Privacy statement: Library 2025/2026 - for external members using the University of Portsmouth Library

Who is processing your personal data?

The University of Portsmouth Library processes data about you to give you access to the building and/or to provide services offered by the Library to you.

If you have any questions about how the University processes your data, then the following contact information may be useful.

 

The University’s correspondence address is:

The University of Portsmouth

Mercantile House

Hampshire Terrace

Winston Churchill Avenue

Portsmouth

PO1 2EG

Main switchboard: 023 9284 8484


The University’s Data Protection Officer is:

Samantha Hill – Information Disclosure Manager

Email: data.protection@port.ac.uk

Direct telephone number: 023 9284 3462

To check and update your details with the Library, please contact:

library@port.ac.uk

023 9284 3228

 

What we use the data for

The University of Portsmouth Library processes your personal data, to allow you access to the building, to allow you to borrow loans where applicable, to use Library services where contact information is required (e.g. our online chat service). Your data will also be used to produce anonymous statistics to show Library usage trends.

The University of Portsmouth Library may contact you to keep you informed of events relevant to your use of the Library or to invite you to renew your membership, using the email address you have provided.

 

Your responsibilities

In order for the Library to be able to process your data correctly, it is your responsibility to inform us as soon as possible if data we hold about you is incorrect or requires updating.

  • You will be asked to check that the details we hold for you are correct, when you renew your External Reader membership. As it is not possible for External Readers to update their own details, staff in the University Library will be able to do it for you.

 

Our legal basis for processing your data

The University’s legal basis for processing your personal data is that the processing is necessary for the performance of a task carried out in the public interest.

Admission to the Library for the purpose of study or research is at the discretion of the University Librarian for users who are not members of staff or registered students of the University.  This data is collected to enable us to grant you entry to the Library to use our services in the absence of a Staff or Student contract, and to ensure that we can identify clients of our service, if required by resources suppliers or for security reasons (personal or IT-related).

 

Who will have access to your data?

Only those members of staff within the University of Portsmouth Library who need to have access to the data you provide when you register, those members of staff who update information via the Library Management System or the University Card System in order to administer your access to the Library’s services, and those members of staff processing your service requests, will have that access.

 

Who will receive your data?

It is not possible to list all of the bodies with whom we might have to share your personal data, but the following are examples of when the University Library will release data about you to third parties where you ask us to, where we have a legitimate reason to use that data in connection with your use of Library services, or where the University is under a legal requirement to provide data.

  • Details of any reportable accidents are referred to the Health and Safety Executive (HSE). Data provided to the HSE will include the personal data of any individual involved in the accident.
  • Your data will be used to produce anonymous statistics to show Library usage trends.
  • We will provide data on request to the police and other enforcement agencies in emergencies and where crime detection can be aided by its release.
  • The University has a duty of care to the wider community and may release data to the public authorities if requested.
  • We will release data to home institutions in the case of default or non-returned loans for users of the Sconul Access scheme.
  • Data may be released to the third party organisations that host University data. For example:
    • the University’s card supplier, for use in the production of your University card;
    • the University Library’s chat service, in order to contact users with further details if appropriate;
    • the University Library’s Access Control system supplier, to enable you to access the Library turnstiles;
    • the University’s Library Management System supplier, to enable you to borrow the Library stock;

All instances of data sharing/hosting is covered by contractual arrangements or an Operational Agreement with the party concerned.

The University Library will not release data to any third party with there being a lawful basis to do, except where you ask for this to happen.

If you wish the University of Portsmouth Library to provide data to third parties in non-emergency situations, you should provide written consent to release the data, stating the name and contact details of the individual to whom you wish the data to be sent and the particular data you agree can be released/discussed.

 

Will your data be sent or stored abroad?

The University stores some data in the cloud via Microsoft 364, Google Apps for Education, AWS and Microsoft Azure, where possible the data will be located in the UK.  However, data may also be stored which may involve personal data being stored on servers within the EU  If data is held on servers based outside the EU, that processing is covered under relevant contractual terms e.g. .the Library’s chat service is based in the US and collects user information so that we can contact users with further details relating to your enquiry, if appropriate.

 

How long will your data be stored?

After you have applied for an External Reader card, we retain your full library account for up to 12 months after the expiry of your account, so that we can offer you a renewal of your account when asked to do so.

After this 12 months, your library account is “anonymised”, which means that we remove all personal information from the account.  We retain information about which items have been borrowed on your account to aid our stock management processes and other usage trends.

 

Your rights

You are entitled to request a copy of the data you provide to us in an electronic format so that you may pass that data to another body (the right to data portability), as well as to request a copy of the data we hold about you (a Subject Access Request).

You are also entitled to raise an objection to the processing where the processing of data we hold about you is likely to cause you damage or distress, and to request the rectification of any incorrect data, the restriction of any further processing of your data or the erasure of your data (right to be forgotten).

You should be aware that, as the University Library requires your data in order to grant you access to the building and its resources, should you exercise your right to the erasure of your personal data, it will not be possible for you to continue to use the Library’s services.

 If you require any further information on, or wish to object to any of the uses to which we put your data, you should contact Samantha Hill, the University’s Data Protection Officer (contact details above).

Finally, you have the right to complain about the processing of your data to the UK regulator, the Information Commissioner’s Office. For more information about this body and how to make a complaint, please see www.ico.org.uk.

Document author and department: Kath Shakespeare, University Librarian, Library & Information Services 

Annual review; last updated: 28 August 2025.