Privacy Notice for the Anti-Corruption Commission


Who We Are

The Commissions Secretariat (the “Secretariat”) is the data controller for the processing of personal data defined under section 2 of the Data Protection Act (2021 Revision) (the “DPA”) on behalf of the AntiCorruption Commission (the “Commission”), and for the purpose of managing reports and/or complaints received in accordance with section 4 of the Anti-Corruption Act (2019 Revision) (as amended) (the “ACA”).

We are committed to making sure your personal data is safe and that you are informed as required under the DPA. This privacy notice contains clear and concise information about who we are and what we do with your personal data when you submit a report and/or complaint.

Any inquiries regarding this privacy notice and our privacy practices should be sent by email to

Our full contact details are as follows:

Manager, Commissions Secretariat
4th Floor, George Town Financial Center
PO Box 391
Grand Cayman, KY1-1106
Cayman Islands

Tel: +1 (345) 244-3685


What Personal Data We Collect and Why

Personal data is information that relates to a living individual who can be identified directly from the information or indirectly when put together with other information. It also includes any expression of opinion or indication of intentions in respect of an individual.

We collect personal data for the primary purpose, under section 4 of the ACA, of receiving, considering, analysing, disseminating, detecting, investigating, processing, managing and doing anything else that is required or authorized for achieving the purposes of the ACA concerning any report(s) and/or complaint(s) of corruption.

If further information is needed from you relating to your report and/or complaint we will also use your personal data to enable the Commission or its staff to contact you to verify aspects of your report and/or complaint, carry out an investigation, or carry out other powers and duties as outlined in section 4 of the ACA. The personal data to be processed consists of:

  • Your full name, title, physical, and mailing address.
  • Contact information such as email address and telephone numbers.


Additional Data We May Collect

Depending upon the initial assessment of your complaint by the Commission, you may be asked to supply additional information to us. For example, when submitting a complaint, you may be asked to provide additional details including, but not limited to, any third party information such as witnesses or information about person(s) that may be in possession of evidence.

Third party personal data will be processed and protected in accordance with the ACA and in compliance with the DPA.


Cookies and Website Use

Our website is hosted by Netclues. The website collects information related to the way the website is being used, called performance cookies. The cookies are used for optimal performance and to maintain active user sessions. No personal information is collected through the ACC website by Netclues. To view Netclues Privacy Policy:


How Long Do We Retain Your Data?

We will only keep your personal data for as long as necessary in accordance with the Commissions Secretariat Disposal Authority and to fulfil the purposes we collected it for, including to satisfy any legal, accounting, audit or reporting requirements.


Who Has Access to Your Information?

Your personal data will be stored securely and only accessed by authorized employees and other persons who act on our behalf.

We will under no circumstances sell or pass your information to third partiesfor the purposes of marketing or any purpose incompatible with the purpose for which it was collected.

Given the nature of the work of the Commission the security of data is paramount and your personal data will only be shared where absolutely necessary for the Commission to carry out its legal mandate. Therefore, your personal data may be disclosed to third parties who are also involved in investigations of breaches of the ACA. This includes other public entities who are data controllers for specific processing activities such as:

  • the Attorney General’s Chambers, in the event that a report/complaint you have made relates to a matter requiring legal advice from this office;
  • the Royal Cayman Islands Police, in the event that a report/complaint you have made relates to a matter that is being investigated under section 4A of the ACA; and
  • the Director of Public Prosecutions Office, in the event that a report/complaint you have made relates to an investigation that is being considered for criminal prosecution under section 28 of the ACA.

If your personal data are disclosed to any other person in order to facilitate investigation logistics, we will endeavour to inform you before this happens and let you know exactly who will receive your data and why. We will also only disclose the minimum amount of data necessary for that purpose.

The Commission may disclose your information under the ACA in relation to corruption, to the Cayman Islands Monetary Authority established by section 5 of the Monetary Authority Act (2018 Revision), or to such other institutions or person in the Islands as may be designated in writing by the Attorney General and may also disclose to any overseas anti-corruption authority as provided under section 5 of the ACA.

In limited circumstances, such as under court order, we may have a legal obligation or other reason to disclose your personal data to a third party that is unrelated to an investigation. This includes if we are required to participate in legal proceedings, obtain legal advice, or defend or exercise legal rights.

The ACA provides for disclosure of information by way of court order under section 33 in which a professional legal adviser is ordered to disclose information available to him or her in respect of any transaction or dealing relating to any property which is liable to seizure.

We may keep your personal data in our electronic systems, in the systems of our Data Processor, or in paper files.


How Do We Keep Your Personal Data Safe?

We are committed to protecting your personal data. We take appropriate technical and organisational measures to keep your personal data confidential and secure, in accordance with our internal policies and procedures regarding storage of, access to and disclosure of personal data. We may keep your personal data in our electronic systems, or in paper files. Systems and processes exist to prevent unauthorised access to, or disclosure of your data. We take all possible steps to protect the personal data we hold about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them. Examples of our security include:

  • Controlling access to systems and networks - allows us to prevent people not permitted to view your personal information from gaining access to it.
  • Staff Training - allows us to make all our staff aware of how to handle information and how to report incidents or issues regarding the use of information.
  • Regular testing of our IT systems - ways of working including keeping up to date on the latest security updates and training all our staff on protecting and using information securely.


What Are Your Data Protection Rights?

Under the DPA you have rights in relation to your own personal data.

We want to make sure you are fully aware of all of your data protection rights. Every individual who submits a complaint is entitled to the following, amongst others:

  • The right to access - You have the right to request copies of your personal data and other information related to our processing.
  • The right to rectification - You have the right to request that we correct any information you believe is inaccurate, including to ensure it is complete or up to date.
  • The right to erase - You have the right to request that we erase your personal data, under certain conditions.
  • The right to stop or restrict processing - You have the right to request that we stop or restrict the processing of your personal data, under certain conditions.
  • The right to complain - You have the right to complain to us or the Ombudsman if you believe we are processing your personal data in a way that breaches the Data Protection Act.

Further information concerning individual rights can be found on the Ombudsman’s website at:


What are the Exemptions to the Right to be Informed?

Exemptions may also apply, whereby specified rights or other provisions of the DPA do not apply. The DPA recognizes exemptions from the right to be informed which can be found on the Ombudsman’s website at:


How to Make a Privacy Complaint?

You can submit any requests, questions or complaints to us at Information about the Cayman Islands Data Protection Act is available on

Information about how to complain to the Ombudsman is available on


Changes to Our Privacy Notice

We have the right to update the contents of this Privacy Notice from time to time to reflect any changes in the way in which we process your personal data or to reflect legal requirements as these may change.

The "last updated" date is indicated at the bottom of this page. Any changes will apply to you and your data immediately.

Last updated 21 March 2023.