Library privacy policy
1. Why we need your personal information
The library has a legitimate right to process your information so we can provide a library service for you as set out in The Data Protection Legislation (General Data Protection Legislation – GDPR). We request the minimum information from you in order to be able to provide an effective service to you.
1.1. When you join the library we request your personal information – name, address, postcode, telephone numbers and email address. We will also ask you if you have a disability. Your disability status is considered sensitive personal data. Disclosure is voluntary and we will not process your data without your explicit consent. We are requesting this information in order to provide you with the appropriate library support.
1.2. You have the right to have any personal information amended at any time.
1.3. You have the right to have your personal details removed from library systems unless these are required in order for us to provide a service to you, there are outstanding charges on your library account or the information needs to be retained in order to comply with legal requirements (see para 5 of this document).
1.4. You have the right to find out what data the library and the Trust holds about you. This is called a Subject Access Request. You can find out how to make a Subject Access Request at Para 11 of this document.
2. How we use your personal information
2.1. To provide a library service for you, including offering disability support.
2.2. General administration of the services we provide.
2.3. We may also use your personal information (for internal purposes only) as a research tool to:
2.3.1. Obtain feedback with a view to developing more relevant content and services.
2.3.2. General service improvement.
2.3.3. Measure resource usage via statistical analysis.
Information used in this way is completely anonymous. Library staff are trained in the security procedures they must follow when handling personal information.
2.4. Marketing to Alumni and External Members
With your consent, in compliance with requirements of The Data Protection Legislation (GDPR) we may also:
2.4.1. Use your personal information to market fee-paying membership/renewals to you when you finish working or studying at the Trust.
2.4.2. Use your personal information to inform you about new services and special offers from time to time.
2.4.3. You can opt-out of receiving these messages at any time.
2.4.4. If you have consented to receiving marketing information from the library, we will review this annually to ensure you still want to hear from us.
3. Who can view my personal information?
3.1. The personal information you provide to the library is used for internal purposes. It can only be viewed by library staff, by the library management system KOHA technical support staff at PTFS Europe, by the Overt Software technical support staff who run the Shibboleth authentication system for electronic resources and DIAS Creative who developed our website when you submit a website form, Olark support support staff when you submit a web chat request (web chat identifying data is redacted after 30 days).
3.2. If you are a student at the Trust your personal data in the student database MyTap will also be seen by Trust employees in the Directorate of Education and Training including Trust’s the Technology Enhanced Learning staff who run Moodle, the virtual learning environment.
3.3. Under certain circumstances your personal library information may also be disclosed to other employees of the Trust. This is usually for in connection with financial transactions, debt recovery or disciplinary matters.
4. Do we share your information with third parties?
4.1. The personal information you give us is used for Tavistock & Portman NHS Foundation Trust purposes only, however, in order to provide borrowing services, printing/copying and access to online resources/services we need to share your data with the companies supplying these systems to the library.
4.2. These companies host your personal data securely within the European Economic Union and comply with UK Data Protection requirements.
4.3. Your personal information will NOT be disclosed to any other third parties without your explicit permission except where the police, Security Service (MI5), the Secret Intelligence Service (MI6), GCHQ or the Secretary of State make a legal request to prevent or detect a crime, or we are compelled to do so by law.
5. How long do we keep your personal information
5.1. We will only retain your personal data for as long as we need it in order to provide a service to you.
5.2. Personal data will be deleted from library systems six months after your membership has expired, with the following exceptions:
5.2.1. Legal compliance – some data may be retained in order to fulfil our legal requirements:
5.2.2. Inter-library loan request forms are retained for six years and one day in accordance with British Library Regulations.
5.2.3. Shibboleth accounts – these are retained for three years from the date of expiry to avoid duplication which could potentially lead to data breaches.
5.2.4. Library debts – The library reserves the right to retain personal data where a former member has unreturned items or other outstanding library debts, until these debts are discharged.
5.2.5. Marketing communications – If you have opted-in to receiving marketing messages we will retain your email address only and we will review your consent annually to ensure you still want to hear from us. You can opt-out of our messages at any time, just click the unsubscribe link in any email messages we send and your details will be removed from our circulation list.
6. Credit/debit card payments
6.1. Online payments for library services by credit or debit card are processed through the Tavistock and Portman NHS Foundation Trust payment systems.
6.2. We do not store credit/debit card details or any other personal financial information within our local systems.
6.3. The information provided for payment purposes is logged and processed securely for the purposes of online transactions using PayPal Website Payments Pro or RealEx. These are secure online payment gateways that process card payments and transactions in a secure host environment.
6.4. Whilst the Trust does not hold or store any customer financial details within its systems, there may be certain cases where they are required, for the purposes of fraud prevention or the manual entry of credit/debit card transactions for example, to review your financial details within PayPal Website Payments Pro. In these instances, the Trust’s internal procedures for non-storage of online customer financial details requires that only approved employees may access the PayPal Website Payments Pro service and that usage of the service should be limited in regard to that of the current enquiry only. Please also refer to the Privacy Policy for PayPal Services on PayPal’s website and the Privacy Statement for Realex Payment on Realex’s website for more information.
7. Library website, computer usage and personal information
Cookies
Cookies are small files that are placed on your computer or mobile device by websites that you visit. Our cookies help us:
7.1. Make our website work as you would expect.
7.2. Remember your settings during and between visits.
7.3. Improve the speed/security of the site.
7.4. Allow you to share pages with social networks like Facebook, LinkedIn and Twitter.
7.5. Continuously improve our website for you.
7.6. We do not use cookies to:
7.6.1. Collect any personally identifiable information.
7.6.2. Collect any sensitive information.
7.6.3. Pass data to advertising networks.
7.7. Pass personally identifiable data to third parties.
7.8. The cookie used on library webpages is Google Analytics:
7.8.1. These cookies are used to collect information about how visitors use our webpages to help us improve the services we provide. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
7.8.2. It is not possible to identify or gather individual’s personal information through the collection of these cookies.
7.9. From time to time we use our records of the pages users have visited on this website to analyse trends, administer the site and track users’ movements. Our records do not contain any personal information about users.
7.10. You can opt out of being tracked by Google Analytics across all websites by visiting http://tools.google.com/dlpage/gaoptout.
7.11. Most web browsers allow some control of cookies. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit allaboutcookies.org.
8. Privacy when using library computers
8.1. Computers are located for optimum access, privacy and comfort. However, because they located in a public space users should be aware their computer screens may be visible to others.
8.2. Under certain some circumstances staff will need to look at your computer screen, e.g. if you have requested help. We may also check your screen if we are informed or suspect that grossly offensive, indecent or threatening messages are being transmitted over our telephone lines.
8.3. Please be aware of the risks in entering personal and financial details online and that responsibility for activities carried out on the internet (including financial transactions) rests solely with the individual user and NEVER with Tavistock and Portman NHS Foundation Trust. This also applies to any downloaded material for use elsewhere.
8.4. Library staff are not permitted to enter any of your personal financial information into a website on your behalf.
8.5. For security reasons some areas of the Trust make use of CCTV recording equipment. This equipment is NOT used to monitor information on computer screens.
8.6. Library public computer software clears the history of user sessions daily. However the Tavistock and Portman NHS Foundation Trust Library does NOT guarantee that all session activity is permanently erased or overwritten. Any such retention is purely unintentional.
8.7. Because we offer access to the internet over a secure network we have a responsibility to prevent grossly offensive, indecent or threatening messages being sent over our telephone lines. This is particularly important in respect of the Obscene Publications Act (1959 & 1964) and the Telecommunications Act (1984).
9. Privacy when you borrow an item
9.1. Our library management system records the items you have borrowed and we store this information against your account so we know what items you have borrowed and when they are due for return.
9.2. It is protected by a secure login procedure. It can only be accessed by Tavistock and Portman NHS Foundation Trust library employees and by the library management system (KOHA) technical support staff (PTFS Europe).
9.3. Information about the items you have borrowed will NOT be disclosed or sold to third parties. This statement excludes circumstances where the police, Security Service (MI5), the Secret Intelligence Service (MI6), GCHQ or the Secretary of State make a legal request to prevent or detect a crime, or we are compelled to do so by law.
9.4. All personal data in your borrowing account, including loan history will be deleted six months after your membership has expired subject to point 5.
10. Privacy when asking a question
10.1. The library aims to be discreet in responding to enquires of a personal or sensitive nature.
10.2. We also endeavour to protect your confidentiality when dealing with any questions or issues you raise (including telephone and email enquiries).
10.3. However, please be aware that our enquiry desks are located in public spaces and it is possible for conversations to be heard by other users.
10.4. If you have an enquiry of a sensitive nature and wish to discuss this privately, please alert a member of staff who will take you somewhere private.
11. Data breach reporting
Any data breaches involving a risk to data subjects’ rights and freedoms will be reported to the Information Commissioner’s Office and the individuals affected notified within 72 hours of the breach being discovered.
If you have any questions about this policy or if you believe your privacy is being compromised please speak to a member of staff or email: dpo@tavi-port.nhs.uk
How to contact us
Please contact us if you have any questions about our privacy notice or information we hold about you:
Tavistock Centre
120 Belsize Lane
London
NW3 5BA
Tel: 020 7435 7111
Email: SAR@tavi-port.nhs.uk
Make a complaint
If you have a complaint or concern about data protection, please email our Data Protection Officer at dpo@tavi-port.nhs.uk. If you prefer you can write to us at:
Data Protection Officer
Tavistock & Portman NHS Foundation Trust
120 Belsize Lane
London
NW3 5BA
For more information see our privacy notice on the Trust website.