Libraries: privacy notice

This notice explains when we collect personal data, what we use it for, who we share it with and your rights.

The identity and contact details of the company

Reading Borough Council – Reading Libraries

Contact details of the Data Protection Officer

Nayana George IGTeam@reading.gov.uk

What personal data is held?

  • Name
  • Residential address
  • Email address
  • Date of birth (if required)
  • Telephone number/s
  • Ethnicity
  • Disability
  • Gender

Information is collected during face-to-face contact, using electronic forms via website or by telephone.

How will the data be stored?

Our library computer system is accessed via secure connections and hosted on secure servers, in a remote data centre in the UK.

Borrower, loan and item data is stored on the Council’s and it’s Partners’ Secure Network and Servers subject to UK GDPR Adequacy Standards.

Where we have data held on paper, this will be minimal, stored in a locked area, scanned where possible and kept for no longer than necessary to deal with the transaction.

Item we may have with your information on paper are:

  • Record of you signing for membership and information provided (either individual or group)
  • Record of your consent for a particular activity (interlibrary loan, donation, looking at an item held securely, running or taking part in an activity, booking a space)
  • Comment, question or complaint

What is the legal basis for the collection, use and storage of the data?

  • Local Government Finance Act 1992
  • Public Libraries and Museums Act 1964
  • Copyright Designs and Patent Act 1988
  • Freedom of Information Act 2000

We use information to offer a library service to those who live, work or study in Reading. The information we collect is used as part of offering a library membership and so that we can contact you in relation to your library account or in relation to library activities.

Give details of how long the data will be stored and criteria used to determine this

  • Library system information is held for up to 7 years after last use of a library account. Where there are no financial transactions associated with the account it will be removed after 3 years.
  • Where we have paper financial records these will be kept for 7 years.
  • Any paper-based information would be kept only as long as the related activity is ongoing.

Who will it be shared with and for what purpose?

  • Civica UK host and run our library computer system and are the Data Processor for your library account. Reading Borough Council is the Data Controller for this information.
  • Reading Borough Council library staff use the library computer system.
  • Where you use self service kiosks, your library information will be securely shared with the network provider (Insight) and self-service provider (Dtech UK, Bibliotheca UK) to allow identification.
  • Where you use public computers or wifi, your card information is securely shared with the service provider (Insight Media)
  • Where you pay by card your card information is securely shared with the payment provider (Cardnet/Hemisphere West)
  • Where you choose to use electronic resources such as ebooks, eaudiobooks or emagazines, you consent to sharing information with these providers. These are currently Overdrive (for Libby), OCLC, Inc (for Cloud Library) and Bolinda (for Borrowbox) and Scholar 6 LTD (for Brillder).
  • Your data can be shared on Spydus with SELMS (Southeast Library Management System) to allow borrowing from all libraries in the Southeast (opt in required)
  • Compliments and Complaints are shared internally with the complaints team for Reading Borough Council.
  • We may use your email address with your consent for information and notification of library events and activities.
  • If you have opted into our enewsletter created by Reading Libraries, your data is shared with PatronPoint (based in the USA).
  • System messages covering transactions and notices relating to your account may come from us, from Civica Spydus, or from PatronPoint (based in the USA).
  • Any third-party provider may ask you for further consent relating to marketing by these partners, which you can opt into – however if you opt in these companies are the data controllers in these cases for the services provided.
  • Reading Libraries will not share the information you have provided for any marketing purpose. We will only send you library marketing information if you
  • Classification: OFFICIAL
  • Classification: OFFICIAL
  • have
  • consented to us doing so. We will send messages relating to use of your account (reservations, expiries of account) if you have opted out of marketing.
  • Borrower, loan and item data is shared with the Council’s Data Intelligence and Policy Team for analytical purposes.
  • Please note that information regarding visa service is solely processed by TLS and UKVI/Home Office – data entry is done on this site by Reading Borough Council, but your information is not on any Reading Borough Council system

How can the service user get access to it?

A    Subject    Access    Request    can    be    made    by    following    the    link:www.reading.gov.uk/dataprotection

State whether any data is to be transferred outside the EU

Our enewsletter provider is based in the USA but is GDPR compliant for UK/EU customers. This company has your email address if you have opted into the newsletter.

Some notices are sent by PatronPoint USA for purposes of supporting use of your account. Company is GDPR compliant for UK/EU customers. Customer data is shared with them for this purpose.

Is processing based on consent?

You can withdraw consent at any time.

If you do not consent to us holding your data, then you cannot borrow items from the library or use library computer systems.

You have a ‘right to be forgotten’ so you can ask for your personal information to be deleted where:

  • It is no longer needed for the reason why it was collected in the first place
  • You have removed your consent for us to use your information and we do not have to keep your information for legal reasons

If we have shared your personal information with others, we will do what we can to make sure those using your personal information comply with your request for erasure.

We may not be able to delete your personal data if it is needed for legal reasons.

What other rights does the service user have that we have to make known to them?

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your
personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You have a right to complain to the Information Commissioner’s Office (ICO) if you are unhappy with how your personal information has been handled by RBC. They can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk

State if there will be any automated decision making

We do not use automated decision making.

Consent

By signing the membership ledger you are consenting to joining Reading Borough Council’s library service. Your information will only be securely shared with certain organisations to run your library account:

  • Civica Spydus (library computer system)
  • PatronPoint (library messaging)
  • Dtech (self-service kiosks)
  • Bibliotheca UK (self service kiosks)
  • Insight Media (public IT)
  • Data Intelligence and Policy Team (Analytical purposes)

We require this information to give you a library account and allow the borrowing of items and the use of library IT.

This data will only be shared securely with these third parties and only as necessary.

You have the right to withdraw consent at any time by emailing info@readinglibraries.org.uk or writing to the Library Services Manager – please note this will mean that we will be unable to provide borrowing or IT services to you.

Last updated on 28/10/2024