Library Services Privacy Notice

This notice sets out the basis on which Library Services at Imperial College London collects and uses the personal data of our users.

Our users include, and accordingly this privacy policy applies to:

Imperial College London students
Imperial College London staff
Imperial Alumni
Retired Imperial staff
NHS Trust staff
Members of Imperial Incubator companies
Francis Crick Institute staff
Medical Research Council (MRC) Staff
Thrombosis Research Institute staff
Staff and students of local museums and colleges
Staff and students of higher education institutions eligible through the Sconul Access scheme
Members of the public

Until 24 May 2018 Library Services shall process your personal data in accordance with the Data Protection Act 1998 (DPA) and in accordance with the College’s Data Protection Policy. From 25 May 2018, Library Services shall process your personal data in accordance with the General Data Protection Regulations (GDPR) and a revised College Data Protection Policy which will be published on the same page as the current Data Protection Policy.

Throughout this notice, “Imperial”, "we", "our" and "us" refers to Library Services at Imperial College London. "You" and “your” refers to our users as listed above who use or express an interest in using our services.

Personal information we hold about you

We may collect and process the following data about you:

  • name
  • contact details
  • date of birth (NHS staff only)
  • College username
  • library number
  • College department / department affiliation
  • course completion date (alumni)
  • College joining and leaving dates (staff)
  • job title (NHS staff)
  • research section (MRC)
  • home institution (visitors)
  • access arrangements relating to disability
  • history of library usage e.g. items borrowed and requested, room and workshop bookings
  • feedback responses e.g. from surveys and user studies
  • Research Grant information (researchers submitting publications to Symplectic or applying for funding to pay open access fees)

How we collect personal information about you

We collect most of the personal information we hold about you:

  • through automatic data feeds from College systems
  • via our online forms
  • in person at the Central Library Information Hub and campus library issue desks
  • in the course of providing our services to you (e.g. history of library usage) or after we have provided services to you (e.g. feedback responses).

How we use the information we hold about you and the legal basis for processing your data under GDPR

We need the information listed above (see Information we hold about you) primarily to allow us to perform our contract with you. On many occasions we will process your data to enable Imperial to meet its commitments to you e.g. those relating to teaching and assessment. In some cases we may use your personal information to pursue a legitimate interest of our own or of a third party, provided your interests and fundamental rights do not override that interest. The “legitimate interest” is generally the interest of Imperial (or a third party) in providing or supporting the provision of higher education. The situations in which we will process your personal information are listed below.

We use the information we hold about you:

  • to give you access to library buildings
  • to provide and administer library services e.g. borrowing and requesting items, booking rooms and workshops
  • to provide you with access to e-books, e-journals and databases.
  • to respond to enquiries
  • to manage academic reading lists
  • to facilitate the deposit of publication details in preparation for the Research Excellence Framework (REF)
  • to facilitate the deposit of publications as required by the open access policies of Imperial College London and research funders
  • to gather usage statistics
  • for the continuous improvement of library services
  • to let you know about the services and resources that Library Services provide to NHS users (NHS user only)

Change of purpose:
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Who we share your information with

All library users must comply with the library regulations. If you do not abide by our regulations we may share your personal data with your Imperial department, the Alumni Office, or your home institution. If we are required to issue an invoice for a missing item, your data will be shared with College Finance.

We may also use your data to provide information about your library to the College or your home institution.

We do not pass your data to third party e-book, e-journal, database, reference management software or booking service providers. Where a third party service provider requires you to create an account, your contract is with that provider and your data is stored by them, not by Imperial College London.

Where access to e-books, e-journals and databases is via UK Federation, OpenAthens or College username and password your data will be anonymous at the point of use of the third party service.

Your feedback may be used anonymously for marketing purposes.

Information security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Your rights as a data subject

You have the right to:

  • withdraw consent where that is the legal basis of our processing
  • access your personal data that we process, see Access to the information we hold about you
  • rectify inaccuracies in personal data that we hold about you
  • be forgotten i.e. for your details to be removed from systems that we use to process your personal data
  • restrict the processing of your data in certain ways
  • obtain a copy of your data in a commonly used electronic form
  • object to certain processing of your personal data by us

For further information see the Information Commissioner’s Office or contact Imperial’s Data Protection Officer.

You have a right to complain to the Information Commissioner’s Office about the way in which we process your personal data.

How long we keep your information for

Your information is stored in line with the College’s retention schedule (pdf). Further information is available from the College Archives and Corporate Records Unit.

Anonymous data from surveys and feedback exercises is retained for a longer period to aid year on year comparisons.

Access to the information we hold about you

For access to your library account sign in to Library Search . You will be able to see the contact information we hold about you and your borrowing history.

If you wish to request copies of the data we hold about you please contact us via ASK the Library.

Data Protection Officer

Imperial has appointed a Data Protection Officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Data Protection Officer at:

Imperial College London
Data Protection Officer
Exhibition Road
Faculty Building Level 4
London SW7 2AZ

dpo@imperial.ac.uk      

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.