Privacy notices

Our culture and library services provides various library events, culture and heritage. We understand that our audiences, library users and partners expect privacy in their transactions with us and for their information to be both secure and used only for the purposes for which it is provided.

We are committed to protecting your privacy when you use our services. This privacy notice explains how we use personal information about you and how we protect your privacy. Under the requirements of Data Protection Legislation including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, this notice applies to any activity involving our use of your personal data, for example, collecting, storing, sharing, and destroying personal information.

What information we collect

The library service collects personal information appropriate to the requirements for using the library service. This includes:

• your name
• address
• date of birth
• email address and other contact details
• gender
• ethnicity
• disability
• sexual orientation

Our cultural services also collect information related to the delivery of projects, events and cultural initiatives. This can also include the above, though often this level of detail is not required. 

We will only ever ask for data which is necessary for us to measure the impact of a programme. In most cases, this does not require the recording of name, date of birth, address or contact information. 

Why we collect your information

We use your data to:

• carry out our statutory functions of providing library services
• provide you with additional services such as internet use in libraries and remote access to digital services such as e-books, where you have asked for this service
• develop cultural programmes which are representative of the audiences and communities we serve
• produce statistics and reports to research and plan new services
• assess performance and set targets for service improvement
• monitor and evaluate the quality of service we provide
• review the impact of programmes delivered

We will ask for additional information relating to gender, ethnic background and disability to enable us to compile statistics. This data does not identify individuals. Provision of this information is at your discretion, and you may decide not to give it to us.

Who we share information with

The data you provide may be accessible to the suppliers of our library management systems. Anonymised data may also be shared with:

• contracted partners to analyse and evaluate the impact of our programmes
• external programme funders
• programme delivery partners

These suppliers have committed to handling data in accordance with the principles in the General Data Protection Regulations (GDPR) and the Data Protection Act (2018). And will only do so to the extent that it is required to maintain the library management systems and evaluate cultural programmes.

We are required to uphold the law and protect the public funds they administer. Information provided to us may be shared with other bodies responsible for:

• auditing
• administering public funds
• undertaking a public function
• preventing and detecting crime, including fraud

We will not add your email address to any external mailing lists and we will not disclose these details to third parties unless permitted or required by law. We will keep your email address on file internally and may contact you regarding your library account. You will only receive marketing emails relating to library events and services if you specifically sign up for this service. Your emails to us may be forwarded to library officers to action, unless your email specifically does not consent to this.

The lawful basis for information usage

We are legally required to provide a library service under the Public Libraries and Museums Act 1964 and in order to provide the service efficiently and carry out this public task, we need your consent to hold and process your data. If you do not provide this we will be unable to provide a library service to you. We have a legitimate interest in holding your data for audit and quality control and to enable the handling of enquiries and complaints.

Data collated through audience and participant surveys related to cultural programmes is held by consent. Sharing of data in these ways is not mandatory for audiences or project participants. We may be contractually obliged to gather data related to the impact of cultural programmes when receiving external grant funding. This may include requests for data to be shared with us as part of grant funding agreements, or with other partners for the purpose of measuring the impact of a cultural programme against its aims. 

Collecting information lawfully

Whilst the majority of children and young person's information provided to us is mandatory due to compliance with a legal obligation, some of it is provided to us on a voluntary basis. To comply with the GDPR and other data protection laws, we will inform you whether you are required by law to provide certain information to us; if you do have a choice to provide information that is not mandatory, your explicit consent will be requested. You do have the right to withdraw your consent if this is applicable to processing your data. If this is the case, we will let you know.

The parent/carer is responsible for their child's consent up to age 16. From age 16 onwards the young person can provide their own consent.

Storing information

Personal data will not be retained for longer than necessary in relation to the purposes for which they were collected. There is usually a legal reason for keeping your personal information for a set period of time. If you require more information about our retention schedule please contact us at croydoncentrallibrary@croydon.gov.uk or ask a member of the library staff.

For queries related to the processing of data for cultural programmes please contact culture@croydon.gov.uk.

Requesting access to your personal data

Under GDPR and the Data Protection Act 2018, you have the right to request access to information that we hold about you. To make a request for your personal information contact the Council at SAR@croydon.gov.uk.

Further information

The GDPR and the Data Protection Act 2018 gives you a number of rights to control what personal information is used by us and how it is used by us. Information about your data rights is listed in our corporate privacy notice.

If you have any questions or concerns about the way we collect, store or use your personal information, please contact the library staff in the first instance at croydoncentrallibrary@croydon.gov.uk.

For independent advice about data protection issues, you can contact the Information Commissioner's Office (ICO) at www.ico.org.uk.

We reserve the right to amend this privacy notice at any time and will keep it under review. If we do make any changes, we will add the current version to this web page.

Last updated: April 2023