Skip to content
More +
Privacy and cookies

Full privacy notice

Suffolk Libraries takes the safety of your personal information seriously and this notice explains why we collect your personal information, how we use it and keep it safe. It also explains your rights.

Under the Data Protection Act 2018 the Data Controller is Suffolk’s Libraries IPS Limited, Ipswich County Library, Northgate Street, Ipswich IP1 3DE 01473 351249 and the person responsible for data protection is our Compliance Manager, Gareth Lewry.

What information does Suffolk Libraries collect?

We collect your name, address, date of birth, gender, phone number and email address and borrowing history. We also collect cookies when you use our website (see Cookie Policy).

Some of our libraries have CCTV and staff use body-worn cameras which will collect static or moving images and audio data (see CCTV and Body Worn Camera Policy).

How does Suffolk Libraries collect it?

We only use the information you supply us when you join the library and on your ID documentation. You can update it at any time by logging into your account or contacting our staff.

Why does Suffolk Libraries need it?

We need to know who you are as you are making a contract with us to provide library services. We use it to contact you about your account, such as when a reservation has arrived for you, and to work out any charges owing.

We need your age as some categories of stock have age limits and children have a lower level of charges. Age and gender help us check we are reaching all sections of our communities and where we need to develop new services to attract underrepresented groups of users. We only collect the minimum amount of information we need to provide the service.

What happens to the data?

Your information is stored securely on our library management system which is operated on our behalf by Civica (our data processor). It is stored in the UK and will never be transferred out of the European Economic Area.

We do not pass your information on to third parties unless there is a serious reason to do so. It happens very rarely and is usually for the following reasons

  • The detection and prevention of crime or fraudulent activity; or

  • To protect a child or vulnerable adult who are thought to be at risk; or

  • If there is a serious risk to the public or our staff.

We may occasionally release to a third party an anonymised copy of our borrower data with all the names, addresses and card numbers removed for analysis. This is to help us monitor our performance and improve our services.

While you wish to remain a member of the library, we will keep your information and ask you from time to time to confirm if it is still correct. If you tell us, you no longer wish to use the library we will immediately remove your data from our system and delete it unless there are outstanding charges on your account. Otherwise if your card has not been used for three years, your information will be deleted.

Who do we share your data with?

Patron Point

If you have agreed for us to contact you via email about events, activities or book suggestions your data is shared with our provider Patron Point who are a data processor. They will send communications to you periodically on our behalf. Your data will be held on their secure servers in Europe. Your data is not transferred out of the European Economic Area. You can opt out of this at any time by clicking the “unsubscribe” link at the bottom of any marketing email.

What data is shared with Patron Point?

Your name, address, date of birth, gender, phone number and email address and borrowing history.

What is the legal basis for sharing with Patron Point?

Legitimate Interests. This means we have a legitimate business interest to share your data under Data Protection Act 2018 Article 6(1)(f) & Recital 47 and we feel this service will be of benefit to you and is something you would expect.

Fundraise Up

If you donate via our website, Suffolk Libraries uses Fundraise Up as an online donation platform. All donation data collected is subject to the provisions of the General Data Protection Regulation ("GDPR") and Data Protection Act 2018, the California Consumer Privacy Act of 2018 (“CCPA”), and other applicable privacy laws. Non-Personal Information that is collected remains anonymous or non-personally identifiable.

All Personally Identifiable Information (PII) is encrypted. Financial information such as banking information or credit card number, name, CVV code or date of expiration, is collected and stored by a third-party payment processor. Financial information is not stored by Fundraise Up.

Read our full Fundraise Up privacy statement.

When making a donation, information collected may include:

  • Contact and account information such as name, email address, physical address, location data, phone number, and social media information.

  • Technical information collected. Such information may include standard web log entries that contain IP address, cookies (first party, third party, session, persistent, and flash), web beacons, page URL and timestamp.

For more information, please see Fundraise Up’s privacy policy.

How does Suffolk Libraries protect data?

Suffolk Libraries takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by our employees and employees and contractors in the proper performance of their duties.

Any third parties we use to provide a service on our behalf are held to a high standard and we ensure they have adequate security systems and processes in place to ensure your data is held or processed in accordance with their contract with us and in accordance with their obligations under Data Protection Act 2018.

We train all our employees on their role and responsibilities of processing and protecting personal data. We have security provisions in place with our IT system provider to ensure personal data is secure, such as firewalls, anti-virus software and security profile settings.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;

  • require Suffolk Libraries to change incorrect or incomplete data;

  • require Suffolk Libraries to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;

  • object to the processing of your data where Suffolk Libraries is relying on its legitimate interests as the legal ground for processing; and

  • ask Suffolk Libraries to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override Suffolk Libraries legitimate grounds for processing data.

If you would like to exercise any of these rights, please contact us at

If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance by contacting us at

Alternatively, you can contact the Information Commissioner’s Office at