Privacy policy
This policy outlines our obligations and your rights under data protection legislation. It applies to all interactions you may have with the British Library, for example visiting our website, using our systems (such as our free Wi-Fi), or visiting our buildings.
This is an abridged version of the Privacy Policy found on our main website (which is currently unavailable during this period of disruption). We will revert to our full policy when our website and services are restored.
1. What type of information does the British Library collect about you?
The nature and types of personal information we collect and process from you will depend on which of our Services you choose to use. We will normally collect personal information directly from you when you volunteer it to us, or when we gather it from your use of our Services. We try to limit our use of personal information to the details we need to provide the requested or agreed Service for you.
If you have visited the Library, registered as a Reader, attended a Library event, contacted the Library, or otherwise signed-up to use one of our services, this may include the following categories of personal data:
- your name and title
- your contact information (telephone numbers, postal and/or email address)
- age and/or date of birth
- gender
- login credentials (including username and password)
- photograph (for example when you register as a reader with the Library, or those taken at our events, or those you upload to our systems)
- payment information (such as debit or credit card details)
- educational institute details (such as your school, university or college)
- marketing preferences (for example where you have opted in to receive our newsletter(s))
- visit history, habits, activities and behaviour (such as when you visited our buildings, or whether you attended as part of a group)
- preferences, access needs and dietary requirements
- reason(s) for contacting us, such as enquiries or requests
- opinions, preferences, feedback, complaints, comments and/or suggestions (including comments made on our social media pages and online discussion forums)
- security related information (such as proof of address if you register to become a reader, security incident reports, or CCTV footage of our public areas)
Where you have previously used or accessed the Library's website (prior to the cyber incident in October 2023), or used the Library's Wi-Fi, the Library may also collect and process:
- device information (such as MAC
- address, IP address, operating system and browser type)
- location information (such as a GPS signal emitted by your mobile device)
- online browsing habits, activities and behaviour (such as which of our web pages you have visited and when you visited them)
This list is not intended to be exhaustive and may be updated from time to time as our business needs and legal requirements dictate.
Where it is necessary and lawful to do so, we may also collect information from and/or combine your personal information with information from other sources.
We do not normally collect any Sensitive Personal Information from or about you, and do not wish to do so unless it is essential. If we do, we will only ask you to provide the minimum amount of information required for that purpose. In other cases, we will collect and use this type of information only with your clear consent. Please do not provide us with Sensitive Personal Information under any other circumstances.
2. How does the British Library collect your personal information?
We may collect your personal information through our Data Collection Media whenever you use any of our Services, including using our website or visiting our buildings. This would include when you:
- communicate with us (via email, post, telephone, text messaging, social media)
- visit our physical sites and use systems and equipment located in our buildings
- access our main website, and the individual web portals associated with our Services, mobile sites and applications
In certain circumstances, the British Library may also collect your personal information from (and/or combine it with information from) other sources, such as:
- individuals and/or organisations where you have confirmed that they may provide your personal information to us
- government, tax or law enforcement agencies
- other sources, such as when information about you is volunteered by a third party e.g. mentioned in a complaint, or part of a group booking arrangement that they facilitate
We may also occasionally collect personal information from public sources where it is fair and lawful to do so. For example, we may use publicly available information to track down the owner of certain intellectual property rights. These sources may include internet search-engine results, publicly available data from Facebook, X (formerly Twitter) and similar social media, or other information in the public domain.
3. Why does the British Library use your personal information?
The Library may use your personal information for a variety of purposes, depending upon the Service you have requested or are using. Quite often we will use your data simply to fulfil a request that you have initiated, such as to deal with your enquiry, give you access to the Library, provide a requested book to you, send you tickets to an event, or otherwise to provide you with and enable you to use our Services. You may also choose to share certain information with us as part of a research project or a joint academic collaboration.
The Library may also use your personal information to manage and develop the Services that we offer, for example to:
- contact you if we have not heard from you for a certain amount of time
- invite you to provide feedback, assist with surveys and input into consultation exercises
- provide you with administrative information and/or service announcements and updates (including changes to our policies and terms)
- ensure our records are accurate and up to date
- fulfil any contract the Library has with you (e.g., where you make a purchase in connection with any of our Services and we need to process your payment and/or deliver something to you)
- administer our legitimate internal management analysis, audit, forecasts and business planning and transactions
- enforce our rules and policies, and maintain our security (for example our rules about handling Collection items).
The Library may also use personal data to ensure we can meet our legal, regulatory and good governance obligations, such as to:
- comply with our legal obligations and perform our statutory and public functions and duties
- help ensure your safety and the security of our premises and Collections
- establish, defend or exercise our legal rights
- comply with orders/requests received from the public and regulatory, governmental and judicial bodies
- comply with our legal, regulatory and internal governance obligations (such as our record retention policies)
Where you have given your consent we may use your contact details to send you direct marketing communications (including e-mail marketing and fundraising communications), or run marketing campaigns, competitions, prize draws and promotions
Under data protection legislation, the British Library is only allowed to use personal information if we have a proper reason (known as a 'legal basis') to do so. The 'legal basis' relied on to process the personal data we hold will depend on the way in which you have engaged with the Library, or the Service or product you use or sign up for. We may process your personal data because:
- you have given your consent (e.g., for the provision of marketing correspondence)
- it is necessary for the performance of a contract with you (e.g., the purchase of tickets or other goods or services)
- we are under a legal obligation to do so (e.g., for equality monitoring or health & safety purposes)
- it is in the public interest and in the performance of our official duties (e.g., the provision of access to, and the security of, our Collections as required under the British Library Act 1972)
4. Depersonalised and anonymous information
Depersonalised or aggregated information does not personally identify you. We may also convert personal information into depersonalised (“pseudonymous”) data or anonymous data for statistical analysis and administration, tailoring products and Services, risk assessment and analysis of costs and charges in relation to our Services (normally on an aggregated statistical basis).
5. Does the British Library share personal information with third parties?
The Library will take appropriate steps to ensure your personal information will only be made available to those members of our staff who need to see it in order to perform their functions/roles/responsibilities at the Library in respect of the Services you have requested or agreed to use.
Personal information may be held in one or more Customer Relationship Management (CRM) databases to ensure we have clear and accurate records about your use of our Services, to help understand your requirements, and how we might provide other Services to you.
We will never use information about the specific Collection Items that you have requested during your use of our Collections (e.g., through use of our Reading Rooms or our remote Services such as Document Supply) to provide marketing analysis or to send personalised marketing material. We may use this information on an aggregated and depersonalised basis for Service improvement purposes (for example, to determine whether we are purchasing enough journals in a specific foreign language to match our Readers' research interests).
The Library engages various expert third-party service providers to assist with the performance of certain functions or to provide services on our behalf. These third party service providers may act as “Data Processors”, processing your personal information on our behalf in order to assist the Library, or to provide an agreed Service to you. All of our Data Processors are bound by strict contractual terms in order to ensure that your personal information will be protected appropriately.
The Library may be required to share your personal information with other people and organisations outside the Library to the extent permitted or required by law. This may include:
- government authorities, law enforcement and regulatory authorities where required or permitted by law, and for tax or other lawful purposes
- external parties in response to legal process, and when required to comply with laws, to respond to an emergency, or to enforce our agreements, policies, rules and terms, or to protect the rights, property or safety of our staff, agents, customers and other users of our Services
Where we are required to share your personal information with a third party, you will be informed of the identity and location of the relevant recipient, either at the point of data collection, or in in the Service specific pages available on our website.
6. Will the British Library send your personal information overseas?
Where we (or a Data Processor acting on our behalf) transfer your personal information to countries outside of the EEA, we will put in place appropriate measures (as required by law) to ensure that those transfers are adequately protected. Where this is in relation to a specific Service you will be informed of the identity and location of the relevant recipient, either at the point of data collection, or in in the Service specific pages available on our website.
7. What are your choices relating to contact from us?
Service-related communications
We may contact you with information that may affect your use of a service, for example, disruptions to Services, reading room closures, lost property, or problems with orders. You will not be able to unsubscribe from administrative and Service-related communications unless you unsubscribe from the relevant Services.
Direct Marketing
The Library would like to provide you with information about new Services, products, events, courses, collections, promotions and offers from the Library which may be of interest to you. We may contact you to tell you this information, but we will obtain your consent before contacting you with “direct marketing” in this way.
Any direct marketing communications that you receive from the Library will include a simple way for you to decline or change your mind about further marketing, such as an 'unsubscribe' link, or an email address to which you can send an opt-out request. The Library will take steps to stop any direct marketing to which you object, or in respect of which you withdraw your consent, within one calendar month being told of your objection or withdrawal of consent.
8. How does the British Library keep your personal information safe?
Following the cyber-attack on Library systems in October 2023, we have taken targeted protective measures to ensure the integrity of our systems, and we are undertaking a forensic investigation with the support of the National Cyber Security Centre (NCSC), the Metropolitan Police and cybersecurity specialists. We are actively assessing all of our information security provisions in line with the recommendations from the NCSC and our partners and we have implemented additional security measures to defend against future attacks.
9. What are your rights in relation to your personal information?
You have a number of rights in relation to your personal information, although in some cases these rights are subject to certain conditions and limitations. You are entitled to:
- request copies of, and/or access to your personal information.
- request that your personal information be corrected where inaccurate or incomplete.
- request that your personal data be deleted or that we stop using your personal data where it is no longer necessary. This right normally only applies where your information was provided or processed on the basis of consent, or in the performance of a contract with you which lapsed more than six years ago.
- request that we stop sending you direct marketing communications.
If you would like more details about these rights as they apply to a specific Service of the British library, or to exercise any of your rights, please contact us by emailing dp@bl.uk or writing to:
Corporate Information Management Unit
The British Library
96 Euston Road London
NW1 2DB
To help us identify the personal information you are referring to, please include any details that will enable us to locate the relevant personal information, such as your Reader Number or details of how you have previously engaged with the Library.
We may contact you to ask you to provide a form of identification (e.g., a driving license, utility bill or passport) so that we can be sure we do not provide personal data to the wrong person.
We will aim to provide you with our response within one calendar month of the Library accepting your request and we will tell you if it is necessary to extend this time period.
If after receiving a reply from us you are still unhappy with our response to such a request you may complain to the Information Commissioner's Office (ICO). Details on how to do so can be found on the ICO's website.
10. Retaining your personal information
The Library will only keep your personal information for as long as is necessary for the purposes for which it was obtained. Where this is in relation to a specific Service you will be informed of the retention period, either at the point of data collection, or in the Service specific pages available on our website.
When the Library decides that holding your details is no longer necessary we will securely delete / destroy your details.
We will keep your details on record until we have completely dealt with your request, enquiry, or our contract with you, and then for a reasonable period afterwards, in accordance with data protection and other applicable legislation, as set out in our Records Management Policy.
11. Other information
Online payments by credit or debit cards for some Services provided by the Library are processed under contract using specialist Data Processors. When a payment is processed by Data Processor acting on our behalf, card details are collected over a secure link and protected by industry standard software which encrypts your information. We do not collect any payment card account details and they are not made available to us.
Our service provider will use the information you provide to process your payment or to refund any monies due to you. Please refer to the terms and conditions for the relevant Service for further details. Payments processed on behalf of the Library are managed in line with the Payment Card Industry Data Security Standard.
12. Changes to this Privacy Policy
We may change this policy from time to time to reflect changes in the law and/or our privacy practices. We will update the date at the bottom of this page whenever we do that. We encourage you to check this policy for changes, for example when you revisit our websites. In the event of a major change to our policy we will contact you to inform you of the change.
By submitting your personal information to us, you are indicating that you understand how we use your personal information, as described in this policy.
13. Contact us
If you have any questions about this Policy, please contact our Data Protection Officer at:
Corporate Information Management Unit
The British Library
96 Euston Road
London
NW1 2DB
Email: dp@bl.uk
Transparency notice - Business & IP Centre
When you engage with our Business & IP Centre (BIPC) we will collect information about your business (potentially including financial information), as well as your contact details, and certain other data required to meet equality monitoring requirements (which will include Sensitive Personal Information in relation to your ethnicity and gender).
We will use your personal information to provide you with the Services that you have requested from us, such as workshop bookings, attendance at events, advice sessions, and similar business support activities (e.g. in the performance of a contract with you). We will also use your contact information in order to supply you with relevant transactional documentation.
We may use your contact information to contact your business with information about our Services which we believe may be of interest to you. This is on the basis of our legitimate interests, as set out in the Privacy of Electronic Communication Regulations 2003 (as amended), which covers business to business email communications.
Many of the services that we offer through the BIPC are also available through our partner organisations in the British Library Business & IP Centre National Network. We may share your information with our partners in the Network as necessary to provide you with the services you have requested, and to carry out our legitimate interests in monitoring, auditing, and developing the services of the Network. Our Network partner organisations may also use your information for the same reasons.
The services that you have requested will be provided by a variety of third party consultants who will be experts in the relevant field. We will share your information with them for the purpose of providing the services, and they may also use your information to offer you further support outside of the Library's service provision.
We may use various organisations to provide IT capabilities in support of our Services, and who may process your information on our behalf. These Data Processors will process your information only under contract to the Library, and may not use your information in any other way. In particular, we use the following systems to process your information:
- We use Hubspot, from Hubspot Inc., for marketing services. Hubspot may process your information in the United States, and is certified under the EU-US Privacy Shield Framework in order to implement appropriate safeguards in relation to your information. Hubspot's Privacy Policy can be found at https://legal.hubspot.com/privacy-policy.
- We use Basecamp, from Basecamp LLC, to administer the BIPC Centre National Network. Basecamp may process your information in the United States, and is certified under the Eu-US Privacy Shield Framework in order to implement appropriate safeguards in relation to your information. Basecamp's Privacy Policy can be found at https://basecamp.com/about/policies/privacy.
- We use Eventbrite, from Eventbrite Inc., for event advertising, booking, and ticket sales. Eventbrite may process your information in the United States, and is certified under the EU-US Privacy Shield Framework in order to implement appropriate safeguards in relation to your information. Eventbrite's Privacy Policy can be found at https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy.
If you engage with a BIPC service we will retain your information for the current year plus a further six years after the date of your transaction in order to comply with tax and accounting rules.
Transparency notice - CCTV
The British Library uses CCTV, and other related technologies such as passive terahertz body scanners, on all of our physical sites for the purposes of safety and security management. We do this in the performance of our public task to protect the UK's national collection of its published output, and in order to protect the vital interests of our staff and visitors.
CCTV footage is retained for 31 days before being automatically overwritten, and security scan records are retained for 24 hrs, unless deliberately archived for evidential purposes in the event of a security incident.
Upon request, we will routinely provide copies of our CCTV records to the police in the performance of their legitimate duties.
Further information about our use of CCTV can be found in our CCTV Policy, which is available upon request.
Transparency notice - Collection materials
The British Library collects the published output of Great Britain, and has over 150 million items in its Collections. Our Collections contain personal data in many forms; in newspapers, radio recordings, oral history interviews, modern literary archives, electoral rolls, and in our archival copy of the .uk web domain.
We collect, catalogue, and make available our Collections (and the personal data contained within them) as part of the performance of a task carried out in the public interest, e.g. as the national and legal deposit library of Great Britain. Further details about our public task can be found at the end of this page.
Where Sensitive Personal Data is found in our Collections it is processed for the purpose of archiving in the public interest. Where such data would be likely to cause substantial distress or harm to the data subject if disclosed it will be withheld from public access, but will still be retained in our Collections.
Personal data contained in our Collections will be retained in perpetuity, so as to inform the research of future generations.
Please note: If you use the personal data present in our Collections as part of your research then you become a Data Controller in relation to that data, and are responsible for using that data fairly, ethically, and in compliance with the law. In particular, personal data which is used for research purposes may not be used in order to make decisions about or take actions in relation to the data subject in question, and may not be used in ways which would cause substantial damage or distress to them.
Transparency notice - education & learning
In this section, please read all instances of “you” to include “your child(ren)” in those cases where you provide us with information about minors who are in your care.
When you engage with our Education and Learning Services we will collect information about your school (where relevant), as well as your contact details, and certain other data required to ensure that your visit is safe (which will include Sensitive Personal Information in relation to your special needs or dietary requirements).
We will use your personal information to provide you with the Services that you have requested from us, such as school workshops, teacher events, family events, or adult learning courses (e.g. in the performance of a contract with you). We will also use your contact information in order to supply you with relevant transactional documentation. We will use the Sensitive Personal Information that you provide to ensure that your use of our Services is safe (e.g. in the vital interests of the data subject).
We may use your contact information to contact your school with information about our Services which we believe may be of interest to you. This is on the basis of our legitimate interests, as set out in the Privacy of Electronic Communication Regulations 2003 (as amended), which covers business to business email communications.
We may analyse information about your transactions to carry out our legitimate interests in monitoring, auditing, and developing our Learning & Education Services.
Please note that photography (both video and still) for publicity purposes is often undertaken at our events, either by us, by third party photographers acting on our behalf under contract, or by media organisations. Such photography will primarily be focussed on groups and activities rather than on individuals. If you have any objection to such photography please make this known to a member of staff at the event. If we wish to take individual photographs or video recordings that are specifically focussed on you then we will always ask for your specific consent at the time.
We may use various organisations to provide IT capabilities in support of our Services, and who may process your information on our behalf. These Data Processors will process your information only under contract to the Library, and may not use your information in any other way. In particular, we use the following systems to process your information:
- We use Google Drive, from Google Inc., to coordinate and administer our education and learning activities. Google may process your information in the United States, and is certified under the Eu-US Privacy Shield Framework in order to implement appropriate safeguards in relation to your information. Google's Privacy Policy can be found at https://policies.google.com/privacy.
- We use WeTransfer, from WeTransfer B.V, to transfer photographs between us and our photographers. WeTransfer's Privacy Policy can be found at https://wetransfer.com/legal/privacy.
We will retain your information for the current year plus a further six years after the date of your transaction in order to comply with tax and accounting rules. Photos taken for publicity purposes will be retained indefinitely.
Transparency notice - fundraising and development
The British Library is required to generate a proportion of its income from commercial activity and philanthropic donations. As such we carry out fundraising research in order to understand the background of people who may support us, and to help us to make appropriate requests to supporters who may have the desire to donate to the British Library.
From time to time we may analyse our database to find people who we think might be able to support us based on factors such as previous contributions, transaction history and demographics. In doing so we may use profiling techniques or use third party wealth screening companies and insight companies to provide us with general information about our donors or potential donors. Such information is compiled using publicly available information, information that has already been provided to us through the use of our Services, or information shared by other organisations where they have been given consent to do so.
We will not send fundraising and development marketing to users of our Services unless you have specifically consented to receive marketing communications from us. We may however make direct funding applications and approaches to known philanthropic donors or other high profile supporters of the Library through their charities, foundations, agents, or private offices.
All of our fundraising and development activities are carried out on the basis that they are in the legitimate interests of the British Library, and that the personal data is processed in such a way that the interests, fundamental rights, and freedoms of our donors and potential donors are properly protected.
In our fundraising database we process personal information relating to the identity of our potential or actual donors, their family, employment history, social activities, interests, and financial status and philanthropic activities. In relation to our actual donors we also process their bank and GiftAid details in order to manage their donations.
General information about donors or potential donors is retained for as long as it remains current and of potential use, after which it is deleted. Transactional information about donations is retained for the year in which the donation was made plus a further six years for tax and accounting purposes.
We have chosen to register with the Fundraising Regulator and adhere to their Code of Fundraising Practice. We ensure that all our fundraisers and third parties do so. Information about our donors may be used to ensure that we comply with the Fundraising Regulator's Code of Fundraising Practice, which stipulates that we must take steps to assess and manage risks to our work and reputation with regard to certain levels of donation. More details can be found at www.fundraisingregulator.org.uk.
Transparency notice - marketing
The British Library is required to generate a proportion of its income from commercial activity and philanthropic donations. As such we carry out direct marketing activities in order to inform our potential customers of our new events, products, and services, and to help us generate interest in the activities British Library.
We will not send marketing material to you unless you have specifically consented to receive marketing communications from us. If you wish to withdraw your consent in relation to the receipt of marketing communications you may do so at any time by clicking on the unsubscribe link at the bottom of our marketing emails, or by writing to us.
We may however send marketing material to business contacts, commercial organisations, charities and other legal persons. This is on the basis of our legitimate interests, as set out in the Privacy of Electronic Communication Regulations 2003 (as amended), which covers business to business email communications.
We may use various organisations to provide IT capabilities in support of our Services, and who may process your information on our behalf. These Data Processors will process your information only under contract to the Library, and may not use your information in any other way. In particular, we use the following systems to process your information:
- We use Communicator, from The Communicator Corporation Ltd., to manage our legacy marketing correspondence. Communicator's Privacy Policy can be found at https://www.communicatorcorp.com/service-privacy-policy.
- We use dotdigital, from dotdigital EMEA Limited, to manage and distribute our marketing correspondence. dotdigital's Privacy Policy can be found at https://dotdigital.com/terms/privacy-policy/.
- We use Google Drive, from Google Inc., to coordinate and distribute feedback surveys. Google may process your information in the United States, and is certified under the Eu-US Privacy Shield Framework in order to implement appropriate safeguards in relation to your information. Google's Privacy Policy can be found at https://policies.google.com/privacy.
We will retain your marketing related information (such as contact details, preferences, and engagement with our content) for as long as your relationship with the British Library continues, plus a further six years after the date of your last interaction with us so as to provide evidence in the face of future complaints or legal claims.
Where your contact information is held solely for marketing communications and no other purposes you have the right to ask us to delete it. To do so please contact our Data Protection Officer at:
Corporate Information Management Unit
The British Library 96
Euston Road
London
NW1 2DB
Email: dp@bl.uk
To help us identify the personal information you are referring to, please include any details that will enable us to locate the relevant personal information.
Transparency notice - membership
When you purchase or activate a British Library Membership (either as an individual or a couple) we will collect your contact details and payment information, as well as your date of birth. Your date of birth is required to ensure our compliance with licensing rules in relation to your access to the Knowledge Centre Bar which forms part of your Membership.
We will use your personal information to administer your Membership benefits (e.g. in the performance of a contract with you), which includes sending out your Membership Pack and What's On Guide.
We will also use your contact details to supply you with relevant transactional documentation, such as renewal information.
As part of your Membership we will also contact you from time to time with news about the Library, details of upcoming events and products, and opportunities to support the Library and its projects. These messages are part of your membership; without them you will find it difficult to use the benefits of your membership such as priority booking and access to Members only special events. However, if you do not want to receive such messages you may opt out of receiving them at the time of purchase, or by contacting us in writing.
We may analyse your use of your Membership in order to carry out our legitimate interests in monitoring, auditing, and developing the Services that we provide.
We will retain your Membership information for as long as it remains current, plus a further six years after the date of your last interaction with us so as to provide evidence in the face of future complaints or legal claims. Transactional information will be retained for the year in which the transaction took place, and then for a further six years in order to comply with tax and accounting rules.
Transparency notice - Public Lending Right (PLR)
When you create a PLR account we will collect your contact details, details of the publications which you wish to register, and your financial details.
We will use these details to administer the PLR payment scheme, as part of a task performed in the public interest. Further details about our public task can be found at the end of this page.
We may also use this data for the purpose of analysis in support of service improvement, IT security, or other legitimate interests of the Library.
We will retain your PLR account information for as long as your account remains current plus a further six years in order to comply with tax and accounting rules and to provide evidence in the face of future complaints or legal claims. We may retain information about PLR payments (which may include your name and correspondence) for longer if we believe such information is likely to be of importance to future research.
In relation to the Irish PLR scheme, the British Library acts as a data processor for the Local Government Management Agency (LGMA), who are the Data Controller in relation to all personal data used to administer the Irish PLR Scheme. As part of our contract with LGMA we will administer any personal data that we receive in relation to the Irish PLR scheme in accordance with the British Library Privacy Policy.
Transparency notice - purchases (Incl. BL Shop, & Box Office)
When you purchase goods from us (for example, books, memorabilia, or event tickets) we will collect your contact details, delivery information, and payment details. We will use your information to provide you with the goods that you have purchased (e.g. in the performance of a contract with you). We will also use your contact information in order to supply you with relevant transactional documentation such as order confirmations, invoices, delivery notes, and tickets; if you have consented to receive marketing communications from the Library we may also use this information to provide you with special offers and other useful information, such as checkout abandonment reminders.
We may also use this data (and other data relating to your use of our Services such as audit trails) for the purpose of analysis in support of Service improvement, IT security, or other legitimate interests of the Library.
Online payments by credit or debit cards for some Services provided by the Library are processed under contract using specialist Data Processors, and in line with the Payment Card Industry Data Security Standard. When a payment is processed by Data Processor acting on our behalf, card details are collected over a secure link and protected by industry standard software which encrypts your information. We do not collect any payment card account details ourselves, and they are not made available to us. Our service provider will use the information you provide to process your payment or to refund any monies due to you. Please refer to the terms and conditions for the relevant Service for further details. In particular, we use the following systems to process your information:
- We use Netbanx, from Paysafe Financial Services Ltd., to process electronic payments. Paysafe's Privacy Policy can be found at https://www.paysafe.com/legal-and-compliance/privacy-policy/.
- We use PayPal, from PayPal Services, to process electronic payments. PayPal may process your information in the United States and other areas outside of the EEA, and uses Binding Corporate Rules in order to implement appropriate safeguards in relation to your information. PayPal’s Privacy Policy can be found at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.
- We use Seal Subscriptions, from Seal Subscriptions, to manage subscriptions to our publications. Seal Subscriptions' Privacy Policy can be found at https://www.sealsubscriptions.com/legal/privacy-policy.
- We use Shopify, from Shopify International Ltd., to host our online shop. Shopify's Privacy Policy can be found at https://www.shopify.com/legal/privacy.
- We use Tessitura Network to host our online ticket and membership sales. Tessitura Network's Privacy Policy can be found at https://www.tessituranetwork.com/About/Privacy.
We will retain your commercial account information for as long as it remains current. Transactional information will be retained for the year in which the transaction took place, and then for a further six years in order to comply with tax and accounting rules.
Transparency notice - Reader registration
When you apply to become a Reader at the British Library we will collect information about you including your contact details, date of birth, contact details for your sponsor (if you are under 18), and details of your research interests. We will use these details to provide you with access to the British Library (e.g. as part of the performance of a task carried out in the public interest). We will also collect details about your ethnicity and any disability you may have; we have a legal obligation to ensure that equality and diversity obligations are being met in relation to access to our public Services.
As part of setting up your Reader account we will also check your proof of ID and proof of address as set out in our Reader Registration process. in certain rare cases me may ask you to join a video conference call before attending one of our sites in order to verify your identity. We will not take copies of the documents that you provide in order for us to confirm your ID. We will take a photograph of you for use on your Reader pass. As you use the Library we will also record your interactions with our Collections, such as your order history and audit trails of which electronic items you have accessed. Again, this is part of the performance of a task carried out in the public interest; the British Library has a statutory responsibility to protect the security of its Collections. Further details about our public task can be found here.
Details relating to the specific Collection Items that you have requested during your use of our Collections (for example through use of our Reading Rooms or our remote Services such as Document Supply) will never be used to provide marketing analysis or similar functions (for example, to send you personalised marketing material), but may be used on an aggregated and depersonalised basis for Service improvement purposes (for example, to determine whether we are purchasing enough journals in a specific foreign language to match our Readers' research interests).
Upon request we will routinely provide copies of our records to the police in the performance of their legitimate duties. However, in accordance with agreed international ethical standards for libraries, we will not provide details of the specific Collection Items that you have requested during your use of our Collections to any third party unless compelled to do so by law, with two exceptions:
- If we have evidence that gives us reason to believe that you have committed theft or vandalism in relation to our Collections we may choose to pass information about you to other cultural institutions whose Collections may be at risk. This cooperation between cultural bodies is in our own legitimate interests as we seek to protect the national Collections from harm.
- If we have evidence that gives us reason to believe that you have deliberately infringed the intellectual property of a third party through your use of our Collections we may pass your personal information to that third party to enable them to defend their rights. This is to protect our own legitimate interests in protecting the concepts of Library Privilege and Legal Deposit.
We may use various organisations to provide IT capabilities in support of our Services, and who may process your information on our behalf. These Data Processors will process your information only under contract to the Library, and may not use your information in any other way. In particular, we use the following systems to process your information:
- We use a variety of products from the Microsoft Azure and Microsoft 365 product suites, provided by Microsoft, to deliver services such as video conferencing, data collection, or data storage. These products and services primarily process your data in the UK, but some Microsoft products may process your information in the United States. Microsoft is certified under the EU-US Privacy Shield Framework in order to implement appropriate safeguards in relation to your information. Microsoft’s Privacy Policy can be found at https://privacy.microsoft.com/en-us/privacystatement.
We will retain your Reader account and associated audit trails relating to your use of our Collections for 40 years, for the purpose of administering the security of our Collections (e.g. as part of the performance of a task carried out in the public interest). We reserve the right to increase this period as necessary to protect the integrity of the cultural treasures that we preserve on behalf of the nation, in line with our responsibilities as set out in the British Library Act.
Transparency notice - recruitment
When you apply to work at the British Library we will collect information about you including your contact details, previous employment history, education and qualifications, and referee contact details. We will use this information to process your application (e.g. in pursuit of the performance of a contract with you). We will also collect details about your ethnicity, gender, orientation, nationality, and any disability you may have; we have a legal obligation to ensure that equality and diversity obligations are being met in relation to our recruitment processes.
Where we want to disclose your information to a third party, for example, to take up a reference or to carry out a background check for the purpose of pre-employment security vetting, we will not do so without informing you beforehand, unless the disclosure is required by law.
We may use various organisations to provide IT capabilities in support of our Services, and who may process your information on our behalf. These Data Processors will process your information only under contract to the Library, and may not use your information in any other way. In particular, we will use the following system to process your application:
- We use Vercida, from Vercida Ltd., to process recruitment applications. Vercida's Privacy Policy can be found at https://www.vercida.com/uk/privacy-policy.
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed. It will then be securely destroyed or deleted. We retain statistical information to help to inform and improve our recruitment activities; for the purpose of ethnic monitoring and to obtain workplace statistics on, for example, gender, race, disability and age. The information retained is anonymised so that no individuals may be identified from that data.
Alternatively, if you are successful in taking up employment with us, we will compile a file relating to your employment, beginning with your application information. This information will thereafter be managed in accordance with our Staff Privacy Policy.
Transparency notice - social media
The British Library maintains an official presence on various social media platforms, in pursuit of own legitimate interests in relation to marketing and brand management.
When you engage with us on these platforms the platform owner is the Data Controller in relation to the provision of the platform, its security, and the use of your profile on their platform, and their own privacy policy applies. The British Library is a joint Data Controller with the platform provider and is responsible for its own use of the platform and for our own use of your personal data as you engage with us on that platform.
We will engage with you on social media only in accordance with the platform provider's privacy policy, and will only contact you directly (e.g. by 'private message') in response to a request or query made by you.
The British Library maintains an official presence on the following platforms:
- Facebook - Facebook's Privacy Policy can be found at https://www.facebook.com/about/privacy/. Please note that if you 'like' the British Library's Facebook page, Facebook will use cookies on your machine in order to provide anonymised and aggregated demographics data to the Library to assist us with Advertising, Measurement and Analytics activities, and in order to share relevant British Library advertisements with you in your Facebook news feed. Further information can be found in Facebook's Privacy Policy.
- Instagram - Instagram's Privacy policy can be found at https://help.instagram.com/519522125107875. Please note that if you subscribe to the British Library's Instagram page, Facebook will use cookies on your machine in order to provide anonymised and aggregated demographics data to the Library to assist us with Advertising, Measurement and Analytics activities, and in order to share relevant British Library content and advertisements with you in your Instagram feed. Further information can be found in Instagram's Privacy Policy.
- TikTok - TikTok's Privacy Policy can be found at https://www.tiktok.com/legal/privacy-policy-eea?lang=en.
- Twitter - Twitter's Privacy Policy can be found at https://twitter.com/en/privacy.
- Weibo (and WeChat) - Weibo's Privacy Policy can be found at https://weibo.com/signup/v5/privacy.
- YouTube - YouTube's Privacy & Safety Centre can be found at https://support.google.com/youtube/topic/2803240?hl=en&ref_topic=6151248.
Statement of Public Task
This statement sets out the functions carried out by the British Library that are within the Library's public task under the Re-use of Public Sector Information Regulations 2015 and the General Data Protection Regulation 2016.
The British Library is the national library of the United Kingdom and one of the greatest research libraries in the world. Established by Act of Parliament in 1972, the scope of its remit, the scale of its operations, the range of its services and the international importance of its collections are without equal. The collection - which consists of some 150 million items - is unconstrained by subject, geography, format or language.
The Library's public task comprises all the statutory functions, duties and responsibilities as defined in the relevant sections of the British Library Act 1972. The Act charges the British Library Board with:
- managing the British Library as the national Library of the United Kingdom consisting of a comprehensive collection of books, manuscripts, periodicals, films and other recorded matter, whether printed or otherwise;
- managing the Library as a national centre for reference, study and bibliographical and other information services, in relation both to scientific and technological matters and to the humanities;
- making the services of the British Library available in particular to institutions of education and learning, other libraries, and industry;
- carrying out and sponsoring research;
- contributing to the expenses of library authorities;
- lending any item, and making any part of the Library’s collections or premises available, in connection with events of an educational, literary or cultural nature; and,
- taking such actions as are necessary to safeguard the collections of the British Library.
For the avoidance of doubt, the British Library views all of its Collection management related activities as part of its Public Task, including the collection, recording, organisation, structuring, storing, adaptation, digitisation, facilitation of retrieval and consultation, disclosure by transmission or dissemination, and licensing of any or all material held by the British Library on behalf of the nation.
Under the Legal Deposit Libraries Act 2003, the British Library:
- acts as a deposit library entitled to the delivery of printed and similar (including digital) publications for persons who publish work in the United Kingdom.
The British Library also undertakes the functions formerly assigned to the Registrar of Public Lending Right, under the Public Lending Right Act 1979, namely:
- establishing and maintaining a register showing books in respect of which public lending right subsists and the persons entitled to the right in respect of any registered book; and
- determining and paying the sums (if any) due by way of public lending right.
The Library's public task is also incorporated in our mission and vision and in our six public purposes.
- The British Library's mission is to make our intellectual heritage accessible to everyone for research, inspiration and enjoyment.
- Our vision is for the British Library to be the most open, creative and innovative institution of its kind in the world.
Six public purposes encompass our scope and remit and provide a framework for why and how we spend the money the public entrusts us with:
- Custodianship - We build, curate and preserve the UK's national collection of published, written and digital content.
- Research - We support and stimulate research of all kinds.
- Economic - We help businesses to innovate and grow.
- Cultural - We engage everyone with memorable cultural experiences.
- Learning - We inspire young people and learners of all ages.
- International - We work with partners around the world to advance knowledge and mutual understanding.
These purposes are aligned to our statutory duties as set out in the British Library Act 1972, the Public Lending Right Act 1979, and the Legal Deposit Libraries Act 2003 as amended by The Legal Deposit Libraries (Non-Print Works) Regulations 2013.
This statement of public task is reviewed every 5 years and is due to be considered again in 2025.
If you have any queries on our public task statement, please email FOI-Enquiries@bl.uk.
Date of last update: 24 January 2024