Library privacy statement
Who are we?
The Kent County Council (KCC) Public Health and Social Care (PHSC) Library provides library and knowledge services to those working in public health in Kent. It is part of the KCC Public Health Department and part of Kent London Surrey Sussex Joint Inter Lending and Document Delivery Group. To register you as a member, the library collects certain personal information about you. When we do so, we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws. Our Data Protection Officer is Benjamin Watts.
The personal information we collect and use
Information collected by us
If you apply for the e-bulletin only, we collect the email address to which you want the bulletin sent.
If you apply for library membership, we ask for:
- your title, name, work address, work email address and work phone number;
- your role, your department and your employer;
- the name of your work supervisor, your home phone number and any alternative email address.
Information passed to us
The PHSC Library obtains personal information from NICE OpenAthens if you choose to apply for an OpenAthens account that will allow you to access the content of subscribed journals and databases. This content has been purchased by the library and its partners. Please see OpenAthens own privacy statement if you wish to apply for an account. Details are available on this page of our website http://www.kpho.org.uk/library-services/resources/open-athens.
If you borrow one of the PHSC Library’s books or articles through another library in the Kent London Surrey Sussex Joint Inter Lending and Document Delivery Group, we may be sent your name and library ID.
How we use your personal information
We only request the information need to provide the services the form is being filled in for.
If you request to be added to the e-bulletin mailing list only, your e-mail address will be used to deliver the weekly e-bulletin. Occasionally, we may write to you about factors affecting the e-bulletin service. The lawful basis for processing your data is contract.
If you apply for membership of the library, the lawful basis for processing your data for provision of the services is contract. For example:
We collect information which is necessary to provide services such as books, journals, databases, OpenAthens access, the e-bulletin and training. This includes title, name, work address, work email address and work phone number.
We collect information about your employer, your department and your work role in order to target our services to users and to judge the eligibility of users for paid services. The services may be supplied by us directly or through us by other organisations such as Public Health England. We will use the information you supply about your employer to judge eligibility for services that you have requested to access through OpenAthens. These include access to the full text of paid journals, books and databases;
We also collect your personal data on the lawful basis of protect our legitimate interests. For example, to enable us to recover unreturned books we ask for the name of your work supervisor, your home phone number and any alternative email address.
On the basis of legitimate interest, anonymised data about your department and employer is used to compile statistics about users so as to enable us to evaluate and plan services. This information may be used to inform service level agreements.
If you apply for membership of the library, we may use your personal information to:
- to inform you of services such as training which are designed to enhance your access to resources;
- to inform you of service changes or interruptions that will affect your access to resources;
Where you have used your membership of the library to request a service, for example a literature search, for the performance of a task that you are carrying out in the public interest or in the exercise of official authority vested in the controller, then Article 6 1 (e) of the GDPR is the lawful basis on which we collect and use your personal data. Details of your name and job role may be shared with others working on the same task.
How long your personal data will be kept
The email address of subscribers to only the e-bulletin will be kept for up to one year, when you will be asked whether you want to re-request the bulletin.
You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at firstname.lastname@example.org.
If the bulletin is returned from your email address as undeliverable or blocked, we will assume you want to unsubscribe and your email address will be deleted. If you want to receive the bulletin but your organisation or settings block mass mailing, you will need to ask your email admin to add the email@example.com to your accept list
Membership form to join the PHSC Library:
The completed form will be used to enter your title, name, work address, email address, supervisor, employer and work role onto the library management system and contact system as appropriate, with any optional services you have requested.
The completed form will then be kept securely for the two years of your library membership and for a maximum of 13 months after membership has expired. Then the form will be destroyed, provided all library books have been returned. The original form is kept because it contains some information, including home telephone number or alternative email contact details, which is not transferred to the shared electronic database. The data is held for 13 months after expiry because of the time required to compile all service statistics at the end of the year. The data in these service statistics is anonymised.
If there are outstanding loans of books, your personal data will be kept until all reasonable attempts to retrieve the books or payment for the books have been exhausted. Alternative and home contact details will not be used for any other purpose than to pursue the return of overdue books where the borrower is unobtainable through work channels. If you are charged replacement costs for a book, the retention policy for financial information will be in line with Kent County Council’s retention policy.
What happens when you unsubscribe from a library mailing list? You will be removed from any regular mailing lists to which you were subscribed, such as the e-bulletin list, but you may still receive occasional emails about library or Athens services if you have continued your library or Athens membership. Your personal data will remain on the email contacts database and the library management system for the remainder of your two year membership and for the 13 month expiry period.
What happens if our emails are returned from your mailbox as being blocked? Your contact details will be treated as if you had unsubscribed from the PHSC Library mailing list, as above. NOTE: some company emails reject the e-bulletin because it is a mass mailing. You may be able to add the library email firstname.lastname@example.org to your approved mailing list to avoid this happening.
What happens if our emails are returned and your mailbox is described as unobtainable or unfound? You will be assumed to have terminated your membership of the library and your record will be treated as below:
What happens if you terminate your membership of the library? Your library and any Athens account will be amended to show your new finishing date. Under normal circumstances, your personal data will remain on the email contacts database and the library management system for the 13 month expiry period, but you should not receive any emails. Your details will be removed from the Athens database in accordance with OpenAthens own privacy statement available on this page of our website http://www.kpho.org.uk/library-services/resources/open-athens .
Who we share your personal information with
The following data will be transferred from the library membership form to the electronic library management system which we share with the Kent London Surrey Sussex Joint Inter Lending and Document Delivery Group: name, role, work address, work email, type of employer, type of role. Contact the library on PHSClibrary@kent.gov.uk for further details of employer and employment categories.
The library management system will create a record of username, PIN number and book loans. Staff may enter manually into the system a record of contacts with the member. Your full electronic membership information will be visible to members of the PHSC Library staff via the password protected library management system. You will be able to use your library username and PIN to log into South East Libraries Search and see the record of your personal information and loans history. You can change your PIN to a number of your choice but this change in PIN will become visible to PHSC Library’s own staff after the daily system update.
The PHSC Library will use the personal information in the library management system for the purposes of issuing and receiving back books or documents that you request from our library or from a library within the Kent Surrey Sussex Joint Inter Lending and Document Delivery Group. If you request a book, the PHSC Library will share the following information with the staff of other libraries within the Kent Surrey Sussex Joint Inter Lending and Document Delivery Group: member’s title, full name and username. Your full electronic record is password protected from other library staff but would be visible to the regional administrators of the system if sought.
Anonymised statistics of library users will be shared within Kent County Council and also with our regional (London and Southeast Health Education England) network lead office.
If you request OpenAthens access to databases and the full text of documents, the following data will be transferred from the library membership form to the OpenAthens database: name, role, work address, work email, type of employer, type of role. The library will create an OpenAthens username for you which will be visible to PHSC Library administrators and OpenAthens staff. You will be asked to set your own password. At the end of your Athens membership period, or sooner if you request, your Athens account will be deleted. If your Athens account is not activated within one month of being set up by library staff, it will be deleted automatically. See OpenAthens own privacy statement for details, available on this page of our website http://www.kpho.org.uk/library-services/resources/open-athens . If you request an account from OpenAthens directly, OpenAthens will share the request with the PHSC Library administrators.
The PHSC Library OpenAthens administration staff will use the personal information in the OpenAthens system to maintain your access to your account. You may receive occasional emails about changes to service provision. Anonymised statistics of resources accessed through OpenAthens will be shared within Kent County Council and and may be shared with our regional (London and Southeast Health Education England) network lead office.
Where you have used your membership of the library to request a service, for example a literature search, for the performance of a task that you are carrying out in the public interest or in the exercise of official authority vested in the controller, details of your name and job role may occasionally be shared with others working on the same task.
We will share personal information with law enforcement or other authorities if required by applicable law.
Our library webpages contain links to other websites, for example, on our page of “Useful websites”. Please note that once you have used these links to leave our site, this privacy statement no longer applies, and we cannot be responsible for the protection and privacy of any information which you provide or which is collected when you visit those sites.
Under the GDPR you have a number of rights which you can access free of charge which allow you to:
- Know what we are doing with your information and why we are doing it
- Ask to see what information we hold about you
- Ask us to correct any mistakes in the information we hold about you
- Object to direct marketing
- Make a complaint to the Information Commissioners Office
Depending on our reason for using your information you may also be entitled to:
- Ask us to delete information we hold about you
- Have your information transferred electronically to yourself or to another organisation
- Object to decisions being made that significantly affect you
- Object to how we are using your information
- Stop us using your information in certain ways
We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. As we hold health and social care data in a de-personalised form it is not possible for us to honour your rights directly. Please contact your GP surgery to opt out of data sharing for health information and your social worker or case manager for social care information.
For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioners Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise a right, please contact the Information Resilience and Transparency Team at email@example.com.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Who to contact
Please contact the Information Resilience and Transparency Team at firstname.lastname@example.org to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.
You can contact our Data Protection Officer, Benjamin Watts, at email@example.com.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner.
Last Updated: May 2018.