This Privacy Notice explains who we are, how and why we collect and use personal information about you, what personal data is collected and held about you by Manchester Metropolitans Library Service, our purposes and lawful bases for processing, who we share your personal data with, relevant retention periods, and how you can exercise your privacy rights.
This notice provides information that is in addition to information contained in the University’s other privacy notices, which are available here. Please do read any applicable notices to understand our practices and if you have any questions please contact us using the contact details provided below.
Throughout this notice, “University”, “we”, “our” and “us” refer to the Manchester Metropolitan University, an exempt charity under Schedule 2 to the Charities Act 1993 (amended by the Charities Act 2011). The University is the Data Controller in respect of the personal data you provide as part of accessing the library service.
The University is registered as a Controller with the Information Commissioner’s Office (ICO). We manage personal data in accordance with the General Data Protection Regulation (GDPR) and the University’s Data Protection Policy.
The responsible processing of personal data is vital in fulfilling our day-to-day operational demands. We collect a range of personal data from different types of individual, which is clearly communicated below. The data we collect has been carefully considered and assessed as being the minimum amount required to deliver our services to you.
The library service does not collect any special category (sensitive) data from you.
We collect data from the following groups:
From when you enrol as a student, your personal data is held in the University's student records system. Some of your data is used to populate the Library Management System and the Library’s entrance/exit control systems. The data we hold about you is listed below.
External students from other academic institutions gain membership of the library by completing paper-based or electronic forms, depending on the nature of their relationship with the University. In some cases, passport-sized photographs are required if there is an entitlement for ongoing physical access to the building. We manually input elements of your data to the Library Management System and the Library’s entrance/exit control system. The data we hold about you is listed below.
Your data is automatically transferred to the library from the HR systems when you take up employment with the University. The data we hold about you is listed below.
Staff from other academic institutions gain membership of the library by completing paper-based or electronic forms, depending on the nature of their relationship with the University. In some cases, passport-sized photographs are required if there is an entitlement for ongoing physical access to the building. We manually input elements of your data to the Library Management System and the Library’s entrance/exit control system. The data we hold about you is listed below.
Visitors to the Library that do not have an ID card are requested to sign-in and, in most cases, provide proof of identification. We hold data in secure paper-based files for security purposes for as long as necessary. The data we hold about you is listed below.
Some services offered by the Library require additional personal data, required for administrative and statutory purposes. These services may include answering enquiries whilst others could be in connection with research and copyright clearance. We request data on either paper-based or electronic forms and is necessary to ensure the requested service is delivered.
Your information will enable us to:
|Use of personal data||Lawful basis|
The data we collect, process and retain is for the purposes of offering a library service, which includes:
|Article 6(1)e – Processing is necessary for the performance of a task carried out in the public interest.||
Careful analysis of the data we collect enables us to look at new and exciting ways to deliver services and resources to help you to succeed. In a fast-changing environment, analysis of our performance and the needs of our many user groups is important if we wish to meet your high expectations.
We use aggregated data for this purpose. We use it to mitigate inconsistencies and insufficiencies in service provision to all groups at risk of not fulfilling their potential. We do not publish or broadcast personal data in our analyses and we anonymise all individual data at the earliest stage possible in processing. We aggregate this anonymised data to preserve the privacy of all data subjects.
|Article 6(1)f Legitimate interests.
To meet statutory obligations regarding equality and diversity, we may at times share engagement and usage data with other departments within the University. This can involve combining Library usage statistics with protected data held by the University. The purpose of the processing is to ensure that Library services and resources positively contribute to student attainment and success; regardless of disability, ethnic origin etc.
Personal and protected data is used as a building block in this process and it is aggregated to build a better picture of how the Library contributes to the success of groups with protected characteristics. Individual data is never published nor is it shared further. The aggregated outcomes are used internally for strategic service development and improvement.
|Article 9(g): Required for reasons of substantial public interest, on the basis of Union or Member State law.|
If you contact us, we may also keep a record of that correspondence.
We may share personal data with other University departments in the interest of supporting wellbeing, student engagement and service quality. This is to identify services in need of improvement e.g. services for disabled students. Measures of engagement (e.g. numbers of loans and entries to the Library building) may be combined with demographic data from student records to help us to develop inclusive services to support the whole University community.
We may share data with other departments in cases where network abuse or other potential disciplinary issues arise.
If we need to send you an invoice, we will share your information with the University’s finance department.
All users must comply with the library regulations. If you breach the regulations, we may share your information with your University department, Alumni Office or your institution.
We will not share your information with any other organisations.
Your personal data are only retained for as long as it is necessary in accordance with the University’s Retention and Disposal Schedule. Specifically, we will retain your membership personal data for:
|Records documenting the authorised use of the University library and library services||Data held for duration of registration plus three years, after which point it is anonymised.|
Further retention periods in relation to entry and exit logs to the library, complaints records and customer feedback can be found in the University’s Retention and Disposal Schedule.
The GDPR provides data subjects with the following data subject rights:
Please note, that these rights apply in certain circumstances, for example according to the lawful basis utilised by the University. The right of access to personal information held about you exists in order to be aware of, and verify, the lawfulness of the processing. Please use the contact information below to exercise these rights.
For questions or concerns about this Privacy Notice, or our use of your personal information, please contact email@example.com in the first instance.
Our Data Protection Officer can also be contacted using firstname.lastname@example.org, by calling 0161 247 3884 or in writing to: Data Protection Officer, Legal Services, All Saints Building, Manchester Metropolitan University, Manchester, M15 6BH.
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) as the supervisory authority in respect of the processing of your personal data. We would encourage you to expend our internal complaints procedure through our initial contact and the University Data Protection Officer, prior to contacting the ICO. Please contact: email@example.com or telephone: 0303 123 1113. For any further contact information please see: https://ico.org.uk/global/contact-us/.
We may update this privacy notice from time to time in response to changing legal, technical or business developments. When we update our privacy notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.