Privacy Notice for Library 16-17 (Reference) members

Privacy Notice for Library 16-17 (Reference) members


The UK General Data Protection (UK GDPR) and Data Protection Act 2018 (and, where applicable, the EU GDPR) govern the way that organisations use personal data. Personal data is information that tells us something about a person

Transparency is a key element of the UK GDPR and this Privacy Notice is designed to inform you:

  • how and why the University uses your personal data,
  • what your rights are under UK GDPR, and,
  • how to contact us so that you can exercise those rights.

    We keep our privacy notice under regular review. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email.

    Please check back frequently to see any updates or changes to our privacy policy.

    Why are we processing your personal data?

    With your consent we will process your personal data for the following purposes:

  • To give you access to and exit from the library buildings through our access control system.
  • To confirm that you meet the age criteria for 16-17 (reference) membership of the University library

    Which personal data do we collect and use?

    In order to provide our services, we need to collect and use your personal data. Below is a list of what this may include:

    a) Contact information and personal details

  • First name
  • Surname
  • Name of your school or college
  • Date of birth
  • Your school or college email address
  • SC number - this is the number also shown on the 16-17 (Reference) SHUcard, which acts as the library card and allows you access the library
  • 'MiFare ID' - this is also held on the chip within the 16-17 (Reference) SHUcard and is unique to that card
  • Statistical category - an indication of the category of eligibility for membership, in this case ’16-17 (Reference)’.

    b) Access control data

  • First name
  • Surname
  • Library number
  • 'MiFare ID'
  • Statistical category
  • Dates and times of entry to and exit from library buildings


  • Contact information and personal details gathered from the 16-17 (Reference) membership application form completed by you will form the basis of your 16-17 (Reference) member record within the library management system.
  • Access control data is gathered by the access control system in the libraries whenever a 16-17 (Reference) member uses their SHUcard to gain access to or exit from the library buildings.

    Who do we share your data with?

    It may sometimes be necessary to share your personal or sensitive personal data within the University or outside Sheffield Hallam University. Your personal data will only be shared if necessary.

    The University NEVER sells personal data to third parties.

    Your data may be shared with:

  • University staff who need the information for administrative purposes. Access to information for 16-17 (Reference) members is limited to Library staff
  • Contractors and suppliers, where the University uses external services or has outsourced work which involves the use of personal data on our behalf, e.g. IT services and support. The University has agreements in place with these contractors or suppliers which clearly state what these organisations are allowed to do with personal data We also carry out checks to ensure that they are able to look after your personal data in the same way the University does. The library management system is supplied by Ex Libris.


    The University takes care to protect the information it holds, including your personal data. This includes using appropriate technical measures and ensuring that staff are trained and understand their responsibilities. Only staff who need access to personal data to do their jobs can do so.

    More information on the University’s security measures can be obtained from the Data Protection Officer:


    Your 16-17 (Reference) member record, including your personal data, will be retained within the library management system until the end of the academic year during which you have turned 18.

    Your details are kept for this period of time to enable the Library to keep a record of your 16-17 (Reference) membership while it is active. You may choose to cancel your membership before this, and if you do your membership record will be deleted

    If you decide to continue your membership of the University library after the age of 18 i.e., by becoming a Library Associate member, your personal data will be retained to form the basis of your Associate Member record. Information (e.g., date of birth, name of school/college) that is not required for Library Associate membership will be deleted, and you will be asked to update your contact information.

    Data subject rights

    One of the aims of the UK General Data Protection Regulation (UK GDPR) is to empower individuals and give them control over their personal data. The UK GDPR gives you the following rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erase
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

    More information about data subject rights.

    Contact us

    You should contact Library Services if you have a query about how your data is used by the Library.

    Library Services
    Adsetts Library
    Sheffield Hallam University
    S1 1WB


    Phone: 0114 2252222

    You should contact the University's Data Protection Officer if:

  • you would like to request copies of your personal data held by the University (a subject access request);
  • you would like to exercise your other rights (e.g. to have inaccurate data rectified, to restrict or object to processing)
  • you have a query about how your data is used by the University
  • you would like to report a data security breach (e.g. if you think your personal data has been lost or disclosed inappropriately)
  • you would like to complain about how the University has used your personal data

Data Protection Officer
Governance, Legal and Sector Regulation
City Campus
Howard Street
S1 1WB


Telephone: 0114 225 5555

Further information and support

Please see more information about how the University uses personal data

The Information Commissioner is the regulator for GDPR. The Information Commissioner's Office (ICO) has a website with information and guidance for members of the public:

The Information Commissioner's Office operates a telephone helpline, live chat facility and email enquiry service. You can also report concerns online. For more information please see the Contact Us page of their website: