Select Privacy Notice

Department of eGovernment Privacy Notice


The Cayman Islands Government E-Government Department, “eGov”, respects your privacy and takes care in protecting your personal data. As a data controller, we comply with the Cayman Islands Data Protection Act (2021 Revision) (the “DPA”). This privacy notice (“Privacy Notice”) demonstrates our commitment to ensuring your personal data is handled responsibly and applies to eGov.

On this page:

What Personal Data We Collect

eGov provides a variety of online services, such as the My eGov portal, eServices Sign In, and CIG Customer Care. When you engage with these platforms, whether it's by utilising them directly, contacting us via email, online forms, or phone, or even when leaving comments and questions on our web forms, eGov collects relevant personal data.

The scope of data we collect is limited to what is necessary for our operations. Within this Privacy Notice, 'personal data' references any information tied to an identified or potentially identifiable living individual. The personal data that we collect includes:

  • Identifiers: This includes details like your first name, last name, usernames, other unique identifiers, and email addresses.
  • Visual Identifiers: Photos or images that you provide to us, whether mandated by our services or uploaded voluntarily to our systems.
  • Technical Data: Details such as your IP address, the device, and the browser version you utilise to access our services. This category also accounts for information like email headers, caller ID data, usage patterns, and more. For further insights into some related data collection practices, like cookies, you can refer to our Cookie Notice.
  • Contact Information: Beyond the email addresses highlighted above, this category encompasses telephone numbers and any other contact details you may provide.
  • Support and Interaction Details: Data provided during support requests, which may include the identifiers and contact information listed above. Depending on the nature of your support request, other personal details like employment status or property ownership might also be revealed, whether through emails, online form submissions, online chat conversations, or phone calls. Additionally, this category captures records of your interactions with our customer support channels, noting which support portal articles you've accessed or were referred to for assistance.

Personal data we collect directly from you

eGov collects the following information directly from you:

  • Personal data provided by you when using online systems provided by eGov. These systems include the eServices Sign In platform and the My eGovortal;
  • Personal data that you provide when you contact us or our delegates by email, online form or telephone;
  • Personal data that is provided on documents or images, such as your photo, that you provide to eGov, send to us by email, or upload to our servers;
  • Personal data that is provided within comments and questions, including your name and/or email address if you provide these details in our web forms. If you ask questions about our public services and programmes or provide information about your relationship with us, this may also reveal other personal data, e.g. your personal preferences; and
  • Your Internet Protocol (“IP”) address, details of which device or version of web browser you used to access our website content, and other information about how you used our website; (see our Cookie Notice for more information - https://my.egov.ky/web/myegov/cookies).

How We Use Your Personal Data

The purpose of the Civil Service is to make the lives of those we serve better. We are dedicated to supporting the elected government by delivering caring, modern, and customer-centric public services and programmes, which deliver value for money. eGov, through its various platforms and services, may use your personal data for the following purposes:

  • Policy Implementation: Implementing policies, providing services and programmes, and managing your relationship with us.
  • User Facilitation: Facilitating your use of our services.
  • Inquiries and Support: Responding to your inquiries, providing general or service-specific support, and sending important notifications and updates.
  • Identity Verification: Verifying your identity to ensure the security of your data and our platforms.
  • Enhanced Experience: Enhancing your experience interacting with our services and communicating with visitors to our online services.
  • Service Interactions: Measuring interactions with eGov’s online services and continually improving our communication and support channels, including through the use of aggregated data from cookies.
  • Fraud Prevention: Managing and protecting our resources by preventing fraud.
  • Reporting: Compiling statistical reports for internal use and other reporting, both internally and externally.
  • Legal Purposes: Seeking legal advice, exercising or defending legal rights, and complying with our legal obligations, including all legislation applicable across the public sector.

How We Share Your Personal Data

eGov may share your personal data as required, including under applicable legislation, with recipients that include joint data controllers, our data processors, and third parties. We will only share your personal data as permitted by the DPA.

Your personal data may be shared with the following recipients that support our public functions and operations:

  1. Other public authorities: Personal data may be shared with other public authorities. ‘Public Authorities’ includes Ministries, Portfolios, Offices, Departments, Statutory Authorities, Statutory Bodies, and Government Companies. For instance, when using eServices Sign In for authentication to another public authority's application, relevant information such as username, first name, last name, email address, and phone number may be passed along, as well as an internal identifier to uniquely identify you across the Cayman Islands Government’s online services. We do this for purposes including verifying your identity and enhancing your interaction with our services.
  2. External data processors: Personal data may be shared with individuals providing services to eGov as data processors in compliance with the DPA. These service providers can only use the data per our instructions. This can encompass:
    1. Information Technology;
    2. Records and Information Management, including storage;
    3. Communications;
    4. Security operations and fraud prevention;
    5. Providing service-specific customer support;
  3. Legal advisors and other persons if required by law or in relation to legal proceedings or rights: Personal data may be disclosed as legally required, for the purpose of or in connection with proceedings under the law, if necessary to obtain legal advice, or if the disclosure is otherwise necessary to establish, exercise or defend legal rights. This may include disclosing your personal data for the following purposes:
    1. Seeking legal advice;
    2. Exercising or defending legal rights;
    3. Complying with internal and external audits or investigations by competent authorities;
    4. Complying with information security policies or requirements.

Our Legal Bases for Processing Your Personal Data

Depending on applicable laws and other circumstances, eGov will rely on specific legal bases, or “conditions of processing”, under the DPA to process your personal data. These may include:

  1. Legal Obligation: eGov is subject to various legal obligations, including compliance with obligations under the Procurement Act (2023 Revision) and Procurement Regulations (2022 Revision), the Public Management and Finance Act (2020 Revision) and Financial Regulations (2022 Revision), the Public Service Management Act (2018 Revision) and Personnel Regulations (2022 Revision), and the National Archive and Public Records Act (2015 Revision).
  2. Public Functions: To exercise public functions, including eGov's roles in providing online services and responding to support inquiries.
  3. Contractual Necessity: To perform or enter into a contract with you.
  4. Protecting Vital Interests: To protect your vital interests.
  5. Consent: In certain circumstances where we seek your explicit agreement, such as sharing your data with a third party, gathering analytics for an online service’s usage, or administering surveys.
  6. Legitimate Interests: When pursued by eGov or a third party to whom the personal data may be disclosed. An example includes disclosing records containing third-party personal data in response to a request submitted under the Freedom of Information Act (2021 Revision).

For the processing of sensitive personal data, a secondary legal basis will also be met, which may encompass:

  1. Exercising our public functions.
  2. Engaging in legal proceedings, including seeking legal advice and establishing, exercising, or defending legal rights.

Children’s Personal Data

eGov collects personal data relating to children under the age of 18 to enable us to deliver public services and programmes and carry out our functions. We may collect and further process children’s personal data for the purposes set out in this Privacy Notice.

Security and International Transfers

eGov has implemented suitable technical, physical, and organisational measures to ensure your personal data remains secure. To preserve the confidentiality, integrity, and accessibility of your personal data, these precautions include:

  1. Strong Password Protection: Access to our platforms is fortified using robust, unique passwords. Our password guidelines mandate periodic password modifications and uphold minimum length and complexity requisites to minimize unauthorised access threats.
  2. Pseudonymisation: Whenever possible, Personal Data on our platforms is pseudonymised, substituting identifiable data components with pseudonyms to reduce the risk of Data Subjects' identification by unauthorized individuals in the event of a data breach.
  3. Multi-Factor Authentication (MFA): MFA is the standard for all administrative access to our platforms, fortifying security by obligating users to offer at least two identification forms before access.
  4. Access Control: Access to Personal Data is restricted to a need-to-know basis, supported by role-based access controls.
  5. Data Backup and Recovery: We routinely back up Personal Data, which is stored securely to facilitate swift recovery in scenarios of data loss, corruption, or system breakdowns.
  6. Security Assessments: eGov conducts periodic evaluations and audits to pinpoint and remedy potential vulnerabilities within our platforms.

eGov will not transfer personal data to organisations, countries or territories failing to ensure an adequate protection level for personal data. Your personal data may be transmitted to:

  1. Ireland and other EU nations for secure hosting and website analytics purposes.
  2. Other countries, for providing customer support for specific government functions.

Data transfers will only occur if the organisation, country, or territory guarantees an appropriate protection degree for your rights and freedoms related to your personal data processing, unless the DPA provides a relevant exception or exemption. Such exceptions might encompass your consent or suitable safeguards, like standard contractual clauses.

How Long We Keep Your Personal Data

eGov may store your personal data for as long as we need it in order to fulfil the purpose(s) for which we collected your personal data, and in line with any applicable laws. This includes the National Archive and Public Records Act (2015 Revision), which governs the creation, maintenance and disposal of all public records. Sometimes, we may choose to anonymise your personal data so that it is no longer associated with you. 

Cookies

Cookies, along with pixels, local storage objects, and similar technologies (hereafter collectively referred to as "Cookies" unless specified), are employed to distinguish between visitors to a website. When you access eGov websites, portals, or support.gov.ky, these small text-based files might be saved on your device (be it a computer, phone, tablet, or any other device) via your browser. These text files store information.

The use of Cookies may facilitate a customised browsing or support experience and is essential for certain functionalities of our electronic platforms. In most instances, a Cookie
does not provide us with any of your personal data.

For users interacting with the CIG Customer Care, it is pertinent to note that we leverage Zendesk software for our primary support operations, which itself incorporates the use of Cookies. For a more exhaustive understanding of how Cookies are used in this context, kindly refer to the Zendesk Cookie Notice.

Please consult eGov’s Cookie Notice for more details about our general use of Cookies.

Your Rights

eGov will respect and honour your rights in relation to your personal data and implement measures that allow you to exercise your rights under the DPA and other applicable legislation. 

In accordance with the DPA, your rights in relation to your own personal data include: 

  • The right to be informed and the right of access: The right to request access to all personal data the eGov maintains about you as well as supplementary information about why and how we are processing your personal data. This is commonly known as a Subject Access Request and certain supplementary information about our processing is contained within this Privacy Notice.
  • Rights in relation to inaccurate data: The right to request the rectification, blocking, erasure or destruction of any inaccurate personal data eGov maintains on you. We will ensure, through all reasonable measures, that your personal data is accurate, complete and, where necessary, up‑to‑date, especially if it is to be used in a decision-making process.
  • The right to stop or restrict Processing: The right to restrict or stop how eGov uses your personal data in certain circumstances. 
  • The right to stop direct marketing: eGov does not currently carry out any direct marketing activities. However, we will update this Privacy Notice and we will also notify you in writing as required if this position changes. 
  • Rights in relation to automated decision making: The right to obtain information about and object to the use of automated decision making by eGov using your personal data. eGov does not currently use automated means to make decisions about you. However, we will update this Privacy Notice as required if this position changes.
  • The right to complain: The right to complain to the Ombudsman about any perceived violation of the DPA by eGov.
  • The right to seek compensation: The right to seek compensation in the Court if you suffer damage due to a contravention of the DPA by eGov. 

You may contact eGov, using the contact details listed below, to access and review your personal data or to exercise any other rights provided to you under the DPA. eGov will take into consideration circumstances where, under the DPA or other applicable legislation, your rights may be limited or subject to conditions, exemptions or exceptions.

Upon contacting eGov, we may need to verify your identity prior to fulfilling a request and may request additional information as required. In accordance with the DPA, eGov may also charge a reasonable fee in relation to your request if it is unfounded or excessive in nature, or eGov may reserve the right not to comply with the request at all.

To learn more about your rights, visit www.ombudsman.ky.

Data Protection Principles

When processing your personal data, eGov will comply with the eight Data Protection Principles defined within the DPA: 

  • Fair and lawful processing: Personal data shall be processed fairly. In addition, personal data may be processed only if certain conditions are met, for example the data controller is subject to a legal obligation that requires the processing or the processing is necessary for exercise of public functions.
  • Purpose limitation: Personal data shall be obtained only for one or more specified, explicit and legitimate purposes, and not processed further in any manner incompatible with that purpose or those purposes.
  • Data minimisation: Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are collected or processed.
  • Data accuracy: Personal data shall be accurate and, where necessary, kept up-to-date.
  • Storage limitation: Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose.
  • Respect for the individual’s rights: Personal data shall be processed in accordance with the rights of data subjects under the DPA, including subject access.
  • Security – confidentiality, integrity and availability: Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  • International transfers: Personal data shall not be transferred to a country or territory unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

How to Contact Us

eGov has appointed a Data Protection Leader.  If you have any questions about this Privacy Notice or how your personal data is handled, or if you wish to make a complaint, please contact:  

Name: Ian Tibbetts, Director E-Government Department
Telephone number: +1 345 244 3614
Email Address: privacy@egov.ky 
Address: Government Administration Building, 133 Elgin Avenue, Grand Cayman, KY1-9000

eGov aims to resolve inquiries and complaints in a respectful and timely manner.

Changes to this Privacy Notice

eGov reserves the right to update this Privacy Notice at any time and will publish a new Privacy Notice when we make any substantial updates. From time to time, eGov may also notify you about the processing of your personal data in other ways, including by email or through our publications.

This Privacy Notice was reviewed on 13th October 2023, and updated on 13th October 2023
Previous Versions: 27th April 202322nd March 2023