GDPR Compliance
Your data protection rights and our compliance commitments
Last Updated: 03/09/2025
Effective Date: 03/09/2025
Our GDPR Commitment
LibraryConnect is committed to protecting your personal data and respecting your privacy rights under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. This page explains how we comply with data protection law and how you can exercise your rights.
OFFICIAL - FOR PUBLIC RELEASE • Full compliance with UK GDPR and Data Protection Act 2018
Data Processing Principles
Lawful Processing
We process personal data only when we have a valid legal basis and in compliance with applicable law.
Purpose Limitation
Personal data is collected for specified, explicit, and legitimate purposes and not processed beyond those purposes.
Data Minimisation
We collect and process only the personal data that is necessary for our specified purposes.
Data Accuracy
We take steps to ensure personal data is accurate, complete, and kept up to date where necessary.
Storage Limitation
Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected.
Security
We implement appropriate technical and organisational measures to protect personal data from unauthorised access.
Legal Bases for Processing
Consent
We process personal data when you have given clear, informed consent for specific purposes.
Examples: Newsletter subscriptions, marketing communications, optional feedback surveys
Contract Performance
Processing necessary for the performance of a contract or to take steps before entering into a contract.
Examples: Service enquiries, demonstration requests, contract negotiations
Legitimate Interests
Processing necessary for legitimate interests pursued by us or third parties, balanced against your rights.
Examples: Website analytics, service improvement, fraud prevention, business administration
Legal Obligation
Processing necessary to comply with legal obligations under UK or EU law.
Examples: Regulatory reporting, tax obligations, legal compliance requirements
Your Data Protection Rights
Right of Access
You have the right to request copies of your personal data that we hold and information about how we process it.
Response Time: Within 1 month of request
How to Exercise: Contact us with identification and specify the information you want to access
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data.
Response Time: Within 1 month of request
How to Exercise: Contact us with details of the inaccurate information and the corrections needed
Right to Erasure
You have the right to request deletion of your personal data in certain circumstances.
Response Time: Within 1 month of request
How to Exercise: Contact us specifying what data you want deleted and your reason for the request
Right to Data Portability
You have the right to receive your personal data in a structured, machine-readable format.
Response Time: Within 1 month of request
How to Exercise: Contact us specifying the data you want and your preferred format
Right to Object
You have the right to object to processing of your personal data in certain circumstances.
Response Time: Immediate for marketing; 1 month for other processing
How to Exercise: Contact us specifying the processing you object to and your reasons
Right to Restriction
You have the right to request restriction of processing in certain circumstances.
Response Time: Within 1 month of request
How to Exercise: Contact us with your reason for requesting restricted processing
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Our retention periods are based on business needs and legal requirements.
Contact Information
Retained for 3 years after last contact unless you request earlier deletion
Website Analytics
Anonymised data retained for 2 years; IP addresses deleted after 14 months
Data Security Measures
Technical Safeguards
- • End-to-end encryption for data transmission and storage
- • Multi-factor authentication and role-based access controls
- • Continuous security monitoring and threat detection
- • Secure backup systems with regular testing and recovery procedures
Organisational Measures
- • Regular data protection training for all staff members
- • Comprehensive data protection policies and procedures
- • Regular internal and external security audits and assessments
- • Data breach response plan with notification procedures
Exercise Your Rights
To exercise any of your data protection rights, please contact us using the methods below. We will respond to all requests within the legally required timeframes.
Please provide identification and specify which right you wish to exercise and what information is involved.
We will acknowledge your request within 72 hours and provide a full response within 1 month.
Right to Complain
If you believe we have not handled your personal data properly, you have the right to make a complaint to the UK data protection authority.
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
This GDPR compliance information is governed by UK data protection law and the jurisdiction of England and Wales.
We may update this information to reflect changes in law or our data processing practices. Check this page regularly for updates.