Skip to main content

Library Service Privacy Notice

Privacy notice relating to the processing of personal data by Rhondda Cynon Taf County Borough Council for the purpose of the Library Service

Introduction

This privacy notice is intended to provide information about how Rhondda Cynon Taf County Borough Council (referred to as ‘RCTCBC’, ‘Council’, ‘Local Authority’, ‘we’) will use (or ‘process’) personal data about individuals for the purpose of the Library Service.

This notice should be read in conjunction with;

The Data Controller

The Council is the data controller for the personal data processed for the purposes of the Library Service.

The Council is registered with the Information Commissioner’s Office (ICO) as a controller under reference Z4870100.

Queries relating to this privacy notice

If you have any questions or queries relating to this privacy notice please contact your local Library.

Who we are what we do

RCT has 3 Area Libraries (Aberdare, Pontypridd, Treorchy)  and 10 Branch Libraries (Abercynon, Church Village, Ferndale, Hirwaun, Llantrisant, Mountain Ash, Pontyclun, Porth, Rhydyfelin, Tonypandy) which provides access to a wide range of facilities including free internet and computer usage, easy access to information and advice, books, the purchase of archived pictures etc.

The Library also provides online access to ebooks, eaudiobooks and emagazines and a school library service.

Whose personal data we process

We may process personal data relating to the following individuals for the purpose of the Library Service:

  • Library Service Users

The categories of personal data we process

We may process the following categories of personal data to run the Library Service;

  • Contact details such as name, address, post code, telephone number and email address
  • Personal Identifiers such as D.O.B, library membership reference
  • Identification information such as driving licence, Utility Bill.
  • Financial Information

Why we process the personal data

We process the personal data to run the Library Service. This may include but is not limited to the following activities;

  • Creating and maintaining Library membership records.
  • Completing Identity checks to confirm membership.
  • Providing access to free internet and computer facilities.
  • Processing of payments for items purchased through the library website.
  • If library property is not returned on time, process late return fines.
  • Provide advice and guidance to library members on Library services.
  • Arrange appointments for the One 4 All Centres
  • Provide a School Library Service that provides primary schools with library resources linked to the national curriculum.
  • Arrange events for children and young people to promote their literacy and interest in books.
  • Service Improvement.
  • Provide an ‘At Home’ library service for people who are unable to visit a branch library.

Our lawful basis for processing the personal data

Under the General Data Protection Regulation (GDPR), our lawful basis for processing the personal data for the Library Service is;

  • Public Task - Article 6(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The primary legislation, regulations and guidance that supports this includes, but is not limited to;

  • Public Libraries and Museums act 1964

Who or where we get the personal data from

We may receive the personal data from the following categories of individuals or organisations;

  • Library Service Users
  • RCT Schools
  • Parent/Carers

Who we share personal data with

We may share the personal data with the following key organisations for the purpose of the Library Service.

When sharing the personal data, we only share the minimum amount necessary in relation to the purpose.

Who

Purpose

RCT Finance Department

To process payments for items purchased on the library website or late payment fees.

RCT One4all Centres

To arrange appointments.

RCT Adult & Children Services

To report any safeguarding concerns of any individuals visiting the library.

Emergency Services

  • South Wales Police

Data will be shared for any public safety concerns.

 

Online suppliers of library products

  • Bolinda Audio
  • Overdrive
  • Ancestry.com etc

Allow customers to access online books,audio and magazines

RCT Schools

 

To provide the School Library Service.

Data Processors

A data processor is a company or organisation that processes personal data on our behalf. Our data processors act only upon our instruction. They cannot do anything with the personal data unless we instruct them to do so. They will not share the personal data with any organisation apart from us or use it for their own purposes. They will hold it securely and retain it for the period we instruct.

The categories of data processors we use for the purpose of [enter purpose] is/are;

-        IT system suppliers.

 How long we retain the personal data

We retain the personal data contained within the Kibrary Services records for: 

Length of time

Reason

 

Membership data – Date of membership plus 3 years

 

Membership data is renewed every 3 years

 

Financial data – Date received plus 2-7 years

 

Retention based on type of information and statutory retention.

 

Customer correspondence (query/complaint) – Date of correspondence plus 1 year (or until query is resolved)

 

Business decision to resolve/respond.

 

Donation forms – Indefinately until the donated item is removed from the Library.

 

To evidence donation

 

Accident/Incident forms – date of accident plus 3 years

 

Business decision for any follow up accidents.

 

School Registers – date of activity plus 1 year.

 

Retained for any safeguarding concerns / incidents

In keeping with the General Data Protection Regulation storage limitation principle, records are periodically reviewed. Not all personal data is retained. Only personal data that is relevant to the record is retained for the entire retention period. Information that has no long term or evidential value is routinely destroyed in the normal course of business.  

Your data protection rights

The General Data Protection Regulation (GDPR) gives individuals important rights, including the right of access to the personal data that the Council holds about you.

Click here for further information on your information rights and how to exercise them. 

Your right to make a data protection complaint to the Council

You have the right to complain to the Council if you believe we have not handled your personal data responsibly and in line with good practice.

You can do this by contacting your local library directly.

Alternatively, you can raise a formal complaint via the Council’s Customer Feedback Scheme using the following link (Make a comment, compliment or complaint online) or you can contact the Council’s Data Protection Officer at Information.management@rctcbc.gov.uk.

Your right to make a data protection complaint to the ICO

You also have the right to complain to the ICO if you are unhappy with how we have used your data. However, we encourage you to contact us first and provide us with an opportunity to look into your concern and put things right.

The ICO can be contacted:           

  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Helpline number: 0303 123 1113
  • Website: https://www.ico.org.uk