Privacy and libraries

This privacy notice explains how the Library Service at Buckinghamshire Council (the data controller) will use the personal information we collect about you when you use this service. The notice also sets out how we will protect your personal information.

We ask for the following mandatory information on you:

• your name
• your date of birth
• your email (for online joining)
• your address

We may ask for these following extra details because they help us to contact you and improve our services:

• your telephone number
• disability information
• preferred language
• ethnicity
• gender

We will also hold information about the contact we have had with you, such as items loaned or customer feedback.

Our enquiry desks are located in public spaces and it is possible for conversations to be heard by other customers. We remind customers to be cautious when making enquiries of a personal or sensitive nature.

We may hold financial details such as payments made by you to the library service or debts owed by you to the library service.

We may also ask for you to confirm your identity by providing two forms of identification – we ask for proof of name, address and signature (this is usually when you are joining the library for the first time).

We need your information to:

• provide a library service
• ensure our membership database is accurate for the administration of the library service
• contact you on occasion, for example in response to customer feedback and complaints or to notify you about items awaiting collection
• contact you to take part in reviews or surveys and ask your opinion about our services to understand how we can provide a better service
• use for statistical analysis and to monitor and improve our services

The legal bases for processing the data under the UK GDPR and Data Protection Act 2018 are:

• Article 6(1)(a) Your consent. Where applicable, you are able to remove your consent at any time (this would prevent your use of the service). You can do this by contacting [email protected]
• Article 6(1)(e) We need the data to perform a public task - we are legally required to provide a library service under the Public Libraries and Museums Act 1964 and in order to provide the service efficiently and carry out this public task, we need to hold and process your data

If we use your special category information, we use it under consent.

We will share your information, if appropriate, with:

• third parties (data processors) contracted by Buckinghamshire Council to work on behalf of the Council to support the library service such as the providers of our library management systems
• other bodies in connection with the prevention of crime, criminal or legal investigations or proceedings including fraud (and the National Fraud Initiative) or regulatory functions (such as the Local Government Ombudsman)
• other relevant services within the council, for example the customer service centre
• SELMS partner libraries where you use their facilities
• community libraries - some of our libraries are provided in partnership with local community organisations and your personal details will be securely available to volunteers who help us to operate our community library service. Volunteers sign a confidentiality agreement

A community library will have some independence to run their own events and local library users may be asked to support these and other fundraising activities. The processing of data in this way will be the responsibility of the community library.

We will securely hold your information and only keep it for as long as is necessary. Where information is no longer needed it will be confidentially disposed of. If you do not borrow an item for 24 months your library membership will become deactivated. To reactivate your account you will need to confirm your personal details. In line with our policies, after a period of inactivity on your account your personal information will be erased from our systems.

We do not carry out any automated decision making in relation to this information.

When you book a public computer our employees are able to view the date and time of your session, your name and library membership number. This information is stored on our secure computer booking system.

We also make use of software to gauge customer demand on our public computers. The software we employ is used to evaluate and improve our services and no personal information is collected this way. Anyone who wishes to use our public computers must read and accept the terms of our Acceptable Use Agreement.

Buckinghamshire Library Service reserves the right to refuse or terminate a public computer session if we believe our Acceptable Use Agreement is being violated or there is some form of inappropriate activity taking place. Because we offer access to the Internet we have a responsibility to prevent grossly offensive, indecent or threatening messages being sent.

You have legal rights over your information. For full details of those rights, see our corporate Privacy Policy. Your rights will differ depending on our lawful basis for processing your data. Providing there are no outstanding loans or charges on your account you have the right to have any personal information removed from our systems and records.

Our Data Protection Officer can be contacted at Buckinghamshire Council, The Gateway, Gatehouse Road, Aylesbury, HP19 8FF, by email at [email protected].

If you have any concerns about our use of your personal information, you can make a complaint to the Data Protection Officer. You can also then complain to the ICO if you remain unhappy with how we have used your data.

Date of publication/last update: September 2021