Privacy Notice Library Service

1. Identity and contact details of the Data Controller

The University of Gloucestershire is registered with the Information Commissioner’s Office as a Data Controller and is committed to protecting the rights of individuals in line with Data Protection legislation. A copy of this registration can be found here.

2. Contact details of the Data Protection Officer

The Data Protection Officer is responsible for advising the University on compliance with Data Protection legislation and monitoring its performance against it. If you have any concerns regarding the way in which the University is processing your personal data, please contact the Data Protection Officer at:

Data Protection Officer
University of Gloucestershire
Registrar’s Directorate
Fullwood House
The Park
Cheltenham, GL50 2RH
Email: dpo@glos.ac.uk

3. What information do we collect about you?

a) This privacy policy applies to the following University of Gloucestershire Library users:

• Alumni
• Members of the public
• Staff and students of higher education institutions eligible through the Sconul Access scheme
• Members of the University of Gloucestershire Library including:
i. BGAS
ii. Associates (inc contract staff, visiting lecturers, emeritus professors)
iii. External Memberships (inc individuals, corporate, schools, charities)

b) The University of Gloucestershire Library collects personal data in order to undertake various functions. We promise to respect any personal data you share with us and keep it safe. We aim to be clear when we collect your data and not do anything with it you would not reasonably expect.

c) If you become a member of the Library we will ask you to provide us with:
• Your name
• Address
• Telephone number(s)
• Email address(es)
• Date of birth

d) As you use the Library, whether in person, online or by telephone, we will also collect:
• Information about your use of the Library’s collections, services and facilities;
• Your financial transactions with the Library, including payment method;
• Your enquiries directed through our Helpzone.

4. How will your information be used?

Personal data collected and processed by us may be used for the following purposes:
• For the continuous improvement of library services;
• To administer your membership(s), which may be by letter, email, phone or in person;
• To give you the appropriate information, support and services;
• To communicate about Library news and membership;
• To ensure that all marketing communications you receive from us are relevant;
• For internal administrative purposes (such as our accounting and records), and to let you know about changes to our services or policies;
• To ask you take part in surveys related to the Library;
• To understand how external members use the Library;
• SCONUL statistical returns;
• For archival purposes.

All library users must comply with the library regulations. If you do not abide by our regulations we may share your personal data with the appropriate University departments or teams in the course of following disciplinary procedures.

5. What is our lawful basis for processing your personal data?

Public task: the processing is necessary for the University to perform a task in the public interest or for our official functions.

Legitimate interests: the processing is necessary for the University’s legitimate interests or the legitimate interests of a third party in providing or supporting the provision of higher education, unless your interests and fundamental rights override that interest.

Performance of your Student Contract: the University will process your data to enable it to meet its contractual obligations to you.

6. Who your personal information is shared with?

The University of Gloucestershire will never sell your data to third parties. We will only share personal data that is relevant and proportionate for the practical delivery of the service. When we share personal data as detailed above we ensure that security is maintained. The following organisations and individuals receive your information:
• Library staff who support your use of library services and facilities;
• Finance and Planning staff who administrate your financial transactions;
• OCLC WorldShare library management system;
• Sunrise enquiry management system;
• Agresso financial management system;
• Sharepoint content management system;
• Credit card payments are handled by our payment partner WPM Education.

7. Transfers to third countries and safeguards in place

Your data will only be transferred within the European Economic Area (EEA). Organisations and suppliers based inside the EEA will be subject to the same data protection laws as companies based in the UK.

8. How long will your information be held?

Your personal data will be destroyed and deleted from our systems one year after the termination of your library membership, subject to your rights outlined below.

9. Security

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. In response to Government advice regarding the security of data, the University has made the decision to change its user account policy. You can it read here. As a result:

• You will need to create a complex password which has a minimum of 14 characters and contains three of the following: capital letter, lowercase letter, symbol or numeral;
• Following five unsuccessful login attempts, accounts will be locked for 1 hour;
• From 1 June 2018, you will be invited to change your password. Anyone changing their password will need to adhere to the new policy.

10. Cookies

• Cookies are files, often including unique identifiers, that are sent by web servers to web browsers, and which may then be sent back to the server each time the browser requests a page from the server.
• Cookies can be used by web servers to identity and track users as they navigate different pages on a website, and to identify users returning to a website.
• Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
• Further details on the cookies used by OCLC / WorldCat are available here.

11. What are your Rights?

Under Data Protection legislation you have the following rights:

• to request access to, and copies of, the personal data that we hold about you;
• to request that we cease processing your personal data
• to request that we do not send you any marketing communications;
• to request us to correct the personal data we hold about you if it is incorrect;
• to request that we erase your personal data;
• to request that we restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
• to receive from us the personal data you have provided to us, in a reasonable format specified by you, to another data controller;
• to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights and freedoms.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

Any requests or objections should be made in writing to the University’s Data Protection Officer, using the contact details in Section 2 of this Privacy Notice.

12. How to make a complaint

If you have queries, concerns or wish to raise a complaint regarding the way in which your personal data has been processed you should contact the Data Protection Officer in the first instance, using the contact details under Section 2 above.

If you still remain dissatisfied, then you have the right to apply directly to the Information Commissioner’s Office (ICO) for a decision. The ICO can be contacted at:
Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk