Privacy Notice | Library Rules, Policies & Notices | Libraries | Libraries

Privacy Notice for Kingston Libraries Service

This privacy notice is to be read in conjunction with the full council privacy notice.

This privacy notice sets out how the Libraries Service at the Royal Borough of Kingston upon Thames will use and process your information. The Libraries Service is the joint data controller, along with the Royal Borough of Kingston upon Thames council as our parent body

What type of information is collected about you?

Personal details; including name, address, email address, telephone number(s), date of birth
If you consider yourself to have a disability (but not the nature of your disability)
Where you register your children (under 16) for their own Library card we will also hold their contact details and date of birth, in association with your account
We allow non-members of the library to use our PC’s as a guest user once for free, before requiring you to sign up or pay for the use of the computers. In order to manage this, we will keep a record of your first name and surname for 12 months
We may collect IP address and information regarding what pages are accessed when using our public access PCs and our online reference resources and ebook providers
Once your account has been created, we will also record a loan and transaction history to help us maintain the service

We may also collect sensitive personal data that may include:

Health
Racial or ethnic origin
Gender and sexual orientation
Religious or other beliefs of a similar nature

Sensitive, or Special Category Data, is afforded special protection due to the very personal nature of the data being provided. Sometimes we engage in surveys to understand who is using our services and how we can better serve our communities. Normally these surveys will be anonymous and the data we gather aggregated so you cannot be identified. However, if we do not make the information provided anonymous we will inform you separately and seek Your Consent (see ‘Legal Basis’ below).

We need your information for the following services and functions:

We collect your information in order to provide you with the full range of Library Services. The services we provide are:

Borrowing and reserving books and other items
Provision of public access computers, printing and scanning
Accessing Library Online Resources and ebooks
A reference and enquiry service
Events and Activities

We will also use your information for our wider functions which are:

Communicating with you about your Library account and the Libraries Service
The prevention and detection of misuse of Library Services

Who your information may be shared with:

We may share some of your information, for example your name and address, internally with other departments in the Council and:

The Libraries Consortium (All data) - Your Kingston library card allows you to access services at a range of partner Library authorities. In order to do this we share a single Library Management System (LMS), containing your data, with these other libraries. All members sign an Information Sharing Agreement, which confirms that partner authorities will abide by the GDPR and data protection principles. Please ask a member of library staff for a copy of this agreement if you would like to read it
Sirsi Dynix Corporation (All data) - Sirsi Dynix provides our Library Management System (LMS). All personal data is entered into their encrypted database. Sirsi Dynix only operates within the UK or in countries with which the EU has an adequacy decision in place. Sirsi Dynix is cloud based and so may transfer some data to servers in the USA and SirsiDynix retains US Privacy Shield membership for any transfer
Google Workspace, (formerly G Suite) (All data) - Kingston council uses Google Cloud to provide council email and other documents, some of your data may be recorded in, for example, Google Docs or emails for internal lists of borrowers and staff communication. Google is registered with the US privacy shield for any data transfers to servers in the USA
Bibliotheca GmBH Ltd (Library Card Number, Item Barcodes and Name)- Bibliotheca provide the software and hardware for our self service machines. Personal data is stored on the machines hard drive and Library card numbers may be accessible when the machines are updated through remote technical support. Bibliotheca is registered with the US privacy shield
Ebook providers: Bolinda Borrowbox, EBSCO, Overdrive, RB Digital and Ulverscroft (Library card number and name) - If you would like to register for our ebook services, your Library card number and name will automatically be shared with our ebook suppliers and external supplier sites may ask you to complete a registration form, with consent options for further contact. Where you provide your details, the privacy policy of the ebook service provider will apply

Online resources: Britannica, Go Citizen, Driving Test Theory Pro and Oxford Library Online (Library Card Number and Name)- If you would like to register for our online reference services, your name and library card number will be shared with the providers of these services.
Where you register for these services the providers privacy policy will apply and we recommend you regularly review the privacy settings on each site
The Reading Agency (all data)- Where they assist us in managing activities such as Reading Friends or the Summer Reading Challenge and we supply data to monitor the effectiveness of the scheme (data supplied will usually be anonymous and aggregated)
Video Conferencing Platforms: Meet Up Call (Progressive Voice Services Limited), PowWowNow (Via-Vox Limited) and Zoom (name, email address, telephone number)- Where we supply your email address or phone number for example so you can join an online event. We will ask you to sign up for the event and make you aware before we supply your details
Achieving for Children (Parents name, Child’s name and date of birth and postcode) - Some data may be shared with AfC for the purposes of registering for Rhyme Time and other sessions for children in the Libraries. You will be informed at the time if we are planning to share data for specific sessions with AfC. AfC may also contact parents with updates about their services, where marketing consent has been given
Police and other Law Enforcement Agencies (Data where legally required) - Where we are legally obliged to do so and when the correct legal authority has been obtained

The legal basis for processing your information

Library Membership

Our legal basis for processing your data to create a library membership account is Public Task. The Royal Borough of Kingston upon Thames is required to provide a ‘comprehensive and efficient’ library service to all those who live, work or study in the borough under the Public Libraries and Museums Act 1964. In order to fulfil this statutory function we require your data to create and manage your library account and deliver an efficient service which protects public assets. This includes collecting and using your data to contact you regarding your account.

Marketing

For sending you updates on library events or general council marketing and updates, we will ask for Your Consent to use your data

Event Registration

For most events, we will only ask for your name when registering in branch. If we need any further information, we will ask for Your Consent and inform you why we need further details. For some events we also use Eventbrite to manage the registrations, Eventbrite requires your first name, last name and email address. You can see Eventbrite’s privacy policy here: Eventbrite Privacy Policy

Guest Users of Public Access PCs

We allow non-members of the library to use our PC’s as a guest user once for free, before requiring you to become a member or pay for the use of the computer. In order to manage this, we will keep a record of your first name and surname for 12 months and ask to see some proof of identification. Our lawful basis for this is Public Task as the provision of an information service is integral to our statutory function, for which we provide access to public PC’s primarily to members of our service, managing bookings to allow fair access for all.

Sensitive Personal Data (Special Category Data)

If we ask you for special category data which we intend to make personally identifiable, we would inform you at the time why we would like the data and will also ask for Your Consent. We will not make it compulsory to provide such data.

If you share special category data with other library services within The Libraries Consortium they may apply a different policy and so the above only applies when you are sharing the data with Kingston Libraries Service.

RFID Tags

There is a small chance the Radio Frequency Identification (RFID) tags our self-service machines use to identify items can be read by an external reader. This could allow someone with an RFID reader to access the item barcode number without your knowledge on an item you have borrowed. Please ask a member of library staff for our statement on this small risk or check our catalogue website.

How we will process your personal information (data)

We will collect, hold and process your data to provide you with the full range of services available from Kingston Libraries Service.

We will process your data in line with the requirements of the General Data Protection Regulations and the Data Protection Act 2018.

Your data will only be processed within countries outside of the UK and EU where the necessary requirements of the General Data Protection Regulations and the Data Protection Act 2018 are met.

How long will we keep your information

Your membership data will be held for as long as you remain an active library member. If your membership is not used for 18-24 months it will be presumed to be inactive and so will be deleted from our library management system and we will securely destroy any paper record of your library application that we are holding (unless the account is in debit or there are outstanding items, in which case the data will be stored until the debt is resolved).

We are obliged to keep some records for legal purposes and also for audit and fraud prevention and to resolve complaints. In these instances, we have to keep information for as long as is required by law and in line with our retention schedule (please ask a member of staff if you would like to access this)

Where we have taken your name for guest (non-member) use of the Public access PCs we will keep your data for 12 months

Where we have taken your details to register for library events, we will keep the data for the event and for up to eight weeks following the event after which it will be securely destroyed. If you have registered for a library event via Eventbrite, the information is kept for five months via Eventbrite as this is the minimum period before we can remove the details of the event and your personal data from our Eventbrite account

Your rights as a Kingston Libraries Service Member (data subject)

Under the General Data Protection Regulations (GDPR) you have certain rights as a Kingston Libraries Service Member. These rights are outlined below:

The right to be informed

You have a right to understand why we collect your data and how we will process it. Details of this are outlined in other sections of this document.

The right of access

You have the right to access any data that we hold about you. If you do this we may ask you to prove your identity before we release your data to you.

The right to rectification

If you believe that any information we hold about you is incorrect, you have the right to have it corrected. This is not an absolute right and we will investigate a request for rectification and amend the data immediately if we agree that it is wrong.

The right to erasure (the right to be forgotten)

If you no longer wish to use Kingston Libraries Service you can request that your data is removed from our records. We will only do this where there are no outstanding loans, fees or other issues on your account. Enforcing this right will affect your ability to access some of the services offered by Kingston Libraries Service.

The right to restrict processing

You have the right to ask us to restrict how we use your data. Depending on the restrictions you ask us to make this may affect your ability to access some of the services offered by Kingston Libraries Service.

The right to object

You have the right to object to us using your data for some specific purposes, in particular direct marketing. If you have given us your consent to send you our Newsletter and other information updates you can withdraw your consent at any time

For more information on your individual rights, please visit: https://www.kingston.gov.uk/info/200175/your_council_democracy_and_elections/1438/data_protection_and_your_rights&sa=D&ust=1583191232541000&usg=AFQjCNGuYEgPW5rnAIuYUklL_dDADtvqtg

Further information

If you have any concerns about Kingston Libraries Service Privacy Notice or our use of your personal data, in the first instance please contact the Operations Manager, Michaela Newman at michaela.newman@kingston.gov.uk

If you are not entirely satisfied with the response that you receive you can contact Kingston Council’s Information Governance Team at dpo@kingston.gov.uk

If you do not receive a timely response or are still unsatisfied with the response you can contact the Information Commissioner's Office at

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Telephone: 0303 123 1113

https://ico.org.uk/

Privacy Notice last updated February 2021

Privacy Notice for Kingston Libraries Service

This privacy notice is to be read in conjunction with the full council privacy notice.

What type of information is collected about you?

Personal details; including name, address, email address, telephone number(s), date of birth
If you consider yourself to have a disability (but not the nature of your disability)
Where you register your children (under 16) for their own Library card we will also hold their contact details and date of birth, in association with your account
We allow non-members of the library to use our PC’s as a guest user once for free, before requiring you to sign up or pay for the use of the computers. In order to manage this, we will keep a record of your first name and surname for 12 months
We may collect IP address and information regarding what pages are accessed when using our public access PCs and our online reference resources and ebook providers
Once your account has been created, we will also record a loan and transaction history to help us maintain the service

We may also collect sensitive personal data that may include:

Health
Racial or ethnic origin
Gender and sexual orientation
Religious or other beliefs of a similar nature

We need your information for the following services and functions:

We collect your information in order to provide you with the full range of Library Services. The services we provide are:

Borrowing and reserving books and other items
Provision of public access computers, printing and scanning
Accessing Library Online Resources and ebooks
A reference and enquiry service
Events and Activities

We will also use your information for our wider functions which are:

Communicating with you about your Library account and the Libraries Service
The prevention and detection of misuse of Library Services

Who your information may be shared with:

We may share some of your information, for example your name and address, internally with other departments in the Council and:

The Libraries Consortium (All data) - Your Kingston library card allows you to access services at a range of partner Library authorities. In order to do this we share a single Library Management System (LMS), containing your data, with these other libraries. All members sign an Information Sharing Agreement, which confirms that partner authorities will abide by the GDPR and data protection principles. Please ask a member of library staff for a copy of this agreement if you would like to read it
Sirsi Dynix Corporation (All data) - Sirsi Dynix provides our Library Management System (LMS). All personal data is entered into their encrypted database. Sirsi Dynix only operates within the UK or in countries with which the EU has an adequacy decision in place. Sirsi Dynix is cloud based and so may transfer some data to servers in the USA and SirsiDynix retains US Privacy Shield membership for any transfer
Google Workspace, (formerly G Suite) (All data) - Kingston council uses Google Cloud to provide council email and other documents, some of your data may be recorded in, for example, Google Docs or emails for internal lists of borrowers and staff communication. Google is registered with the US privacy shield for any data transfers to servers in the USA
Bibliotheca GmBH Ltd (Library Card Number, Item Barcodes and Name)- Bibliotheca provide the software and hardware for our self service machines. Personal data is stored on the machines hard drive and Library card numbers may be accessible when the machines are updated through remote technical support. Bibliotheca is registered with the US privacy shield
Ebook providers: Bolinda Borrowbox, EBSCO, Overdrive, RB Digital and Ulverscroft (Library card number and name) - If you would like to register for our ebook services, your Library card number and name will automatically be shared with our ebook suppliers and external supplier sites may ask you to complete a registration form, with consent options for further contact. Where you provide your details, the privacy policy of the ebook service provider will apply

Online resources: Britannica, Go Citizen, Driving Test Theory Pro and Oxford Library Online (Library Card Number and Name)- If you would like to register for our online reference services, your name and library card number will be shared with the providers of these services.
Where you register for these services the providers privacy policy will apply and we recommend you regularly review the privacy settings on each site
The Reading Agency (all data)- Where they assist us in managing activities such as Reading Friends or the Summer Reading Challenge and we supply data to monitor the effectiveness of the scheme (data supplied will usually be anonymous and aggregated)
Video Conferencing Platforms: Meet Up Call (Progressive Voice Services Limited), PowWowNow (Via-Vox Limited) and Zoom (name, email address, telephone number)- Where we supply your email address or phone number for example so you can join an online event. We will ask you to sign up for the event and make you aware before we supply your details
Achieving for Children (Parents name, Child’s name and date of birth and postcode) - Some data may be shared with AfC for the purposes of registering for Rhyme Time and other sessions for children in the Libraries. You will be informed at the time if we are planning to share data for specific sessions with AfC. AfC may also contact parents with updates about their services, where marketing consent has been given
Police and other Law Enforcement Agencies (Data where legally required) - Where we are legally obliged to do so and when the correct legal authority has been obtained

The legal basis for processing your information

Library Membership

Marketing

For sending you updates on library events or general council marketing and updates, we will ask for Your Consent to use your data

Event Registration

Guest Users of Public Access PCs

Sensitive Personal Data (Special Category Data)

RFID Tags

How we will process your personal information (data)

We will collect, hold and process your data to provide you with the full range of services available from Kingston Libraries Service.

We will process your data in line with the requirements of the General Data Protection Regulations and the Data Protection Act 2018.

Your data will only be processed within countries outside of the UK and EU where the necessary requirements of the General Data Protection Regulations and the Data Protection Act 2018 are met.

How long will we keep your information

Where we have taken your name for guest (non-member) use of the Public access PCs we will keep your data for 12 months

Your rights as a Kingston Libraries Service Member (data subject)

Under the General Data Protection Regulations (GDPR) you have certain rights as a Kingston Libraries Service Member. These rights are outlined below:

The right to be informed

You have a right to understand why we collect your data and how we will process it. Details of this are outlined in other sections of this document.

The right of access

You have the right to access any data that we hold about you. If you do this we may ask you to prove your identity before we release your data to you.

The right to rectification

The right to erasure (the right to be forgotten)

The right to restrict processing

The right to object

Further information

If you are not entirely satisfied with the response that you receive you can contact Kingston Council’s Information Governance Team at dpo@kingston.gov.uk

If you do not receive a timely response or are still unsatisfied with the response you can contact the Information Commissioner's Office at

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Telephone: 0303 123 1113

https://ico.org.uk/

Privacy Notice last updated February 2021

Notices

Social Media

Contact us

We may also collect sensitive personal data that may include:

We may also collect sensitive personal data that may include: