Libraries: privacy notice

This notice explains when we collect personal data, what we use it for, who we share it with and your rights.

The identity and contact details of the company

Reading Borough Council – Reading Libraries

Contact details of the Data Protection Officer

What personal data is held?

  • Name
  • Residential address
  • Email address
  • Date of birth (if required)
  • Telephone number/s
  • Ethnicity
  • Disability
  • Gender

Information is collected during face-to-face contact, using electronic forms via website or by telephone.

How will the data be stored?

Our library computer system is accessed via secure connections and hosted on secure servers, in a remote data centre in the UK.

Where we have data held on paper, this will be minimal, stored in a locked area, scanned where possible and kept for no longer than necessary to deal with the transaction.

Item we may have with you information on paper are:

  • Record of you signing for membership and information provided (either individual or group)
  • Record of your consent for a particular activity (interlibrary loan, donation, looking at an item held securely, running or taking part in an activity, booking a space)
  • Comment, question or complaint

What is the legal basis for the collection, use and storage of the data?

  • Local Government Finance Act 1992
  • Public Libraries and Museums Act 1964
  • Copyright Designs and Patent Act 1988
  • Freedom of Information Act 2000

We use information to offer a library service to those who live, work or study in Reading. The information we collect is used as part of offering a library membership and so that we can contact you in relation to your library account or in relation to library activities.

Details of how long the data will be stored and criteria used to determine this

  • Library system information is held for up to 7 years after last use of a library account. Where there are no financial transactions associated with the account it will be removed after 3 years.
  • Where we have paper financial records these will be kept for 7 years.
  • Any paper-based information would be kept only as long as the related activity is ongoing.

Who will it be shared with and for what purpose?

  • Civica UK host and run our library computer system and are the Data Processor for your library account. Reading Borough Council is the Data Controller for this information.
  • Reading Borough Council library staff use the library computer system.
  • Where you use self service kiosks, your library information will be securely shared with the network provider (Insight) and self-service provider (Dtech UK) to allow identification.
  • Where you use public computers or wifi, your card information is securely shared with the service provider (Insight Media)
  • Where you pay by card your card information is securely shared with the payment provider (Cardnet/Hemisphere West)
  • Where you choose to use electronic resources such as ebooks or emagazines, you consent to sharing information with these providers. These are currently RB Digital (for Zinio), Bibliotheca UK (for Cloud Library).
  • Where you receive printed notices, your information is shared with Civica UK who provide the mailing service.
  • SELMS (Southeast Library Management System) to allow borrowing from all libraries in the Southeast (opt in required)
  • Compliments and Complaints are shared internally with the complaints team for Reading Borough Council.
  • We may use your email address with your consent for information and notification of library events and activities.
  • If you have opted into our enewsletter, your email address only is shared with Constant Contact or PatronPoint in USA for E-newsletter, however this e-newsletter is created and sent by Reading Borough Council.
  • System messages covering transactions and notices relating to your account may come from us, from Civica Spydus, or from PatronPoint
  • Any third-party provider may ask you for further consent relating to marketing by these partners, which you can opt into – however if you opt in these companies are the data controllers in these cases for the services provided.
  • Reading Libraries will not share the information you have provided for any marketing purpose. We will only send you library marketing information if you have consented to us doing so. We will send messages relating to use of your account (reservations, expiries of account) if you have opted out of marketing.
  • Please note that information regarding visa service is solely processed by SopraSteria and UKVI/Home Office – data entry is done on this site by Reading Borough Council, but your information is not on any Reading Borough Council system.

How can the service user get access to it?

A    Subject    Access    Request    can    be    made    by    following    the

State whether any data is to be transferred outside the EU

Our enewsletter provider is based in the USA but is GDPR compliant for UK/EU customers. This company has your email address if you have opted into the newsletter.

Some notices are sent by PatronPoint USA for purposes of supporting use of your account. Company is GDPR compliant for UK/EU customers.

Is processing based on consent?

You can withdraw consent at any time.

If you do not consent to us holding your data, then you cannot borrow items from the library or use library computer systems

You have a ‘right to be forgotten’ so you can ask for your personal information to be deleted where:

  • It is no longer needed for the reason why it was collected in the first place
  • You have removed your consent for us to use your information and we do not have to keep your information for legal reasons

If we have shared your personal information with others, we will do what we can to make sure those using your personal information comply with your request for erasure. We may not be able to delete your personal data if it is needed for legal reasons.

What other rights does the service user have that we have to make known to them?

You have

  • The right to have data corrected
  • The right to have data deleted
  • The right to put a complaint to the Information Commissioner’s Office (ICO)

State if there will be any automated decision making

We do not use automated decision making


By signing the membership ledger you are consenting to joining Reading Borough Council’s library service. Your information will only be securely shared with certain organisations to run your library account:

  • Civica Spydus (library computer system)
  • PatronPoint / Constant Contact (library messaging)
  • Dtech (self-service kiosks)
  • Insight Media (public IT)

We require this information to give you a library account and allow the borrowing of items and the use of library IT.

This data will only be shared securely with these third parties and only as necessary.

You have the right to withdraw consent at any time by emailing or writing to the Library Services Manager – please note this will mean that we will be unable to provide borrowing or IT services to you.

Last updated on 19/06/2023