Privacy notice for the Library Service

About this notice

This privacy notice explains who we are, how and why we collect and use personal information about you, what personal data is collected and held about you by Manchester Metropolitan’s Library Service, our purposes and lawful bases for processing, who we share your personal data with, relevant retention periods, and how you can exercise your privacy rights.

Who we are

Throughout this notice, “University”, “we”, “our” and “us” refer to the Manchester Metropolitan University, an exempt charity under Schedule 2 to the Charities Act 1993 (amended by the Charities Act 2011). The University is the Data Controller in respect of the personal data you provide as part of accessing the Library Service.

The University is registered as a Controller with the Information Commissioner’s Office (ICO). We manage personal data in accordance with the General Data Protection Regulation (GDPR) and the University’s Data Protection Policy.

The personal data we process

The responsible processing of personal data is vital in fulfilling our day-to-day operational demands. We collect a range of personal data from different types of individual, which is clearly communicated below. The data we collect has been carefully considered and assessed as being the minimum amount required to deliver our services to you.

The Library Service does not collect any special category (sensitive) data from you.

We collect data from the following groups:

  • Registered students and external students at partner institutions

    From when you enrol as a student, your personal data is held in the University’s student records system. Some of your data is used to populate the Library Management System and the Library’s entrance/exit control systems. The data we hold about you is listed below.

    • Name
    • Photograph
    • Term-time and home addresses
    • Telephone number
    • Email address
    • ID number (network username)
    • Status (i.e. type of student and/or staff designation)
    • Department
    • Programme of study
    • Expiry date on MMU ID card
    • Library PIN
    • Date and time of entry into and exit from, the Library
    • Date and time of reserving, borrowing, renewing and returning Library stock
    • Details of stock reserved, borrowed, renewed and returned
    • Date, time and details of any stock borrowed on your behalf from elsewhere
    • Date, time and amount of any fines and other charges paid to the Library
    • Date, time and amount of any refunds made by the Library
    • Your bank details pertaining to any payments made to/by Library Services
    • Usage of Library electronic resources including location, time and date
    • Personal data (e.g. personal email address) that you submit to us concerning requests for information and/or other services the Library offers
    • Personal data submitted by you in response to Library surveys, customer comments and training workshops
    • Correspondence with Library staff concerning any aspect of Library Services
    • Booking data for optional workshops
    • Applications for “individualised” services such as requests for alternative formats and other services requiring personal data

  • Other external students

    External students from other academic institutions gain membership of the Library by completing paper-based or electronic forms, depending on the nature of their relationship with the University. In some cases, passport-sized photographs are required if there is an entitlement for ongoing physical access to the building. We manually input elements of your data to the Library Management System and the Library’s entrance/exit control system. The data we hold about you is listed below.

    • Name
    • Photograph
    • Term-time and home addresses
    • Telephone number
    • Email address
    • ID number (network username)
    • Status (i.e. type of student and/or staff designation)
    • Department
    • Programme of study
    • Expiry date on MMU ID card
    • Library PIN
    • Date and time of entry into and exit from, the Library
    • Date and time of reserving, borrowing, renewing and returning Library stock
    • Details of stock reserved, borrowed, renewed and returned
    • Date, time and details of any stock borrowed on your behalf from elsewhere
    • Date, time and amount of any fines and other charges paid to the Library
    • Date, time and amount of any refunds made by the Library
    • Your bank details pertaining to any payments made to/by Library Services
    • Usage of Library electronic resources including location, time and date
    • Personal data (e.g. personal email address) that you submit to us concerning requests for information and/or other services the Library offers
    • Personal data submitted by you in response to Library surveys, customer comments and training workshops
    • Correspondence with Library staff concerning any aspect of Library Services
    • Booking data for optional workshops
    • Applications for “individualised” services such as requests for alternative formats and other services requiring personal data

  • MMU employees

    Your data is automatically transferred to the Library from the HR systems when you take up employment with the University. The data we hold about you is listed below.

    • Name
    • Photograph
    • Term-time and home addresses
    • Telephone number
    • Email address
    • ID number (network username)
    • Status (i.e. type of student and/or staff designation)
    • Department
    • Programme of study
    • Expiry date on MMU ID card
    • Library PIN
    • Date and time of entry into and exit from, the Library
    • Date and time of reserving, borrowing, renewing and returning Library stock.
    • Details of stock reserved, borrowed, renewed and returned
    • Date, time and details of any stock borrowed on your behalf from elsewhere
    • Date, time and amount of any fines and other charges paid to the Library
    • Date, time and amount of any refunds made by the Library
    • Your bank details pertaining to any payments made to/by Library Services
    • Usage of Library electronic resources including location, time and date
    • Personal data (e.g. personal email address) that you submit to us concerning requests for information and/or other services the Library offers
    • Personal data submitted by you in response to Library surveys, customer comments and training workshops
    • Correspondence with Library staff concerning any aspect of Library Services
    • Booking data for optional workshops
    • Ownership of any online reading lists
    • Applications for “individualised” services such as APCs, digitisation requests, book recommendations and other services requiring personal data

  • External staff

    Staff from other academic institutions gain membership of the Library by completing paper-based or electronic forms, depending on the nature of their relationship with the University. In some cases, passport-sized photographs are required if there is an entitlement for ongoing physical access to the building. We manually input elements of your data to the Library Management System and the Library’s entrance/exit control system. The data we hold about you is listed below.

    • Name
    • Photograph
    • Term-time and home addresses
    • Telephone number
    • Email address
    • ID number (network username)
    • Status (i.e. type of student and/or staff designation)
    • Department
    • Programme of study
    • Expiry date on MMU ID card
    • Library PIN
    • Date and time of entry into and exit from, the Library
    • Date and time of reserving, borrowing, renewing and returning Library stock.
    • Details of stock reserved, borrowed, renewed and returned
    • Date, time and details of any stock borrowed on your behalf from elsewhere
    • Date, time and amount of any fines and other charges paid to the Library
    • Date, time and amount of any refunds made by the Library
    • Your bank details pertaining to any payments made to/by Library Services
    • Usage of Library electronic resources including location, time and date
    • Personal data (e.g. personal email address) that you submit to us concerning requests for information and/or other services the Library offers
    • Personal data submitted by you in response to Library surveys, customer comments and training workshops
    • Correspondence with Library staff concerning any aspect of Library Services
    • Booking data for optional workshops
    • Ownership of any online reading lists
    • Applications for “individualised” services such as APCs, digitisation requests, book recommendations and other services requiring personal data

  • Other visitors

    Visitors to the Library that do not have an ID card are requested to sign-in and, in most cases, provide proof of identification. We hold data in secure paper-based files for security purposes for as long as necessary. The data we hold about you is listed below.

    • Name
    • Photograph (where applicable)
    • Home and/or work address
    • Telephone number
    • Email address
    • ID number (where applicable)
    • Status (i.e. type of visitor)
    • Programme of Study (where applicable)
    • Expiry date on MMU ID card (where applicable)
    • Library PIN (where applicable)
    • Date and time of entry into and exit from, the Library
    • Date and time of reserving, borrowing, renewing and returning Library stock (where applicable)
    • Details of stock reserved, borrowed, renewed and returned (where applicable)
    • Date, time and amount of any fines and other charges paid to the Library
    • Date, time and amount of any refunds made by the Library
    • Your bank details pertaining to any payments made to/by Library Services
    • Usage of Library electronic resources including location, time and date
    • Personal data submitted by you in response to Library surveys, customer comments and training workshops
    • Correspondence with Library staff concerning any aspect of Library Services

  • Individual services

    Some services offered by the Library require additional personal data, required for administrative and statutory purposes. These services may include answering enquiries whilst others could be in connection with research and copyright clearance. We request data on either paper-based or electronic forms and is necessary to ensure the requested service is delivered.

The purposes of the processing

  1. Data collection, processing and retention

The data we collect, process and retain is for the purposes of offering a Library Service, which includes:

  • Registering you as a service user and managing our relationship with you
  • To provide access to our buildings
  • To provide services such as borrowing, requesting items, booking rooms or electronic devices
  • Provide access to a range of electronic resources
  • To respond to your enquiries
  • For administration purposes, such as the collection of fees for overdue loans

We may also use your data for research purposes. Research is only conducted where appropriate assessments are made to ensure full compliance with the current Data Protection legislation, and minimal impact to the data subject.

Lawful basis

Article 6(1)e – Processing is necessary for the performance of a task carried out in the public interest.

  1. Data analysis

Careful analysis of the data we collect enables us to look at new and exciting ways to deliver services and resources to help you to succeed. In a fast-changing environment, analysis of our performance and the needs of our many user groups is important if we wish to meet your high expectations.

We use aggregated data for this purpose. We use it to mitigate inconsistencies and insufficiencies in service provision to all groups at risk of not fulfilling their potential. We do not publish or broadcast personal data in our analyses and we anonymise all individual data at the earliest stage possible in processing. We aggregate this anonymised data to preserve the privacy of all data subjects.

Lawful basis

Article 6(1)f Legitimate interests.

The processing of your personal data may be necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or by fundamental rights and freedoms which require protection of personal data.

  1. Equality and diversity

To meet statutory obligations regarding equality and diversity, we may at times share engagement and usage data with other departments within the University. This can involve combining library usage statistics with protected data held by the University. The purpose of the processing is to ensure that Library services and resources positively contribute to student attainment and success; regardless of disability, ethnic origin etc.

Personal and protected data is used as a building block in this process and it is aggregated to build a better picture of how the Library contributes to the success of groups with protected characteristics. Individual data is never published nor is it shared further. The aggregated outcomes are used internally for strategic service development and improvement.

Lawful basis

Article 9(g): Required for reasons of substantial public interest, on the basis of Union or Member State law.

Contacting us

If you contact us, we may also keep a record of that correspondence.

The recipients or categories of recipients of the personal data

We may share personal data with other University departments in the interest of supporting wellbeing, student engagement and service quality. This is to identify services in need of improvement e.g. services for disabled students. Measures of engagement (e.g. numbers of loans and entries to the Library building) may be combined with demographic data from student records to help us to develop inclusive services to support the whole University community.

We may share data with other departments in cases where network abuse or other potential disciplinary issues arise.

If we need to send you an invoice, we will share your information with the University’s finance department.

All users must comply with the Library regulations. If you breach the regulations, we may share your information with your University department, Alumni Office or your institution.

We will not share your information with any other organisations.

Data retention

Your personal data are only retained for as long as it is necessary in accordance with the University’s Retention and Disposal Schedule

Specifically, we will retain your membership personal data, documenting your authorised use of the University Library and Library Services, for the duration of your registration plus three years, after which point it is anonymised.

Further retention periods in relation to entry and exit logs to the Library, complaints records and customer feedback can be found in the University’s Retention and Disposal Schedule.

Your rights in respect of the processing

The GDPR provides data subjects with the following data subject rights:

  • The right to be informed – this privacy notice assists with fulfilling these obligations
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object

Please note, that these rights apply in certain circumstances, for example according to the lawful basis utilised by the University. The right of access to personal information held about you exists in order to be aware of, and verify, the lawfulness of the processing. Please use the contact information below to exercise these rights.

Contacting us

For questions or concerns about this Privacy Notice, or our use of your personal information, please contact [email protected] in the first instance.

Our Data Protection Officer can also be contacted using [email protected], by calling 0161 247 3884 or in writing to: Data Protection Officer, Legal Services, All Saints Building, Manchester Metropolitan University, Manchester, M15 6BH.

This notice provides information that is in addition to information contained in the University’s other privacy notices, which are available here. Please do read any applicable notices to understand our practices and if you have any questions please contact us using the contact details provided below.

Right to lodge a complaint with the supervisory authority

For questions or concerns about this privacy notice, or our use of your personal information, please contact [email protected] in the first instance.

Our Data Protection Officer can also be contacted using [email protected], by calling 0161 247 3884 or in writing to: Data Protection Officer, Legal Services, All Saints Building, Manchester Metropolitan University, Manchester, M15 6BH.

Updates to this privacy notice

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) as the supervisory authority in respect of the processing of your personal data. We would encourage you to expend our internal complaints procedure through our initial contact and the University Data Protection Officer, prior to contacting the ICO. Please contact: [email protected] or telephone: 0303 123 1113. For any further contact information please see: https://ico.org.uk/global/contact-us/.