When you purchase goods from us (for example, books, memorabilia, or event tickets) we will collect your contact details, delivery information, and payment details. We will use your information to provide you with the goods that you have purchased (e.g. in the performance of a contract with you). We will also use your contact information in order to supply you with relevant transactional documentation such as order confirmations, invoices, delivery notes, and tickets; if you have consented to receive marketing communications from the Library we may also use this information to provide you with special offers and other useful information, such as checkout abandonment reminders.
We may also use this data (and other data relating to your use of our Services such as audit trails) for the purpose of analysis in support of Service improvement, IT security, or other legitimate interests of the Library.
Online payments by credit or debit cards for some Services provided by the Library are processed under contract using specialist Data Processors, and in line with the Payment Card Industry Data Security Standard. When a payment is processed by Data Processor acting on our behalf, card details are collected over a secure link and protected by industry standard software which encrypts your information. We do not collect any payment card account details ourselves, and they are not made available to us. Our service provider will use the information you provide to process your payment or to refund any monies due to you. Please refer to the terms and conditions for the relevant Service for further details. In particular, we use the following systems to process your information:
We will retain your commercial account information for as long as it remains current. Transactional information will be retained for the year in which the transaction took place, and then for a further six years in order to comply with tax and accounting rules.
In addition to collecting contact details as part of our normal booking process, we will also be recording the times that ticket customers enter and leave our premises in order to reduce the risk of a local outbreak of coronavirus.
We will share your contact details and times of attendance with Test and Trace personnel, if asked, in the event of a fellow customer or staff member testing positive for coronavirus.
Your data will be kept secure and handled in line with ethical standards and the Data Protection Act at every stage of the process – from its collection and storage by us to its transfer and use by NHS Test and Trace. NHS Test and Trace will handle all data according to the highest ethical and security standards and it will be used only for NHS care, management, evaluation and research.