Effective Date:
Introduction
The Disaster Risk Management (DRM) Authority (“we,” “our,” or “us”) is committed to protecting the privacy and personal data of visitors to our official website, www.drm.gov.bs. As a quasi-government disaster management organisation established in July 2024 under the laws of The Commonwealth of The Bahamas, we comply with the provisions of the Data Protection (Privacy of Personal Information) Act, 2003 (the “Data Protection Act”).
This Privacy Policy outlines how we collect, use, disclose, and protect your personal information in alignment with Bahamian data protection laws.
Legal Basis for Processing
We process your personal information based on the following legal grounds:
- Your consent, where required.
- The necessity of processing to fulfill our statutory duties under disaster management mandates.
- Compliance with legal obligations as outlined in The Bahamas’ regulatory framework.
Information We Collect
We are actively working to achieve full WCAG 2.1 Level AA compliance by shortly. Regular accessibility audits and improvements are scheduled throughout the year to address and resolve outstanding issues. We are also developing a Continuous Accessibility Improvement Plan that will be reviewed and updated annually.
How We Use Your Information
We collect and use your information for the following purposes:
- Responding to inquiries, providing requested services, and improving website functionality.
- Sending official updates, alerts, and public safety communications.
- Conducting research, reporting, and analysis related to disaster preparedness and response.
- Fulfilling legal and regulatory obligations as per The Data Protection Act and related disaster management legislation.
Disclosure of Information
We do not sell or rent your personal information. However, we may share your data with:
- Government Ministries and Agencies: Where necessary to fulfill our statutory disaster management responsibilities.
- Third-Party Service Providers: Trusted vendors who support the operation of our website and related services, under strict confidentiality agreements.
- Law Enforcement or Regulatory Bodies: When required by law, court order, or to protect public interests.
Data Security
We implement reasonable technical, administrative, and organisational measures to safeguard your personal data against unauthorised access, alteration, disclosure, or destruction. These measures are consistent with Section 6 of the Data Protection Act.
Your Rights
In accordance with the Data Protection (Privacy of Personal Information) Act, 2003, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data where legally permissible.
- Objection: Object to processing of your personal data under certain circumstances.
To exercise your rights, please contact us using the details provided below.
External Links
Our website may contain links to external websites. We are not responsible for the privacy practices or content of these sites. We recommend reviewing their respective privacy policies.
Change to This Privacy Policy
We may update this Privacy Policy periodically to comply with legal updates or reflect changes in our practices. Updated policies will be posted on this page with a revised “Effective Date.”
