Privacy Notice: Privacy Notice | Department of Financial Assistance - DFA
Privacy Notice
Who Are We
The Department of Financial Assistance, “DFA”, a department of the Cayman Islands Government’s Ministry of Investment Innovation & Social Development, provides financial assistance to Caymanians who find themselves unable to fund their basic needs for themselves and their dependents. The DFA is the data controller for the DFA websites and portals. As the data controller, this means that we are responsible for how we store and use your personal data. We respect your privacy and take care in how we protect your personal data. The DFA complies with the Cayman Islands Data Protection Act (2021 Revision) (the “DPA”) in carrying out its function. This privacy notice (“Privacy Notice”) demonstrates our commitment to ensuring your personal data is handled responsibly and applies to the DFA.
On this page:
- What Personal Data we collect
- Personal data we collect directly from you
- How we use your Personal Data
- How we share your Personal Data
- Our legal bases for processing your Personal Data
- Children’s Personal Data
- Security and international transfers
- How long we keep your Personal Data
- Cookies
- Your rights
- Data Protection Principles
- How to contact us
- Changes to this Privacy Notice
What Personal Data We Collect
The DFA collects personal data to determine what services and the duration for which an applicant is eligible. In providing these products and services, the DFA collects personal data, including sensitive personal data, directly from you and other Cayman Islands Government entities. Personal data collected by the DFA are limited to what is necessary for our processing activities.
Within this Privacy Notice, personal data includes any data relating to an identified or identifiable living individual and may include:
- Identifiers such as your first name, last name, username, unique identifier and email address;
- Technical information such as your IP address and browser or device information; and
- Contact information, including telephone numbers and email addresses.
Personal data we collect directly from you
DFA collects the following information directly from you, for you adn the members of your household:
- Name, age, gender, nationality, immigration relationship, immigration status and marital status, disability status, travel history, health insurance status
- Address information, including your home address and mailing address.
- Contact information such as email address and phone numbers.
- Employment status and employment history.
- Sources and evidence of amounts of the household income.
- Details and evidence of the household expenses, assets and liabilities.
- Incarceration period and expected release date.
- Details of emergency circumstances.
The DFA collects and processes sensitive personal data, including health and medical data. We do so only where necessary in exercising our public function duty and to ensure that funds are allocated to those eligible for additional support due to an illness or disability. When referring an applicant to a retirement home, we may ask applicants to disclose their religious affiliation so that the applicant’s wishes can be accommodated appropriately.
The personal data that we collect may be that of the person who is applying for services or other persons who have a relationship with the applicant, including:
- The applicant’s dependents, who may also benefit from the DFA’s services.
- Other people who reside in the applicant’s household or who have a responsibility for sharing the applicant’s costs.
Where you are asked to provide personal data relating to third parties, including your adult dependents and other individuals that have a relevant relationship with you, we ask that you ensure that you are authorised to provide those details and that each individual is made aware of how their personal data will be processed.
Your Internet Protocol (“IP”) address, details of which device or version of web browser you used to access our website content, and other information about how you used our website (see our Cookie Notice for more information - https://my.egov.ky/web/dfa/cookies).
How We Use Your Personal Data
The purpose of the Civil Service is to improve the lives of those we serve. We are dedicated to supporting the elected government by delivering caring, modern, and customer-centred public services and programmes that provide value for money.
The DFA may use your personal data for the following purposes:
- To determine whether an applicant for the DFA’s services is eligible for those services and the extent to which those services are available.
- To administer the DFA services for the prevention and detection of fraud and to protect public funds.
- Implementing policies, providing services and programmes, and managing your relationship with us;
- Verifying your identity;
- Verifying your immigration status and travel history;
- Measuring how users interact with the DFA’s website and continually improving our communications channels (by aggregating personal data using cookies);
- Communicating and interacting with website visitors;
- Statistical and other reporting, both internally and externally;
- Seeking legal advice and exercising or defending legal rights; and
- Complying with our legal obligations, including all legislation that applies across the public sector.
How We Share Your Personal Data
The DFA may share your personal data as required, including under applicable legislation, with recipients that include joint data controllers, our data processors, and third parties. We will only share your personal data, as permitted by the DPA, to ensure that applicants are entitled to the financial assistance services they are applying for.
Your personal data may be shared with the following recipients that support our public functions and operations:
- With other public authorities: Personal data may be shared with other public authorities. For the Privacy Notice, “Public Authorities” means Ministries, Portfolios, Offices, Departments, Statutory Authorities, Statutory Bodies and Government Companies. During establishing eligibility for services, we can offer streamlined services to applicants by seeking information from other government agencies, and we may share information with other government agencies in the execution of our duty to protect public funds.
- With private commercial organisations and not-for-profit organisations: Personal data may be shared with external stakeholders to confirm eligibility and, if requested, to refer an applicant for additional services.
• All Cayman Islands Local Banks and Money Transfer Agencies to validate that savings and income are within the prescribed limits for receiving assistance.
• All Health Insurance Companies, Pension Companies and Educational Institutions to confirm benefits and enrollment.
• All Local Churches, Service Clubs and other Not-For-Profit Organisations to validate an applicant’s sources and amount of income.
• Employer, to verify employment status and remuneration
• Utility Companies, Landlords, Hotels and Other Accommodations to validate expenses.
• Vendors of Services Requested
• Overseas Consulates
• Attorneys / Barristers / Lawyers
- With legal advisors and other persons if required by law or about legal proceedings or rights: Personal data may be disclosed as legally required for or in connection with proceedings under the law, if necessary to obtain legal advice or if the disclosure is otherwise required to establish, exercise or defend legal rights. This may include disclosing your personal data for the following purposes: Seeking legal advice, exercising or defending legal rights, Complying with internal and external audits or investigations by competent authorities, and Complying with information security policies or requirements.
- Our Data Processors: Our applications are managed by the Cayman Islands Government’s Computer Services Department (CSD) and by the eGovernment Unit (eGov). All personal data provided while using our applications will be stored securely in CSD’s data centres in the Cayman Islands.
Our Legal Bases for Processing Your Personal Data
Depending on applicable laws and other circumstances, the DFA will rely on a specific legal basis, or “conditions of processing”, under the DPA to process your personal data. These may include:
- A legal obligation to which the DFA is subject and to comply with various obligations under the Procurement Act, 2016 and Procurement Regulations, 2018 (as amended), the Public Management and Finance Act (2020 Revision) and Financial Regulations (2021 Revision) (as amended), the Public Service Management Act (2018 Revision) and Personnel Regulations (2019 Revision) (as amended), and the National Archive and Public Records Act (2015 Revision);
- To exercise public functions, including the functions of the DFA to provide online services;
- Consent, for example, if you request that we share your data with a third party; and
- For legitimate interests pursued by the DFA or by a third party or parties to whom the personal data may be disclosed, e.g. when disclosing records containing third-party personal data in response to a request submitted under the Freedom of Information Act (2021 Revision).
Children’s Personal Data
The DFA collects personal data relating to children under 18 to enable us to deliver public services and programmes and perform our functions. We may collect and further process children’s personal data for the purposes set out in this Privacy Notice.
Security and International Transfers
The DFA has implemented appropriate technical, physical and organisational measures to secure your personal data. We may keep your personal data in our electronic systems, our data processor systems, or paper files. These safeguards are in place to maintain the confidentiality, integrity and availability of your personal data.
The DFA will refrain from transferring personal data to countries or territories unless it is to satisfy a condition already outlined in this privacy policy.
We will only transfer your personal data to a country or territory that ensures adequate protection for your rights and freedoms about processing your personal data unless there is a relevant exemption or exception under the DPA. Exceptions may include your consent or appropriate safeguards.
How Long We Keep Your Personal Data
The DFA may store your personal data for as long as we need it to fulfil the purpose(s) for which we collected your personal data, including to satisfy any legal, accounting, audit or reporting requirements and in line with applicable laws. This includes the National Archive and Public Records Act (2015 Revision), which governs the creation, maintenance and disposal of all public records. Sometimes, we may anonymise your personal data so it is no longer associated with you.
Cookies
Cookies distinguish between website visitors in combination with pixels, local storage objects, and similar devices (collectively, "Cookies" unless otherwise noted). When you visit the DFA websites and portals, small files known as Cookies may be stored on your computer, phone, tablet or any other device through your web browser. Information is stored in these text files. Enabling Cookies may allow for a more tailored browsing experience and is required for certain website functionality. In the majority of cases, a Cookie does not provide us with any of your personal data.
Please see the website’s Cookie Notice for more information about the use of Cookies.
Your Rights
The DFA will respect and honour your rights about your personal data and implement measures that allow you to exercise your rights under the DPA and other applicable legislation.
In accordance with the DPA, your rights to your personal data include:
- The right to be informed and the right of access: The right to request access to all personal data the DFA maintains about you as well as supplementary information about why and how we are processing your personal data. This is commonly known as a Subject Access Request and certain supplementary information about our processing is contained within this Privacy Notice.
- Rights about inaccurate data: The right to request the rectification, blocking, erasure or destruction of any inaccurate personal data the DFA maintains on you. Through all reasonable measures, we will ensure that your personal data is accurate, complete and, where necessary, up to date, especially if it is to be used in a decision-making process.
- The right to stop or restrict Processing: The right to restrict or stop how the DFA uses your personal data in certain circumstances.
- The right to erasure: You have the right to request that we erase your personal data under certain conditions.
- Rights about automated decision-making: The right to obtain information about and object to the use of automated decision-making by the DFA using your personal data. The DFA does not currently use automated means to make decisions about you. However, if this position changes, we will update this Privacy Notice as required.
- The right to complain: The right to complain to the Ombudsman about any perceived violation of the DPA by the DFA.
- The right to seek compensation: The right to seek compensation in the Court if you suffer damage due to a contravention of the DPA by the DFA.
You may contact the DFA using the contact details listed below to access and review your personal data or exercise any other rights provided under the DPA. The DFA will consider circumstances where your rights may be limited or subject to conditions, exemptions or exceptions under the DPA or other applicable legislation.
Upon contacting the DFA, we may need to verify your identity before fulfilling a request and may request additional information as required. In accordance with the DPA, the DFA may also charge a reasonable fee for your request if it is unfounded or excessive, or the DFA may reserve the right not to comply with the request at all. To learn more about your rights, visit www.ombudsman.ky.
Data Protection Principles
When processing your personal data, the DFA will comply with the eight Data Protection Principles defined within the DPA:
- Fair and lawful processing: Personal data shall be processed fairly. In addition, personal data may be processed only if certain conditions are met; for example, the data controller is subject to a legal obligation that requires the processing or the processing necessary to exercise public functions.
- Purpose limitation: Personal data shall be obtained only for one or more specified, explicit and legitimate purposes and not processed further in any manner incompatible with those purposes.
- Data minimisation: Personal data shall be adequate, relevant and not excessive about the purposes for which they are collected or processed.
- Data accuracy: Personal data shall be accurate and, where necessary, kept up-to-date.
- Storage limitation: Personal data processed for any purpose shall not be kept longer than is necessary.
- Respect for the individual’s rights: Personal data shall be processed in accordance with the rights of data subjects under the DPA, including subject access.
- Security – confidentiality, integrity and availability: Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- International transfers: Personal data shall not be transferred to a country or territory unless that country or territory ensures adequate protection for the rights and freedoms of data subjects about processing personal data.
How to Contact Us
The DFA has appointed a Data Protection Leader. If you have any questions about this Privacy Notice or how your personal data is handled, or if you wish to make a complaint, please contact:
Name: Julie Grant
Telephone number: (345)244-7255
Email Address: FOI.NAU@gov.ky
Address: 2nd Floor Aqua Mall, 55 Seafarers Way, Grand Cayman, Cayman Islands
The DFA aims to resolve inquiries and complaints respectfully and promptly.
Changes to this Privacy Notice
The DFA reserves the right to update this Privacy Notice at any time and will publish a new Privacy Notice when we make any substantial updates. From time to time, the DFA may also notify you about processing your personal data in other ways, including by email or our publications.
This Privacy Notice was created on 19th July 2023