This site is in development. Help us improve it using our feedback form.

National Library of Scotland

Safety privacy notice

Last updated
17 July 2025
Estimated reading time
4 minutes

This page clarifies how we process personal data for the purposes of maintaining safety and security and for dealing with emergencies. It also explains your associated rights. Please read our general privacy information in addition to the specific information contained in this privacy notice.

Purpose

Safety, security and emergencies

Explanation of the purpose

We may process personal data that you provide to us or that we obtain from other sources for the purposes of the safety and security of people and property. We may also process data for the purposes of preventing, managing or responding to emergencies.

We collect and process personal data when you need to access our non-public spaces (for example, our office spaces) as a visitor or contractor. When you access our spaces as a contractor we will also process your personal data for the purposes of managing relevant activities. See the employment privacy notice for details.

We may use correspondence records, including recordings of telephone calls, to investigate, respond to, and/or report instances of suspected abuse or threatening or illegal behaviour. We do not routinely record telephone calls. Calls are only recorded where abuse or threatening or illegal behaviour is suspected.

Legal basis

Processing of this data is necessary for compliance with legal obligations and at times, to protect the vital interests of the data subject or another person. It may also be necessary in some cases for the performance of tasks carried out in the public interest or for our official functions.

Personal data processed for the purposes of managing contractor access to our sites is necessary for the performance of a contract.

Types of personal information

The types of personal data that we process for this purpose may vary. The data that we process for this purpose will be determined by the specific nature of the situation, such as the type of security we aim to provide or the nature of an emergency. We are likely to process data such as your image, your name, or your contact details for this purpose.

The types of personal data we process for the purposes of managing visitor and contractor access to our non-public spaces includes your image, your name, and, if applicable, your company details and confirmation that you have passed relevant disclosure checks. This information will be managed in our visitor management system.

Sources of personal information

We may obtain data for this purpose directly from you and from third parties. We may also already hold the data that we need to process for this purpose.

If we process data for this purpose which has been obtained from third parties, this data has usually been collected from publicly available sources. Occasionally, however, we may collect data for this purpose from sources which are not publicly available.

When you access our non-public spaces as a visitor or contractor we normally obtain this data from you directly.

Recipients of the data

This data will be processed by the National Library of Scotland for this purpose and data may be sent to third parties (see 'Will the data be transferred to third parties?').

Retention period

We will normally process data for this purpose for as long as we are required to do so or for as long as necessary for the particular purpose (for example, while responding to an emergency).

We retain personal data of visitors and contractors in our visitor management system for six months after the expiry of an individual's visitor pass (visitor passes normally expire on the day of issue).

We have a detailed range of retention periods for different types of records, some of which may also apply to information processed for the purpose of ensuring safety and security. Please see our retention schedules (811 KB; 77 pages) for details, in particular under business classification 06.08.05.01 'Health and safety' on page 69.

While we are working to implement our retention schedules, some data may be retained longer than required under the schedules.

Your rights in relation to this data

Your core rights as a data subject apply to this processing. Additionally, the right of objection applies to processing carried out for the performance of tasks carried out in the public interest or for our official functions, the right of erasure applies to processing carried out in an individual's vital interests, and the right of data portability applies to processing carried out for the performance of a contract.

Will the data be transferred to third parties?

Data may be transferred to third parties for this purpose, for example the emergency services.

Our visitor management system is internal and data processed in this system is not transferred to third parties for the purposes of managing access to our non-public spaces.

Our telephone system is provided by a third party, Exchange Communications Ltd. Telephone calls recorded by the Library will be processed by Exchange Communications Ltd. For more information, please see Exchange Communications Ltd.'s privacy policy.

Will the data be transferred outside the UK or the European Economic Area (EEA)?

No.

Is it obligatory to supply this data and what are the consequences of not supplying the data?

It may be obligatory to supply data for this purpose, depending on the situation. If you do not supply data for this purpose, it may be that we are unable to ensure safety and security or manage incidents or emergencies. We may also be unable to provide certain services or meet certain obligations, such as user registration, and we will be unable to allow you to access our non-public spaces as a visitor or contractor.

Will the data be used in automated decision-making?

No.