Privacy Notice for Libraries and Archives
Westminster City Council Libraries and Archives Service collects and uses personal information about its members and service users. The council is registered as a Controller under the Data Protection Act (DPA) 2018.
This Privacy Notice broadly explains what information we collect, the purpose for using the types of personal information and who we may share it with.
Purpose for processing your information
We use information about our members and service users to carry out specific functions for which we are responsible. There are a variety of reasons why we work with different individuals and ways that we collect data to support access to our services. We process personal data to:
- provide membership and access to a wide range of Library and Archives services, including access to collections, ICT, activities and resources.
- keep you informed of news from the service.
- enable participation in our events, programmes, courses and activities;
- improve services, resolve complaints and answer enquiries.
- provide commercial services at your request.
- document the origins of deposits made to the archive services.
- manage and deliver partnership programmes.
- ensure compliance with all relevant legislation, by-laws and Health and Safety regulations.
We collect the following information:
The information you provide helps us to enable access to our services and meet our legal duties and responsibilities. The personal information we collect and process includes:
- first name
- last name
- postal address
- email address
- telephone number/s
- date of birth
- lifestyle and social circumstances
- financial details
- employment and education details
- housing needs
- visual images
- details of personal appearance and behaviour
- familial relationships
We also collect special category data such as ethnicity, gender, health and disability as part of our inclusiveness strategy to address inequalities. These will be actively analysed anonymously for statistical reporting on trends etc.
This information is only used for its intended purpose, but if we intend to use it for any other purpose, we will normally ask you first. In some cases, the council may use your information for another purpose if it has a legal duty to do so, to provide a complete service to you, to prevent and detect crimes (for example, fraud), or if there is a risk of serious harm or threat to life.
Your personal information is only used for a specified purpose(s), but if we intend to use it for any other new purposes, we will normally ask you first. For instance, in some cases, the council may wish to use your information for another purpose, such as related to improving and developing services, or to prevent or detect fraud. In any event our processing will always have a demonstrable lawful basis. Where practicable and reasonable, we will always seek to inform you of any significant proposed changes to how we process or intend to process your personal data in order to ensure full transparency over how we handle your information.
Our legal basis for processing personal data is supported by the Public Libraries and Museum Act 1964. Under the UK GDPR the lawful basis is Article 6(1)(e) Public task. However, in some cases we may also rely on Article 6(1)(a) Consent to register service users to our newsletter mailing list.
The condition for processing special category personal data such as ethnicity, disability status etc. is Article (2)(a) Explicit consent.
How we collect your information
We collect information in a number of ways, for example, via membership registration forms, letters, email, face-to-face, telephone, other online forms, and surveys. These include but are not limited to:
Our policy is to respect and protect the privacy of anyone who visits our websites. Where we ask you for personal information via an online form, this information will only be used for the purpose indicated and will be held in a secure manner. It will not be used for any other purpose without your permission and will not be kept for longer than necessary. If you are concerned about providing your personal information online, please contact us, and we will arrange alternative means for you to provide this information.
Who the information is shared with
Where necessary we will share information with Council departments and services as well as other organisations such as our partners, third party contractors and services, government bodies and the police.
We will only share information with these organisations where it is appropriate and legal to do so. We may also share information, for example, if there is a risk of serious harm or threat to life, for the prevention and detection of fraud or crime, assessment of any tax or duty or if we are required to do so by any court or law. Where this is necessary, we are required to comply with all aspects of the DPA’18.
Details for Transfers
It may sometimes be necessary to transfer personal information overseas. When this is needed, information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the DPA’18.
How long do we keep your information?
We will only keep your information for as long as is required by law and to provide you with the necessary services in line with our stated retention policy. In general information is kept for six years after end of membership, account being inactive or loan returned.
We may also anonymise some personal data you provide to us to ensure that you cannot be identified and use this data to allow the council to effectively target and plan the provision of services. We may also use this type of data for research purposes although no personal data will be shared.
Your rights and access to your information
You have the right to request a copy of the information that we hold about you.
The Data Protection Act 2018 also gives you additional rights that refer to how the council holds and uses your information. Consequently, under certain circumstances, by law, you have the right to:
- withdraw consent and the right to object and restrict further processing of your data; however, this may affect service delivery to you.
- request to have your data deleted where there is no compelling reason for its continued processing and provided that there are no legitimate grounds for retaining it.
- request your data to be rectified if it is inaccurate or incomplete
- have your data transferred or copied should you move to another authority
- not be subject to automated decision-making, including profiling
Find out information about how to submit a Subject Access Request.
Please visit our data protection web pages for further details on how the council complies with the Data Protection Act 2018
If you have any concerns
Please contact us if you would like to know more about the information we hold about you and how we use it.
You have a right to complain to us if you think we have not complied with our obligation to handle your personal information; please visit our data protection web pages.
If you are not satisfied with the council’s response, you have a right to complain to the Information Commissioner’s Office (ICO). You can report a concern by visiting the ICO website.
Changes in your circumstances
You must notify us immediately if there are any changes in your circumstances and personal details so we can maintain an accurate and up to date record of your information.