Privacy Policy

Introduction

We take our duty to protect personal information and confidentiality very seriously and we are committed to comply with all relevant legislation and to take all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.

We gather and use certain information you provide, in order to deliver products or services and enable functionality. This is done when you submit information to us.

We also collect information to better understand how visitors use this website to present timely and relevant information to them. This is done through the use of cookies.

Key details of the Privacy Policy

The website privacy policy describes how Leeds Libraries for Health (a partnership of libraries from Leeds Community Health NHS Trust, Leeds & York NHS Partnerships Foundation Trust, Leeds Teaching Hospitals NHS Trust and Leeds City Council) makes use of the information you give the company when you use this website.

If you are asked to provide information when using this website, it will only be used in the ways described in this privacy policy.

This policy is updated from time to time to reflect any changes. The latest version is published on this page. This website privacy policy was updated on: 26th May 2021.

If you have any questions about this policy, please email lthstafflibraries@nhs.net or write to us at: Jenny Emmel, Corporate Support Librarian, Library & Evidence Research Centre, X35, D Floor, Old Site, Leeds General Infirmary, Great George Street, LS1 3EX.

What information is being collected through personal submission and how do we collect that

By submitting enquires and requests through this website, you agree that we may collect the following information:

Name, Job title/profession, work address, home address (for library membership registration), work/home/mobile phone number, work/personal email address.

What information is being collected through cookies and how we use them

We use cookies for our analytics procedure, which is classed as observed data, to track demographics and movements through our site online. Please see our cookie policy page for more information on cookies and how we use them.

Who is collecting this information and who is your information being shared with?

We, Leeds Libraries for Health as the data controller, are collecting this information with your consent and will only share your information within the library services of Leeds Community Healthcare NHS Trust, Leeds & York Partnerships NHS Foundation Trust, Leeds Teaching Hospitals NHS Trust and the Public Health Resource Centre in Leeds City Council and those involved from the Health Informatics Service who are our Data Processor and are involved in the maintenance of the system.

We promise we will never share your details with anyone else.

We are Leeds Libraries for Health

Our registered office is c/o Library & Information Service, The Leeds Teaching Hospitals NHS Trust, Trust Headquarters, St James’s University Hospital Beckett Street, Leeds, LS9 7TF

Our Data Protection Officer is: Johnny Chagger, johnny.chagger@nhs.net, 0113 2066433

Data Processor

The Health Informatics Service is an IM&T Provider, providing solutions to over 40 organisations throughout the UK.
Their Registered office is Oak House, Woodvale Office Park, Woodvale Road, Brighouse, West Yorkshire, HD6 4AB
Their Data Protection Officer is: Helen McNae, helen.mcnae@this.nhs.uk, 07748 623531

Why is this information being collected and how will your information be used?

With your consent your information is being collected to enable you to use the full range of service offered by Leeds Libraries for Health, including but not limited to registration, management of your membership, training course bookings, enquiry services, document supply services, search services, requests to library staff.

The provision of this personal data is a requirement to use this service and failing to provide this personal data will result in the unavailability of the service on offer.  The data you supply is needed to contact you or respond to you about your enquiry, request or booking; to manage your membership and to contact you about any loans of stock; to ensure that any information we need to send to you is sent to the correct address; to ensure that your enquiry, request, booking or membership is handled by the correct library team.

Agreeing to email communication allows us to send you information relating to the specific services you are using, management of your membership and related activity, enquiries you have made, evaluation and assessment of our services, and general information about other library and information related services which may be relevant to you.

The legal basis for processing your data

Under The General Data Protection Regulation (GDPR) 2018 your data is processed under the following lawful processing:

Personal data under 6(1)(a) “the data subject has given consent to the processing of his or her personal data for one or more specific purposes;”

or  6(1)(b) “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;”

How long is this information kept for?

Your data is kept for different lengths of time depending on the purpose for which you supplied it:

  • Data supplied when you register for library membership: kept for the duration of your membership
  • Data supplied as part of a training booking: kept for three months after the date of the course
  • Data supplied as part of a general enquiry: kept until the enquiry is satisfied
  • Data supplied as part of a request for a literature search: kept for up to five years to allow for any follow up or response to any query arising in short- or long-term from the search
  • Data supplied as part of a document supply request: kept for up to six years (requirement under copyright legislation for some types of request)

 

 

 

 

Your rights as a data subject

You as the data subject have the following rights:

Under the Data Protection Act - 6th Principle:

  • a right of access to a copy of their personal data;
  • a right to object to processing that is likely to cause or is causing damage or distress;
  • a right to object to decisions being taken by automated means;
  • a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
  • a right to claim compensation for damages caused by a breach of the Act

Under the General Data Protection Regulation (GDPR)

  • a right to confirmation that their personal data is being processed and access to a copy of that data which in most cases will be Free of Charge and will be available within 1 month (which can be extended to two months in some circumstances)
  • Who that data has or will be disclosed to;
  • The period of time the data will be stored for
  • a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed;
  • Data Portability – data provided electronically in a commonly used format
  • The right to be forgotten and erasure of data does not apply to an individual’s health record or for public health purposes
  • The right to lodge a complaint with a supervising authority (see Raising a concern page 7)

For more information on your rights and what this means please see the ICO’s Documentation here.

Please note: Should you have a problem with the way your data is being handled, in the first instance Data Subjects should be going to the organisations DPO to make a formal complaint, In the second instance individuals have a right to complain to the ICO.

You're right to object, refuse or withdraw consent

If you wish to withdraw consent, please email lthstafflibraries@nhs.net or write to us at: Jenny Emmel, Corporate Support Librarian, Library & Evidence Research Centre, X35, D Floor, Old Site, Leeds General Infirmary, Great George Street, LS1 3EX.

Please note: Should you have a problem with the way your data is being handled, in the first instance Data Subjects should be going to the organisation’s DPO to make a formal complaint, In the second instance individuals have a right to complain to the ICO.

Security

Confidentiality affects everyone: the parent organisations of each library service in the partnership, namely Leeds Community Health NHS Trust, Leeds & York NHS Partnerships Foundation Trust, The Leeds Teaching Hospitals NHS Trust and Leeds City Council collect, store and use large amounts of personal and sensitive personal data every day, such as medical records, personal records and computerised information. This data is used by many people in the course of their work.

We take our duty to protect personal information and confidentiality very seriously and we are committed to comply with all relevant legislation and to take all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.

At Board level, each organisation has appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents, and, where applicable, a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality.

We will always hold your information securely.

To prevent unauthorised disclosure or access to your information we have implemented strong physical and electronic safeguards.

We also follow stringent procedures to ensure we work with all personal data in line with the GDPR legislation.

Links from our site

Our website may contain links to other websites.

Please note that we have no control of websites outside the www.leedslibaries.nhs.uk domain. If you provide information to a website to which we link, we are not responsible for its data protection and privacy.

Always be wary when submitting data to websites. Read the sites data protection and privacy policies fully.