Privacy notice - Library and Information Service
This privacy notice covers users of the Library and Information Service.
East Sussex County Council takes data protection seriously. Please be assured that your information will be used appropriately in line with data protection legislation, will be stored securely and will not be processed unless the requirements for fair and lawful processing can be met.
What information is being used?
Personal details required to become a member of the Library and Information Service.
To set up a membership account and then manage it, we will ask for and process the following personal data:
- full name
- date of birth
- contact details (including address, email address and phone number).
Children’s membership accounts:
A child under the age of 16 will require a parent or carer to be a guarantor and to provide consent for the child to have access to online services.
How will your information be used?
Your information will be used to set up and manage your library account. It will hold a record of your transaction history. We will use your contact details (email address or postal address) to notify you about reservations and items on loan.
Your personal details will be linked to your membership number (also known as the library card number), this may be used to identify you and manage your library account as above. You can use your membership number and PIN to access your account from our website.
We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never sold for direct marketing purposes.
Our staff are trained to handle your information correctly and protect your confidentiality and privacy.
Your information is processed outside of the European Economic Area.
The majority of your personal data will be stored within the European Economic Area (EEA). The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway.
For some services we may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA such as Australia or the USA. If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this privacy notice.
What is the legal basis for processing your information?
The Library and Information Service delivers a statutory service, under the Public Libraries and Museum Act 1964 local authorities are required to provide a Library Service. To delivery and effectively manage this public task it is necessary to collect and process your personal data.
We will ask your consent for your name and email address to be used to email you information about the service, our Libraries eNewsletter. We will ask for your consent in order to processes personal data relating to IT loans.
How long will your information be kept for?
We will retain your personal details while you are an active member of the Library Service.
Providing certain conditions are met, we will retain your data for 3 years after you stop accessing our services. After that, your personal details will be deleted unless you have any outstanding fines, in which case we retain your data for 7 years after you stop accessing our services.
Your personal data is stored in a database, the Library Management System.
At the end of the retention period, your data will either be deleted completely or anonymised so that it can be used in a non-identifiable way for statistical analysis and business planning.
Details on the retention of information stored in relation to an exclusion can be found in our Records Retention and Disposal Schedule.
Sharing your information
Your personal information will be made available to those members of our staff who need to see it in order to perform their functions, roles and responsibilities in the Library and Information Service.
Any sharing of personal data is always done:
- on case-by-case basis
- using the minimum personal data necessary
- with the appropriate security controls in place
- in line with legislation.
Information is only shared with those agencies and bodies who have a "need to know" or where you have consented to the sharing of your personal data to such persons.
We may use the information we hold about you to assist in the detection and prevention of crime or fraud. We may also share this information with other bodies that inspect and manage public funds.
Use of third party organisations
East Sussex County Council may share your information with trusted external organisations to process your data on our behalf.
Your Library account will provide you access to a range of subscriptions purchased by the Library and Information Service.
To effectively manage and provide you with a comprehensive range of service, the Library and Information Service makes use of expert third party service providers to perform functions and or provide services on our behalf (such as self-service kiosks, card payment devices). These third party service providers (“Data Processors”) may use your personal information in order to assist the Library and Information Service, or to provide the agreed Service to you on our behalf. All of our Data Processors are bound by strict contractual terms in order to ensure that your personal information will be protected appropriately.
- Library Management System – Civica
Personal data is stored in the Library Management System to enable us to manage your account, including loans, reservations and transaction history.
- Self-Service kiosk – Bibliotheca
Personal data will be used by Bibliotheca to enable identification, required to process transactions.
- People’s Network Computers and WiFi access – Insight Media/iCAM
Personal data will be used by iCAM to enable identification, required for you to sign in to access the WiFi or computer.
- Card payment provider – WorldPay
Personal data will be used by WorldPay, to process any card payment.
- Automated renewals phone line – Talking Tech Itiva
Personal data will be used by Talking Tech Itiva to enable identification.
- eBooks and eAudio provided by OverDrive
Personal data will be used by OverDrive to enable identification.
There are a limited number of third party providers where being a member of the Library and Information service will enable you to access a service. You will need to set up an account with them to access those services. For these providers we do not control or process your personal data.
Any organisation commissioned by the Council will be under contractual obligation to comply with data protection legislation.
Under data protection legislation, you have the right:
- to be informed why, where and how we use your information
- to ask for access to your information
- to ask for your information to be corrected if it is inaccurate or incomplete
- to ask for your information to be deleted or removed where there is no need for us to continue processing it
- to ask us to restrict the use of your information
- to ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information
- to object to how your information is used
- to challenge any decisions made without human intervention (automated decision making)
Please visit data subject rights for further details.
How to find out more or complain
Should you have any further queries on the uses of your information, please speak directly to our service:
Email: Library Admin Team
Library Admin Team
East Sussex County Council
Unit D, Ropemaker Park
You can also contact the Information Commissioner's Office (ICO) for further information or to make a complaint:
Information Commissioner's Office
Cheshire SK9 5AF
Phone: 0303 123 1113 (local rate)