MyGov is a designated portal to enable the public to securely interact with a variety of States of Guernsey services. This fair processing notice details how personal data will be processed in connection with the provision of the service. The controller of the personal data processed for the sole purpose of MyGov is the Policy and Resources Committee (the Controller). Where MyGov is used to support or facilitate the function of another States of Guernsey area it will do so as a data processor.
The Data Protection Law
The Controller acknowledges its obligations as per the data protection law, which provides a number of requirements in terms of processing activities involving personal data. The Controller further acknowledges the general principles of processing as well as the rights of a data subject and more information in relation to these provisions are provided within this fair processing notice.
The Principles of Processing
- Lawfulness, fairness and transparency
Personal data must be processed lawfully, fairly and in a transparent manner.
The Controller acknowledges that all processing of personal data must be lawful, fair and undertaken with transparency. MyGov primarily acts as a data processor on behalf of various data controllers throughout the States of Guernsey.
Appendix A (please see below) explains all of the areas and/or systems supported through the MyGov portal and links to their respective privacy notice(s) for further information. All of the personal data processed by MyGov will only be collected directly from yourself, and not from any other third party and will be processed in accordance with the Data Protection (Bailiwick of Guernsey) Law, 2017; Schedule 2; Section 13 (b):
The processing is necessary for the exercise of any function of the States of a public committee.
The States of Guernsey have a professional relationship with a third-party supplier, Agilisys Guernsey Ltd., who provide support to and carry out maintenance on the IT infrastructure of the organisation. For Agilisys to carry out the function they are contracted to provide, there will be instances where they may have sight of your personal data. The Controller will only provide Agilisys with access to your personal data where there is a legitimate and lawful purpose for this access to be given in line with Schedule 2 of the Data Protection (Bailiwick of Guernsey) Law, 2017 and our internal policies and directives.
Your personal data will also be shared with the Scrutiny Management Committee ('SMC') and the Internal Audit function of the States of Guernsey, as specifically requested by the relevant controller and only where absolutely necessary for the completion of their relevant functions. Furthermore, any personal data shared with SMC and Internal Audit will be limited and processed in accordance with Condition 13(b) of Schedule 2 of the Law.
- Purpose limitation
Personal data must not be collected except for a specific, explicit and legitimate purpose and, once collected, must not be further processed in a manner incompatible with the purpose for which it was collected.
The Controller acknowledges its responsibility with regards to this data protection principle and therefore the Controller maintains that it will not further process that personal data in a way which is incompatible to its original reason for processing unless the Controller is required to do so by law. The personal data will not be transferred to a recipient in an authorised or an unauthorised jurisdiction (as per the definition within data protection law).
- Minimisation
Personal data processed must be adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed.
The Controller maintains that it will only process personal data as detailed in Appendix A and will not process any further personal data that is not necessary in relation to the original reason for processing personal data as specified in Appendix A, unless the Controller is required to do so by law.
- Accuracy
Personal data processed must be accurate, kept up-to-date (where applicable) and reasonable steps must be taken to ensure that personal data that is inaccurate is erased or corrected without delay.
The Controller will ensure that all personal data that it holds is accurate and kept up-to-date, and any personal data that is inaccurate will be erased or corrected without delay.
- Storage limitation
Personal data must not be kept in a form that permits identification of a data subject for any longer than is necessary for the purpose for which it is processed.
Personal and special category data will be kept in accordance with the States of Guernsey Records Management Policy and the relevant Retention and Disposal Policies. Data is stored on secure Guernsey data centers and only accessible by authorised staff or approved suppliers.
- Integrity and confidentiality
Personal data may be held in both electronic and hard copy formats. Electronic data is held on secure States of Guernsey data centers. Hard copy data is stored in offices of the States of Guernsey.
Information Access - access to electronic or paper records is tightly controlled. Employees are vetted in a manner commensurate with the role that they are expected to undertake. Protocols are followed to ensure that employees only have access as required to undertake their role.
Information Security – The Controller adopts the information security standards of the States of Guernsey.
- Accountability
The controller is responsible for, and must be able to demonstrate, compliance with the data protection principles.
Contact Details
The contact details of the controller are as follows:
The Policy and Resources Committee
Tel: 01481 227000
Email: policyandresources@gov.gg
The contact details for the Data Protection Officer are as follows:
Data Protection Officer, The Policy and Resources Committee
Tel: 01481 220012
Email: data.protection@gov.gg
Appendix A
| Service Area | Personal data | Purpose | Link to Fair Processing Notice (where applicable) |
|---|---|---|---|
| The Revenue Service | Any personal or special category data provided by yourself through the online Personal Tax Return portal. | Personal data will be shared with the Revenue service via the Personal Tax Return portal. It is necessary to provide this information to the Revenue Service so that they may perform the relevant actions in line with the service and tax returns | Fair Processing Notice |
| Vaccination Administration System | Users can access their COVID certificates via the portal and will be presented with the associated information including their personal data. | To facilitate customer access to digital vaccination certificates for members of public who have received two or more doses of COVID-19 vaccination. | Fair Processing Notice |
For information on your rights as a data subject under the Data Protection (Bailiwick of Guernsey) Law, 2017, please go to the following link: https://gov.gg/dp