Library Privacy Notice
General statement
This privacy policy sets out how Liverpool School of Tropical Medicine collects and uses information collected from you within its Library systems and processes. We take your personal privacy very seriously and work within the legislative framework of the General Data Protection Regulation (GDPR).
Purpose
Personal information collected to facilitate your use of library systems including self-issue, circulation of stock and inter-library loans.
What information is being collected & what is the legal basis for collecting the data?
To facilitate 24-hour access allowing issues, returns, renewals etc. we operate a self-service issue system which interacts with our library management system. We also use other technologies to enable the scanning and recording of the collection so that it can be loaned to you.
To process your inter-library loan request, we collect information about you including name, LSTM ID, status (e.g. staff or student), department or course, e-mail address and details of all requests place. Where applicable, we may add information to your record which will form part of our later reporting as per our “Inter Library Loan (ILL) and Document Delivery Policy”.
We are processing this data for the performance of the contract under which we provide services to staff and students.
Who is collecting it?
Library Staff. Some information is also collected when you register with us for your studies or as an employee. This is then transferred to other systems in a secure manner.
How is the information collected?
To lend items to you, the item is scanned via the self-service unit or by a member of library staff. The details from that item are matched to your personal details which are registered on our library management system.
For the inter-library loans service, the data is collected online via a tailored registration process and some details, e.g. contact telephone number are optional.
How the information is being used, stored and protected?
Information collected through our self-service system is used to ensure that a customer’s library account is accurate and that all transactions are recorded correctly on our library management system. This data will be anonymised. Information about the RFID tags used is displayed inside the library and adjacent to the self-service units.
Information collected as a part of the inter-library loan process is only used to process customer requests for documents and inter-library loans and to produce meaningful statistics.
Our Library systems are cloud based and we take care to ensure that they are secure, and password protected.
Who will the information be shared with?
LSTM Library staff have access to the data and transactions may be recorded on our library management system.
Generally, we do not share the data, however, in the case of inter-library loans and document delivery, a customer’s email address is automatically sent to the British Library (BL) when they supply a digitised version of a requested item.
Retention of data and updating your information
Personal information on our systems is retained according to our retention schedule. For most information this will be a defined period after you have finished your course or employment with LSTM. In some cases, e.g. copyright declarations we have a legal obligation to retain them longer as per The Limitations Act 1980 (5) which means that copyright declarations must be kept for 6 years.
In the case of some data collected by systems which interact with each other, transactions may be logged for a specified period and retained by systems but are then deleted.
Information linking previously borrowed items with customers’ records will be deleted as part of regular house-keeping tasks as outlined in our retention schedule.
How will the collection of data affect the data subject?
In the case of the RFID technology used to issue and circulate library stock, the technology itself poses no risk to the public, but when applied to a library book it could be used under certain, exceptional circumstances to inform a third party about which book the customer has borrowed from the library. In most cases this is harmless, but in some circumstances a book might indicate an individual’s lifestyle, political affiliation, sexual orientation or other sensitive or special characteristic. For this to happen, the information from the tag would have to be read and then cross-referenced with the title information held within the library management system.
Another possible use of the RFID tag technology would be to track the movements of a citizen if that tag was read at very close location at several locations. Given that there is a hypothetical risk of this happening, LSTM Library has included it to alert customers to the possibility.
If a customer is found to have breached copyright law, the stored data may (if necessary) be used to prove the copyright declaration was confirmed at the time of the request. (Requests are only processed where the terms of the copyright declaration have been acknowledged).
Your rights and how to find out what information we hold about you
The GDPR gives individuals of the following rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure (to be forgotten)
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
If you wish to exercise any of the rights above, please get in touch via the contact details below.
How to contact us
If you would like further information about our privacy policy or to make an access request for your personal data please contact us at library@lstmed.ac.uk or:Head of Information Services
The Library
Liverpool School of Tropical Medicine
Pembroke Place
Liverpool
L3 5QA
If you wish to complain please contact our Data Protection Officer by email dataprotection@lstmed.ac.uk or by post Data Protection Officer, LSTM, 3 Pembroke Place, Liverpool, L3 5QA. If you are not satisfied with your response you have the right to complain to the Information Commissioner’s Office via https://ico.org.uk