Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
The Health Library and Information Services Directory (HLISD) is a partnership between the CILIP Health Libraries Group and Health Education England’s Library and Knowledge Services Leads. The HLISD Service Board is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
HLISD complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We only use your personal data for the purpose of maintaining current entries in the directory.
We maintain your personal data so that those working in NHS library and other related services and library users can contact you about matters relating to library services.
The data included is your name and the library at which you work which includes the library address, library phone number and library email address, plus other information about the library service, and for you optionally also your job title(s)/responsibilities, your work email address(es), your work phone number(s), and your fax. This information is freely visible on the internet. HLISD system managers and the system host who can log into HLISD can see this same information about you and no more.
In the case of editors, the data included is name, email address, libraries linked to and number of times you have logged in. None of this information is available on the internet – it is only visible to those editors who edit a particular library record, and the system managers and system host. Your personal data may also be entered as ‘contact’ information and so be visible on the internet – if so, see above.
TThe explicit consent of the data subject is sought so that we can keep you informed about developments with the directory.
Your personal data will not be shared with third parties. Library contact data is sometimes extracted for other reasons such as loading into other systems such as interlibrary loan management systems. This does not include personal data relating to library ‘contacts’. However, it may include the library e-mail address, which may in some cases be a personal work e-mail address.
Your personal data is retained until such time as you or the local editor for your service removes it.
You have a right to request your personal data is erased at any time if you wish it, or where it is no longer necessary for HLISD to retain such data, e.g. when you leave the library service to which your data is attached.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.