Privacy Notices - Swindon Library and Information Service Privacy Notice

Introduction

You need to be aware of this Privacy Notice if you are providing personal information to the Swindon Library and Information Service

What is a Privacy Notice?

A ‘privacy notice’ is a statement issued by an organisation which explains how personal and confidential data about individuals is collected, used and shared.

Who is collecting and using your personal data?

This notice sets out the basis on which Swindon Library and Information Service collects and uses the personal data of our users. Swindon Library and Information Service is run by Swindon Borough Council and consists of five core libraries: Central Library, North Swindon Library, Highworth Library, Park Library and West Swindon Library.

Swindon Library and Information Service shall process your personal data in accordance with the Data Protection Act 2018.

We may update this Privacy Notice from time to time. If we make significant changes we will let you know but please regularly check this notice to ensure you are aware of the most updated version.

This Privacy Notice was last updated May 2018.

What personal data do we collect?

We may collect and process the following data about you:

  • name
  • contact details (address including postcode, email address, telephone number/s)
  • date of birth
  • library card number
  • your photograph (Extended Access users only)
  • history of library usage: items borrowed and requested, financial transactions,
  • feedback responses: from comments forms
  • whether or not you have a disability for which the Council needs to make reasonable adjustments
  • equality data - to enable the Council to manage its legal requirements under the Equality Act 2010 (Public Sector Equality Duty) 
  • where and when you registered for library membership
  • payment card details
  • CCTV images of you
  • guarantor: if you are acting as a guarantor for another person, such as a child under the age of 16

We collect most of the personal information we hold about you:

  • via our online joining form
  • in person at our Swindon Library branches
  • in the course of providing our services to you:  for example, history of library usage; feedback responses responses to information enquiries; attendance at events or bookings for room hire/exhibitions
How the law allows us to use your information?

We need your personal data to allow us to deliver Swindon Borough Council’s statutory duty to provide a comprehensive and efficient Library Service (under Libraries and Museums Act 1964) and with reference to the Library Byelaws and to manage your membership of the library service.  The situations in which we will process your personal information are listed below.

We use the information we hold about you:

  • to give you access to library buildings
  • to provide and administer library services to you and to any person, such as children under 16, for whom you are a guarantor: for example borrowing and requesting items; booking rooms and exhibitions
  • to provide you with access to eBooks, eAudio and eMagazines
  • to respond to your enquiries
  • to ensure that we are providing services that are needed and relevant to you
  • for the continuous improvement of our library services
  • for the detection and prevention of crime and to protect library staff and library users

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we might need to use it for another reason that is compatible with the original purpose.  If we need to use your personal information for any other unrelated purpose, we will always notify you and we will explain the legitimate basis which allows us to do so or ask for your consent.

Who do we share your information with?

Any user who does not comply with the Library Rules and Regulations and the Library Bylaws should be aware that we may share your personal data, including CCTV images, with other Swindon Borough Council Departments, or the Police. 

How do we protect your information?

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees and third parties (named above) who have a business need to know when providing services to Swindon Library and Information Service.  All parties will only process your personal information on our instructions and in accordance with obligations under the Data Protection Act 2018.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How long do we keep your personal information?

In broad terms, we will only retain your personal data for as long as is necessary for the purposes described in this Privacy Notice. This means that the retention periods will vary according to the type of the data and the reason that we have collected your data in the first place.

We have procedures in place regarding our retention periods which we keep under review taking into account our reasons for processing your personal data and the legal basis for doing so.

The data you provide for Library membership

Library membership expires every two years, if it is not renewed your personal details are anonymised in the system and your membership form is destroyed six months after expiry with the following exceptions:

  • Library accounts that are in debit (there are unpaid charges or loans outstanding) will remain on the library database for 6 years
  • Library Accounts for borrowers who are acting as a Guarantor for a child under 16 will remain on the database for as long as the child is an active borrower and under the age of 16
  • Library Accounts for borrowers who have been banned from libraries or library services for unacceptable behaviour will remain on the library database for the duration of the ban plus 12 months.

The data we collect in the course of providing our services to you:

  • Payment card details. We do not store payment card details. We do not retain this data beyond the initial transaction
  • Events. Contact details and bookings for events will be retained until the event has taken place and securely destroyed within seven working days
  • Library use. Behaviour that contravenes the Library Rules and Regulations or the Library Bylaws may be recorded and shared with other departments of the council and statutory bodies and will be kept for 12 months after the last incidence of unacceptable behaviour for the purpose of ensuring that the library is a safe, welcoming place for customers and staff. Data for customers who have been banned will be kept for the duration of the ban plus 12 months.
  • Correspondence. Any personal information you supply to us in any correspondence initiated by you (email, letter, telephone) will be retained for the duration of the enquiry and will be securely destroyed and in line with our information security procedures
  • CCTV images. CCTV images are overwritten within 31 days

Our systems will store your data for up to two years following your last contact with the library after which time it is deleted.

What you can do with your information?

You have the right to:

  • access your personal data that we process, see Access to the information we hold about you
  • rectify inaccuracies in personal data that we hold about you
  • request us to restrict the processing of your data in certain ways
  • obtain a copy of your data we hold
  • object to certain processing of your personal data
  • withdraw consent for processing where that is the legal basis we use and be forgotten i.e. for your personal data to be removed from our systems and records under certain circumstances.

We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Council’s Data Protection Officer, at DataProtection@swindon.gov.uk or by calling 01793 445500 and asking to speak to the Data Protection Officer. Please tell us which service you are using so we can deal with your request.

For access to your borrowing history, sign in to your account at Swindon.gov.uk/libraries

We would normally expect to share what we record about you with you whenever we assess your needs or provide you with services.

However, you also have the right to ask for a copy of all the information we have about you and the services you receive from us. When we receive a request from you in writing, we must give you access to everything we have recorded about you, however, we cannot let you see any parts of your records that contain:

  • confidential information about other people
  • data a professional thinks will cause serious harm to you or someone else’s physical or mental wellbeing
  • if we think that giving you the information may stop us from preventing or detecting a crime

This applies to personal information that is in both paper and electronic records. If you ask us, we will also let others see your record (except if one of the points above applies).

If you cannot ask for your records in writing, we will make sure there are other ways that you can. If you have any queries about access to your information contact DataProtection@Swindon.gov.uk.

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO) at:

Information Commissioner's Office
 Wycliffe House
 Water Lane
 Wilmslow
 Cheshire
 SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 (if you prefer to use a national rate number).

Alternatively, visit ico.org.uk or email casework@ico.org.uk.

Main privacy notice

You are viewing the Privacy Notice for Swindon Library and Information Service.

Read the main Privacy Notice