Privacy notice
LibraryOn is operated by the British Library. We care about the privacy of the people who use our websites, and this policy explains how we deal with the personal information that you give us.
What types of information do we collect about you?
When you use our site, we may collect certain personal information which (either on its own or when combined with other information we hold about you) allows us to identify you as an individual, and which is about you.
We may collect or process a number of different types of personal information from you depending on how you use our site, but which may include any or all of your:
- your name and title
- email address
- device information (such as MAC address, IP address, operating system, device and browser type)
- location information (such as GPS signal emitted by your mobile device)
- marketing preferences (for example where you have opted in to receive our newsletter(s))
- reason(s) for contacting us, such an enquiries or requests
- opinions, preferences, feedback, complaints, comments and/or suggestions
- online browsing habits, activities and behaviour (such as which of our web pages you have visited and when you visited them)
This list is not intended to be exhaustive and may be updated from time to time as our business needs and legal requirements dictate.
We will normally collect personal information directly from you when you volunteer it to us, or when we gather it from your use of our website.
Where it is necessary and lawful to do so, we may also collect information from and/or combine your personal information with information from other sources.
We do not normally collect any Sensitive Personal Information from or about you, and do not wish to do so unless it is essential. If we do, we will only ask you to provide the minimum amount of information required for that purpose. In other cases, we will collect and use this type of information only with your clear consent. Please do not provide us with Sensitive Personal Information under any other circumstances.
How do we collect your personal information?
This privacy policy applies to any information that you send to us, as well as any information that we may gather from your use of our website.
We may automatically collect certain information from you (such as usage information) when you use our website, through the use of web beacons, device identifiers, pixel tags, cookies and similar technologies. We may combine this information with other personal information that we have collected from or about you in order to learn more about how you use our website.
We use Hotjar in order to better understand your needs and to optimize this website. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.). Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
We also use Google Analytics. This is a web analytics service offered by Google that tracks and reports website traffic. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having your activity tracked by Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about your activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.
Why do we use your personal information?
We may use your personal information for a variety of purposes, depending upon how you interact with us. Quite often we will use your data simply to fulfil a request that you have initiated, such as to deal with your enquiry, or to add you to our mailing list.
We may also use your personal information to manage and develop the LibraryOn service, for example to:
- ensure that our website is provided in the most effective manner for you and the device you are using
- manage and improve our website
- review and analyse your use of our website in order to develop and improve the quality of our offering and strengthen our relationship with you
- share information with you via our own systems (or third party collaboration systems used on our behalf such as Microsoft365 or Google Docs)
- contact you if we have not heard from you for a certain amount of time
- invite you to provide feedback, assist with surveys and input into consultation exercises
- provide you with administrative information and/or service announcements and updates (including changes to our policies and terms)
- ensure our records are accurate and up to date
- administer our legitimate internal management analysis, audit, forecasts and business planning
- enforce our rules and policies, and maintain our network security
- meet audit requirements
- comply with our legal obligations and to perform our statutory and public functions and duties
- establish, defend or exercise our legal rights
- comply with orders/requests received from the public and regulatory, governmental and judicial bodies
- comply with our legal, regulatory and internal governance obligations (for example record retention policies)
- Where you have given your consent we may also use your contact details to send you direct marketing communications (including e-mail marketing and fundraising communications).
- In carrying out the above, the Library processes your personal data in a variety of ways, each of which may have a different legal basis. We may process your personal data because:
- You have given your consent (e.g. for the provision of marketing correspondence)
- It is in the public interest and in the performance of our official duties (e.g. the provision of the LibraryOn service).
Depersonalised and anonymous information
Depersonalised or aggregated information does not personally identify you. We may also convert personal information into depersonalised (“pseudonymous”) data or anonymous data for statistical analysis and administration, tailoring products and Services, risk assessment and analysis of costs and charges in relation to our Services (normally on an aggregated statistical basis).
Do we share personal information with third parties?
Your personal information will be made available to those members of our staff who need to see it in order to perform their jobs in relation to LibraryOn.
In addition, we make use of expert third party service providers to perform functions and/or provide services on our behalf (such as website hosting, communication methods, payment services, logistics, customer services, IT, marketing, and security). These third party service providers (“Data Processors”) may use your personal information in order to assist us. in particular, the LibraryOn website uses web analytics services provided by both Google and Hotjar (See ‘How do we collect your personal information?’ above).
We may share personal information within LibraryOn’s advisory boards, panels and councils as needed for reasonable management, analysis, planning and decision making, including in relation to taking decisions regarding our Service offering, order or customer request fulfilment.
In limited cases, your personal information may also be shared with other people and organisations to the extent permitted or required by law. For example, we may provide your personal information to:
- government authorities, law enforcement and regulatory authorities where required or permitted by law, and for tax or other lawful purposes
- external parties in response to legal process, and when required to comply with laws, to respond to an emergency, or to enforce our agreements, policies, rules and terms, or to protect the rights, property or safety of our staff, agents, customers and other users of the British Library
- parties to whom you authorise us to release your personal information
Will we send your personal information overseas?
You should be aware that the recipients of your personal information (as set out above) may be located in countries or territories outside the European Economic Area (“EEA”) which may not have data protection laws equivalent to those in the UK. Where we (or a Data Processor acting on our behalf) transfer your personal information to countries outside of the EEA, we will put in place such other measures as are required by law to ensure that those transfers are adequately protected.
What are your choices relating to contact from us?
We will not contact you unless you ask to join our mailing list. If you do, we may provide you by email with information about the LibraryOn project, as well as other information from the British Library which may be of interest to you. We may also invite you to take part in market research.
We will ensure that any direct marketing communications that you receive from LibraryOn provide a simple way for you to decline or change your mind about further marketing. For example, in emails LibraryOn may provide you with an ‘unsubscribe’ link, or an email address to which you can send an opt-out request. We will take steps to stop any direct marketing to which you object, or in respect of which you withdraw your consent, within one calendar month being told of your objection or withdrawal of consent.
If you tell us that you no longer wish to receive our marketing communications will keep a record of your request so as to avoid contacting you again in the future with direct marketing content.
How do we keep your personal information safe?
We take steps to seek to protect the security of your personal information, in accordance with our legal obligations, and as set out in our Information Security Policy.
Please note that we cannot guarantee the security of any transmission of personal information via email. While we strive to protect your personal information, we cannot guarantee the security of any information transmitted to us over the internet. Therefore, please do not submit personal information to us online unless you accept the security risks of doing so.
What are your rights in relation to your personal information?
You have a number of rights in relation to your personal information, although in some cases these rights are subject to certain conditions and limitations. You are entitled to:
- request copies of, and/or access to your personal information
- request that your personal information be corrected where inaccurate or incomplete
- request that your personal data be deleted (or that we stop using your personal data) where it is no longer necessary
- request that we stop sending you direct marketing communications
If you would like to exercise any of your rights, please contact our Data Protection Officer at: Corporate Information Management Unit
The British Library
96 Euston Road
London
NW1 2DB
Email: [email protected]
To help us identify the personal information you are referring to, please include any details that will enable us to locate the relevant personal information.
In order to be sure that your personal information is not disclosed to an impostor, we may require you to provide us with proof of identity before any action is taken or personal information is disclosed.
Any request that you send to us in relation to your rights will be processed within one calendar month of the Library accepting your request.
If after receiving a reply from us you are still unhappy with our response to such a request you may complain to the Information Commissioner’s Office (ICO). Details on how to do so can be found on the ICO’s website.
Retaining your personal information
We will keep your details on record until we have completely dealt with your request or enquiry, and then for a reasonable period afterwards, in accordance with data protection and other applicable legislation, as set out in our Records Management Policy (PDF).
We may keep your details on record for as long as is necessary to meet the purposes for which it was collected. When we decide that holding your details is no longer necessary we will securely delete / destroy your details.
In general we will retain the personal information that you have provided to us for seven years since your last contact with us, for the purposes of audit, analysis and customer management, and the defence of legal claims.
Changes to this Privacy Policy
We may change this policy from time to time to reflect changes in the law and/or our privacy practices. We will update the date at the bottom of this page whenever we do that.
We encourage you to check this policy for changes, for example when you revisit our website.
By submitting your personal information to us, you are indicating that you understand how we use your personal information, as described in this policy.
Contact us
If you have any questions about this Policy, please contact our Data Protection Officer at:
Corporate Information Management Unit
The British Library
96 Euston Road
London
NW1 2DB
Email: [email protected]