Some customers are experiencing eStore payment failures at bank authentication. Our system provider is investigating. If your payment is unsuccessful, you can try and pay again or use a different payment method. We apologise for any inconvenience.
Libraries service privacy notice
Read our privacy notice for information on how we collect, store and process your data.
We are committed to protecting your personal information.
The council is the data controller for purposes of the Data Protection Act (2018), and The General Data Protection Regulation (EU) 2016/679 ("GDPR") and is also registered as a data controller with the Information Commissioner’s Office (ICO).
As a data controller, we have a responsibility to make sure you know why and how your personal information is being collected. This is according to relevant data protection law.
The primary laws which govern how Brighton & Hove City Council collects and use personal information (known as data) about you are:
financial details for purposes of receiving or making payments
Special category data, including:
physical or mental health details
racial or ethnic origin
gender and sexual orientation
Why we’re collecting your data
We're collecting your data for the following purposes:
to set up and manage your library account
to update you on any changes to our service, like opening and closure times
to let you know about consultations and surveys we run
to let you know about events and activities we are running
use of Closed-Circuit Television (CCTV) for staff safety, crime prevention and detection
we may use your information to provide adequate services - for example, making adjustments for hearing, visual impairment and mobility difficulties
we may use photos on social media, our website, or on signage, and we can also upload recordings of events online, this will be done with your consent
Our legal basis for collecting your data
Public Libraries and Museums Act 1964 to provide library services throughout the City of Brighton & Hove
GDPR Article 6, (a)(c)(e)
GDPR Article 9 (g)
Data Protection Act 2018, Schedule 1, Part 2, (8) (10)
Who we’ll share your data with
We are part of a consortium of libraries called SELMS (South East Libraries Management Services). We may share your joining information to allow borrowing from any library in the consortium.
Other libraries will be able to see your personal data only if you choose to borrow something in person from a partner library or if you choose to pick up a reserved item from a partner library. Find out more information about SELMS.
We may use the information we hold about you with Sussex Police to assist in the detection and prevention of crime or fraud.
Test and trace
In line with government guidance we will comply with test and trace protocol to provide customer information where necessary when customers have visited a library.
This is personal data generated by logging onto a public PC, using self-service or with a transaction facilitated by a member of staff. Find out how data is collected for test and trace.
How long we will keep your data
We will not keep your data for longer than is necessary, subject to any legal obligations we have to retain the data.
Library management system data may be kept for up to 2 years from when your library membership was last active to meet audit requirements. However, if you have unreturned items or outstanding debt your data may be retained for 7 years.
If you are attending an event or activity, you will be required to sign in. This information will need to be kept for 3 years.
CCTV footage is normally held for 30 days and may be shared with the police for the prevention and detection of crime.
How we store your data
We'll store your information on electronic databases, document management systems and on paper records.
How we protect your data and keep it secure
Examples of the security measures we use are:
training our staff, making them aware of how to handle information securely, and how and when to report when something goes wrong
encryption when data is being sent, meaning we scramble information so other people can’t read it without access to an unlock key
pseudonymising your data, where possible - this means we will remove your identity so the people working with your data will not know your identity
controlling access to systems and networks allows us to stop people who are not allowed to view your personal information, from getting access to it
regular testing of our technology and ways of working, including keeping up to date on the latest security updates, called patches
Transferring your data outside the European Economic Area
Your data is not processed outside of the European Economic Area.
We aim to resolve all complaints about how we handle personal information. You also have the right to make a complaint about data protection to the Information Commissioner's Office.
Contact them by post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or phone 0303 1231 113.