Privacy Policy

Privacy policy for the Cayman Islands Department of Tourism Facebook Fanpage

Dear visitors of our Facebook Fanpage,
 
The following information explains the data processing on our site at https://www.facebook.com/VisitCaymanIslands/ /that you can visit via browser or in the Facebook app; ("Fanpage") by
  • us, the Cayman Islands Department of Tourism, Government Administration Building, Box 134, 133 Elgin Avenue, Grand Cayman, KY1-9000, Cayman Islands ("CIDOT" or "We"), as the operator of this Fanpage, and
 
  • Facebook (located in Ireland at: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; located in the USA at: Facebook, Inc., Facebook Headquarters, 1 Hacker Way, Menlo Park, CA 94025, USA) ("Facebook")
 
Both we and Facebook are responsible for certain portions of the processing of your data when you use the Fanpage. However, Facebook primarily processes the data. In the following, we explain how this works and what your rights are:
 

A.Processing of personal data on the Fanpage

The manner and extent to which personal data is collected when you visit a Facebook fanpage depends largely on the behaviour of the user, i.e. you. Therefore, you can partly influence the collection of data.
  1. Joint processing of statistical evaluations by CIDOT and Facebook
 
When you visit our Fanpage, Facebook collects - to our knowledge - the following personal data ("Usage Data"):
  • Information on visited pages, posts, videos, stories or other content associated with the Fanpage,
  • Interactions with a story, subscriptions, likes of posts, recommendations of posts or comments, sharing of, reactions to or commenting on posts, reporting posts or hiding posts,
  • Clicks on links on other pages that lead to the Fanpage, mouse movements over names or profile pictures to preview content, clicks on buttons on the Fanpage and to the device (computer or mobile device) you are signed in with,
  • Visits and reactions to events, clicking on a link for event tickets, initiating a messenger conversation, opening Fanpage shops, including information on such actions such as date and time of the action, country/city (estimated from the IP address or imported from the user profile for logged-in users), language code (from the HTTP header of the browser and/or language setting), age/gender groups (from the user profile, only for logged in users), previously visited websites (from the HTTP header of the browser), whether the action was taken on a computer or on a mobile device (from the browser user agent or from app attributes) and the Facebook user ID (only for logged in users).
We do not receive this Usage Data directly, but only from Facebook in aggregated, i.e. summarized, form via the Facebook tool "Page Insights" (https://de- https://en-gb.facebook.com/business/pages/manage and https://en-gb.facebook.com/legal/terms/information_about_page_insights_data ("Insights Data"). We cannot link Insights Data to your person.  
Without our Fanpage, Facebook could not collect the Usage Data. For the processing of Usage Data, we and Facebook are therefore so-called "joint controllers". This means that Facebook and we process this data with the common purpose of getting to know the usage behaviour of visitors of our Fanpage. Facebook as the operator of the platform collects the actual Usage Data from you; we only receive the summarized Insights Data from Facebook. Therefore, only Facebook makes decisions about the processing of Usage Data in connection with Page Insights. In the event of such joint controllership, the EU General Data Protection Regulation requires that we conclude a special agreement with Facebook. You can find this agreement here: https://en-gb.facebook.com/legal/terms/page_controller_addendum. The agreement contains further details and explanations about our joint responsibility with Facebook in connection with Page Insights.
Our legitimate interests constitute the legal basis for our participation in the processing of Usage Data. Our interest is the administration and improvement of the Fanpage. We do not require any further legal basis for the processing of the Insights Data, as these are aggregated and not personal data.
  1.  Processing of personal data by CIDOT
  1. Likes, posts and messages
If you like, share, comment on or otherwise actively use our Fanpage, we process the following personal data ("Action Data"):
  • Your Facebook username and profile picture,
  • Your interactions with our posts ("likes", "shares", etc.), and
  • Your comments, posts, direct messages and other content you provide on the Fanpage.
We process this Action Data in order to provide you and other visitors of the Fanpage and our other media offerings (e.g. our website, "Other Media Offerings") with the Fanpage, the Fanpage functionalities, your own content (if we re-post it) and, if applicable, to answer your requests. We do not create profiles of you or mix the Action Data with any other data we might have about you.
We process the Action Data on the basis of our legitimate interest in providing our visitors and followers on Facebook with relevant content and to enable you to use our Fanpage and its functionalities. We respond to your requests via the Fanpage to fulfil contract-like obligations towards you, or based on our legitimate interest to interact with visitors of our Fanpage (e.g. thanking you for contributions).
  1. Other uses of our Fanpage
In individual cases, we may need your consent to process your personal data (which are then also regarded as Action Data). This is the case, for example, if we want to share your post on Other Media Offerings, if you register for our newsletter via the Fanpage or if you post something in the context of campaigns such as competitions, and also if people are depicted in such posts - you or others (details can be found in the respective terms or information of the campaign). Unless otherwise stated in connection with a campaign, you usually consent by posting, if necessary with a corresponding hashtag, or by activating the newsletter checkbox. You can revoke your consent at any time with effect for the future by sending us a message. The lawfulness of the data processing carried out by us before the revocation remains unaffected. In other cases, we will explain further details about this data processing in connection with obtaining your consent.
  1. Data retention (CIDOT)
We process your Action Data for the described purposes only as long as necessary, i.e. usually as long as we operate our Fanpage or as long as your user action on our Fanpage is online or until we have answered your direct message. Beyond that, we only store your personal data for the fulfilment of any legal retention obligations.
  1. Data recipients (CIDOT)
  • Processors. In connection with the purposes described here, we may transfer your Action Data to external service providers, such as IT service providers. We have carefully selected these service providers and have concluded data processing agreements as required by applicable law with them.
  • Partners. In individual cases, we will pass on your Action Data to other controllers who process the personal data for their own purposes, as far as this is necessary for contract fulfilment or the provision of services, e.g. in the context of competitions. Our contractual partners may use the data transmitted in this way exclusively for the purpose for which we have transmitted it. The transmission of your Action Data for these purposes is carried out in order to fulfil a contract or due to our legitimate interest in making our operations efficient.
  • Other recipients. We will otherwise only transfer your Action Data to other recipients in individual cases if and to the extent required or permitted by law, or to enforce legal claims or to investigate or prevent suspected or actual illegal activity. In these cases, we will inform you separately about the respective transfer if and to the extent that this is legally required.
 
Please note that since Facebook is a public platform, potentially anyone can see your contributions on Facebook.
 
  1. Data processing by Facebook
When you visit our Fanpage, Facebook also collects and processes your personal data, including Action Data and Usage Data. We have no influence on what data Facebook processes, to what extent and how, or whether and how Facebook passes this data on to third parties, especially in countries outside the European Union. It is your responsibility to familiarize yourself with this and to decide whether you agree to it.
The processing of your personal data by Facebook, including the respective legal bases, is described in Facebook’s data policy available at https://en-gb.facebook.com/policy.php, and also the joint controller agreement mentioned above (https://en-gb.facebook.com/legal/terms/page_controller_addendum).
Please pay particular attention to the following:
  1. Data transfers to the USA
In order to provide the Fanpage on the Facebook Platform, your personal data will be processed by Facebook Ireland Limited and Facebook, Inc. in the USA (as well as other third countries, as shown at https://en-gb.facebook.com/policy.php).
  1. Data processed via Facebook cookies and app interfaces
When you visit our Fanpage through the Facebook website or Facebook app, Facebook may use cookies and similar technologies such as pixels, web beacons and local storage (LocalStorage) or app interfaces (graph.facebook.com) to collect information about your use of the Fanpage and the Facebook platform in general, as well as to provide you with features on Facebook.
In addition, advertisers or other Facebook partners may set cookies or similar technologies on your device. We have no influence on these data processing activities.
Facebook describes in general terms which cookies Facebook uses and which information Facebook receives via cookies and other tools, how these are used, how long they are stored by Facebook and with which third parties they are shared, in its data policy. In the data policy, you can also find information about how to contact Facebook and about the settings for advertisements. The data policy is available at https://en-gb.facebook.com/policy.php.
 

B. Your data protection rights (particularly if you are in the EU – might not apply / fully apply in other jurisdictions)

  1. With us
You have the following legal rights against CIDOT with regard to the Action Data, provided the respective requirements are met. You can find more information about your rights and the relevant requirements on the website of the EU Commission at https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.
 

    1.Right of access to data

You have the right to request confirmation as to whether we process personal data concerning you. If this is the case, you have the right to be informed about this personal data and to receive further information, e.g. the purposes of processing, the recipients and the planned duration of storage or the criteria for determining the duration.
 

    2.Right to rectification and completion

You have the right to request that your incorrect personal data be corrected immediately. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.
 

    3.Right to erasure ("right to be forgotten")

You may have the right to have your personal data erased. This is the case, for example, if your personal data are no longer necessary for the original purposes, if you have revoked your consent under data protection law or if the personal data have been processed unlawfully.
 

    4.Right to limit processing

You have the right to limit the processing of your personal data in the cases prescribed by law.
 

    5.Right to data portability

You have the right, in the cases required by law, to receive personal data concerning you in a structured, common and machine-readable format.
 

    6.Right to object

You have the right to object at any time, for reasons arising from your specific situation, to the processing of certain personal data concerning you.
In the case of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including any profiling, insofar as it is connected with such direct marketing.
 

    7.Right to revoke your consent

You can revoke your consent to the processing of your personal data at any time with effect for the future. However, the legality of the processing carried out up to the time of revocation is not affected by this.
 

    8.Right to complain to a data protection authority

You have the right to complain to a supervisory authority, in particular in the EU Member State in which you are resident, in which your place of work or the place of the suspected infringement are located, if you believe that the processing of personal data concerning you is in breach of applicable data protection laws, particularly the GDPR.
  1. At Facebook
For information on data processing and your data protection rights and how you can manage or delete the information that Facebook holds about you, please refer to these Facebook support pages: https://www.facebook.com/about/basics/manage-your-privacy. You can also perform a privacy check-up there to ensure that you are aware of your privacy settings and that you have configured them up optimally.
 

C.Further information about us

If you have any further questions that this privacy policy could not answer, you are welcome to send us an e-mail to the following address: dpcm@caymanislands.ky.
 
If you would like to learn more about the Cayman Islands, please visit our website at https://www.visitcaymanislands.com/en-gb/. We inform you about data processing in connection with the Visit Cayman Islands website in our website privacy policy, available at https://www.visitcaymanislands.com/privacy-policy.
 
Version December 2020
On this website, we use cookies to enhance your user experience, improve our website and provide you with personalized marketing. Please see our Privacy Policy to learn more. You can also Manage Your Cookie Settings.