Manchester Metropolitan University homepage
Library homepage

Privacy notice for the Library Service

This Privacy Notice explains who we are, how and why we collect and use personal information about you, what personal data is collected and held about you by Manchester Metropolitans Library Service, our purposes and lawful bases for processing, who we share your personal data with, relevant retention periods, and how you can exercise your privacy rights.

This notice provides information that is in addition to information contained in the University’s other privacy notices, which are available here. Please do read any applicable notices to understand our practices and if you have any questions please contact us using the contact details provided below.

Who we are

Throughout this notice, “University”, “we”, “our” and “us” refer to the Manchester Metropolitan University, an exempt charity under Schedule 2 to the Charities Act 1993 (amended by the Charities Act 2011). The University is the Data Controller in respect of the personal data you provide as part of accessing the library service.

The University is registered as a Controller with the Information Commissioner’s Office (ICO). We manage personal data in accordance with the General Data Protection Regulation (GDPR) and the University’s Data Protection Policy.

The personal data we process

The responsible processing of personal data is vital in fulfilling our day-to-day operational demands. We collect a range of personal data from different types of individual, which is clearly communicated below. The data we collect has been carefully considered and assessed as being the minimum amount required to deliver our services to you.

The library service does not collect any special category (sensitive) data from you.

We collect data from the following groups:

Registered students and external students at partner institutions

Other external students

MMU employees

External staff

Other visitors

Individual services

The purposes of the processing

Your information will enable us to:

Use of personal data Lawful basis
The data we collect, process and retain is for the purposes of offering a library service, which includes:

  • Registering you as a service user and to manage our relationship with you
  • To provide access to our buildings
  • To provide services such as borrowing, requesting items, booking rooms or electronic devices
  • Provide access to a range of electronic resources
  • To respond to your enquiries
  • For administration purposes, such as the collection of fees for overdue loans

We may also use your data for research purposes. Research is only conducted where appropriate assessments are made to ensure full compliance with the current Data Protection legislation, and minimal impact to the data subject.
Article 6(1)e – Processing is necessary for the performance of a task carried out in the public interest.

Careful analysis of the data we collect enables us to look at new and exciting ways to deliver services and resources to help you to succeed. In a fast-changing environment, analysis of our performance and the needs of our many user groups is important if we wish to meet your high expectations.

We use aggregated data for this purpose. We use it to mitigate inconsistencies and insufficiencies in service provision to all groups at risk of not fulfilling their potential. We do not publish or broadcast personal data in our analyses and we anonymise all individual data at the earliest stage possible in processing. We aggregate this anonymised data to preserve the privacy of all data subjects.

Article 6(1)f Legitimate interests.

The processing of your personal data may be necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or by fundamental rights and freedoms which require protection of personal data.

To meet statutory obligations regarding equality and diversity, we may at times share engagement and usage data with other departments within the University. This can involve combining Library usage statistics with protected data held by the University. The purpose of the processing is to ensure that Library services and resources positively contribute to student attainment and success; regardless of disability, ethnic origin etc.

Personal and protected data is used as a building block in this process and it is aggregated to build a better picture of how the Library contributes to the success of groups with protected characteristics. Individual data is never published nor is it shared further. The aggregated outcomes are used internally for strategic service development and improvement.

Article 9(g): Required for reasons of substantial public interest, on the basis of Union or Member State law.

If you contact us, we may also keep a record of that correspondence.

The recipients or categories of recipients of the personal data

We may share personal data with other University departments in the interest of supporting wellbeing, student engagement and service quality. This is to identify services in need of improvement e.g. services for disabled students. Measures of engagement (e.g. numbers of loans and entries to the Library building) may be combined with demographic data from student records to help us to develop inclusive services to support the whole University community.

We may share data with other departments in cases where network abuse or other potential disciplinary issues arise.

If we need to send you an invoice, we will share your information with the University’s finance department.

All users must comply with the library regulations. If you breach the regulations, we may share your information with your University department, Alumni Office or your institution.

We will not share your information with any other organisations.

Data retention

Your personal data are only retained for as long as it is necessary in accordance with the University’s Retention and Disposal Schedule. Specifically, we will retain your membership personal data for:

Record Retention Period
Records documenting the authorised use of the University library and library services Data held for duration of registration plus three years, after which point it is anonymised.

Further retention periods in relation to entry and exit logs to the library, complaints records and customer feedback can be found in the University’s Retention and Disposal Schedule.

Your rights in respect of the processing

The GDPR provides data subjects with the following data subject rights:

  • The right to be informed – this privacy notice assists with fulfilling these obligations
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object

Please note, that these rights apply in certain circumstances, for example according to the lawful basis utilised by the University. The right of access to personal information held about you exists in order to be aware of, and verify, the lawfulness of the processing. Please use the contact information below to exercise these rights.

Contacting us

For questions or concerns about this Privacy Notice, or our use of your personal information, please contact in the first instance.

Our Data Protection Officer can also be contacted using, by calling 0161 247 3884 or in writing to: Data Protection Officer, Legal Services, All Saints Building, Manchester Metropolitan University, Manchester, M15 6BH.

Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) as the supervisory authority in respect of the processing of your personal data. We would encourage you to expend our internal complaints procedure through our initial contact and the University Data Protection Officer, prior to contacting the ICO. Please contact: or telephone: 0303 123 1113. For any further contact information please see:

Updates to this privacy notice

We may update this privacy notice from time to time in response to changing legal, technical or business developments. When we update our privacy notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

Social media and news