Privacy policy
1. Introduction
- The National Library of Australia (Library) is bound by the provisions of the Privacy Act 1988 (Privacy Act), including the Australian Privacy Principles (APPs) contained in Schedule 1 of the Privacy Act.
- This policy applies to Personal Information collected by the Library and sets out how we manage your Personal Information in accordance with the APPs. This policy describes the kinds of Personal Information we collect and how we collect, store, use, disclose and secure that Personal Information. It also outlines how you can access or seek correction of your Personal Information, how you can complain about a breach of the APPs and how the Library will manage such a complaint.
- The Privacy Act does not apply to Personal Information contained in Library material in the national collection that is held, managed and made accessible by the Library, whether that material is published (such as books, journals, newspapers and websites) or unpublished (oral history interviews, photographs and archival collections). It also does not apply to the associated metadata assembled to maintain, describe and provide access to the national collection.
- Additionally, the Privacy Act does not apply to Personal Information contained in library material made available to the public through Trove. Please see the Trove Privacy Statement for information on how the Library manages privacy and Personal Information relating to Trove users, and library material available through Trove.
2. Policy aims
- This policy supports the principles outlined in the Privacy Act by:
- setting out how the Library manages Personal Information collected in accordance with the Privacy Act, and
- promoting the management of all Personal Information held by the Library in an open and transparent way.
3. Definitions
General Records Authority | means a general records authorities issued by the National Archives of Australia to authorise the disposal of information and records of administrative business activities and responsibilities common to many Australian Government agencies. |
---|---|
Personal Information | means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
|
Records Authority | means a legal instrument that allows the Library to make decisions about keeping, destroying or transferring Australian Government records. Records Authorities are used to determine how long to keep records and provide permission for the destruction of records once this time has passed. |
Sensitive Information | means information or an opinion about an individual's racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record, provided the information or opinion otherwise meets the definition of Personal Information. |
4. Personal Information collected by the Library
Types of Personal Information we collect
- The kind of Personal Information the Library collects and holds about you will depend on the nature of your interaction with us.
- The Library may collect and hold the following types of Personal Information:
- name;
- email address;
- telephone number;
- age and date of birth;
- profession, occupation and/or job title;
- photographic images and/or pictorial representations;
- information you provide to us through enquiries and surveys;
- products and/or services you have purchased or used; and
- photographic images, footage from closed circuit cameras.
- The Library collects Personal Information so that we can perform our functions and activities, and to provide high quality customer service.
- The Library's Personal Information includes:
- searchable electronic data bases;
- financial management systems;
- online booking systems;
- Excel and Access applications;
- user management systems;
- software as a service;
- electronic and paper files;
- storage or holdings by third parties where the Library retains the right to deal with the information, including to access and amend the information;
- information about donors and sellers of items in the national collection;
- financial donations and sponsorship information, including the name of the person making the donation and the date and amount received;
- personnel and employment records;
- volunteer records and
- records about Council members and members of Friends of the National Library of Australia Inc.
How we collect Personal Information
- The Library uses forms, online systems and other electronic or paper correspondence to collect Personal Information.
- We may collect Personal Information when you:
- apply for or renew a library card;
- subscribe to our e-newsletter or the Trove e-newsletter;
- request delivery of collection items or make a reference or interlibrary loan request;
- register for, or attend, public events or activities;
- purchase products from us through the NLA Bookshop (physical or online);
- engage with us in person, over the telephone, on social media or using other electronic or paper correspondence;
- submit an online form, provide feedback, participate in a survey, make a complaint or enter a competition;
- become a member of Friends of the National Library of Australia Inc;
- register for a Trove user account , use certain Trove features or register as a Trove Collaborative Services member;
- make collection material or financial donations to the Library;
- enter into an agreement with us, including a supplier contract or funding, venue hire, loan or acquisition agreement;
- work with us on a publication, including as a creator, publisher, partner institution or vendor;
- submit a job application (whether as permanent or temporary staff or as a contractor) or volunteer with us;
- submit an application for a grant, fellowship or scholarship; or
- become a member of the Library's Council or audit committees.
5. Purposes of collection and use
- The Library collects Personal Information to perform its functions under section 6 of the National Library Act 1960 and to undertake activities incidental to those functions.
- The Library's functions include:
- maintaining and developing a national collection of library material, including a comprehensive collection of library material relating to Australia and the Australian people;
- making library material in the national collection available to the public and institutions;
- providing library services, including bibliographical services; and
- cooperating in library matters with other organisations.
- We collect Personal Information if it is reasonably necessary for or directly related to one or more of the Library's functions or activities, or if we are legally required or authorised to collect it.
- The Library will provide you with a privacy collection notice prior to collecting your Personal Information, which will explain how your information may be used.
- Personal Information held by the Library may be used to:
- facilitate access to and use of materials in the national collection;
- provide Library services and visitor support, including research assistance;
- request and receive feedback about readers' and visitors' experiences and improve Library services;
- process bookings and ensure events or visits are properly coordinated;
- distribute information about Library events, activities and fundraising opportunities;
- maintain membership, acquisition and donor lists;
- inform and facilitate philanthropic and fundraising activities of the Library;
- update the Library's rights collection management system;
- maintain the physical and information technology security of the Library and protect the national collection from loss, theft or destruction;
- access applications for employment and manage personnel; and
- perform internal and administrative activities such as planning, auditing, data analysis, internal benchmarking, reporting, procedural assessments, risk management, business continuity and disaster recover, quality control, staff training, research, accounting and billing.
- Where the Library has collected your information for a specific purpose, we will not use or disclose your Personal Information for another purpose, unless:
- you have given your consent;
- we have told you about this secondary purpose at the time we collected your information; or
- the use or disclosure is permitted under the Privacy Act or otherwise authorised or required by law.
6. Sensitive Information
- Under the Privacy Act, 'Sensitive Information' is a subset of Personal Information which is afforded higher protections.
- The Library may collect Sensitive Information about you such as your racial or ethnic origin (for example, whether you are a First Nations author or artist) or health information (for example, if you tell us you need mobility or accessibility support when you visit the Library or let us know you have allergies before attending a catered function).
- The Library may collect Sensitive Information about its employees. For example, employees may formally identify as a person from a culturally or linguistically diverse background, belong to a union or have a disability. Health information (for example medical reports or certificates) may also be collected by the Library where there is a workers' compensation or other health-related matter affecting an employee.
- National criminal history checks are conducted on prospective staff members, volunteers, interns and contractors. The Library may also conduct a Working with Vulnerable People check where relevant to an employee or volunteer's role. The Library will seek your consent before a check is submitted and processed, and access to relevant Personal Information is limited to authorised Library staff.
- The Library will not collect Sensitive Information which it does not need and we will only collect Sensitive Information with the individual's consent. We will only collect, use and disclose Sensitive Information for the purpose for which it was collected unless we have obtained your consent, or we are authorised or required to do so by law.
7. Visiting the Library
Visitor Wi-Fi
- The Library provides internet access to visitors via its wireless network, with services facilitated by Skyfii. Skyfii is a Wi-Fi platform that passively collects information from Wi-Fi enabled devices, such as the duration of your visit and which parts of the Library are visited. We use this technology to better understand visitor behaviour and traffic patterns throughout the Library so we can improve the safety, security, and overall experience of visitors to the Library. Device Identifiers of staff/visitor phones/tablets are collected, for example an iPhone's MAC address, however, these identifiers are not categorised as personal data as individuals cannot be identified without additional information. To opt out, turn off Wi-Fi on your device.
Security recordings (including CCTV)
- The Library uses security recordings, including closed circuit television (CCTV) surveillance systems, to monitor and record activity in a range of publicly accessible locations at the Library. When you visit the Library an identifiable image of you may be captured on our security systems.
- The purpose of collecting this information is to ensure the safety of the Library building and our visitors and staff, and to protect our collection from damage, theft or loss. This means we may use your Personal Information gathered from CCTV for security and risk management, loss and damage prevention incident investigation purposes, or as permitted by law.
- These images are stored in a secure environment and access to these recordings is limited to authorised staff only. Where an incident has occurred warranting further investigation, the Library may allow the recording to be viewed by people responsible for investigating the incident, both within the Library and/or external investigative bodies or law enforcement agencies such as the Australian Federal Police. CCTV footage is securely deleted or overwritten regularly if it is not subject to an investigation.
- Signs are placed at public entrances to the Library advising that CCTV cameras are in operation.
8. The NLA Bookshop (including the online shop)
- The Library may in some circumstances collect information from its shop's customers (whether online or in store) or representatives of wholesalers. The NLA Bookshop uses various programs to process online and in-store orders and uses a secure electronic facility to process credit card transactions. Customers may also leave their details in order to purchase items by mail order or to have items placed on hold. In-store customers may be asked to provide their postcode; this assists the Library to record general visitation data.
- Personal Information is collected for the purposes of fulfilling an online order and, if the purchaser has asked to receive newsletters or other information about the Library, to provide them with that information. Personal Information may be disclosed to couriers or freight providers, such as Australia Post, for the purposes of delivering an order. The Library also retains order details (excluding credit card details) and gift voucher information in a secure system to help manage any returns, refunds or exchanges or locate a lost or stolen gift voucher.
9. The Library's websites
- The Library collects Personal Information through our websites (including Trove, the Library's Catalogue and our Bookshop).
- The Library's websites all refer to this Privacy Policy. Our main website also contains a Privacy Statement, and our Trove website contains the Trove Privacy Statement. These privacy statements explain how information is collected and used when you visit and use these websites.
- The Library's websites use cookies for the purpose of collecting statistical data. However, cookies are not used on our websites to gather Personal Information. If you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before using our websites.
10. Social networking and marketing services
- The Library uses social networking services such as Instagram, Twitter, Facebook, LinkedIn, and YouTube to communicate to the public and potential employees. When you communicate with the Library using these services, we may collect your Personal Information to help us to respond or communicate with you.
11. Personal Information and children
- The Library may collect Personal Information about children (an individual under 18 years of age) such as their name, age, contact details or image when they enter a competition, attend the Library as part of a school group or appear in security footage of the Library.
- The Library will not use the Personal Information of children for any secondary purposes unless parent or guardian consent has been obtained, or if required or authorised by law.
12. Historical collection, exhibition and research information
- The Library collects Personal Information relating to library material in the national collection and on loan to the Library. This information includes details about the history of the collection item, including its creator(s) and current and previous owners. The purpose of collecting this information is to assess an item's access rights, copyright status, ownership and provenance prior to acquisition or loan.
- Personal Information about a collection item may be obtained from a range of sources including from donors or vendors and from historical records.
- Personal Information may also be collected in the course of historical research conducted by the Library and for the purposes of exhibition or publication of a work by NLA Publishing. This information may be maintained in a range of forms such as writing, video or sound recordings or photographs.
- The Privacy Act does not apply to library material in the national collection which is maintained for the purposes of reference, study or exhibition, regardless of whether the material contains Personal Information.
13. Disclosure of Personal Information
- The Library may disclose your information to third parties or other government departments:
- where required to fulfill our functions under the National Library Act;
- where you provide your consent; or
- where required or authorised by law.
- We take reasonable steps to ensure that, before disclosing Personal Information to any third party, they comply with the requirements of the Privacy Act and the APPs.
14. Disclosure of Personal Information to overseas recipients
- The Library may disclose Personal Information to overseas recipients for the purpose of:
- responding to an enquiry where the individual or institution enquiring is located overseas;
- arranging an interlibrary loan and document delivery; and
- loaning collection items internationally.
- If Personal Information is disclosed overseas, the Library will take reasonable steps to ensure that the overseas recipient does not breach the Privacy Act and the APPs, such as by informing them that they should comply with the Privacy Act.
15. Security, storage, retention and disposal of Personal Information
Where do we store your Personal Information?
- Library holds Personal Information in:
- electronic and records management systems;
- financial management systems;
- online booking and shopping systems;
- client relationship management systems;
- research and library management systems;
- electronic and paper files; and
- storage or holdings by third parties where the Library retains the right to deal with the information, including to access and amend the information.
Information Management / IT Security
- The Library manages its online services and IT systems in accordance with the Australian Government Protective Security Policy Framework and the Australian Government Information Security Manual.
- The Library's IT management procedures and practices require:
- Personal Information to be stored on a network file server with restricted access permissions;
- safeguards including procedures for cleansing PCs, servers and storage systems of Personal Information; and
- a responsible staff culture is fostered through continual information security awareness and training tailored to roles and responsibilities.
- Other physical security measures are in place including restricted physcial access to premises and use of lockable cabinets.
Retention and disposal of Personal Information
- The storage, retention and disposal of Personal Information by the Library is managed in accordance with Australian Government records management regulations, guidelines and authorities, including the Archives Act 1983, Records Authorities and General Disposal Authorities.
- Where we are authorised to do so, the Library will take reasonable steps to dispose of, or de-identify, Personal Information that it no longer needs to use for the purpose for which it was collected.
Unauthorised access and data breaches
- Your privacy is important to us. The Library protects Personal Information it holds and will deal promptly with any unauthorised disclosure of Personal Information.
- Access to the databases, systems and electronic and paper files is limited to authorised users only. External service providers who handle Personal Information about the Library's staff, customers or other individuals are required to comply with the requirements of the Privacy Act.
- The Library will respond to any potential or actual data breach in accordance with its Data Breach Response Plan.
16. Access and correction to Personal Information
- You may request access to, or seek correction of, any Personal Information held about you by the Library under the Privacy Act and the APPs.
- If it is appropriate to process the request under the Freedom of Information Act 1982, we will let you know.
- If you would like to access or correct any Personal Information we hold about you, please contact the Privacy Officer on the details listed below.
- We will respond to access or correction requests within 30 days and provide written reasons for any refusal.
17. Complaints
- If you are not satisfied with how the Library has handled your Personal Information, you can lodge a written complaint to the Privacy Officer on the details listed below.
- The Library is committed to quick and fair resolution of complaints. We will take reasonable steps to manage and respond to your privacy complaint or suggestions within 30 days.
- Privacy complaints can also be made to the Office of the Australian Information Commissioner.
18. How to contact us
- You may contact the Privacy Officer if you would like to:
- obtain access to your Personal Information;
- request amendment of your Personal Information;
- make a complaint about the way we handle your Personal Information,
- request further information about how the Library handles your Personal Information; and
- ask questions about this Privacy Policy.
Privacy Officer contact details:
Email: privacy@nla.gov.au
Phone: 02 62621600
National Relay Service: 133 677 (for hearing impaired callers)
Letters to: Privacy Officer
National Library of Australia
Parkes Place
PARKES ACT 2610
19. References and further resources
- Archives Act 1983 (Cth)
- Freedom of Information Act 1982 (Cth)
- Privacy Act 1988 (Cth)
- Privacy (Australian Government Agencies) – Governance APP Code 2017
- Australian Privacy Principles (APP) Guidelines
- Australian Government Protective Security Policy Framework
- Australian Government Information Security Manual
20. Policy review and accessibility
- This Privacy Policy will be reviewed every 12 months to ensure it is up-to-date.