When you apply to become a Reader at the British Library we will collect information about you including your contact details, date of birth, contact details for your sponsor (if you are under 18), and details of your research interests. We will use these details to provide you with access to the British Library (e.g. as part of the performance of a task carried out in the public interest). We will also collect details about your ethnicity and any disability you may have; we have a legal obligation to ensure that equality and diversity obligations are being met in relation to access to our public Services.
As part of setting up your Reader account we will also check your proof of ID and proof of address as set out in our Reader Registration process. in certain rare cases me may ask you to join a video conference call before attending one of our sites in order to verify your identity. We will not take copies of the documents that you provide in order for us to confirm your ID. We will take a photograph of you for use on your Reader pass. As you use the Library we will also record your interactions with our Collections, such as your order history and audit trails of which electronic items you have accessed. Again, this is part of the performance of a task carried out in the public interest; the British Library has a statutory responsibility to protect the security of its Collections. Further details about our public task can be found here.
Details relating to the specific Collection Items that you have requested during your use of our Collections (for example through use of our Reading Rooms or our remote Services such as Document Supply) will never be used to provide marketing analysis or similar functions (for example, to send you personalised marketing material), but may be used on an aggregated and depersonalised basis for Service improvement purposes (for example, to determine whether we are purchasing enough journals in a specific foreign language to match our Readers’ research interests).
Upon request we will routinely provide copies of our records to the police in the performance of their legitimate duties. However, in accordance with agreed international ethical standards for libraries, we will not provide details of the specific Collection Items that you have requested during your use of our Collections to any third party unless compelled to do so by law, with two exceptions:
- If we have evidence that gives us reason to believe that you have committed theft or vandalism in relation to our Collections we may choose to pass information about you to other cultural institutions whose Collections may be at risk. This cooperation between cultural bodies is in our own legitimate interests as we seek to protect the national Collections from harm.
- If we have evidence that gives us reason to believe that you have deliberately infringed the intellectual property of a third party through your use of our Collections we may pass your personal information to that third party to enable them to defend their rights. This is to protect our own legitimate interests in protecting the concepts of Library Privilege and Legal Deposit.
We may use various organisations to provide IT capabilities in support of our Services, and who may process your information on our behalf. These Data Processors will process your information only under contract to the Library, and may not use your information in any other way. In particular, we use the following systems to process your information:
We will retain your Reader account and associated audit trails relating to your use of our Collections for 40 years, for the purpose of administering the security of our Collections (e.g. as part of the performance of a task carried out in the public interest). We reserve the right to increase this period as necessary to protect the integrity of the cultural treasures that we preserve on behalf of the nation, in line with our responsibilities as set out in the British Library Act.
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have been mandated by law to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contact tracing. The legal basis for the collection of this information is therefore 'a legal obligation to which the Library is subject'.
By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to the coronavirus.
As a customer/visitor of the Library you will be asked to provide some basic information and contact details. The following information will be collected:
- the names of all customers or visitors
- a contact phone number for each customer or visitor
- date of visit and arrival time and departure time
In addition, if you only interact with one member of staff during your visit, the name of the assigned staff member will be recorded alongside your information.
The Library, as the data controller for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time it holds this information. If that information is requested by the NHS Test and Trace service, the service will at that point become responsible for compliance with data protection legislation in relation to this personal data.
The NHS Test and Trace service as part of safeguarding your personal data, has in place technical, organisational, and administrative security measures to protect your personal information that it receives from the Library from loss, misuse, and unauthorised access, disclosure, alteration, and destruction.
NHS Test and Trace have asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We will only share information with NHS Test and Trace if it is specifically requested by them.
For example, if another customer at the venue reported symptoms and subsequently tested positive, NHS Test and Trace can request the log of customer details for a particular time period (for example, this may be all customers who visited on a particular day or time-band, or over a 2-day period).
We may require you to pre-book appointments for visits or to complete a form on arrival in order to facilitate the collection of this data.
The information that we collect to support this requirement contains personal data which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes, and will be destroyed by us 21 days after the date of your visit.