Important information and who we are:
Purpose of this privacy notice
Libraries Connected respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you use the ReadOn by London Libraries app and tell you about your privacy rights and how the law protects you.
Controller
Libraries Connected is the controller and responsible for your personal data (collectively referred to as “Libraries Connected”, “we”, “us” or “our” in this privacy notice).
We have appointed a Privacy Manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights (as set out in paragraph 9 of this privacy policy), please contact the Privacy Manager using the details set out below.
Contact details
Our full details are:
Full name of legal entity: Libraries Connected (charity number 1176482)
Name and title of Privacy Manager: Isobel Hunter, CEO
Email address: isobel.hunter@librariesconnected.org.uk
Postal address: 3rd Floor, Islington Central Library, 2 Fieldway Crescent, London, N5 1PF
Telephone number: 020 33701 2306
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
London Libraries is the regional group of Libraries Connected for Geater London and has membership of all 32 boroughs and the City of London. It works collaboratively to promote London’s public library network and delivers regional campaigns and annual events. It has no legal standing in its own right.
London Libraries has developed the ReadOn app to promote reading across London.
Collecting and Using Your Personal Data
Types of Data Collected:
Personal Data
While using the ReadOn by London Libraries app, we will ask you to provide us with your email address in order to create an account. This is the only personally identifiable information we will request.
Usage Data
Anonymised usage Data is collected automatically when using the app. This may include statistics, challenge results and usage analytics from the overall user base of the app and is not specific to any individual user.
How we use your personal data:
We will only use your personal data when the law allows us to. For the ReadOn by London Libraries app, we will use your personal data in the following circumstances:
• We will only use this data for the purposes of the creation of an account to use the app.
• We will not share personal data with any parties not directly involved in the management and administration of this app.
• We will keep personal data safe by ensuring that it is transmitted securely (encrypted) to the app server and the authentication service.
• The app server will store the encrypted personal data and assign a unique device identifier that cannot be linked back to the personal data.
Purposes for which we will use your personal data:
• For the creation of an account to use the app and retain your progress when changing device.
Purposes for which we will use usage data:
• Collated anonymised usage data is periodically exported for the benefit of Libraries Connected, London Libraries and individual member library services of London Libraries.
Data retention
How long will you use my personal data for?
Libraries Connected will only retain your personal data for as long as necessary to fulfil the purposes set out in the privacy notice.
If your ReadOn by London Libraries account is inactive for 12 months, a notification will be sent to you via the app warning you to log in if you wish to retain the account. If there is no log in within 30 days of this notification, the account will be permanently deleted with all records and authentication information removed from both the app server and the cloud authentication service.
Disclosures of your personal data
We may have to share your personal data with the parties set out below for the purposes of providing the service.
External Third Parties
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
International transfers
We will endeavour to retain your personal data with service providers based in the UK.
However, if there are circumstance in which we need to transfer your personal data out of the UK and/or the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK and/or the European Commission.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the UK and/or Europe.
Where none of the above apply, we will ask you to specifically consent to the transfer.
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
GDPR Privacy
Legal Basis for Processing Personal Data under GDPR
We may process Personal Data under the following conditions:
• Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
• Performance of a contract: Provision of personal data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof.
• Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which Libaries Connected is subject.
• Vital interests: Processing Personal Data is necessary in order to protect your vital interests or of another natural person.
• Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
• Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Libraries Connected.
In any case, the Libraries Connected will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Your Rights under the GDPR
Libraries Connected undertakes to respect the confidentiality of your personal data and to guarantee you can exercise Your rights.
You have the right under this Privacy Notice, and by law if You are within the UK or EU to:
• Request access to your personal data. The request is made from within the app and you will be able to download all the personal information held by the app.
• Request correction of the personal data that we hold about you. You have the right to have any incomplete or inaccurate information we hold about you corrected.
• Object to processing of your personal data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your personal data on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
• Request erasure of your personal data. You have the right to delete your account at any time from within the app. This will also delete all records of your personal information and device identifies from the authentication service and app servers.
• Withdraw your consent. You have the right to withdraw your consent on using your personal Data. If you withdraw your consent, We may not be able to provide you with access to certain specific functionalities of the service.
Exercising of Your GDPR Data Protection Rights
You may exercise your rights of access, rectification, cancellation and opposition through the app setting.
You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, if you are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.