Library and Learning Resources Privacy Notice
Library and Learning Resources [LLR] at Canterbury Christ Church University is committed to protecting the privacy and security of your personal information.
This privacy notice applies to all Library & Learning Resources users (LLR) . It describes how we collect and use personal information about you in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
- Whose personal data do we process?
- What information does the University collect?
- How is your personal information collected?
- How we use your personal information
- What is our lawful basis for processing your personal data?
- Who we might share your data with
- How long will we hold your data
- Security
- The Data Controller and further information
- Version Control
Whose personal data do we process?
This privacy policy applies to the following Canterbury Christ Church University LLR users:
- Staff and Students of Canterbury Christ Church University.
- Alumni
- Associates
- External Memberships (incl paid members, SCONUL members)
- Members of the public
What information does the University collect?
We may collect, store and use personal information from you, from other parties, or information generated by your use of LLR services.
The types of data we collect for LLR Users are:
- Contact details such as name, address, telephone number(s), email address.
- Your Unique Identifier
- Information about your use of the LLR collections, services and facilities;
- Your financial transactions with the Library, including payment method
- Enquiries made by you as a user of LLR.
- Records of email or other correspondence (including any notes made on your account)
- We may also collect, store and use more sensitive personal information about your health, disability or other special needs where this is relevant to your use of LLR services.
For SCONUL Access members we collect personal data on:
- Home institution
- Level of study
- Course
- Home institution card number
- Mode of study (full-time / part-time)
How is your personal information collected?
We collect personal information about students:
- Via automated imports of relevant data from central University systems.
- Via online or paper forms.
- LLR activities throughout the period you are registered with us.
How we use your personal information
- For the continuous improvement of our services.
- To create your library account.
- To administer your membership(s), which may be by letter, email, phone or in person.
- To give you the appropriate information, support and services.
- To provide support services for users with disabilities.
- For document delivery services.
- For Electronic Resources Management (information about electronic records on hold or purchased).
- To communicate about LLR news and membership.
- To ensure that all marketing communications you receive from us are relevant;
- To ask you to take part in surveys related to LLR.
- To compile anonymous statistics and conduct research for internal and statutory reporting purposes.
- To meet our responsibilities under equalities and health and safety legislation.
- For archival purposes.
What is our lawful basis for processing your data?
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
Public task
The processing is necessary for the performance of a task in the public interest of for our official functions.
The legislation relating to processing data under this lawful basis can be found in UK GDPR, Article 6(1)(e):
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.”
Legitimate interests
The processing is necessary for the University’s legitimate interests or the legitimate interests of a third party in providing or supporting the provision of higher education, unless your interests and fundamental rights override that interest.
The legislation relating to processing data under this lawful basis can be found in UK GDPR, Article 6(1)(f):
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
Contractual obligations
The University will process your data to enable it to meet its contractual obligations to you.
The legislation relating to processing data under this lawful basis can be found in UK GDPR, Article 6(1)(b):
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.”
Who we might share your data with
We will only share personal data that is relevant and proportionate for the practical delivery of the service. When we share personal data as detailed above we ensure that security is maintained. The following organisations and individuals receive your information:
- LLR staff who support your use of LLR services and facilities.
- Finance staff who administrate your financial transactions.
- Companies or organisations providing specific services to, or on behalf of, LLR. This includes the Library Management system and cloud-based systems supporting the university's service provision
- On occasion and where necessary in accordance with the law, the police and other law enforcement agencies.
- Personal Academic Tutors in support of your personal academic development purposes.
- NHS library staff in cases where there are matters relating to breach of NHS library regulations.
- Any co-operating library who is part of any reciprocal access schemes.
Other than to the above, LLR will not divulge data to third parties relating to your Library loans or status at the University. This includes other people undertaking loans or paying fines on your behalf, which can only be undertaken if you have previously given written consent to permit this.
Student data may be shared in accordance with the main student privacy notice.
How long will we hold your data
|
Data |
Retention period |
Method of retention |
|
Personal details |
Students and Staff: 1 year after the expiry of your account Borrower membership: 1 month after expiry of account [unless there are debts or outstanding loans which can be held for up to 7 years.] |
Library management system [LMS] – (cloud based). Sconul Access –on LMS and paper form. Borrower membership – cloud based, Microsoft 365 applications Learning Skills Team tutorial bookings – Microsoft Bookings Learning Skills Team meetings, tutorials and actions taken – Microsoft Forms User feedback – Microsoft Forms |
|
History of borrowing library materials |
Students and Staff: 1 year after the expiry of your account Borrower membership: 1 month after expiry of account. [unless there are debts or outstanding loans which can be held for up to 7 years.] |
Library management system (cloud based). |
|
History of charges/fines. |
Students and Staff: 1 year after the expiry of your account Borrower membership: 1 month after expiry of account. [unless there are debts or outstanding loans which can be held for up to 7 years.] |
Library Management System (cloud based). Bills –Microsoft 365 applications (clou-based). |
|
Fine appeals |
3 months |
Microsoft 365 applications (cloud-based). |
|
Online payments |
2 months |
Microsoft 365 applications (cloud-based). |
|
Records of emails or other correspondence |
3 months |
Microsoft 365 applications (cloud-based). |
|
Document Delivery |
7 years to comply with copyright regulations |
Microsoft 365 applications (cloud-based). |
In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Security
The University takes the security of your data seriously. The University has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
Where the University engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
The Data Controller and further information
Canterbury Christ Church University is the Data Controller for this personal data.
Please click the link below to access further information regarding:
- The Data Controller
- The name and contact details of the University Data Protection Officer
- Where to make a complaint
- Your rights as a Data Subject
- How to contact the Regulator
Version Control
| Title: | Privacy Notice - Library and Learning Resources |
| Applicable to: | Students, Employees, General Public |
| Approved By: | Library and Learning Resources |
| Date approved: | 12 Feb 2024 |
| Date of review: | 12 Feb 2024 |
| Date last amended: | 12 Feb 2024 |