Library Services - Privacy notice

Croydon Council Library Service provides to its customers various library services. We understand that library users expect privacy in their transactions with us and for their information to be both secure and used only for the purposes for which it is provided. We are committed to protecting your privacy when you use our services. This Privacy Notice explains how we use personal information about you and how we protect your privacy. Under the requirements of Data Protection Legislation including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, this notice applies to any activity involving our use of your personal data, for example, collecting, storing, sharing, and destroying personal information.

What Information We Collect

We collect personal information appropriate to the requirements for using the library service. This includes:

  • your name
  • address
  • date of birth
  • email address and other contact details
  • gender
  • ethnicity
  • disability

Why We Collect Your Information

We use your data to:

  • enable us to carry out our statutory functions of providing library services
  • This information also enables us to provide you with additional services such as internet use in libraries and remote access to digital services such as e-books, where you have asked for this service.
  • We will ask for additional information relating to gender, ethnic background and disability to enable us to compile statistics. Such data does not identify individuals. Provision of this information is at your discretion, and you may decide not to give it to us.
  • produce statistics and reports to research and plan new services.
  • assess performance and set targets for service improvement
  • monitor and evaluate service provision, and review the quality of service we provide

Who We Share Information With

The data you provide may also be accessible to the suppliers of our library management systems. These suppliers have committed to handling data in accordance with the principles in the General Data Protection Regulations (GDPR) and the Data Protection Act (2018), and will only do so to the extent that it is required to maintain the library management systems. The Council is required by law to uphold the law and protect the public funds they administer. It may share information provided to them with other bodies responsible for crime prevention, auditing, administering public funds, or where undertaking a public function, in order to prevent and detect crime including fraud.

We will not add your email address to any external mailing lists and we will not disclose these details to third parties unless permitted or required by law. We will keep your email address on file internally and may contact you regarding your library account. You will only receive marketing emails relating to library events and services if you specifically sign up for this service. Your emails to us may be forwarded on to various library officers to action, unless your email specifically does not consent to this.

The lawful basis on which we use this information

Croydon Council is legally required to provide a library service under the Public Libraries and Museums Act 1964 and in order to provide the service efficiently and carry out this public task, we need your consent to hold and process your data. If you do not provide this we will be unable to provide a library service to you. We have a legitimate interest in holding your data for audit and quality control and to enable the handling of enquiries and complaints.

Collecting this information

Whilst the majority of children and young person’s information provided to us is mandatory due to compliance with a legal obligation, some of it is provided to us on a voluntary basis. To comply with the GDPR and other data protection law, we will inform you whether you are required by law to provide certain information to us; if you do have a choice to provide information that is not mandatory, your explicit consent will be requested. You do have the right to withdraw your consent if this is applicable to processing your data. If this is the case, we will let you know.

The parent/carer is responsible for their child’s consent up to age 16. From age 16 onwards the young person can provide their own consent.

Storing this information

Personal data will not be retained for longer than necessary in relation to the purposes for which they were collected. There is usually a legal reason for keeping your personal information for a set period of time. If you require more information about our retention schedule please contact us at or ask a member of library staff.

Requesting access to your personal data

Under GDPR and the Data Protection Act 2018 you have the right to request access to information that we hold about you. To make a request for your personal information contact the Council at .

Further information

The GDPR and the Data Protection Act 2018 gives you a number of rights to control what personal information is used by us and how it is used by us. Information about your data rights is listed in the Council’s Privacy Notice on the Council’s website.

If you have any questions or concerns about the way we collect, store or use your personal information, please contact the library staff in the first instance at

For independent advice about data protection issues, you can contact the Information Commissioner’s Office (ICO) at .

We reserve the right to amend this Privacy Notice at any time and will keep it under review. If we do make any changes, we will post the current version to our website at this address.

Last updated: May 2018