Skip to main content

GDPR Personal Information

GDPR Personal Data

When you use an FIU service we may ask you to share personal information with us.

When we collect your personal information we will:

  • Only collect what we need and no more
  • Keep your information secure
  • Tell you how we will use your information
  • Delete your information when it is no longer needed
  • Only process your information in line with rules set out in Manx Data Protection legislation.

This Privacy Notice defines what happens when you give personal information to the FIU and will explain:

  • What information is collected and why
  • Who is collecting it
  • How it is collected
  • Why it is being collected
  • How it will be used
  • How long it will be kept
  • Who it will be shared with
  • How your information will be kept secure

If you have any questions or comments on this Privacy Notice please contact the FIU Data Protection Officer at the details below –

Email –, Phone - +44 1624 686000, Address - FIU DPO - PO Box 51, Douglas. Isle of Man. IM99 2TD

How and why we ask you to share your personal information

Themis Registration Process

Many organisations are required to ‘register’ with the Financial Intelligence Unit (FIU) for their compliance with various codes and regulations. The information submitted includes some personal data, for example, the name and contact details of any MLRO or individual requiring access to our online reporting portal 'Themis'.

The FIU will use this information for its own purposes, for example, to contact the business where we have a query about a registration or to make statutory requests for information.

People who make a complaint to us

When we receive a complaint from a person we record details of the complaint in a file. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal data we collect to process the complaint and to check on the level of service we provide.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant does not want information identifying them to be disclosed, we will try to respect that, particularly if the complaint has been made by a whistle-blower. However, the nature of some complaints means it is not possible to investigate on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

People who make enquiries

The information you provide will only be used to respond to your query or deal with your complaint and will be retained in accordance with our retention policy.

We do not record telephone calls.

Any email sent to us, including any attachments, may be monitored for reasons of data security and compliance with office policy. Email monitoring includes blocking software which may result in your email being blocked or deleted.

Our legal basis for processing your information

The FIU has a statutory function to receive, gather, analyse, store and share information about financial crime. In some cases, where it is necessary and relevant, the information you provide (as identified above), may be disclosed or shared with other organisations.

This will only be done where there we consider it is necessary and relevant for us to do so in accordance with our functions.

Types of personal information we collect about you

Depending on how you interact with us we may process different information about you. Below you will find an overview of the categories of information that we may collect.

Information you provide to us directly

Category of information Examples of that type of information
Personal details Name, Email address, telephone number, address
Account login information Login ID, password, or security questions
Other information Feedback, comments, complaints enquiries

Information we collect automatically

When you visit or use our website, or Themis system we may collect information sent to us by your computer, mobile phone, or other device. For example we may collect:

Category of information Examples of that type of information
Device information Hardware model, operating system version, IP Address
Log information Time and duration of visit
Other information Links you click and your location
Tracking information When you visit the site we use cookies that do not collect any personal information. Read more about how we use cookies here.

How we will share the information we collect about you -

Third parties we may share your data with include, for example:

  • local law enforcement agencies
  • external law enforcement agencies or external Financial Intelligence Units
  • regulators (the Isle of Man Financial Services Authority and Gambling Supervision Commission) and off Island regulators

Information obtained by the FIU is shared under Section 23 of the Financial Intelligence Unit Act 2016 (the Act). It is an offence under section 26 of the Act for anyone in receipt of information from the FIU under section 23 of the Act to further disclose the information save in accordance with Section 25, which requires the written consent of the FIU. A person guilty of an offence under Section 26 of the Act is liable on summary conviction to custody for a term not exceeding 2 years and to a fine not exceeding £10,000 or to both.

How we keep your personal information secure

The FIU will:

  • keep your information safe and secure in compliance with its information security policy
  • only use and disclose your information as detailed above, where necessary
  • retain the information for no longer than is necessary. Your information will be permanently deleted once the timeframes set out below have been reached

Transfer of Information outside EEA

The FIU shares information with jurisdictions outside the EEA. The information is shared with strict handling conditions regarding how the recipient can use that information.

How long do we keep your personal information

We will only keep your information for the minimum time necessary.

This may be to:

  • Respond to an enquiry from you
  • Meet Isle of Man Government Financial Regulations
  • Meet statutory requirements
  • To analyse the use and quality of our services and to make improvement

Records are only retained for longer term periods if their retention can be justified for statutory, regulatory, legal or security reasons or for their historic value.

Our Retention Schedule is available here.

You can review your personal information and ensure it is accurate

Where possible we will provide you with access to the information we hold about you so that you can view this information and provide a means for you to have this information changed if it is not accurate. Alternatively you can ask for the information we hold about you to be changed by making a request to the FIU DPO.

To remove your personal information

In certain circumstances you can ask for your information to be deleted. Please note that as part of the FIU statutory functions some information may need to be retained. You can request this by contacting the FIU DPO.

Last Updated January 2023