Introduction

Keats Community Library (“KCL”) is a small independent charity with its main activity of running a library in Keats Grove. This page is intended to explain how KCL complies with the GDPR (General Data Protection Regulations) which is effective from 25th May 2018. The GDPR legally affects how KCL handles data and how KCL communicates with its Stakeholders. KCL has always been most concerned about privacy of data and takes all reasonable steps to ensure data collected is treated appropriately and confidentially as well as complying with current legislation. In this note reference is made to “Stakeholders”. This term includes Library Card Holders, Volunteers, Trustees and other parties who may have given data to KCL at some point.

Need for, and use of, Data

Library Lending Functions

In order to operate the lending functions of the library, KCL need to hold information on the library users in its database. The information is taken by a KCL team member when the Library Card Application form is signed by the applicant. This database holds:

  • Name of Card Holder(s)
  • Address
  • Telephone Number
  • Email contact
  • (As applicable) for children under 16: date of birth
  • Library Card number

The data is used to operate the applicant’s Library Card Account (and that of any children) and to contact the applicant in case of overdue or lost items. KCL’s Library System, Heritage, also keeps records of all items borrowed and returned, fines paid and amount outstanding. Bank and credit card data is not kept. KCL regards this data as falling under the “legitimate interest” category in the GDPR. 

Donors

KCL is wholly dependent on the community for support as it receives no funding from Camden council or Central Government. KCL therefore relies heavily on its Donors and needs to keep records of their donations to express appreciation for their support and, (where specifically agreed by the Donor completing a Gift Aid form) to collect Gift Aid refunds from HMRC.

KCL manages a database of its Donors. The information on this Donor database is:

  • *Name
  • *Address
  • (As applicable) Date of Gift Aid form
  • *(As Applicable) Amounts donated and date of donation
  • (As Applicable) Standing orders in force
  • (As Applicable) Dates and amounts of Gift Aid claims to HMRC

* Sent to HMRC for Gift Aid Claims.

KCL also keeps signed Gift Aid forms and copies of Standing Order mandates in order to be able to respond to queries by both HMRC and the relevant banks. KCL regards this information as falling under either Legitimate Interest and/or Consent.

KCL Events and Keeping Stakeholders informed

In order to be able to inform KCL’s Library Card Holders and also others who have expressed interest about the library, KCL Emails newsletters from time to time. It is the only economically practical method.  All Library Card Holders may be put onto the newsletter database. Other Stakeholders who do not have Library Cards may request to join in order to be kept informed.

A separate database is kept for children in order to ensure their family receives only relevant information. The information on these two databases is:

  • Name of Card Holder(s)
  • Address
  • Telephone Number
  • Email contact
  • (As applicable) for children under 16: date of birth
  • Library Card number
  • Date of application
  • (As applicable) Gift Aid form completed
  • (As applicable) Name of school for children joining in a class

KCL regards this data as falling under the “legitimate interest” category in the GDPR.

Other data kept by KCL for specific purposes

  • Volunteer Data has basic details of our volunteers who apply to KCL and complete a paper form which is retained; information on the DBS searches undertaken as applicable and their status on the rota
  • Book Group which has the names and contact details of people asking to join the KCL book group
  • Children’s Activities which has the names and contact details of parents who have expressed an interest in hearing about activities for their child(ren).

KCL Regards this data as falling under “legitimate interest”.

How data is stored

Library Lending Functions

The application form, completed in paper form by each applicant, is stored in a secure locked cabinet in a non-public part of the Library, itself locked. The data from the application form is entered into a Library System called Heritage which is operated under licence from IsOxford. Heritage is used in many professional libraries and institution in the UK. IsOxford host Heritage on their servers and therefore holds the KCL data under a licence agreement. IsOxford undertake to comply with all relevant legislation including GDPR. They also back up Heritage so that KCL is not exposed to loss of data. KCL does not store Heritage data in the library and obtains access through computer terminals of which the two at KCL are only used by KCL team members. Access to Heritage is controlled by 2 sets of logins and 2 passwords required to enter the system.

Donors

The data is held on a dedicated file on a KCL account on an internet service and at MailChimp. Both are GDPR compliant. The file itself and the KCL account and the MailChimp accounts have separate passwords for access.

KCL Events and Keeping Stakeholders informed

The data is held in two places:

  • On a dedicated Gmail account held by KCL. The Gmail account has its own password, known only to selected Trustees. It is also backed up manually and stored on a GDPR compliant service on a passworded file
  • By MailChimp, being a service is used by nearly all comparable organisations to send out bulk information by email. MailChimp accounts are secured with a password, used by nominated Trustees. MailChimp is GDPR compliant.

Other Data Kept by KCL for specific purposes:

  • The Volunteer data is managed by the Volunteer manager and the volunteer who manages the shifts. The application forms are filed and locked in a secure cabinet. Some of the contact data, such as shifts, is shared amongst all the volunteers openly and further security is considered unnecessary
  • Book Group data is on a Gmail list kept by the Book Group Administrator. The list is small and the names are all known to the members of the group. No further security is considered necessary
  • Children’s Activities are managed by a Trustee who keeps the data secure. Given it is very limited in scope and numbers, no further security is considered necessary

How long is data stored by KCL

  • The general policy is to remove data when it is no longer needed. The Trustees review the data retention policy as necessary.
    Library Lending Functions
  • KCL is not always informed when a Library Card holder decides to end their interest in KCL. If KCL is told, then the Card Holder is deleted from the Heritage. Details are retained while borrowed items or money is outstanding.
  • The Donor database is updated for new donors, new standing orders and new Gift Aid forms. People are mainly removed at their request on moving away or on death. Gift Aid data will be retained for at least 6 tax years in line with HMCR guidelines
  • The KCL Events Data Base is constantly updated as new cards are issued or recipients decide to leave KCL or just the database. They will also be removed from the newsletter databases on direct request or if they “unsubscribe” through MailChimp

Other Data Kept by KCL for specific purposes

  • The volunteer data may be retained for 6 years after a volunteer leaves in case of questions or requests for references
  • Book Group data is refined as members come and go. No fixed date.
  • Children’s Activity Data is also refined as interest is generated or families leave. No fixed date.

Rights of Stakeholders (including Library Card Holders) with Data held by KCL

Any person may ask to see the data that KCL holds on them and request corrections.

  • Any person may ask for their data at KCL to be deleted. It should be noted that Data held for the Library Lending Functions (described above) is essential to operate KCL. If a cardholder requests deletion from Heritage then that account will be closed and the data deleted only after the related Library Card(s), and any borrowed item(s) have been returned together with payments of outstanding amount(s) due
  • Volunteers requesting deletion of their data can no longer continue to volunteer.
  • Data Held for Gift Aid can be deleted for future applications but KCL is obliged to keep records in case of questions by HMRC for up to 6 years
  • KCL Events data Held for promoting Library Activities, may be deleted at any time.

Applications to see data or for deletion should be made in writing by post or email to KCL at the address below. KCL will need to verify identity in order to release information. Note: Applications made by telephone or in person at the library cannot be accepted; volunteers are not all authorised to handle or access data.

 

0
0
0
s2sdefault