The Library needs to collect and retain certain types of data, in various formats, about its current and past users in order to fulfil its functions as a provider of library and information services. In complying with the Data Protection Act 1998, this statement describes the purposes for which the information is collected and the Library’s obligations in processing this data.
The purposes for which the Library may process your personal data (including sensitive personal data) collected during your association with the Library include:
Your data are held securely, and are accessed only by those in the University who need to see them in the performance of their duties, and proportionately to those duties.
Your data are not disclosed to:
Your data are held for appropriate periods relating to the original purpose of their collection. For example:
Data are securely destroyed as follows:
The University of York is registered as a data controller with the Information Commissioner’s Office and has publicly notified its uses of personal data in the public Register of Data Controllers. The University undertakes to maintain personal data in secure conditions and to process and disclose data only within the terms of its Data Protection notification.
Users are reminded that they have a responsibility to keep their information accurate and up-to-date. Please help us to do this by notifying us of any alterations to your address, personal details, or other relevant information.
Under the Data Protection Act 1998 you have a right to ask to see the personal information held on you by the Library (a fee of £10 will be charged). You also have the right to object to any use of your data that may cause you substantial or unwarranted damage or distress; and to require the correction of inaccurate data we hold about you.
Please contact the University Records Manager (firstname.lastname@example.org) if you have specific questions relating to Data Protection, or for details of procedures relating to your rights as a data subject or responsibilities under the Act.
A copy of the University Data Protection policy and guidelines is available at the Data Protection Policy webpage.
|Updated||14 December 2015 by Chris Webb|
|Review cycle||Two years (alongside Library Regulations)|
|Date of next review||
January 2017 (for May-July University committees)