Test and Trace Privacy Notice
The coronavirus pandemic of 2020 led to the introduction of the NHS Test and Trace service. Libraries are required to collect basic personal data from library visitors, aged 16 and over,
which may be provided to the NHS to help them prevent the spread of the virus. Customers can refuse to provide the data requested as it is voluntary.
Find out more about NHS Test and Trace at https://www.gov.uk/guidance/nhs-test-and-trace-how-it-works
This Privacy Notice explains in detail the types of personal data we may collect and retain about those who visit the library. It also explains how we will store, handle and keep the data safe.
Who are Bedford Borough Libraries?
Bedford Borough Libraries are part of Bedford Borough Council; our services are delivered through 5 branch libraries, a mobile library, and housebound service and online.
For simplicity throughout this notice, ‘we’ and ‘us’ means Bedford Borough Libraries.
Bedford Borough Libraries (Bedford Borough Council) will be the Data Controller.
What legal basis do we rely on?
Data protection law provides a number of reasons by which we can collect and process your personal data. Bedford Borough Libraries collect test and trace data on the basis of:
- Protecting vital interests – necessary to protect someone’s life
- Public interest – required to perform a public task, in other words to support the NHS Test and Trace service prevent the spread of the virus
When do we collect your personal data?
The data is collected as the customer enters the library building to use the library services.
How do we collect your personal data and what sort of data do we collect?
The data will be collected using paper forms. The following data is collected:
- Telephone number, or email address if contact number is not available, or postal address if neither telephone number or email address are available
- Name of library
- Date and time of visit
The data is stored in paper format.
Why do we use your personal data?
Bedford Borough Libraries will use the personal data to respond to requests for data from the NHS Test and Trace Service: when a person has tested positive and states that they visited a library in the contagious period. The NHS will use the data to contact everyone in the library at that time to advise them on next steps, such as self-isolation and testing.
If you wish to change how we use your data, you will find details in the ‘What are my rights?’ section.
How do we protect your personal data?
We know how much data security matters to you. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
- We will ensure that all personal data is stored securely
- We will regularly monitor our system for possible vulnerabilities and attacks
- We will retain your personal data for a limited time, and where feasible the data will be anonymised. To learn more about this please read the Library Service Retention Policy
Please be aware we cannot guarantee the security of information sent over the internet, except using library or council forms. For example, information sent by e-mail is unlikely to be secure.
How long will we keep your personal data for?
Test and Trace data will be retained for 21 days from the date collected.
Who do we share your personal data with?
Your personal data will be available to members of library staff who will identify who visited the library in a set period, and then shared with the NHS Test and Trace Service.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
Where your personal data may be processed
Your personal data will be stored in Great Britain.
What are your rights?
You have a number of rights over your personal data we hold. You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases
- correction of your personal data when incorrect, out of date or incomplete
- your data be removed from our systems
- we restrict or stop using your personal data
To request any of these rights please talk to a member of staff or complete the online form at:
To protect your information, we will ask you to prove your identity before proceeding with any request you make. If you have asked a third party to submit a request on your behalf,
we will ask them to prove they have your permission to act.
If we choose not to carry out your request we will explain to you the reasons for our refusal.
You have the right to appeal our decision by contacting the Information Commissioner's Office (www.ico.gov.uk).
What happens if there is a data breach?
The Library Service will record any and all data breaches. Those that meet the requirements set by the Information Commissioner's Office (ICO) will be reported to the ICO within 72 hours
of the data breach and all affected individuals will be informed.
Find out more at https://ico.org.uk/for-organisations/report-a-breach/
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the
right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven’t been covered, please contact:
Bedford Borough Council
Borough Hall Cauldwell Street Bedford MK42 9AP
Telephone: 01234 267422
Page last updated: 8th April 2021