At the British Library, we care about the privacy of the people who use our Services, and this Policy explains how we deal with your personal information in relation to our Services.
We explain many of the terms used in this Policy on our Definitions page – defined terms are shown in italics.
Depending upon your relationship with us, we may also provide you with additional Service specific information about our use of your personal information which should be read alongside this Policy. Specific details relating to our Services can be found on the Our Services page.
1. What type of information does the British Library collect about you?
1.1 We may collect certain personal information which (either on its own or when combined with other information we hold about you) allows us to identify you as an individual and which is about you. You can see details of the types of personal information we may collect on the Personal Information page.
1.2 We will normally collect personal information directly from you when you volunteer it to us or from your use of our Services. Normally, we try to limit our use of information which allows us to identify you as a named individual to the details we need to provide the requested or agreed Service for you.
1.4 However, we may also collect information from and/or combine your personal information with information from other sources. We only do this where lawful to do so and where it helps the Library to provide efficient, relevant Services to our users. You can find more details about other such sources on the Data Collection page.
1.5 We do not normally collect any sensitive personal information from or about you and do not wish to do so unless essential. You can find more details about such situations on the Personal Information page.
1.6 We may store your personal information in electronic and/or hard copy format.
1.7 To understand why we collect and further use your personal information please see the Why does the British Library use your personal information section below.
2. How does the British Library collect your personal information?
2.1 The Policy applies to any personal information we collect through our data collection media. See the Data Collection page for more details.
2.2 We collect your personal information through our data collection media whenever you use any of our Services.
3. Why does the British Library use your personal information?
3.1 The Library may use your personal information for a variety of purposes, depending upon the Service you have requested or are using. This will normally simply be to do what you have requested, such as to deal with your enquiry, give you access to the Library, provide a requested book to you, or send you tickets to an event.
3.2 Other uses of personal information will be to ensure that the Library can meet its legal, regulatory and good governance obligations (and regulator’s expectations), such as meeting audit requirements.
3.3 In addition, where agreed with you, we may tailor our communications and dealings with you to better reflect your needs and preferences, such as sending you newsletters with your preferred topics highlighted, or to inform you that our shop offers a book relevant to an event you are attending, or to make you aware that an event similar to one recently attended by you is being scheduled.
3.4 More details about why we use your personal information can be found on the Purposes page.
3.5 The Purposes page is not intended to be exhaustive and may be updated from time to time in line with the Library’s business needs and legal requirements.
3.6 We may also convert personal information into depersonalised (“pseudonymous”) data or anonymous data and use it (normally on an aggregated statistical basis) for research and analysis to improve our Services, processes and performance. For more information, please see the Depersonalised and Anonymous Information section directly below.
3.7 In carrying out the above, the Library processes your personal data in a variety of ways, each of which may have a different legal basis. We may process your personal data because:
- You have given your consent (e.g. for the provision of marketing correspondence)
- It is necessary for the performance of a contract with you (e.g. the purchase of tickets or other goods or services)
- We are under a legal obligation to do so (e.g. for equality monitoring or health & safety purposes)
- It is in the public interest and in the performance of our official duties (e.g. the provision of access to, and the security of, our Collections as set out in the British Library Act 1972)
4. Depersonalised and Anonymous Information
4.1 Depersonalised or aggregated information does not personally identify you. It may be used for statistical analysis and administration, including analysis of trends, carrying out actuarial work, tailoring products and Services, risk assessment and analysis of costs and charges in relation to our Services.
4.2 We may automatically collect certain information from you (such as usage information) when you use our data collection media, through the use of web beacons, device identifiers, pixel tags, cookies and similar technologies. We may combine this information with other personal information that we have collected from or about you in order to learn more about how you use our data collection media and Services so that we can improve our Service offering.
4.3 To find out more about how we collect and use this automatically collected information, please see our Cookies Policy.
5. Does the British Library share personal information with third parties?
5.1 Your personal information will be made available to those members of our staff who need to see it in order to perform their functions/roles/responsibilities at the Library in respect of the Services you have requested or agreed to use.
5.2 Your personal information may be held by us in one or more customer relationship management or CRM database(s), consolidating details of your dealings with the Library across various Services, to ensure we have clear and accurate records about your use of our Services, to better understand your requirements and how we might provide other Services to you. For instance, the Library may assess your attendance at events, against your purchases from our shop, in order to consider making you aware that event specific products may be purchased from our shop.
Please note: Details relating to the specific Collection Items that you have requested during your use of our Collections (for example through use of our Reading Rooms or our remote Services such as Document Supply) will never be used to provide marketing analysis or similar functions.
5.3 In addition, the Library makes use of expert third party service providers to help it to provide relevant Services, such as expert IT providers helping the Library with our IT systems, or professional auditors. These third party service providers may use your personal information in order to provide the agreed Service to the Library, or to you on our behalf. Please note that certain individuals who will see your personal information may not be based at the Library or in your country (please see below).
5.4 We may share personal information within the Library’s advisory boards, panels and councils as needed for reasonable management, analysis, planning and decision making, including in relation to taking decisions regarding our Service offering, order or customer request fulfillment.
5.5 Where thought necessary by the Library, in limited cases, your personal information may also be shared with other people and organisations outside the Library to the extent permitted or required by law (for example, to meet legal obligations on the Library, or to provide reasonable voluntary cooperation with a relevant police investigation), as further described on the Sharing Your Personal Information page.
6. Will the British Library send your personal information overseas?
6.1 You should be aware that the recipients of your personal information (as set out in this policy) may be located in countries or territories outside the European Economic Area (“EEA”) which may not have data protection laws equivalent to those in the UK.
6.2 Where we (or our third party service providers acting on our behalf) transfer your personal information to countries outside of the EEA, we will put in place such other measures as are required by law to ensure that those transfers are adequately protected.
7. What are your choices relating to contact from us?
7.1 We may contact you with information that may affect your use of a service, for example, disruptions to services, reading room closures, lost property, or problems with orders, or to request your feedback in relation to those services. Administrative e-mails may also be sent automatically following certain actions, for example, welcome e-mails when you register for a service. Please note that you will not be able to unsubscribe from administrative and service-related communications unless you unsubscribe from the relevant services.
7.2 We may wish to provide you with information about new Services, including products, events, courses, collections, promotions and offers from the Library which may be of interest to you, and we may invite you to take part in market research. We may contact you by email (or in some cases by mail) to tell you this information, but we will obtain your consent before contacting you with “direct marketing” in this way.
7.3 We will ensure that any direct marketing communications that you receive from the Library provide a simple way for you to decline or change your mind about further marketing. For example, in emails the Library may provide you with an ‘unsubscribe’ link, or an email address to which you can send an opt-out request. The Library will take steps to stop any direct marketing to which you object, or in respect of which you withdraw your consent, within a reasonable period of time sufficient to allow for the change to be administered after being told of your objection or withdrawal of consent.
7.4 If you tell us that you no longer wish to receive the Library’s direct marketing communications we will take steps to respect your modified direct marketing preferences and will keep a record of your request so as to avoid contacting you again in the future with direct marketing content.
8. How does the British Library keep your personal information safe?
8.1 The Library takes steps to seek to protect the security of your personal information, in accordance with our legal obligations.
8.2 Please note that we cannot guarantee the security of any transmission of personal information over the Internet. Communications sent over the Internet, such as emails, are not secure, although their security may be increased if they have been encrypted. While we strive to protect your personal information, we cannot guarantee the security of any information transmitted to us over the internet. Therefore, please do not submit personal information to us online unless you accept the security risks of doing so.
9. What are your rights in relation to your personal information?
9.1 You have a number of rights in relation to your personal information. Please see the Your Rights page for more details.
9.2 If you would like to exercise any of your rights or if you have any questions about this notice, please contact our Data Protection Officer at:
Corporate Information Management Unit
The British Library
96 Euston Road
9.3 If you believe that any of your personal information is incorrect or incomplete, please let us know as soon as possible. We will consider your request and will make any changes that we agree are needed.
10. Retaining your personal information
10.1 We will keep your details on record until we have completely dealt with your request, enquiry, or our contract with you, and then for a reasonable period afterwards, in accordance with data protection and other applicable legislation, as set out in our Records Management Policy.
10.2 The Library may keep your details on record for as long as is necessary for the purposes for which it may use your personal information, as set out above. If the Library decides that holding your details is no longer necessary we will securely delete / destroy your details.
10.3 In general, we will retain the personal information that you have provided to us for seven years since your last contact with us, for the purposes of audit, analysis and customer management, and the defence of legal claims. However, any personal information provided to us in the context of the use of our Collections (such as via the Reader Registration process) will be retained for a significantly longer period, for the purpose of administering the security of our collections. This period is currently 40 years, but we reserve the right to increase this period as necessary to protect the integrity of the cultural treasures that we preserve on behalf of the nation, in line with our responsibilities as set out in the British Library Act.
11. Other Information
11.1 Certain Services, such as our document supply service, allow nominated administrators within an organisation to set up and manage a corporate account by controlling the level of use by their colleagues, and adding or removing names from the corporate account. Individuals using a corporate account should consult their organisation’s policies for the terms and conditions under which they may use their organisation’s corporate account.
11.2 Our website and the electronic resources provided in our Reading Rooms contain extensive links to other independent websites that are not controlled by the British Library. This Policy applies to the direct use of our Services and Data Collection Media only. You are strongly advised to consult the privacy policies of other websites you visit for information about their policies and practices.
11.3 Online payments by credit or debit cards for some Services provided by the Library are processed under contract using specialist third party service providers. When a payment is processed by service provider acting on our behalf, card details are collected over a secure link and protected by industry standard software which encrypts your information. We do not collect any payment card account details and they are not made available to us. Our service provider will use the information you provide to process your payment or to refund any monies due to you. Please refer to the terms and conditions for the relevant Service for further details. Payments processed on behalf of the Library are managed in line with the Payment Card Industry Data Security Standard.
12.1 We may change this policy from time to time to reflect changes in the law and/or our privacy practices. We will update the date at the bottom of this page whenever we do that.
12.2 We encourage you to check this policy (and any other policies we have provided to you) for changes, for example when you revisit our websites.
12.3 By submitting your personal information to us, you are indicating that you consent to our use of your personal information as described in this policy (as amended from time to time).
13. Contact Us
If you have any questions about this policy, please contact our Data Protection Officer at:
Corporate Information Management Unit
The British Library
96 Euston Road