How your data will be processed
Your data will be processed by Library and Knowledge Service staff in the BASE Library Consortium in accordance with the General Data Protection Regulation (GDPR) and Data Protection Act 1998 (“the 1998 Act”) for the purposes of administration and providing library and knowledge services to you.
Your data will be held in the United Kingdom by an ISO27001 accredited supplier that agrees to comply with the GDPR and the 1998 Act.
Lawful basis for processing
We collect your personal data and process your information to provide library and knowledge services to you under legitimate interests.
We ask your consent to contact you about library services under the consent legal basis. You can opt in and out of marketing options from your account.
Accessing your personal data
You can obtain a full record of your account and personal data by contacting your library.
Changing your personal data
It is your responsibility to rectify or to inform us of any changes to your personal information. You can update certain information online, and these changes will be processed by your library. You can also contact your library to rectify or update your personal information.
Duration of your account
Eligibility lasts throughout your employment, placement or training.
Your inactive membership record will be deleted from the library system no later than six years after your library membership expires.
On leaving the area covered by the BASE consortium, if you ask verbally or in writing for your personal data to be permanently removed from the library system, where there are no fines or outstanding items on your account, your record will be removed immediately.
Information that BASE Library collects
To ensure that Library and Knowledge Service staff can contact and provide services to you, we store your name, address(es), email address(es), phone number(s), your job title and role, your manager’s name and phone number, the organisation you work for, and details of any additional needs that you disclose to us. This information is collected through registering for the library services.
What we do with your information
We use your contact information to communicate with you about services you have requested, including asking for your evaluation to help improve services.
We use information on any additional needs to provide relevant additional assistance, e.g. extended loan periods.
Sharing your information with others
Your information will be visible to staff working at other BASE Libraries sharing the Koha Library Management System. Your information may occasionally be visible to ICT staff at BASE Library organisations for the resolution of technical support queries.
Your information will be available to PTFS Europe https://www.ptfs-europe.com/ the supplier and supporter of the Koha Library Management System. Your information will be copied to a Test Server hosted by PTFS Europe for the purpose of testing software upgrades, custom development work and training for BASE Library Staff. The Hosted Service is provided by Bytemark Computer Consulting Ltd.
Your transactional data may occasionally be visible to Bibliotheca http://www.bibliotheca.com/, 2CQR http://www.2cqr.com/, D-Tech https://d-techinternational.com/ or Plescon which provide library self-service units and security gates. In addition your information may be visible to BT for the purpose of supplying the Smart Messaging platform to send SMS notifications to you.
We will share your information with others where required to do so by law. We will never sell your information to anyone, or share in a way not described in this notice without your permission.
Use of Analytics
The BASE Library website and catalogue uses Jetpack and Google Analytics to improve its services. Any analytical data we collect is not personally identifiable. You can opt out of being tracked by Google Analytics across all websites by visiting http://tools.google.com/dlpage/gaoptout
We are committed to safeguarding your information. www.base-library.nhs.uk uses a 256-bit SSL certificate. System backups are encrypted and rotated by PTFS Europe. Where we are required to share your information with third parties, we will take reasonable technical and organisational precautions to prevent the loss, misuse or alternation of your personal information.
Information that you submit online via the BASE Library website, or share with us by email can never be 100% secure. Any information you share in this way is communicated at your own risk. You must keep your library username and password confidential and secure. We will never ask you to share your password with us.
The Data Controlling Organisation:
BASE Library Consortium, registered at University Hospitals Birmingham NHS Foundation Trust, Level 1, Queen Elizabeth Hospital Birmingham, Mindelsohn Way, Edgbaston, Birmingham, B15 2GW
Regulated by the Information Commissioner’s Office (ICO), registration number: Z5568104.
The Data Protection Officer:
Berit Reglar, Deputy Foundation Secretary
Tel: 0121 371 4324
Download leaflet (pdf)
Last update 07/09/2018