Library Services

Privacy Notice

Why do we collect and use this information?

Hampshire County Council (‘County Council’) is the data controller for the collection and use of personal information about you and/or your child/ren for the purpose of providing you with library services.

We process personal and special category data, where relevant, and use it for the following purposes:

  • to process applications for a membership to the library and manage this membership, including ensuring children are only provided access to appropriate material;
  • to send reminders for items approaching return date and to issue charges for overdue items if you have opted in to receive notifications;
  • to provide you with a newsletter and other marketing materials if you have opted to receive such material;
  • to provide access to the Digital Library through the relevant applications;
  • to accommodate requests for a room booking and the use of other library facilities;
  • to record and manage your attendance at events and groups hosted by the library;
  • to manage involvement in the Learning in Libraries scheme on behalf of the Hampshire Futures service at Hampshire County Council, including processing images where permission has been received;
  • to process relevant information to provide the home library service to individuals who may be unable to attend libraries in person;
  • to operate CCTV cameras on the library sites and review footage where there is a valid reason to do so;
  • to enable children’s participation in the Summer Reading Challenge;
  • to allow you to book and use a computer through the County Council’s, Netloan system;
  • to allow you to utilise other facilities provided by the library such as printing facilities;
  • to make and cancel (waive) payments where appropriate for services provided by Library Services;
  • to respond to queries and customer feedback;
  • to review and evaluate library services and to make service improvements where appropriate;
  • ensure compliance with our obligations under the accuracy principle of the UK General Data Protection Regulation (Article (5)(1)(d)), making sure our records about you are up to date.

The categories of information that we collect, hold and share

We collect different types of Personal Data and Special Category Data depending on the activity being undertaken.

We may collect the following types of information:

  • your or your child’s personal information such as name, date of birth, contact details, library card number and membership information;
  • your care status or whether you have any accessibility concessions in order to assess what type of membership you are eligible for;
  • relevant health data if you are attending the library such as any dietary requirements, allergies or accessibility requirements;
  • the school you or your child attends;
  • your or your child’s image maybe captured on library CCTV;
  • with your or your child’s agreements photographs or video recordings may be taken of you at an events or groups hosted by the library;
  • financial information if you choose to pay for services through the County Council’s Online Shop;
  • details of groups or events booked and attended; and
  • any feedback, complaints and queries you have provided.

The lawful basis on which we use this information

We collect and use the information you provide us with ensuring that we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA2018) requirements for processing through:

  • Article 6(1)(e) – the processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;
  • Article 6(1)(f) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child;
  • Article 9(2)(g) – Necessary for reasons of substantial public interest on the basis of Union or Member State law which is proportionate to the aim pursued and which contains appropriate safeguarding measures;
  • Sch.1, Pt.2, 1 – Substantial public interest conditions, for processing under the DPA2018.

These articles under the UK GDPR and the DPA2018 are supported by the following specific legislation:

  • The Public Libraries and Museum Act 1964;
  • The Equality Act 2010; and
  • The Localism Act 2011

Storing and Securing Data

The personal information provided to us regarding your involvement with Library Services will be held within the Libraries Information Management System (IMS). The information held within the Libraries IMS will be kept in line with our retention schedule and then disposed of as appropriate. Any third party processors that hold County Council data are required to comply with our instructions and may only process personal data outside of the UK in accordance with the UK GDPR.

Library Services also utilise the following applications to hold your personal information where relevant:

  • The Borrowbox application which enables access to our digital library;
  • The Netloan application will allow you to book and use a computer at your local library;
  • Eventbrite is used to help book you onto events being hosted by the library;

The information held within these systems will be kept in line with our retention schedule and then disposed of as appropriate. The above applications hold data outside of the EEA. All information held within these systems is encrypted when in transit between County Council users of the system and the data centre the information is hosted within. Hampshire County Council has ensured the supplier of these applications meet the appropriate security standards and are satisfied the applications are compliant with the principals of the UK GDPR.

Information will also be stored within the County Council’s wider Document Management System (DMS). The information held within the County Council’s DMS will be kept in line with our retention schedule and then deleted as appropriate. Any third party processors that hold County Council data are required to comply with our instructions and may only process personal data outside of the UK in accordance with the UK GDPR.

The County Council takes its data security responsibilities seriously and has policies and procedures in place to ensure the personal data held is:

  • prevented from being accidentally or deliberately compromised;
  • accessed, altered, disclosed or deleted only by those authorised to do so;
  • accurate and complete in relation to why we are processing it;
  • continually accessible and usable with daily backups; and
  • protected by levels of security ‘appropriate’ to the risks presented by our processing.

The County Council also ensures its IT Department is certified to the internationally recognised standard for information security management, ISO27001.

Who do we share information with?

We do not share information with anyone unless there is a lawful basis that allows us to do so. The information then shared under a lawful basis will be necessary, relevant and proportional to the task being undertaken and will only be processed in line with the purposes stated above.

Information is shared between the Information Management system and other applications utilised by Library Services in order to authenticate users across the different applications. This function is utilised to protect the safety of users and to ensure that only age appropriate material can be accessed.

Library Services share information with schools as part of your child’s participation in the summer reading challenge. Library Services may also share information or CCTV footage with the police if an incident requiring their involvement has happened on site.

Requesting access to your personal data and your rights

Under data protection legislation, individuals have the right to request access to information about them that we hold. To make a request for your personal information please contact the Children’s Services Department’s Subject Access Request (SAR) Team.

You also have the right to:

  • prevent processing for the purpose of direct marketing unless we have your consent;
  • object to decisions being taken by solely automated means;
  • ask to have your personal information deleted;
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations.

Further information

Further information about library services.  

The above information is the specific privacy notice for this service. For more information about your rights in relation to your personal data, see the County Council’s general privacy notice.

You have some legal rights in respect of the personal information we collect from you. See our Data Protection page for further details.

You can contact the County Council’s Data Protection Officer by email [email protected].

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office.