This Privacy Notice explains what personal data we collect about you when you use our library services, how we use your information, and who it may be shared with.
The London Libraries Consortium is made up of 23 local authorities who work together to provide a shared library service. All members use the same library management system, which allows you to use any Consortium library with a single membership.
What data we collect
We only collect the information needed to create and manage your library membership.
This includes:
- name (mandatory)
- date of birth (mandatory)
- email address (mandatory)
- telephone number (optional)
We also ask for the following optional demographic information, which helps us understand who is using our libraries and improve our service:
- gender
- ethnicity
- disability
- language
If provided, this information is used for reporting and service planning and is anonymised so individuals cannot be identified.
Why we collect your data (legal basis)
All authorities in the Libraries Consortium are legally required to provide a public library service under the Public Libraries and Museums Act 1964.
To deliver this service, we need to create and manage your library membership, allow you to borrow items, provide access to digital services, contact you about reservations or overdue items, and maintain the security and operation of the library management system.
We process your personal data under:
- UK GDPR Article 6(1)(e) – Public Task (processing is necessary for the Council to carry out its official duties and provide a statutory library service)
- Where we process special category data (such as ethnicity or disability), we do so under UK GDPR Article 9(2)(g) – reasons of substantial public interest, and Schedule 1, Part 2 of the Data Protection Act 2018.
If you do not provide the mandatory information needed to create a membership record, we are unable to provide you with a library service.
How long we keep your data
We keep your personal data for two years after your last library transaction. If there are outstanding loans, charges, or unresolved issues, we may keep your data for longer until these are resolved.
After this period, your data will be securely deleted or anonymised.
You can view or update your details online or ask a member of library staff.
Who we share your data with
- your data is stored in a shared library management system used by all authorities in the Libraries Consortium
- library staff across the Consortium can see your account in order to provide the service and support you at any library in the Consortium
- our system supplier acts as a data processor and only accesses data when needed to maintain or support the system
All organisations that have access to your data are required to follow the UK GDPR and the Data Protection Act 2018. Your information is not transferred outside the UK.
Who is responsible for your data (Joint Controller arrangements)
The local authorities in the Libraries Consortium act as joint data controllers for the shared library management system.
This means:
- each authority is responsible for the personal data of its own library members
- all authorities have access to the shared system so they can provide you with library services across the Consortium
- decisions about how the system operates and how data is used are made jointly
If you join the library in Sutton, Sutton Council is your main point of contact for any data protection enquiries, even if you regularly use libraries in the Consortium.
The Consortium has governance arrangements in place to ensure that all members follow the same data protection standards and comply with the UK GDPR and Data Protection Act 2018.
Your data protection rights
You have the right to:
- request a copy of your personal data
- ask us to correct inaccurate information
- ask us to delete your data (where legally possible)
- object to the way your data is being processed
These rights may not apply where the Council has a legal duty to retain certain information.
If you have any questions about how your data is used, you can contact the Data Protection Officer at: dpo@sutton.gov.uk.
Email marketing
We do not send marketing emails unless you have chosen to receive them. If you have opted in, you can withdraw your consent at any time by accessing your account online or by speaking to a member of staff.
Crime and fraud prevention
Local authorities within the Consortium may share information with other public bodies where required by law to prevent or detect crime, including fraud, or to protect public funds.