Privacy Statement

Pembrokeshire County Council logo

Privacy notice - Pembrokeshire Library Service

This privacy notice covers how Pembrokeshire County Council (as a Data Controller) will collect, use and share your personal data for the purposes of the Pembrokeshire County Council Library Service in order to provide a comprehensive and efficient Library Service to customers across council run Library sites and services and community partnership Library sites.

Pembrokeshire Library is a member of the LMS Cymru Consortium. LMS Cymru is responsible for strategic governance of the shared national digital public libraries platform for Wales and Cyngor Gwynedd acts as Lead Authority with responsibility for performance monitoring data reasonably requested by the Consortium and by individual Parties and maintaining a formal Joint Data Controller Agreement to which all parties adhere to. LMS Cymru is a partnership between Welsh Library authorities. Our services work together to share costs and offer enhanced services to customers. 

Why we need your information (purpose of processing)

When registering as a library member, our library service requires your name, address, telephone number, email address and date of birth so that you can be a member of the library service and can borrow material and use resources.

We collect and use your personal information so that we can:

  • provide you access to borrow and use library resources and facilities
  • assign you the correct borrower ticket [card] and entitlements
  • contact you regarding any items you have borrowed that are due to be returned or that are overdue
  • contact you regarding any library fees you may have incurred
  • contact you regarding any item or PC reservations you have made
  • to gather statistical information to allow us to plan future provision of services and to obtain your opinion about our services and to help inform decision regarding the resources and services provided by the library service
  • to enable us to communicate with you, and provide you information about library services , including informing you of changes and developments to the service. For example, we may contact you to let you know of any unplanned closures or loss of service.
  • allow and record access to our public computers
  • allow and record access to our e-resources and online library catalogue
  • allow and record access to our Open+ libraries 

With your consent we will also use your personal information to contact you with marketing correspondence relating to library events and services. You can opt out of this arrangement at any time by contacting your local Library.

We will use your information anonymously for statistical purposes to enhance the service.

We also collect information when you voluntarily complete customer surveys, or provide feedback.

Website usage information is collected using cookies.

When visiting our Libraries CCTV may be in place, this is for the prevention and detection of crime and for staff safety.

The information that you provide will be processed according to the UK General Data Protection Regulation, the Data Protection Act 2018, Public Libraries & Museums Act 1964 and Welsh Public Library Standards.

We will also make any disclosures required by law and we may also share this information with other bodies responsible for detecting/preventing fraud/crime or auditing/administering public funds to ensure money is targeted and spent in the most appropriate and cost effective way. In order to achieve this, information will be shared with our Audit Service within Pembrokeshire County Council and with The Auditor General for Wales (Audit Wales Privacy Notice (opens in a new tab).

We will not make any disclosures to third parties for marketing purposes.

Your data will be secure and confidential at all times and we will only collect the personal information that is required to provide you with our service.

What personal data is being collected?

The categories of personal data being collected are:

  • Name
  • Address
  • Date of Birth
  • Telephone number
  • Email address
  • Health (for concession eligibility)
  • Employment Status (for concession eligibility)
  • Gender
  • Language preference
  • Ethnicity (optional)
  • Dependents – if applicable (Children / carers who are library members for guarantor purposes)
  • Image (CCTV)

Do I have to provide this information and what will happen if I don't?

If you want to be a library member then you need to provide your personal information. If you do not provide your information then you will not be able to borrow library items, access our online resources or use our IT resources.

You can choose to cancel your library membership and have your information deleted at any time by contacting us via email, phone or in person. If there are outstanding loans or charges on your account we may not be able to delete your information immediately.

Consent to receive marketing and notification emails is optional and you can withdraw consent for this at any time with no impact on your membership. Consent can be withdrawn at any time by contacting us via email, phone or in person.

What is our lawful basis for processing your personal data?

The UK General Data Protection Regulations (UK GDPR) requires specific conditions to be met to ensure that the processing of your personal data is lawful.  These relevant conditions are below:

  • Article 6 (1)(a) Consent: you have given clear consent for us to process your personal data for a specific purpose. This is in relation to marketing correspondence.
  • Article 6 (1)(e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
  • Article 6 (1)(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests

Some types of personal data are more sensitive than others, and need more protection. This is classed as ‘special category data’ and could include information about your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and the processing of genetic or biometric data, health and sex life and sexual orientation.

We process this type of special category data as it is necessary for reasons of:

  • Article 9 (2)(g) Substantial public interest in accordance with The Equality Act 2010.

(The relevant Data Protection Act 2018 condition is – Schedule 1 Part 2: Equality of opportunity or treatment)

Who will we share your information with?

We may need to share your personal data with internal departments, other organisations and third parties, this will include:

  • Lorensberg Netloan - for the purpose of managing public PC bookings and providing customer technical issues investigations and resolution.
  • Bibliotheca 3M ltd – for the purpose of providing self-service loan & returns kiosk and site access solutions, and providing customer technical issues investigations and resolution.
  • Friends of Narberth Library – for the purpose of processing data so as to provide a community partnership library service with Pembrokeshire County Council at Narberth Community Library
  • Newport Community Library – for the purpose of processing data so as to providing a community partnership library service with Pembrokeshire County Council at Newport Community Library
  • Your information will be accessible for volunteers working for our library service.
  • We may share your data with other Library Authorities in Wales who are part of the shared catalogue and intra-lending arrangements with your agreement.
  • Under the LMS Consortium, your information held on the library management system will be accessible by library service staff working for us and to the staff of the LMS Systems Development Team which work on behalf of the LMS Cymru Consortium. Your information may also be accessible to the suppliers of our library management systems (Civica) and to third party e-resources suppliers. These suppliers have committed to handling data in accordance with the requirements of the Data Protection Act 2018 (UK GDPR), and will only do so to the extent that is required to maintain the library management systems and any e-resource offers and provision.

Your information may be shared with law enforcement agencies on request.

Your personal information will not be disclosed to third parties unless required by law.

We use data processors (third parties) who provide services to us in terms of IT provision and disaster recovery.  We have contracts in place with these data processors and they cannot do anything with your personal information unless we have instructed them to do it.  They will hold your data securely and your personal information will only be shared in accordance with UK GDPR.  When it is necessary for your personal information to be transferred outside of the UK as part of these contracts, this will only be done in accordance with the UK GDPR.

Pembrokeshire County Council has a duty to protect the public funds it manages. Therefore, the information that you have provided to us may be used for the prevention and detection of fraud and for auditing purposes both internally and externally.

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by visiting CIFAS (opens in a new tab)

How long do we keep hold of your information?

Pembrokeshire County Council will only keep your information for as long as is necessary. We will retain the information provided to us for 1 year from termination/expiry of membership for Library borrowers, 3 years after last activity date for computer visitors unless there are outstanding fines/fees to pay, 6 years for debtors and CCTV images are kept for 30 days but may be kept longer if required due to incidents. Your information will be securely disposed of once it is no longer required.

Your Rights

Under the UK General Data Protection Regulation and Data Protection Act 2018, you have rights as an individual including:

  • The right to Rectification – you have the right to ask to have your information corrected.
  • The right to Restrict processing may apply – you may request that we stop processing your personal data however, this may delay or prevent us delivering a service to you.  We will seek to comply with your request but may be required to hold or process information to comply with our legal duties.
  • The right to Object – this is not an absolute right and will depend on the reason for processing your personal information.
  • The right to Erasure - you may request that we erase your personal data however, this may delay or prevent us delivering a service, or continuing to deliver a service. We will seek to comply with your request but may be required to hold or process information to comply with our legal duties.
  • The right to not be subject to Automated decision making and profiling.
  • The right of Access – you have the right to ask us for copies of your personal data.  To make a request, please contact:

Access to Records

Pembrokeshire County Council

County Hall

Haverfordwest

SA61 1TP

Email: accesstorecords@pembrokeshire.gov.uk   Telephone: 01437 764551

Complaints or queries

Pembrokeshire County Council endeavours to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this seriously. We encourage people to bring to our attention if they believe that our collection or use of information is unfair, misleading or inappropriate. 

This privacy notice does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below:

Data Protection Officer

Pembrokeshire County Council

County Hall

Haverfordwest

SA61 1TP

Email: dataprotection@pembrokeshire.gov.uk

Telephone: 01437 764551

 

If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office as the statutory body which oversees data protection law:

 

Information Commissioner’s Office – Wales

2nd Floor, Churchill House

Churchill Way

Cardiff

CF10 2HH

Email: wales@ico.org.uk

Telephone number: 0330 414 6421

 

Our contact details as Data Controller are:

Pembrokeshire County Council, County Hall, Haverfordwest, Pembrokeshire, SA61 1TP.

Telephone number: 01437 764551 or enquiries@pembrokeshire.gov.uk

Our Data Protection Officer’s information is detailed above in the complaints and queries section.

 

Changes to this privacy notice

We keep our privacy notice under regular review.

ID: 8682, revised 12/06/2025


Cashless Catering
Cashless Catering
Job Vacancies
Job Vacancies
Bid for a Home
Bid for a Home
Leisure Booking
Leisure Booking
Reserve Book
Reserve Book
My Account
My Account
Pay
Pay
Report
Report
Request
Request