Skip to main content
Brighton and Hove Libraries
Advanced search

Privacy Notice

Libraries Service Privacy Notice

We are committed to protecting your personal information.

The council is the data controller for purposes of the Data Protection Act (2018), and The General Data Protection Regulation (EU) 2016/679 ("GDPR") and is also registered as a data controller with the Information Commissioner’s Office (ICO).

As a data controller, we have a responsibility to make sure you know why and how your personal information is being collected. This is according to relevant data protection law.

The primary laws which govern how Brighton & Hove City Council collects and uses personal information (known as data) about you are:

What data we collect from you

Personal data

  • Contact details (including name, address, email address, phone number)
  • Date of birth
  • Financial details for the purposes of receiving or making payments

Special category data

  • Physical or mental health details
  • Racial or ethnic origin
  • Gender and sexual orientation

Why we’re collecting your data

We are collecting your data for the following purposes:

  • Your information will be used to set up and manage your library account.
  • To update you on any changes to our service, for example opening and closure times.
  • To let you know about consultations and surveys we run.
  • To let you know about events and activities we are running.
  • The use of Closed-Circuit Television (CCTV) for staff safety, crime prevention and detection.
  • We may use your information to provide adequate services, for example catering for hearing, visual impairment and mobility difficulties.
  • We may use photos on social media, our website, or on signage, and may upload recordings of events online. This will be done with your consent.

Our legal basis for collecting your data

  • The Public Libraries and Museums Act 1964 to provide library services throughout the city of Brighton and Hove
  • GDPR Article 6 (a), (c), (e)
  • GDPR Article 9 (g)
  • Data Protection Act 2018, Schedule 1, Part 2 (8) and (10)

Who we’ll share your data with

We are part of a consortium of libraries called SELMS (South East Libraries Management Services). We may share your joining information to allow borrowing from any library in the consortium. Other libraries will be able to see your personal data only if you choose to borrow something in person from a partner library or if you choose to pick up a reserved item from a partner library. Find out more information about SELMS.

We may use the information we hold about you with Sussex Police to assist in the detection and prevention of crime or fraud.

Test and trace

In line with government guidance we will comply with test and trace protocol to provide customer information where necessary when customers have visited a library. This is personal data generated by logging onto a public PC, using self-service, or with a transaction facilitated by a member of staff. Full details on GOV.UK .

How long we will keep your data

We will not keep your data for longer than is necessary, subject to any legal obligations we have to retain the data.

Library management system data may be kept for up to 2 years from when your library membership was last active to meet audit requirements. However, if you have unreturned items or outstanding debt your data may be retained for 7 years.

If you are attending an event or activity you will be required to sign in. This information will need to be kept for 3 years.

CCTV footage is normally held for 30 days and may be shared with the police for the prevention and detection of crime.

How we store your data

We will store your information on electronic databases, document management systems and on paper records.

How we protect your data and keep it secure

Examples of the security measures we use include:

  • Training for our staff to ensure they handle information securely and know how and when to report issues.
  • Encryption when data is being sent, meaning it is scrambled so others cannot read it without an unlock key.
  • Pseudonymisation of data where possible, meaning identities are removed so individuals cannot be identified.

Controlling access to systems and networks prevents unauthorised access to your personal information.

We regularly test our technology and ways of working, including applying the latest security updates (patches).

Transferring your data outside the European Economic Area

Your data is not processed outside the European Economic Area.

Your rights

Check your rights in relation to your personal information .

How to get advice or make a complaint

If you want to discuss any of your data protection rights, you can:

Contact the Data Protection Officer online

Phone: 01273 295 959

Email: data.protection@brighton-hove.gov.uk

Information Commissioner’s Office (ICO)

The ICO is the national regulator with responsibility for ensuring compliance with data protection.

We would prefer you to contact us first with any concerns, but you can also contact the Information Commissioner to make a complaint:

  • On their website
  • By phone: 0303 123 1113
  • By post: Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Changes to this privacy notice

This privacy notice will be reviewed whenever there is a change.