Privacy Notice and Membership Declaration for Lancashire Teaching Hospitals Library Service
This privacy policy explains:
• What personal data we hold about you and why we hold it
• Who may have access to your data
• How your data is processed and stored
• How long your data is retained
• Your individual rights
Introduction
We are committed to safeguarding your information. The information you supply will be used to contact you about services or resources that you have requested from the Library Service at Lancashire Teaching Hospitals (LKS). We hold personal data about you as it is necessary for the performance of a contract. We will keep and use it to enable us to administer library services effectively, lawfully and appropriately. This privacy notice applies to all staff and students at Lancashire Teaching Hospitals who are members of the library or use any of our service.
What personal data we hold about you and why we hold it
We store your data so that we can contact you in the administration of library services, for example, book loans, literature search requests, training, document supply and access to electronic resources.
We store your name, work and/or home postal address, email address(es), phone number(s), employer’s name, employer’s location, job role, and course and academic institution where relevant.
This data is stored in our library management system and also on local spreadsheets and databases.
Sharing your personal information
Your information may be shared within the organisation when there is a legitimate business need to do so, for example, we share training records with our central training administrators.
We will only ever share your information outside the organisation if we are satisfied that they have sufficient measures in place to protect your information in the same way that we do. We will never share your information for marketing purposes.
Your mobile phone number is shared with a third party, to enable us to text you when your books are due for renewal. This company complies with the General Data Protection Regulation (GDPR).
We may also occasionally share your information with the organisations that supply and manage our library management systems.
We may share your information with another LKS team if you move organisations (you will receive an email notification if this happens).
If you have any concerns related to this privacy policy, or have any queries about the use of your personal data, please contact library@lthtr.nhs.uk .
How your data is processed and stored
When you complete a registration form, your data is added to our Library Management System which is stored at Lancashire Teaching Hospitals NHS Foundation Trust. If you notify us of a change to your data, we update the system accordingly.
Technical safeguards are in place to help ensure that your data is kept safe and only disclosed to people who are authorised to view it.
How long your data is retained
Your data is kept for as long as you are an active library member. If you cease to be an active member we will delete your data a maximum of two years after you have ceased to be active, or sooner if you inform us that you wish us to delete it. We securely destroy any personal data about you when it is no longer of use.
For our literature searching service, we will keep your data for 3 years so that we can refer back to the search results and we will keep training records for 2 years.
Individual rights
GDPR laws give you rights in respect of the personal information that we hold about you.
These are:
• To be informed why, where and how we use your information.
• To ask for access to your information.
• To ask for your information to be corrected if it is inaccurate or incomplete.
• To ask for your information to be deleted or removed where there is no need for us to continue processing it.
• To ask us to restrict the processing of your information.
• To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
• To object to how your information is used.
• To challenge any decisions made without human intervention (automated decision making)
For further details on the rights of individuals under GDPR please visit our Trust Information Governance intranet site.
If you would like to see what data we hold about you, or request that it is updated please contact library@lthtr.nhs.uk.
Lancashire County Council Public Health Blog 