The Cayman Islands Government department Hazard Management Cayman Islands (“HMCI”) respects your privacy and takes care in protecting your personal data. As a data controller, we comply with the Cayman Islands Data Protection Act (2021 Revision) (the “DPA”). This privacy notice (“Privacy Notice”) demonstrates our commitment to ensuring your personal data is handled responsibly and applies to HMCI.
HMCI falls under the purview of the Cabinet Office. This Privacy Notice does not apply to the processing of any personal data for human resources and finance functions where the Civil Service Entity is the data controller.
HMCI collects personal data, including sensitive personal data, directly from you and may also collect your personal data indirectly from third party sources. Personal data collected by HMCI is limited to what is necessary for our processing activities. In this Privacy Notice, personal data includes any data relating to an identified or identifiable living individual and includes contact details such as telephone numbers and email addresses, home address, date of birth or age, and general location information.
HMCI may collect your personal data directly from you or from other sources, including:
a. Personal data you provide through the websites maintained by HMCI (caymanprepared.gov.ky and nens.gov.ky), such as:
i. Personal data provided within submission forms, comments and questions. If you ask questions about our public services and programmes or provide information about your relationship with us, this may also reveal other personal data;
ii. Your email address and subscription preferences if you sign up for our newsletters or our National Emergency Notification system or other notifications, and how you utilise our emails, including whether you open them and which links you click, and how you respond to our notifications; and
iii. Your Internet Protocol (“IP”) address, details of which device or version of web browser you used to access our website content, and other information about how you used our website (please see Section 9 in this Privacy Notice as well as information that may be published on the specific website you are using for more information about our use of Cookies);
b. Any information you choose to provide when interacting with HMCI, including through our social media channels such as our Facebook page @caymanprepared, our Instagram page @caymanprepared and our X page @CINEOC;
c. Personal data you provide when you visit HMCI premises at the Government Administration Building, 133 Elgin Avenue in Grand Cayman and other locations, e.g. Hurricane Shelters; contact us by email, by telephone or through our social media channels; or access our various programmes and services, including our online services;
d. Personal data that you provide when you inquire about a job with HMCI;
e. Personal data collected via CCTV or other cameras and monitoring and security mechanisms at our premises at the Government Administration Building, 133 Elgin Avenue in Grand Cayman, at various Hurricane Shelters, and at other locations, e.g. cameras that have been installed in areas prone to flooding, or drone footage obtained for the purposes of mitigation, planning and preparedness, response, or recovery. These types of personal data may be collected directly by HMCI or by another data controller and then lawfully disclosed to HMCI for a legitimate purpose (e.g. to carry out our public functions, or to investigate a breach of the law or a security incident);
f. Personal data provided by a member of your family, your employer, or some other person who is closely connected to you if this is relevant to that person’s engagement with HMCI or our functions;
g. Personal data obtained from the Cayman Islands Red Cross to recruit and train volunteers and maintain membership and qualifications for the Community Emergency Response Team (“CERT”) programme;
h. Personal data relating to volunteers, public officials and other individuals who are involved in staffing hurricane shelters, mass casualty response, and other training hosted or provided by HMCI;
i. Personal data provided for entry into HMCI prize raffle draws; and
j. Any other personal data where the collection is necessary to achieve our lawful purpose(s).
The purpose of the Civil Service is to make the lives of those we serve better. We are dedicated to supporting the elected government by delivering caring, modern and customer-centred public services and programmes, which deliver value for money.
HMCI is the lead agency responsible for the national comprehensive disaster management programme and acts as the coordinating agency of the National Emergency Operations Centre (“NEOC”) as well as being members of the National Hazard Management (“NHM”) Executive, Council and Policy Group. We take the threat of all hazards seriously and continue to strive to increase and improve Cayman’s resilience, response and recovery to them.
Our vision is to ensure the Cayman Islands is resilient and prepared, able to withstand and recover from all major crises. In delivering on our mission to enhance the Cayman Island’s resiliency to disasters with full community participation, HMCI may use your personal data for the following purposes:
a. Emergency planning and disaster management;
b. Implementing policies, providing services and programmes, and managing your relationship with us;
c. Responding to your inquiries;
d. Verifying your identity;
e. Measuring how users interact with HMCI’s website and continually improving our communications channels (including by aggregating personal data collected using cookies);
f. Communicating and interacting with website visitors;
g. Sending you marketing communications;
h. Communications and public relations activities;
i. Statistical and other reporting, both internally and externally;
j. Seeking legal advice, and exercising or defending legal rights; and
k. Complying with our legal obligations, including all legislation that applies across the public sector, e.g. legislation that provides for records and information management.
HMCI may share your personal data as required, including under applicable legislation, with recipients that include our data processors, and third parties. We will only share your personal data as permitted by the DPA.
Your personal data may be shared with the following recipients that support our public functions and operations:
a. With other public authorities: Personal data may be shared with other public authorities – here, “public authorities” means Ministries, Portfolios, Offices, Departments, Statutory Authorities, Statutory Bodies and Government Companies – for the purposes set out in this Privacy Notice. This data sharing includes emergency services providers and other agencies involved in a potential NEOC activation.
b. With data processors external to the CIG: Personal data may be shared with persons providing services to HMCI as a data processor in compliance with the DPA. When they are acting as data processors, these service providers are only able to use personal data under our instructions. We engage data processors for a variety of processing activities, which may include:
i. Webhosting;
ii. Information Technology;
iii. Records and Information Management, including storage facilities;
iv. Communications;
v. Marketing and campaigns;
vi. Events management; and
vii. Security operations and fraud prevention.
In limited circumstances, service providers who act as data processors for HMCI may also act as a separate data controller in relation to their own purposes for processing your personal data, e.g. to provide customer support, or for analytics or machine learning in order to improve their services. These are unrelated to the purposes for which HMCI processes your personal data and should be clearly and directly disclosed to you by the service provider through their own separate privacy notice. However, you may contact us to ask about our current service providers and specific instances, if any, that we are aware of where your personal data may be processed for a service provider’s own purposes.
c. With legal advisors and other persons if required by law or in relation to legal proceedings or rights: Personal data may be disclosed as legally required, for the purpose of or in connection with proceedings under the law, if necessary to obtain legal advice, or if the disclosure is otherwise necessary to establish, exercise or defend legal rights. This may include disclosing your personal data for the following purposes:
i. Seeking legal advice;
ii. Exercising or defending legal rights;
iii. Complying with internal and external audits or investigations by competent authorities; and
iv. Complying with information security policies or requirements.
d. With other third parties: Personal data may be disclosed to other third-party recipients for the purposes set out in this Privacy Notice and in accordance with the DPA. Names, contact information and other personal data may be shared between HMCI and the Cayman Islands Red Cross for the purposes set out in this Privacy Notice, including to recruit and train CERT teams and maintain membership and qualifications.
Depending on applicable laws and other circumstances, HMCI will rely on specific legal bases, or “conditions of processing”, under the DPA to process your personal data. These may include:
a. A legal obligation to which HMCI is subject, including under The Disaster Preparedness and Hazard Management Act (2019 Revision), the Emergency Powers Law (2006 Revision) and the National Archive and Public Records Act (2015 Revision);
b. To exercise public functions, including where HMCI acts as the coordinating agency of the NEOC and serves as a member of the NHM Executive, Council and Policy Group;
c. To perform or enter into a contract with you;
d. To protect your vital interests;
e. Consent, e.g. to send you marketing communications or to administer surveys and polls; and
f. For the purposes of legitimate interests pursued by HMCI or by a third party or parties to whom the personal data may be disclosed, e.g. when disclosing records containing third party personal data in response to a request submitted under the Freedom of Information Act (2021 Revision).
Where we process your sensitive personal data, we will also meet a second legal basis. These may include:
a. To exercise our public functions;
b. In relation to legal proceedings, including obtaining legal advice and otherwise establishing, exercising or defending legal rights;
c. To protect your vital interests; and
d. If you have taken steps to make the personal data public.
HMCI collects personal data relating to children under the age of 18 to enable us to deliver public services and programmes and carry out our functions. We may collect children’s personal data for any of the purposes set out in section 3 of this Privacy Notice.
Photographs and videos of children will generally only be recorded and/or published for promotional purposes with parental consent, which is usually obtained by the establishment in which the photography or videography is taking place. Where an event is taking place within a school or other youth-based environment, that establishment must first confirm that parental permission has been granted for the photography or videography of the included children prior to HMCI recording the event, and that such permission will be retained by the establishment.
HMCI has put in place appropriate technical, physical and organisational measures in order to keep your personal data secure.These safeguards to maintain the confidentiality, integrity and availability of your personal data may include:
a. Developing and maintaining written plans to identify, prevent, detect, respond to, and recover from security threats, events and incidents;
b. Developing robust authentication procedures for accessing all systems that store personal data;
c. Administrative and technical controls to restrict access to personal data on a “need to know” basis;
d. Maintaining systems, software and applications, anti-virus software, firewalls, and other computer security safeguards, and appointing appropriate personnel to be responsible for keeping such safeguards up to date, including through actions such as patching, license renewals/expiry monitoring, system health checks and account/user access management;
e. Contractually requiring that our Data Processors maintain appropriate security measures;
f. Maintaining appropriate records of access to and processing of personal data;
g. Ensuring employees are trained on security policies and measures that have been implemented;
h. Using appropriate measures, such as encryption, pseudonymisation and chain of custody records, to protect personal data, including when stored on laptops, tablets and other storage devices;
i. Utilising appropriate and secure methods to destroy personal data as legally required; and
j. Taking other reasonable measures as required at any time by legislation, rules and policies.
HMCI will only transfer your personal data to a country or territory that ensures an adequate level of protection for your rights and freedoms in relation to the processing of your personal data, unless there is a relevant exemption or exception under the DPA. Exceptions may include your consent or appropriate safeguards.
HMCI may store your personal data for as long as we need it in order to fulfil the purpose(s) for which we collected your personal data, and in line with any applicable laws. This includes the National Archive and Public Records Act (2015 Revision), which governs the creation, maintenance and disposal of all public records. Sometimes, we may anonymise your personal data so that it is no longer associated with you.
Cookies, in combination with pixels, local storage objects, and similar devices (collectively, "Cookies" unless otherwise noted), are used to distinguish between visitors to a website.
When you visit our websites (caymanprepared.gov.ky and nens.gov.ky), small files known as Cookies may be stored on your computer, phone, tablet or any other device through your web browser. Information is stored in these text files.
Enabling Cookies may allow for a more tailored browsing experience and is required for certain website functionality. In the majority of cases, a Cookie does not provide us with any of your personal data.
You can block Cookies by activating the setting on your internet browser that allows you to refuse the setting of all or some Cookies for all websites or specific websites. However, if you use your browser settings to block all Cookies (including strictly necessary Cookies), you may not be able to access all or parts of our website.
Please note that internet browsers allow you to change your Cookie settings. These settings are usually found in the 'options' or 'preferences' menu of your internet browser.
HMCI will respect and honour your rights in relation to your personal data and implement measures that allow you to exercise your rights under the DPA and other applicable legislation.
In accordance with the DPA, your rights in relation to your own personal data include:
a. The right to be informed and the right of access: The right to request access to all personal data HMCI maintains about you as well as supplementary information about why and how we are processing your personal data. This is commonly known as a Data Subject Access Request and certain supplementary information about our processing is contained within this Privacy Notice.
b. Rights in relation to inaccurate data: The right to request the rectification, blocking, erasure or destruction of any inaccurate personal data HMCI maintains on you. We will ensure, through all reasonable measures, that your personal data is accurate, complete and, where necessary, up‑to‑date, especially if it is to be used in a decision-making process.
c. The right to stop or restrict processing: The right to restrict or stop how HMCI uses your personal data in certain circumstances.
d. The right to stop direct marketing: The right to cease the use of your personal data by HMCI for direct marketing purposes.
e. Rights in relation to automated decision making: The right to obtain information about and object to the use of automated decision making by HMCI using your personal data. HMCI does not currently use automated means to make decisions about you. However, we will update this Privacy Notice and we will also notify you in writing as required if this position changes.
f. The right to complain: The right to complain to the Ombudsman about any perceived violation of the DPA by HMCI.
g. The right to seek compensation: The right to seek compensation in the Court if you suffer damage due to a contravention of the DPA by HMCI.
You may contact HMCI, using the details listed below, to access and review your personal data or to exercise any other rights provided to you under the DPA. HMCI will take into consideration circumstances where, under the DPA or other applicable legislation, your rights may be limited or subject to conditions, exemptions or exceptions.
Upon contacting HMCI, we may need to verify your identity prior to fulfilling a request and may request additional information as required. In accordance with the DPA, HMCI may also charge a reasonable fee in relation to your request if it is unfounded or excessive in nature, or HMCI reserves the right not to comply with the request at all.
To learn more about your rights, visit www.ombudsman.ky.
When processing your personal data, HMCI will comply with the eight Data Protection Principles defined within the DPA:
a. Fair and lawful processing: Personal data shall be processed fairly. In addition, personal data may be processed only if certain conditions are met, for example the data controller is subject to a legal obligation that requires the processing or the processing is necessary for exercise of public functions.
b. Purpose limitation: Personal data shall be obtained only for one or more specified, explicit and legitimate purposes, and not processed further in any manner incompatible with that purpose or those purposes.
c. Data minimisation: Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are collected or processed.
d. Data accuracy: Personal data shall be accurate and, where necessary, kept up-to-date.
e. Storage limitation: Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose.
f. Respect for the individual’s rights: Personal data shall be processed in accordance with the rights of data subjects under the DPA, including subject access.
g. Security – confidentiality, integrity and availability: Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
h. International transfers: Personal data shall not be transferred to a country or territory unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
HMCI has appointed a Data Protection Leader. If you have any questions about this Privacy Notice or how your personal data is handled, or if you wish to make a complaint, please contact:
Name: Richard Smith
Telephone number: +1 345 244 6813
Email Address: Richard.Smith@gov.ky
Address: Government Administration Building, Box 118
133 Elgin Avenue, George Town
Grand Cayman KY1-9000
CAYMAN ISLANDS
HMCI aims to resolve inquiries and complaints in a respectful and timely manner.
HMCI reserves the right to update this Privacy Notice at any time and will publish a new Privacy Notice when we make any substantial updates. From time to time, HMCI may also notify you about the processing of your personal data in other ways, including by email or through our publications.
This Privacy Notice was last updated on 14 November 2024.
This Privacy Notice explains the purposes for which we collect, use and share your personal data when you subscribe to the Cayman Islands National Emergency Notification System (NENS).
All data processing for the purposes of NENS is governed by the Cayman Islands Data Protection Act and Hazard Management Cayman Islands (HMCI) respects your privacy.
It is important that you carefully read this Privacy Notice before signing-up to receive notifications and signifying your consent to your personal information being collected and used for that purpose.
If we make material changes to this Privacy Notice that affect the purposes for which we collect, use and/or share your information, we will include a "NEWLY UPDATED" label with the "PRIVACY NOTICE" link on nens.gov.ky.
In order to receive notifications, you must first complete the registration form. During registration, you will be required to provide certain personal information (consisting of your email address and/or telephone number, depending on the type of notification(s) you choose to receive). This information will be used to contact you in event of an emergency.
HMCI is the data controller with respect to the information collected on this site. The Department of Public Safety Communications will also have access to the information for the purpose of contacting you in the event of an emergency. We only have access to/collect information that you voluntarily provide via the NENS platform or other direct contacts.
You may opt out of National Emergency Notification System at any time. You can do this by contacting us via the email address or phone number given on our website: nens.gov.ky. Once you opt out your personal data will be permanently deleted.
Should you have any questions regarding this Privacy Notice, please contact the Director of Hazard Management via the contact details provided below and we will endeavour to respond within 5 working days: nens@gov.ky