Privacy Notice (27th April 2023) - My eGov
Privacy Notice
Note: This is an archived version of the eGov Privacy Notice. The current version is available here.
The Cayman Islands Government E-Government Unit, “eGov”, respects your privacy and takes care in protecting your personal data. As a data controller, we comply with the Cayman Islands Data Protection Act (2021 Revision) (the “DPA”). This privacy notice (“Privacy Notice”) demonstrates our commitment to ensuring your personal data is handled responsibly and applies to eGov.
On this page:
- What Personal Data we collect
- Personal data we collect directly from you
- How we use your Personal Data
- How we share your Personal Data
- Our legal bases for processing your Personal Data
- Children’s Personal Data
- Security and international transfers
- How long we keep your Personal Data
- Cookies
- Your rights
- Data Protection Principles
- How to contact us
- Changes to this Privacy Notice
What Personal Data We Collect
eGov provides a number of products and services including this My eGov Portal and eServices Sign In. In providing these products and services eGov collects personal data, including sensitive personal data, both directly from you and from other Cayman Islands Government entities. Personal data collected by eGov are limited to what is necessary for our processing activities. In this Privacy Notice, personal data includes any data relating to an identified or identifiable living individual and may include:
identifiers such as your first name, last name, username, unique identifier and email address ;
your photo;
technical information such as your IP address and browser or device information; and
contact information including telephone numbers and email addresses.
Personal data we collect directly from you
eGov collects the following information directly from you:
Personal data provided by you when using online systems provided by eGov. These systems include the eServices Sign In platform and the My eGov portal;
Personal data that you provide when you contact us or our delegates by email, online form or telephone;
Personal data that is provided on documents or images, such as your photo, that you provide to eGov, send to us by email, or upload to our servers;
Personal data that is provided within comments and questions, including your name and/or email address if you provide these details in our web forms. If you ask questions about our public services and programmes or provide information about your relationship with us, this may also reveal other personal data, e.g. your personal preferences; and
Your Internet Protocol (“IP”) address, details of which device or version of web browser you used to access our website content, and other information about how you used our website; (see our Cookie Notice for more information - https://my.egov.ky/web/myegov/cookies).
How We Use Your Personal Data
The purpose of the Civil Service is to make the lives of those we serve better. We are dedicated to supporting the elected government by delivering caring, modern and customer-centred public services and programmes, which deliver value for money.
eGov may use your personal data for the following purposes:
Implementing policies, providing services and programmes, and managing your relationship with us;
Responding to your inquiries;
Verifying your identity;
Measuring how users interact with the eGov’s website and continually improving our communications channels (including by aggregating personal data collected using cookies);
Communicating and interacting with website visitors;
Statistical and other reporting, both internally and externally;
Seeking legal advice, and exercising or defending legal rights; and
Complying with our legal obligations, including all legislation that applies across the public sector.
How We Share Your Personal Data
eGov may share your personal data as required, including under applicable legislation, with recipients that include joint data controllers, our data processors, and third parties. We will only share your personal data as permitted by the DPA.
Your personal data may be shared with the following recipients that support our public functions and operations:
With other public authorities: Personal data may be shared with other public authorities. For the purposes of the Privacy Notice “Public Authorities” means Ministries, Portfolios, Offices, Departments, Statutory Authorities, Statutory Bodies and Government Companies. For example, when you use eServices Sign In to authenticate to an application which is under the control of another public authority, we may pass relevant information such as your username, first name, surname, email address, and phone number, together with an internal identifier that is used to uniquely identify you across Cayman Islands Government online services. We do this for the purposes set out in this Privacy Notice, which include verifying your identity and improving your experience interacting with our websites.
With data processors external to the CIG: Personal data may be shared with persons providing services to the eGov as a data processor in compliance with the DPA. These service providers are only able to use personal data under our instructions. Examples may include providers of web analytics.
With legal advisors and other persons if required by law or in relation to legal proceedings or rights: Personal data may be disclosed as legally required, for the purpose of or in connection with proceedings under the law, if necessary to obtain legal advice, or if the disclosure is otherwise necessary to establish, exercise or defend legal rights. This may include disclosing your personal data for the following purposes: Seeking legal advice; Exercising or defending legal rights; Complying with internal and external audits or investigations by competent authorities; and Complying with information security policies or requirements.
Our Legal Bases for Processing Your Personal Data
Depending on applicable laws and other circumstances, eGov will rely on specific legal bases, or “conditions of processing”, under the DPA to process your personal data. These may include:
A legal obligation to which the eGov is subject, and to comply with various obligations under the Procurement Act, 2016 and Procurement Regulations, 2018 (as amended), the Public Management and Finance Act (2020 Revision) and Financial Regulations (2021 Revision) (as amended), the Public Service Management Act (2018 Revision) and Personnel Regulations (2019 Revision) (as amended), and the National Archive and Public Records Act (2015 Revision);
To exercise public functions, including the functions of the eGov to provide online services;
Consent, for example if your request that we share your data with a third party; and
For the purposes of legitimate interests pursued by the eGov or by a third party or parties to whom the personal data may be disclosed, e.g. when disclosing records containing third party personal data in response to a request submitted under the Freedom of Information Act (2021 Revision).
Children’s Personal Data
eGov collects personal data relating to children under the age of 18 to enable us to deliver public services and programmes and carry out our functions. We may collect and further process children’s personal data for the purposes set out in this Privacy Notice.
Security and International Transfers
eGov has put in place appropriate technical, physical and organisational measures in order to keep your personal data secure. These safeguards are in place to maintain the confidentiality, integrity and availability of your personal data.
eGov will refrain from transferring personal data to countries or territories that do not ensure an adequate level of protection for personal data. We may transfer your personal data to:
EU countries for the purposes of website analytics
We will only transfer your personal data to a country or territory that ensures an adequate level of protection for your rights and freedoms in relation to the processing of your personal data, unless there is a relevant exemption or exception under the DPA. Exceptions may include your consent or appropriate safeguards.
How Long We Keep Your Personal Data
eGov may store your personal data for as long as we need it in order to fulfil the purpose(s) for which we collected your personal data, and in line with any applicable laws. This includes the National Archive and Public Records Act (2015 Revision), which governs the creation, maintenance and disposal of all public records. Sometimes, we may choose to anonymise your personal data so that it is no longer associated with you.
Cookies
Cookies, in combination with pixels, local storage objects, and similar devices (collectively, "Cookies" unless otherwise noted), are used to distinguish between visitors to a website. When you visit eGov websites and portals, small files known as Cookies may be stored on your computer, phone, tablet or any other device through your web browser. Information is stored in these text files. Enabling Cookies may allow for a more tailored browsing experience and is required for certain website functionality. In the majority of cases, a Cookie does not provide us with any of your personal data.
Please see the website’s Cookie Notice for more information about the use of Cookies.
Your Rights
eGov will respect and honour your rights in relation to your personal data and implement measures that allow you to exercise your rights under the DPA and other applicable legislation.
In accordance with the DPA, your rights in relation to your own personal data include:
The right to be informed and the right of access: The right to request access to all personal data the eGov maintains about you as well as supplementary information about why and how we are processing your personal data. This is commonly known as a Subject Access Request and certain supplementary information about our processing is contained within this Privacy Notice.
Rights in relation to inaccurate data: The right to request the rectification, blocking, erasure or destruction of any inaccurate personal data eGov maintains on you. We will ensure, through all reasonable measures, that your personal data is accurate, complete and, where necessary, up‑to‑date, especially if it is to be used in a decision-making process.
The right to stop or restrict Processing: The right to restrict or stop how eGov uses your personal data in certain circumstances.
The right to stop direct marketing: The right to cease the use of your personal data by eGov for direct marketing purposes.
Rights in relation to automated decision making: The right to obtain information about and object to the use of automated decision making by eGov using your personal data. eGov does not currently use automated means to make decisions about you. However, we will update this Privacy Notice as required if this position changes.
The right to complain: The right to complain to the Ombudsman about any perceived violation of the DPA by eGov.
The right to seek compensation: The right to seek compensation in the Court if you suffer damage due to a contravention of the DPA by eGov.
You may contact eGov, using the contact details listed below, to access and review your personal data or to exercise any other rights provided to you under the DPA. eGov will take into consideration circumstances where, under the DPA or other applicable legislation, your rights may be limited or subject to conditions, exemptions or exceptions.
Upon contacting eGov, we may need to verify your identity prior to fulfilling a request and may request additional information as required. In accordance with the DPA, eGov may also charge a reasonable fee in relation to your request if it is unfounded or excessive in nature, or eGov may reserve the right not to comply with the request at all. To learn more about your rights, visit www.ombudsman.ky.
Data Protection Principles
When processing your personal data, eGov will comply with the eight Data Protection Principles defined within the DPA:
Fair and lawful processing: Personal data shall be processed fairly. In addition, personal data may be processed only if certain conditions are met, for example the data controller is subject to a legal obligation that requires the processing or the processing is necessary for exercise of public functions.
Purpose limitation: Personal data shall be obtained only for one or more specified, explicit and legitimate purposes, and not processed further in any manner incompatible with that purpose or those purposes.
Data minimisation: Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are collected or processed.
Data accuracy: Personal data shall be accurate and, where necessary, kept up-to-date.
Storage limitation: Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose.
Respect for the individual’s rights: Personal data shall be processed in accordance with the rights of data subjects under the DPA, including subject access.
Security – confidentiality, integrity and availability: Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
International transfers: Personal data shall not be transferred to a country or territory unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
How to Contact Us
eGov has appointed a Data Protection Leader. If you have any questions about this Privacy Notice or how your personal data is handled, or if you wish to make a complaint, please contact:
Name: Ian Tibbetts, Director E-Government Unit
Telephone number: +1 345 244 3614
Email Address: privacy@egov.ky
Address: Government Administration Building, 133 Elgin Avenue, Grand Cayman, KY1-9000
eGov aims to resolve inquiries and complaints in a respectful and timely manner.
This Privacy Notice was reviewed on 27th April 2023, and updated on 27th April 2023
Previous Version: 22nd March 2023