University Libraries Privacy Notice

Introduction

The University of Chester provides library services and collections across seven sites to support the teaching and research of the University’s staff and students. Visitors to the University may be able to join as external borrowers, (including through reciprocal University schemes such as SCONUL) or to use libraries for reference and study purposes. 

Please check with the library you wish to visit for access rights or any restrictions.  Additionally, external borrowers and visitors may be able to access limited e-resources as part of our walk-in access agreement subject to license agreements. In order to facilitate and manage access to our services, collections and membership, the libraries process personal data. You may also provide some personal information on other occasions, for example when contacting the library with an enquiry.

This fair processing and privacy notice details the processing of data for that purpose. 

The University of Chester is committed to protecting the rights and freedoms of individuals as detailed in relevant Data Protection legislation including looking after any personal data that it collects, uses or hold. This Data Processing and Privacy Notice describes how and why we collect and use personal information about you. It is issued under your right to be informed about how the University collects, uses and stores your personal data.

Data Protection Principles

We will comply with data protection legislation, which says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

What Personal Data does the University collect?

Visitors who do not hold a library membership card or require walk in access to a computer will provide the following data on each visit to the library: Name and Address including postcode via a printed form. You will also be asked to provide the postcode from where you travelled and the means of transport.

The Library manages interactions through Sierra Library Management Systems (LMS) from Innovative and Library Search from Proquest. These systems are hosted on secure servers off campus. Circulation of resources to borrowers are managed through the LMS. Data will be held on the system when you register as a borrower to manage loans, reservations, fines and borrowing status. If an item is on loan to you and it is required by another user the library will act as the agent and recall the item on behalf of the requestor anonymously.  Where selected e-resources are available for access, provided by third parties through the University’s systems you are strongly encouraged to read the privacy notices of such services before engaging with them.

What Special Category Data does the University Collect?

No special category data is collected for this purpose.

Why does the University need this data and how will the University use this data?

The University collects this data for the purposes of allowing visitors access to the service, for health, safety and welfare, law enforcement, crime prevention, security and/or safety purposes. 

What is the Legal Basis for processing the data?

The University will process your data predominately for the purpose relating to the performance of an agreement/contract between you and the University. We will also process for the purposes of:

  • where it is necessary for the performance of a task in the public interest; where it is necessary to comply with a legal or regulatory obligation;
  • to protect the vital interests of you or of another natural person where you are physically or legally incapable of giving consent;
  • for the establishment, exercise or defence of legal claims;
  • for reasons of substantial public interest, on the basis of UK law;

For how long will the University keep this Data?

The University will only retain your data for as long as necessary to fulfil the purposes for which it was collected and in line with any necessary legal, financial accounting or reporting requirements. 

On an annual basis, completed forms for reference access and for users who have joined for borrowing rights will be reviewed. Any paper or electronic personal records that have reached a 6 month or more expiry date at this point will be securely disposed of via paper format or if held electronically, deleted from the system. 

Completed walk-in access forms will be reviewed on an annual basis. Forms that have a completion date of 2 years or more will be securely disposed of. 

Who has access to the data and with whom will the University share this data?

Library staff and staff dealing with the Library Management System in Faculties.

Suppliers of our library systems who provide systems support are subject to strict contractual safeguards to ensure the confidential processing of data at all times. This data may be shared with certain third parties for the purposes of either law enforcement or under the appropriate licencing contract

How will the University keep this data secure?

The University of Chester operates an Information Security Policy which recognises that with the increasing demands being placed on ICT and Information Systems there is a need to understand and control, in a coherent manner, the associated risks. The principal objective of the policy is to protect the information, including personal data, held by the University. In support of this policy the University publishes an Information Security Framework which is based on ISO 27001:2005 and uses ISO/IEC 27002:2005 Information Security Techniques – Code of Practice for Information Security Management.

Paper records are held, and at point of removal are securely disposed of. 

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current.  Please keep us informed if your personal information changes. 

What Rights do you have as a Data Subject?

As a data subject of the University, under the Data Protection legislation, you have a number of rights with regards to your data, dependent upon the legal basis for processing that data. As such you have the right to…

  • Withdraw consent - where the University has used consent as the legal basis for processing;
  • Be informed – about how the University, collects and uses your data;
  • Access your personal data that the University holds and process;
  • Rectify or correct any inaccuracies in your personal data that we hold;
  • Be forgotten by requesting that your details are removed from the University systems;
  • Restrict the processing of your data whilst it is being verified or corrected;
  • Port your data in a machine readable and commonly used format; 
  • Object to certain processing by the University including direct marketing, automated decision making, profiling, scientific/historical research and statistics;

The above rights are not absolute and may only apply in some circumstances such as being dependent upon which lawful process has been used or whether an exemption may apply.

The following table details the right that accompany each lawful basis.

 

Table detailing the various rights that accompany each lawful basis; see GDPR chapter III

 

You may contact the University’s Data Protection Officer as necessary regarding your rights. 

Who is the Data Controller and who is the Data Protection Officer?

The Data Controller is the University of Chester, Parkgate Road, Chester, CH1 4BJ. The Data Controller’s representative is Mr Adrian Lee, University Secretary, who may be contacted at the University address and on 01244 511000

The University’s Data Protection Officer (DPO) is Rob Dawson. He may also be contacted at the University’s address and telephone number and also by email on dpo@chester.ac.uk

How to raise questions, comments, concerns, or complaints.

Should you have any questions, comments, concerns or complaints regarding the use of your personal data you should contact the University’s Data Protection Officer as detailed above. 

You may also raise any concerns or complaints with the Information Commissioner’s Office who may be contacted as follows:

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk

Changes to this Notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Learning and Information Services (LIS) Library Privacy Notice