment card details are captured and passed to a 3rd party for authorisation. Parents Contacts Other This is the contact’s alternative communication method. Parents Contacts In-app messages Messages sent from parents to school within the ParentPay application Parents Contacts Trouble ticket data When users submit trouble ticket information, this gets stored. Parents Contacts Shop information ParentPay can be used as a payment page from externally or internally hosted shop systems. This the information captured as part of that (“shopping basket”). Parents Contacts Browser Details IP address, cookies, browser information Parents Contacts Scottish UPRN For users in Scotland who sign up via MyGovScot School Staff Title This is the staff member’s title (Mr, Mrs, Ms, etc.). School Staff Forename This is the staff member’s forename. School Staff Surname This is the staff member’s surname. School Staff Gender The staff member’s gender Website Access IP Address The network address of your device or internet connection Website Access Browser Type and Version The type of Web Browser your device is using Website Access Cookies Special records in your browser to help the website operate Website Access Web Analytics Generalised information about browsing behaviour and page statistics Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: EEA Retention Period: Until account closed by parent.	Yes
Quesmedia Sites more information	Data Shared: Website activity, website form submissions and user content. Sharing Basis: To provide public website services for our school Security Protocols: Sites are served over HTTPS using TLS to provide both secure server–server and server–client communication. Accounts are protected from brute force attacks with rate limiting and automated account locking. Passwords are one-way encrypted using bcrypt before being stored and are required to satisfy strong password rules to ensure high-entropy. Access Conditions: None Teacher Access: Limited to data provided within the CMS Server/Data Location: United Kingdom (EEA) Retention Period: Please view the more information link for data retention policies.	No
Reading Cloud more information	Data Shared: Name, DOB, Gender Security Protocols: An appropriate level of network and account security are in place. Access Conditions: Supervised Teacher Access: Yes Server/Data Location: EEA Retention Period: Within 12 months of leaving school.	Yes
Reference requests	Data Shared: Name, contact details, attainment, effort, exam results, comments as requested Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: Dependent upon source of request Retention Period: Student record held for DOB +25years. Thereafter no information available to provide a full reference.	Yes
RIDDOR more information	Data Shared: Name, age,gender, school, address, phone number, injury Server/Data Location: IOM Retention Period: DOB +25 years	No
SIMS	Data Shared: Pupil record Sharing Basis: Public interest + official authority of the DC Security Protocols: Secure servers hosted within Government data centre. Secure connections from within approved areas of Government. Teachers access via secure VPN from approved device only. Server/Data Location: EEA Retention Period: DOB + 25 years	No
SIMS (Student Information Management System) more information	Data Shared: SIMS (Student Information Management System) Full name, DOB, full contact details of child and parents/carers, gender, medical information, religion, Nationality, ethnicity, transport information, assessment and exam results, behaviour management. Sharing Basis: Carried out in the public interest / exercise of official authority vested in the controller. Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: EEA Retention Period: See Retention policy for full details.	No
SIMS Intouch more information	Data Shared: Name, contact details – mobile phone number Sharing Basis: Carried out in the public interest / exercise of official authority vested in the controller Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: EEA Retention Period: Deleted within 24 months of leaving date	No
Social Media : Facebook, Twitter	Data Shared: Forename and photograph of activity or performance Sharing Basis: Based upon consent by parent or carer from Data Collection Form. Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: Global Retention Period: As per privacy statement for those applications	Yes
The Children's Centre more information	Data Shared: Name, contact details & SEN information to participate in activities. Sharing Basis: Carried out in the public interest /exercise of official authority vested in the controller Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: IOM Retention Period: August after information sent.	No
Transition between primary and secondary school	Data Shared: Transition activities / work done in transition lessons / pupil record Sharing Basis: In the public interest and official authority of the data controller. Security Protocols: Emails on secure servers; for ‘online.sch.im’ a google service self regulatory frameworks, including the EU-US Privacy Shield arrangement. Access Conditions: Supervised and unsupervised Teacher Access: Yes Server/Data Location: United Kingdom (EEA) Retention Period: DOB + 21 years or 3 years since the last log on	No
UCM courses – examination results	Data Shared: Name, UPN, Examination results for courses undertaken at UCM Sharing Basis: Carried out in the public interest / exercise of official authority vested in the controller Security Protocols: An appropriate level of network and account security are in place Access Conditions: NA Teacher Access: NA Server/Data Location: EEA Retention Period: DOB + 25 years	No
Youth Justice more information	Data Shared: Name, address, attendance, timetable. Sharing Basis: Legal Security Protocols: An appropriate level of network and account security are in place. Access Conditions: NA Teacher Access: NA Server/Data Location: IOM Retention Period: As determined by legal proceedings	No
Youtube more information	Data Shared: Image or voice, Name Access Conditions: Supervised and unsupervised Server/Data Location: Worldwide	Yes
Zoom more information	Data Shared: Your name, username and email address, or phone number, Cloud recordings, chat / instant messages, files, whiteboards, and other information shared while using the service, voice mails, IP address, MAC address, other device ID (UDID), device type, operating system type and version, client version, type of camera, microphone or speakers, connection type, etc. location, Duration of the meeting / Zoom Phone call, Email address, name, or other information that a participant enters to identify themselves in the meeting, Join and leave time of participants, Name of the meeting, Date / time that meeting was scheduled, Chat status (unless a setting is actively chosen by user), Call data records for Zoom Phone Sharing Basis: Consent Security Protocols: Password protection, encryption – not end-to-end, only participants to meetings to be sent links, updates to be installed. Please note there are currently serious issues and no sensitive information should be shared on this platform. Privacy Shield applies. Access Conditions: Supervised and unsupervised Teacher Access: Yes Server/Data Location: Data routed through servers in China. USA Retention Period: Individual accounts when deleted	Yes

For more specific details about retention periods see the Department’s retention schedule

Information obtained or disclosed by third parties will not be used for any other purpose other than supporting the delivery of teaching and learning.

Failure to provide information may impact on support in school, the quality of teaching and learning and in achievement in examinations.

Protecting your information

Castle Rushen High School will:

keep your information safe and secure in compliance;
only use and disclose your information as detailed above where necessary
Retain the information for no longer than is necessary and your information wll be permanently deleted once the timeframes set out below have been reached (there will need to be an authorisation process, to dispose of this in line with our Records Management Policy and retention periods as outlined below (unless there is an over-riding reason to retain this information).

Transfer of Information outside the EEA

Apps and services that are used in school may require data to be stored on servers outside of the EEA. Information sent to these will be limited and are as detailed above.

More Information

You can find out more information including:

Looking at the Isle of Man Government Privacy Policy here https://www.gov.im/about-this-site/privacy-notice/ [Accessed 16/1/18]
Contacting the Department’s Data Protection Officer: By email DPO-DESC@gov.im by post to Data Protection Officer, DESC, Thie Slieau Whallian, Foxdale Road, St John's, Isle of Man, IM4 3AS, or by telephone on (01624) 685828;
Asking to see your information or making a complaint if you feel that your information is not being handled by contacting the Headteacher as Data Controller for Castle Rushen High School
Making a subject access request which is a request for all of the personal data we hold about you.
Obtaining this information in large print, braille, or in an alternative language.

Freedom of information

Requests for Information, submitted in accordance with Freedom of Information Act 2015.

The following information is collected for the purpose of meeting a request you have made for information.

Title
First name
Surname
Address
Email Address
Phone number
Mobile number

Your rights

You may have the following rights in relation to your personal information:

right to be informed about the personal information we collect, how this is being used, and to or from whom we share any details with.
right to access the personal data we hold about you by making a ‘subject access request’. If you agree, we'll try to deal with your request informally, for example by providing you with the specific information you need over the telephone, or we can email this to you where you have given us an email address. In certain circumstances a charge may apply.
right to request the correction of personal data we hold about you that you think is incorrect.
right to request erasure of your personal data in some circumstances.
right to object to processing and the right to restriction of processing of your personal data in some circumstances.
right to request portability, where you have supplied information to us, and you wish to transfer that information to another organisation or service provider.
right to withdraw your consent at any time.

It is worth noting that the benefits afforded by these rights are limited in some circumstances, and may depend on the legal reason why we collected your personal data. If this is the case, we'll explain why.

To exercise any of the rights mentioned, or if you have any questions relating to your rights, please contact the Data Protection Officer. To do this, by email DPO-DESC@gov.im by post to Data Protection Officer, DESC, Thie Slieau Whallian, Foxdale Road, St John's, Isle of Man, IM4 3AS, or by telephone on (01624) 685828.

Complaints

We take any complaints we receive about the way we process your information very seriously and we would like to hear from you if you have any concerns that our collection or use of your personal data is unfair, misleading or inappropriate. Please bring your concern to our attention by contact the Data Protection Officer, who will work with you to resolve any issues.

If you are unhappy with the way we are using your personal data you have the right to make a complaint to the Information Commissioners Office as the Supervisory Authority for the Isle of Man. Further details can be found at www.inforights.im

Will this Privacy Notice Change

From time to time we may amend this privacy notice to reflect changes in legislation, changes in our processing or experience of operating these services, and for other reasons or feedback we receive.

Any significant changes will be advised by a prominent notice on our website so that you can review the change. We will not reduce your rights under this Privacy notice without your consent. This Privacy notice was last updated July 2022.

Castle Rushen High School