University Libraries Privacy Notice
Introduction
The University of Chester provides library services and collections across six sites to support the teaching and research of the University’s staff and students. Visitors to the University may be able to join as external borrowers, (including through reciprocal University schemes such as SCONUL) or to use libraries for reference and study purposes. Membership is also offered to Alumni and retired members of staff.
Please check with the library you wish to visit for access rights or any restrictions. Additionally, external borrowers and visitors may be able to access limited e-resources as part of our walk-in access agreement subject to license agreements. In order to facilitate and manage access to our services, collections and membership, the libraries process personal data. You may also provide some personal information on other occasions, for example when contacting the library with an enquiry.
This fair processing and privacy notice details the processing of data for that purpose.
The University of Chester is committed to protecting the rights and freedoms of individuals as detailed in relevant Data Protection legislation including looking after any personal data that it collects, uses or holds. This Data Processing and Privacy Notice describes how and why we collect and use personal information about you. It is issued under your right to be informed about how the University collects, uses and stores your personal data.
Data Protection Principles
We will comply with data protection legislation, which says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up to date
- Kept only as long as necessary for the purposes we have told you about
- Kept securely
What Personal Data does the University collect?
We may collect, store and use personal information from you, from other parties or information generated by your use of LIS library services. Personal contact details such as name (title), addresses, telephone numbers, email addresses, unique identifier, faculty, division, campus and mode of study (eg undergraduate, postgraduate), information about your use of collections, services and facilities, including borrowing history, financial transactions with the library (fines), enquiries and records of email/correspondence (including notes made on your account).
The library’s user community may be categorised as internal users and supplementary users.
- University internal users are our staff and students. Personal information for university staff and students is collected via automated imports of relevant data from central University systems.
- Supplementary library users' (External, Sconul, Visitors, Walk-In, Alumni and retired staff) data is normally collected via paper or online registration forms. Paper records are stored in locked cupboards, with online registration forms held in secure University systems. For our supplementary library users to access our services, you may be required to provide appropriate proof of identification when you visit our in-person Helpdesks, however copies of the identification provided will not be retained by the library.
For users who join through schemes such as Sconul Access we will also hold data that includes your Home Institution, Level of study, Course, Home Institution card number and mode of study (full-time/part-time)
Personal information for staff and students is collected via automated imports of relevant data from central University systems. Information about other supplementary library users is normally collected via paper or online registration forms.
What Special Category Data does the University Collect?
Where information is relevant to your health or disability, your personal details name, student ID may be shared with library services, but not the nature of health conditions or disability. This is to enable the delivery of specific LIS library support services which includes our accessible books service, book retrieval, loan of specialist resources and information support.
Why does the University need this data and how will the University use this data?
The University collects your data for the following purposes:
- To create your library account
- To deliver library facilities and support services to you
- To administer your membership(s) which may be via letter, email, phone or in person
- For document delivery services
- For electronic resources management
- To compile anonymous statistics and conduct research for internal and statutory reporting purposes
What is the Legal Basis for processing the data?
The University will predominantly be processing your data in order to deliver our contracted services to you as a student and staff at the University. We may at times also rely on other legal bases where relevant and compliant with data protection law:
- For the performance of an agreement between you and the University
- Your consent in order to use library services (as a supplementary library user)
- where it is necessary for the performance of a task in the public interest;
- where it is necessary to comply with a legal or regulatory obligation;
- to protect the vital interests of you or of another natural person where you are physically or legally incapable of giving consent;
- for the establishment, exercise or defence of legal claims;
For how long will the University keep this Data?
The University will only retain your data for as long as necessary to fulfil the purposes for which it was collected and in line with any necessary legal, financial accounting or reporting requirements.
In some circumstances we anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you, for example to monitor usage of services and identify statistical trends to aid future service developments.
Records of users listed in the table below will be checked on an annual basis. The retention timeline periods will vary depending on the category the user belongs to.
Where any member accounts have outstanding loans or debts, data can be held for a minimum of 3 years from the expiry of the account and then scheduled into the next annual deletion process
|
Category of user |
Retention period timelines |
Details |
|
Internal Users |
||
|
University staff and students |
3 years
|
University staff and student library accounts will be retained for three years from date of expiry of their account in the library management system and will be subsequently removed in the annual deletion process Where university staff and students have additionally engaged with our document delivery services through the submission of an online form, details will be transferred from the online form to a secure online location. The form will then be deleted, and details held in the secure location for a minimum of 6 years and 1 day to comply with copyright regulations and then scheduled into the next annual deletion process to have data removed
|
|
Supplementary users
|
||
|
Visitors (for reference access) |
6 months |
Paper records recording visitor access dates are stored in lockable cabinets and will be retained for 6 months and will be scheduled into the next annual deletion process and securely disposed of via shredding or confidential waste bins |
|
External members who join with borrowing rights |
6 months |
Completed paper application forms are stored in lockable cabinets. If membership has not been renewed, and the external members record has reached a minimum of 6 months expiry, then this is scheduled into the next annual deletion process, where the library management system record is deleted and the paper registration form securely disposed of via shredding or confidential waste bins
|
|
Sconul users
|
6 months |
Any Sconul users who have joined for borrowing rights and have reached a minimum expiry date of 6 months or more will be scheduled into the next annual deletion process to have their record deleted from the library management system |
|
Walk In access users to IT equipment |
2 years |
Any paper personal records that are stored in locked cabinets will be retained for 2 years and will be scheduled into the next annual deletion process where records will be securely disposed of via shredding or confidential waste bins |
|
Alumni
|
18 months access to specific electronic resources
6 months online forms 18 months access to print collections
6 months paper forms |
Alumni members automatically retain access to specific electronic resources for 18 months following course completion. Beyond this period, Alumni can reapply for continued access for 18 months at a time using an online form.
The online form will be deleted, and those details held in the secure location. When they have reached a minimum of 6 months expiry they will be then scheduled into the next annual deletion process. Alumni and retired members of staff who join library services to access and borrow from our print collections, can apply for membership through our Helpdesks. Paper application forms are submitted and securely stored in locked cabinets. Alumni and retired staff membership is for 18 months at a time. Beyond this period, Alumni and retired staff can reapply for continued access for 18 months at a time by submitting a paper application. Applications are stored in lockable cabinets. Membership forms which have reached a minimum of 6 months expiry date will be scheduled into the next annual deletion process |
|
Retired staff |
18 months access to electronic resources
6 months Online form 18 months access to print collections 6 months paper forms |
Retired members of staff can apply for access to electronic resources for 18 months. Beyond this period, retired staff can reapply for continued access for 18 months at a time using an online form. Details will then be transferred from the online form to a secure online location. The online form will be deleted, and those details held in the secure location which have reached a minimum expiry of 6 months and then scheduled into the next annual deletion process
For use of print services the same retention rules apply as described above for alumni |
Who has access to the data and with whom will the University share this data?
We may share your data with other University departments if access to the data is necessary to perform their roles, for example matters related to use of library services
Library staff and employees of the University who are accessing the Library Management System
Data may be shared with companies providing specific services to, or on behalf of the library. This includes the Library Management systems and cloud based systems supporting the University’s service provision. We ensure our suppliers are subject to strict contractual safeguards to always protect the confidential processing of data.
If you wish to view further information about the privacy practices of the company providing our library management system applications (Alma and Primo) you can access the privacy policy of the company here.
We may be required to share your personal data with other third parties such as law enforcement or emergency services but will only do so in compliance with data protection law.
Data may be shared with a co-operating library who is part of a reciprocal access scheme such as SCONUL
How will the University keep this data secure?
The University of Chester operates an Information Security Policy which recognises that with the increasing demands being placed on ICT and Information Systems there is a need to understand and control, in a coherent manner, the associated risks. The principal objective of the policy is to protect the information, including personal data, held by the University. In support of this policy the University publishes an Information Security Framework which is based on ISO 27001:2005 and uses ISO/IEC 27002:2005 Information Security Techniques – Code of Practice for Information Security Management.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
What Rights do you have as a Data Subject?
As a data subject of the University, under the Data Protection legislation, you have a number of rights with regards to your data, dependent upon the legal basis for processing that data. As such you have the right to…
- Withdraw consent - where the University has used consent as the legal basis for processing;
- Be informed – about how the University, collects and uses your data;
- Access your personal data that the University holds and process;
- Rectify or correct any inaccuracies in your personal data that we hold;
- Be forgotten by requesting that your details are removed from the University systems;
- Restrict the processing of your data whilst it is being verified or corrected;
- Port your data in a machine readable and commonly used format;
- Object to certain processing by the University including direct marketing, automated decision making, profiling, scientific/historical research and statistics;
The above rights are not absolute and may only apply in some circumstances such as being dependent upon which lawful process has been used or whether an exemption may apply.
Who is the Data Controller?
The Data Controller is the University of Chester, Parkgate Road, Chester, CH1 4BJ.
The University’s Data Protection Officer (DPO) may be contacted at the University’s address and also by email on dataprotection@chester.ac.uk.
How to raise questions, comments, concerns, or complaints.
Should you have any questions, comments, concerns or complaints regarding the use of your personal data you should contact the University’s Data Protection Officer as detailed above.
You may also raise any concerns or complaints with the Information Commissioner’s Office who may be contacted as follows:
Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire
SK9 5AF www.ico.org.uk
Changes to this Notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.