How your data will be processed
Your data will be processed by Library and Knowledge Service staff in the BASE Library Consortium in accordance with the General Data Protection Regulation (GDPR) and Data Protection Act 2018 for the purposes of administration and providing library and knowledge services to you.
We will determine and apply a membership category to you, and will add an ESR category code to assist us with statistics and reporting requirements.
Your data will be held in the United Kingdom by an ISO27001 accredited supplier that agrees to comply with the GDPR and the 2018 Act.
Lawful basis for processing
We collect your personal data and process your information to provide library and knowledge services to you under legitimate interests.
We ask your consent to contact you about library services under the consent legal basis. You can opt in and out of communications about your library from your account.
Accessing your personal data
You can obtain a full record of your account and personal data by contacting your library.
Keeping your personal information up to date
It is your responsibility to make sure the personal information we hold about you is accurate and current. You can update certain information online, and these changes will be processed by your library. You can also contact your library to make changes.
Duration of your account
Eligibility lasts throughout your employment, placement or training.
Your inactive membership record will be deleted from the library system no later than six years after your library membership expires.
On leaving the area covered by the BASE consortium, if you ask verbally or in writing for your personal data to be permanently removed from the library system, where there are no fines or outstanding items on your account, your record will be removed immediately.
Information that BASE Library collects
To ensure that Library and Knowledge Service staff can contact and provide services to you, we store your name, address(es), email address(es), phone number(s), your job title and role, your manager’s name and phone number, the organisation you work for, and details of any additional needs that you disclose to us. This information is collected through registering for the library services.
What we do with your information
We use your contact information to communicate with you about services you have requested. You will not receive communications about your library to your personal email address unless you have opted in.
We use information on any additional needs to provide relevant additional assistance, e.g. extended loan periods.
Sharing your information with others
Base Library uses a shared library management system. Your account details may be accessed by library and knowledge service staff at Birmingham & Solihull Mental Health Foundation Trust, Birmingham Community Healthcare NHS Trust, Birmingham Women’s and Children’s NHS Foundation Trust, Dudley & Walsall Mental Health Partnership NHS Trust, The Dudley Group NHS Foundation Trust, Knowledge Services – Dudley Public Health, Sandwell and West Birmingham Hospitals NHS Trust, The Royal Orthopaedic Hospital NHS Foundation Trust, The Royal Wolverhampton NHS Trust, University Hospitals Birmingham NHS Foundation Trust and Walsall Healthcare NHS Trust.
Your information may occasionally be visible to ICT staff at BASE Library organisations for the resolution of technical support queries.
Your information will be available to PTFS Europe https://www.ptfs-europe.com/ the data processor. Your information will be copied to a test server for the purposes of testing and training.
Your transactional data may occasionally be visible to Bibliotheca http://www.bibliotheca.com/, 2CQR http://www.2cqr.com/, D-Tech https://d-techinternational.com/ or Plescon which provide library self-service units and security gates. In addition your information may be visible to BT for the purpose of supplying the Smart Messaging platform to send SMS notifications to you.
We will share your information with others where required to do so by law. We will never sell your information to anyone, or share in a way not described in this notice without your permission.
Use of Analytics
The BASE Library website and catalogue uses Jetpack and Google Analytics to improve its services. Any analytical data we collect is not personally identifiable. You can opt out of being tracked by Google Analytics across all websites by visiting http://tools.google.com/dlpage/gaoptout
We are committed to safeguarding your information. www.base-library.nhs.uk uses a 256-bit SSL certificate. System backups are encrypted and rotated by PTFS Europe. Where we are required to share your information with third parties, we will take reasonable technical and organisational precautions to prevent the loss, misuse or alternation of your personal information.
Information that you submit online via the BASE Library website, or share with us by email can never be 100% secure. Any information you share in this way is communicated at your own risk. You must keep your library username and password confidential and secure. We will never ask you to share your password with us.
The Data Controlling Organisation:
BASE Library Consortium, registered at University Hospitals Birmingham NHS Foundation Trust, Level 1, Queen Elizabeth Hospital Birmingham, Mindelsohn Way, Edgbaston, Birmingham, B15 2GW
Regulated by the Information Commissioner’s Office (ICO), registration number: Z5568104.
The Data Protection Officer:
Berit Reglar, Deputy Foundation Secretary
Tel: 0121 371 4324
Printable leaflet (pdf)
Last update 02/01/2020