Kensal Rise Library PRIVACY POLICY

Version 1: September 2019

A: Introduction: 

Kensal Rise Library (“KRL”) is a small independent charity with its primary purpose being to operate a library in Kensal Rise, London. This policy explains how KRL complies with the GDPR (General Data Protection Regulations) and UK Data Protection Act 2018 (collectively ‘GDPR’), which affects how KRL manages all personal data.

KRL takes data protection seriously. It takes all reasonable steps to ensure data collected is treated appropriately and confidentially as well as complying with current legislation.

In this note reference is made to “Stakeholders”. This term includes Library Card Holders, Volunteers, Trustees and other parties whose personal data KRL may process at some point.

B: Why is the data needed? 

  1. Library Lending Functions[1]:

In order to operate the lending functions of the library, KRL needs to hold information on the library users in its database. The information is taken by a KRL team member when the Library Card Application form is submitted by the applicant (either online or in person). This database holds:

The data is used to operate the applicant’s Library Card Account (and that of any children) and to contact the applicant in case of overdue or lost items.  

KRL’s Library System (see below) also keeps records of all items borrowed and returned. Bank and credit card data is not kept.

KRL regards this data as being lawfully processed under a “legitimate interest” (as defined by GDPR).

  1. Donors:

KRL is wholly dependent on the community for support as it receives no regular funding from Brent Council or central government.  KRL therefore relies heavily on its Donors and needs to keep records of their donations to express appreciation for their support and, (where specifically agreed by the Donor completing a Gift Aid form) to collect Gift Aid refunds from HMRC.

KRL manages a database of its Donors.  The information on this Donor database is:

* Sent to HMRC for Gift Aid Claims.

KRL also keeps signed Gift Aid forms and copies of Standing Order mandates[3] in order to be able to respond to queries by both HMRC and the relevant banks.

KRL regards this information as being lawfully processed under ‘legitimate interest’ (as defined by GDPR)

  1. KRL Events and Keeping Stakeholders informed about KRL:

In order to be able to inform KRL’s users and also others who have expressed interest about the library, KRL sends emails and other communications from time to time using databases.

The information on these databases may include the information listed above that is held within the membership, donor and children’s activities databases.

KRL regards this data as being lawfully processed under a “legitimate interest” (As per GDPR) or under explicit consent for email marketing (as defined by the Privacy in Electronic Communication Regulations).

  1. Other data kept by KRL for specific purposes:

  1.  Volunteer Data has basic details of our volunteers who apply to KRL and complete a paper form which is retained; information on the DBS searches undertaken as applicable and their status on the rota and contact details.

  1. Children’s Activities which has the names and contact details of parents who have expressed an interest in hearing about activities for their child(ren).

Information kept about equality and diversity for monitoring purposes is not data for the purposes of GDPR as it is not linked to

KRL Regards this data as falling under “legitimate interest” (a) and “consent” (b, c).

C. How data is stored

  1. Library Lending Functions:

The application form completed by each applicant, is stored a) on a secure webserver, if completed online b) in a locked cabinet, if completed on paper.

The data from the application form is entered into Library System, which stores the data securely

  1. Donors:

The data is held on a dedicated file on a KRL account on an internet service, into the Library System, which store the data securely, and in the KRL email system.

  1. KRL Events and Keeping Stakeholders informed about KRL:  

Requests for information are stored a) on a secure webserver, if completed online b) in a locked cabinet, if completed on paper.

  1. Other Data Kept by KCL for specific purposes:

Volunteer data is stored online on the Three Rings management system. Any paper data such as application forms are filed and locked in a secure cabinet. Some of the contact data, such as shifts, is shared amongst all the volunteers openly and further security is considered unnecessary.

D. How long is data stored by KCL

The general policy is to remove data when it is no longer needed. KRL reviews the data retention policy as necessary.

1.   Library Lending Functions 

KRL is not always informed when a Library Card holder decides to end their interest in KRL. If KRL is told, then the Card Holder is deleted from the system. Details are retained while borrowed items or money is outstanding.

  1. Donors:

The Donor database is updated for new donors, new standing orders and new Gift Aid forms. People are mainly removed at their request on moving away or on death. Gift Aid data will be retained for at least 6 tax years in line with HMRC guidelines.

  1. KRL Events and Keeping Stakeholders informed about KRL:  

The KRL Events databases are constantly updated as new cards are issued or recipients decide to leave KCL or just the databases. They will also be removed from email databases on direct request or if they “unsubscribe”.  

  1. Other Data Kept by KRL for specific purposes

The volunteer data may be retained for 6 years after a volunteer leaves in case of questions or requests for references.

E.  Rights of Stakeholders (inc Library Card Holders) with Data held by KCL


Any person may ask to see the data that KRL holds on them and request corrections.

Any person may ask for their data at KRL to be deleted. It should be noted that

  1. Data held for the Library Lending Functions (described above) is essential to operate KRL. If a cardholder requests deletion from the Library System then that account will be closed and the data deleted ONLY AFTER the related Library Card(s), and any borrowed item(s) have been returned together with payments of outstanding amount(s) due.

  1. Volunteers requesting deletion of their data can no longer continue to volunteer.

  1. Data Held for Gift Aid can be deleted for future applications but KRL is obliged to keep records in case of questions by HMRC for up to 6 years.

  1. KRL Events data Held for promoting Library Activities, may be deleted at any time.

Applications to see data or for deletion should be made in writing by post or email to KRL at the address below. KRL will need to verify identity in order to release information.

Note: Applications made by telephone or in person at the library cannot be accepted; volunteers are not all authorised to handle or access data.

Address to arrange viewing or deleting data: by email to or in writing to The Library Manager, Kensal Rise Library, Bathurst Gardens, London NW10 5JA.

[1] Including loans of books and any other items such as DVDs and the use of the public computers.

[2] Required in order to try to limit issue of material unsuitable for children. This is not guaranteed.

[3] The original signed Standing Order Mandate is sent to the Donor’s bank and is retained by them.