The Department of Published Collections, Systems and Standards collects and provides access to a vast range of collections, held on a variety of formats, which includes books and periodicals, newspapers, electoral rolls and more recently electronic publications and archived websites. This material, by its very nature, may contain all kinds of personal data. As the National Library of Wales and a UK Legal Deposit Library these collections are held, made discoverable and accessible to users in the performance of a task carried out in the public interest. Except in exceptional circumstances, collection items are retained permanently and are accessible to registered users in our reading rooms and may be accessible remotely if the material has been digitised or is electronic in format.
We provide bibliographic records in our catalogues in order to describe items in our collections. Relevant personal data may be recorded in the catalogues for this purpose. The Library's holdings can also be found in combined library catalogues describing the collections of a number of libraries (also known as union catalogues) such as WorldCat and Copac union catalogues.
As for our cataloguing activities, we occasionally correspond with authors and other creators in order to identify full name, date of birth and/or the books written or works created by them. This is done in order to create the author's unique authority record and ensure that the appropriate titles are attributed to them. This will only ever be done in order to distinguish between authors and other creators with very similar names. These Authority records are contributed to the Library of Congress NACO Authority File and then distributed to other NACO libraries and are visible to anyone in the world who searches or uses the Library of Congress Name Authority File (NAF). It will include full name and date of birth but not other details such as home address, email or person's phone number. As with our collections this data is retained permanently.
In carrying out our Acquisition and collecting work, we correspond with donors, depositors, publishers (including creators of websites) and other suppliers and record relevant information on our Library Management System. Personal data may be processed as a result of this. Acquisitions data is normally only available to relevant Acquisitions staff. This data may also be necessary in order to provide accurate information about the history of collections and items within them (provenance) and where relevant, this data may be included in catalogue records. It may also be given in response to enquiries about provenance of collections and items within them.
Personal data relating to registered library users is stored within our Library Management systems. These systems are externally hosted within the EU, but access to the data is strictly controlled and limited to those staff with a direct need to access the data for the purposes of facilitating use of the collections. User accounts are active for a 3 year period, and data is retained for a maximum of 6 months beyond expiry to enable users to renew accounts if required. Beyond this period, all personal data is deleted.
GDPR and our work
All personal data received by the Department of Published Collections, Systems and Standards from these activities will be treated confidentially, securely and only for the reasons it was supplied to us and we will not share this personal data. Data relating to collections history may be included in catalogue records which are available to the public and those records may be contributed to other online catalogues. Information about collections history may be given out in response to enquiries but this will never include contact details. This Personal data will be stored permanently except for reader registration data which will be deleted once the reader’s membership of the library has ended.
We take your security seriously. We implement the appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject. In practice, we have the appropriate security to prevent any personal data we possess being accidentally or deliberately compromised.