At the British Library, we care about the privacy of the people who use our Services, and this policy explains how we deal with the personal information that you give us.
This policy applies to all interactions you may have with the British Library, for example visiting our website, using our free wifi, or visiting our buildings. Depending upon which of our Services you use or how you contact us, we may also need to provide you with additional information about the use of your personal information – this extra information can be found on the Service specific pages linked to on the right of this page.
Please note that we explain many of the terms used in this policy on our Definitions page.
1. What type of information does the British Library collect about you?1.1 We may collect certain personal information which (either on its own or when combined with other information we hold about you) allows us to identify you as an individual and which is about you.
1.2 We may collect a number of different types of personal information from you depending on which of our Services you choose to use, but which may include all or any of your:
- first name
- login credentials (including username and password)
- postal address (including billing/shipping addresses and postcode)
- telephone number (including home and mobile phone numbers)
- photograph (for example when you register as a reader with the Library, or those taken at our events)
- email address
- social media account ID (including your Facebook username and Twitter handle)
- device information (such as MAC address, IP address, operating system and browser type)
- location information (such as a GPS signal emitted by your mobile device)
- date of birth
- information necessary for legal compliance (including details of ethnicity or disability/access requirements)
- payment information (such as debit or credit card details)
- educational institute details (such as your school, university or college)
- marketing preferences (for example where you have opted in to receive our newsletter(s))
- reason(s) for contacting us, such an enquiries or requests
- opinions, preferences, feedback, complaints, comments and/or suggestions (including comments made on our social media pages and online discussion forums)
- online browsing habits, activities and behaviour (such as which of our web pages you have visited and when you visited them)
- visit history, habits, activities and behaviour (such as when you visited our buildings, or whether you attended as part of a group)
- preferences, access needs and dietary requirements
- employment related information (if you apply for a job, placement, internship or volunteer post)
- security related information (such as proof of address if you register to become a reader, security incident reports, or CCTV footage of our public areas)
This list is not intended to be exhaustive and may be updated from time to time as our business needs and legal requirements dictate.
1.3 We will normally collect personal information directly from you when you volunteer it to us, or when we gather it from your use of our Services. We try to limit our use of personal information to the details we need to provide the requested or agreed Service for you.
1.5 However, we may also collect information from and/or combine your personal information with information from other sources. We only do this where lawful to do so. Please see the How does the British Library collect your personal information? section below.
1.6 We do not normally collect any Sensitive Personal Information from or about you, and do not wish to do so unless it is absolutely essential. We may on rare occasions collect and use your Sensitive Personal Information, such as dietary or access and assistance requirements which may indicate a health condition or illness, or other Sensitive Personal Information details which are volunteered or provided by you. If we need Sensitive Personal Information we will ask you to provide us with necessary details only. For example, we may need to collect Sensitive Personal Information when you register to become a Reader so that we can help you with any access requirements you might have, and to comply with our legal obligations under equality legislation. In other cases, we will collect and use this type of information only with your clear consent. Please do not provide us with Sensitive Personal Information under any other circumstances.
1.7 We may store your personal information in electronic and/or hard copy format.
1.8 To understand why we collect and further use your personal information please see the Why does the British Library use your personal information? section below.
2. How does the British Library collect your personal information?2.1 This policy applies to any personal information that we collect through our Data Collection Media, which include our:
- physical sites (including the staff, systems and equipment located in our buildings in London St Pancras, Boston Spa, and Stockton-on-Tees)
- websites and micro sites as may be updated and/or extended from time to time, including our main website, and the individual web portals associated with our Services
- mobile sites and applications
- other online/mobile interactive features
- official social media pages
- communication channels (telephone, SMS/text message, email and fax)
2.3 The British Library may also collect your personal information from (and/or combine it with information from) other sources, such as:
- individuals and/or organisations where you have confirmed that they may provide your personal information to us
- government, tax or law enforcement agencies
- other sources, such as when information about you is volunteered by a third party e.g. mentioned in a complaint, or part of a group booking arrangement that they facilitate
2.4 On some occasions we may also collect your personal information from public sources where it is fair and lawful to do so. For example, we may use publicly available information to track down the owner of certain intellectual property rights. These sources may include Google or other internet search engine results, or publicly available data from Facebook, Twitter and similar social media, or other information in the public domain.
3. Why does the British Library use your personal information?3.1 The Library may use your personal information for a variety of purposes, depending upon the Service you have requested or are using. Quite often we will use your data simply to fulfil a request that you have initiated, such as to deal with your enquiry, give you access to the Library, provide a requested book to you, send you tickets to an event, or otherwise to provide you with and enable you to use our Services.
3.2 The Library may also use your personal information to manage and develop the Services that we offer, for example to:
- ensure that our relevant data collection media and Services are provided in the most effective manner for you and the device you are using
- manage and improve our data collection media and Services
- review and analyse your use of our data collection media and Services in order to develop and improve the quality of our offering and strengthen our relationship with you
- personalise our data collection media and Services and present you with content and information (including advertisements) which are tailored to you
- contact you if we have not heard from you for a certain amount of time
- invite you to provide feedback, assist with surveys and input into consultation exercises
- provide you with administrative information and/or service announcements and updates (including changes to our policies and terms)
- ensure our records are accurate and up to date
- perform any contract the Library has with you (for example where you make a purchase in connection with any of our Services and we need to process your payment and/or deliver something to you)
- administer our legitimate internal management analysis, audit, forecasts and business planning and transactions
- enforce our rules and policies, and maintain our security (for example our rules about handling Collection items).
- meet audit requirements.
- comply with our legal obligations and to perform our statutory and public functions and duties
- help ensure your safety and the security of our premises and Collections
- establish, defend or exercise our legal rights
- comply with orders/requests received from the public and regulatory, governmental and judicial bodies
- comply with our legal, regulatory and internal governance obligations (for example record retention policies)
3.4 In addition, where agreed with you, we may tailor our communications and dealings with you to better reflect your needs and preferences, such as sending you newsletters with your preferred topics highlighted, or to inform you that our shop offers a book relevant to an event you are attending, or to make you aware that an event similar to one recently attended by you is being scheduled. Specifically, where you have given your consent we may use your contact details to:
- send you direct marketing communications (including e-mail marketing and fundraising communications), with your consent where required
- run marketing campaigns, competitions, prize draws and promotions
3.5 We may also convert personal information into depersonalised (“pseudonymous”) data or anonymous data and use it (normally on an aggregated statistical basis) for research and analysis to improve our Services, processes and performance. For more information, please see the Depersonalised and Anonymous Information section below.
3.6 In carrying out the above, the Library processes your personal data in a variety of ways, each of which may have a different legal basis. We may process your personal data because:
- You have given your consent (e.g. for the provision of marketing correspondence)
- It is necessary for the performance of a contract with you (e.g. the purchase of tickets or other goods or services)
- We are under a legal obligation to do so (e.g. for equality monitoring or health & safety purposes)
- It is in the public interest and in the performance of our official duties (e.g. the provision of access to, and the security of, our Collections as set out in the British Library Act 1972)
We will inform you of the specific legal basis that applies to the processing of your data either at the point of collection, or in the Service specific pages linked to from this page.
4. Depersonalised and anonymous information
4.1 Depersonalised or aggregated information does not personally identify you. It may be used for statistical analysis and administration, including analysis of trends, carrying out actuarial work, tailoring products and Services, risk assessment and analysis of costs and charges in relation to our Services.
4.2 We may automatically collect certain information from you (such as usage information) when you use our data collection media, through the use of web beacons, device identifiers, pixel tags, cookies and similar technologies. We may combine this information with other personal information that we have collected from or about you in order to learn more about how you use our data collection media and Services so that we can improve our Service offering.
4.3 To find out more about how we collect and use this automatically collected information, please see our Cookies Policy.
5. Does the British Library share personal information with third parties?5.1 Your personal information will be made available to those members of our staff who need to see it in order to perform their functions/roles/responsibilities at the Library in respect of the Services you have requested or agreed to use.
5.2 Your personal information may be held by us in one or more customer relationship management or CRM database(s), consolidating details of your dealings with the Library across various Services, to ensure we have clear and accurate records about your use of our Services, to better understand your requirements and how we might provide other Services to you. For instance, the Library may assess your attendance at events, against your purchases from our shop, in order to consider making you aware that event specific products may be purchased from our shop.
Please note: Details relating to the specific Collection Items that you have requested during your use of our Collections (for example through use of our Reading Rooms or our remote Services such as Document Supply) will never be used to provide marketing analysis or similar functions (for example, to send you personalised marketing material), but may be used on an aggregated and depersonalised basis for Service improvement purposes (for example, to determine whether we are purchasing enough journals in a specific foreign language to match our Readers’ research interests).
5.3 In addition, the Library makes use of expert third party service providers to perform functions and/or provide services on our behalf (such as website hosting, payment services, logistics, customer services, IT, marketing, and security). These third party service providers (“Data Processors”) may use your personal information in order to assist the Library, or to provide the agreed Service to you on our behalf. Where this is in relation to a specific Service you will be informed of the identity and location of the relevant Data Processor, either at the point of data collection, or in in the Service specific pages linked to on the right of this page. All of our Data Processors are bound by strict contractual terms in order to ensure that your personal information will be protected appropriately.
5.4 We may share personal information within the Library’s advisory boards, panels and councils as needed for reasonable management, analysis, planning and decision making, including in relation to taking decisions regarding our Service offering, order or customer request fulfilment.
5.5 Where thought necessary by the Library, in limited cases, your personal information may also be shared with other people and organisations outside the Library to the extent permitted or required by law. For example, we may provide your personal information to:
- third parties who will use your personal information for their own purposes and/or in partnership with the Library (such as partners, advertisers, and social networking sites where the Library maintains an official presence). Please note that these third parties may have their own policies that govern their websites and how they collect and use personal information.
- government authorities, law enforcement and regulatory authorities where required or permitted by law, and for tax or other lawful purposes
- external parties in response to legal process, and when required to comply with laws, to respond to an emergency, or to enforce our agreements, policies, rules and terms, or to protect the rights, property or safety of our staff, agents, customers and other users of our Services
- parties to whom you authorise us to release your personal information
- other entities (including actual or prospective buyers of one of our Services) in the event that we are involved in a reorganization, divestment, or sale of any of our organisation and/or assets.
- Where this is in relation to a specific Service you will be informed of the identity and location of the relevant recipient, either at the point of data collection, or in in the Service specific pages linked to on the right of this page.
5.6 Please note that certain individuals who will see your personal information may not be based at the Library or in your country (please see below).
6. Will the British Library send your personal information overseas?
6.1 You should be aware that the recipients of your personal information (as set out above) may be located in countries or territories outside the European Economic Area (“EEA”) which may not have data protection laws equivalent to those in the UK.
6.2 Where we (or a Data Processor acting on our behalf) transfer your personal information to countries outside of the EEA, we will put in place such other measures as are required by law to ensure that those transfers are adequately protected. Where this is in relation to a specific Service you will be informed of the identity and location of the relevant recipient, either at the point of data collection, or in in the Service specific pages linked to on the right of this page.
7. What are your choices relating to contact from us?
7.1 We may contact you with information that may affect your use of a service, for example, disruptions to Services, reading room closures, lost property, or problems with orders, or to request your feedback in relation to those services. Administrative e-mails may also be sent automatically following certain actions, for example, welcome e-mails when you register for a Service. Please note that you will not be able to unsubscribe from administrative and Service-related communications unless you unsubscribe from the relevant Services.
7.2 We may wish to provide you with information about new Services, including products, events, courses, collections, promotions and offers from the Library which may be of interest to you, and we may invite you to take part in market research. We may contact you by email (or in some cases by mail) to tell you this information, but we will obtain your consent before contacting you with “direct marketing” in this way.
7.3 We will ensure that any direct marketing communications that you receive from the Library provide a simple way for you to decline or change your mind about further marketing. For example, in emails the Library may provide you with an ‘unsubscribe’ link, or an email address to which you can send an opt-out request. The Library will take steps to stop any direct marketing to which you object, or in respect of which you withdraw your consent, within one calendar month being told of your objection or withdrawal of consent.
7.4 If you tell us that you no longer wish to receive the Library’s direct marketing communications we will take steps to respect your modified direct marketing preferences and will keep a record of your request so as to avoid contacting you again in the future with direct marketing content.
8. How does the British Library keep your personal information safe?
8.1 The Library takes steps to seek to protect the security of your personal information, in accordance with our legal obligations, and as set out in our Information Security Policy.
8.2 Please note that we cannot guarantee the security of any transmission of personal information over the Internet. Communications sent over the Internet, such as emails, are not secure, although their security may be increased if they have been encrypted. While we strive to protect your personal information, we cannot guarantee the security of any information transmitted to us over the internet. Therefore, please do not submit personal information to us online unless you accept the security risks of doing so.
9. What are your rights in relation to your personal information?
9.1 You have a number of rights in relation to your personal information, although in some cases these rights are subject to certain conditions and limitations. You are entitled to:
- request copies of, and/or access to your personal information. Please note that you can view your online profile relating to our Services via the My Account Service.
- request that your personal information be corrected where inaccurate or incomplete
- request that your personal data be deleted (or that we stop using your personal data) where it is no longer necessary. This right normally only applies where your information was provided or processed on the basis of consent, or in the performance of a contract with you which lapsed more than six years ago.
- request that we stop sending you direct marketing communications.
9.2 If you would like more details about these rights as they apply to a specific Service of the British library, or to exercise any of your rights, please contact our Data Protection Officer at:
Corporate Information Management Unit
The British Library
96 Euston Road
To help us identify the personal information you are referring to, please include any details that will enable us to locate the relevant personal information.
9.3 In order to be sure that your personal information is not disclosed to an imposter, we may require you to provide us with proof of identity before any action is taken or personal information is disclosed.
9.4 Any request that you send to us in relation to your rights will be processed within one calendar month of the Library accepting your request.
9.5 If after receiving a reply from us you are still unhappy with our response to such a request you may complain to the Information Commissioner’s Office (ICO). Details on how to do so can be found on the ICO’s website.
10. Retaining your personal information
10.1 We will keep your details on record until we have completely dealt with your request, enquiry, or our contract with you, and then for a reasonable period afterwards, in accordance with data protection and other applicable legislation, as set out in our Records Management Policy.
10.2 The Library may keep your details on record for as long as is necessary for the purposes for which it may use your personal information. Where this is in relation to a specific Service you will be informed of the retention period, either at the point of data collection, or in in the Service specific pages linked to on the right of this page. When the Library decides that holding your details is no longer necessary we will securely delete / destroy your details.
10.3 In general, and where not related to a specific Service we will retain the personal information that you have provided to us for seven years since your last contact with us, for the purposes of audit, analysis and customer management, and the defence of legal claims.
11. Other information
11.1 Certain Services, such as our document supply service, allow nominated administrators within an organisation to set up and manage a corporate account by controlling the level of use by their colleagues, and adding or removing names from the corporate account. Individuals using a corporate account should consult their organisation’s policies for the terms and conditions under which they may use their organisation’s corporate account.
11.2 Our website and the electronic resources provided in our Reading Rooms contain extensive links to other independent websites that are not controlled by the British Library. This policy applies to the direct use of our Services and Data Collection Media only. You are strongly advised to consult the privacy policies of other websites you visit for information about their policies and practices.
11.3 Online payments by credit or debit cards for some Services provided by the Library are processed under contract using specialist Data Processors. When a payment is processed by Data Processor acting on our behalf, card details are collected over a secure link and protected by industry standard software which encrypts your information. We do not collect any payment card account details and they are not made available to us. Our service provider will use the information you provide to process your payment or to refund any monies due to you. Please refer to the terms and conditions for the relevant Service for further details. Payments processed on behalf of the Library are managed in line with the Payment Card Industry Data Security Standard.
12.1 We may change this policy from time to time to reflect changes in the law and/or our privacy practices. We will update the date at the bottom of this page whenever we do that.
12.2 We encourage you to check this policy for changes, for example when you revisit our websites. In the event of a major change to our policy we will contact you to inform you of the change.
12.3 By submitting your personal information to us, you are indicating that you understand how we use your personal information, as described in this policy.
13. Contact us
If you have any questions about this Policy, please contact our Data Protection Officer at:
Corporate Information Management Unit
The British Library
96 Euston Road
Date of last update:
18 May 2018