Information Services


Templeman Library Card Access Privacy Notice

How we use your data

This Privacy Notice outlines how document Information Services at the University of Kent collects, uses and manages the personal information of individuals in accordance with data protection law when processing person data generated by the KentONE/SALTO card access system used for entering the Templeman library.

The University of Kent is registered as a ‘Data Controller’ under registration number Z6847902. View the full entry on the register.

Who is this policy for?

This is a public policy intended for University staff and students, and members of the public.

How we collect your personal information

The University records data from your KentONE card when you use it to enter and exit any building across campus. Information Services will analyse the data collected from your KentONE card as you enter and exit the Templeman Library.

Students’ data will be combined with the student data record from the Student Data System (Kent Vision) to provide information on how the Templeman Library is used by its student users.  

Data will be recorded when students use the ‘Forgotten Card’ function at the Welcome Desk to obtain a day pass. Data will be recorded when students use a Forgotten Card electronic pass at the Welcome Desk to enter and exit the building.

Categories of personal information we collect

We will collect the following personal information about all staff and students:

  • date of entry and exit
  • time of entry and exit
  • which entrance was used
  • name
  • student or staff ID number
  • card number
  • school \ department \ division

For students only, we will use the student ID number to identify the following data from the Kent Student Data System (Kent Vision):

  • course / division
  • attendance: full-time, part-time
  • level: undergraduate, postgraduate (taught), postgraduate (research) 
  • stage: 1, 2, 3 
  • fee type – UK, EU, Overseas
  • age (on entry)
  • gender
  • widening participation status

Special category data we will collect about students in connection with quality and service assessments:

  • physical or mental health data (disability)
  • ethnicity

How we use your personal data

Your individual access data will inform the operation and development of the Templeman Library.

We want to improve the experience of using our services and collections. We want to identify trends and better understand how the Templeman Library is used by its community of users.

We want to identify ways we can better support or resource students’ learning, attainment, and engagement.

Information collected by the card access system is used to provide data on: 

  • equality assessments and improvements
  • building occupancy levels
  • student, staff, and visitor access to the building
  • the type of students/stages of students using the building e.g., undergraduate, postgraduate (taught), postgraduate (research)
  • which disciplines are using the library.

We will use the data to inform:

  • the development of services and support
  • the assessment and monitoring of services and support
  • appropriate staff resource levels for services and support
  • appropriate staff resource levels to maintain the security of the building
  • the provision of better student success intervention, activities and resources i.e. better support for learning
  • access and participation plans/ Office for Student returns.
Information Services will remove your name, student or staff ID and card number from our records.

Our lawful basis for processing your data

We rely on the following lawful basis as allowed by the UK GDPR for processing your personal data as this is necessary for:

  • the performance of a task carried out in the public interest or in the exercise of official authority – Article 6(1)(e)
  • a legal obligation – Article 6(1)(e)

Our public task and statutory purposes are underpinned by our powers and duties as a higher education institution and include the functional requirements imposed on us by the Office of Students under the Higher Education and Research Act 2017 (which includes condition B2 that each cohort of students registered on each HE course receives resources and support which are sufficient for ensuring a high quality academic experience).  We also have legal duties under the Equality Act 2010 and Health and Safety at Work etc. Act 1974.  

As we also use your special category data, we must identify a further basis for processing that data.  The processing is necessary for:

  • reasons of substantial public interest (as defined within the Data Protection Act 2018) – Article 9(2)(g).

Our substantial public interest grounds are:

  • statutory purposes
  • equality of opportunity or treatment
  • archiving in the public interest, scientific or historical research purposes or statistical purposes with a basis in law – Article 9(2)(j).

Who your information will be shared with

When we have combined your student access data with your student data record, we will share your data with Student Success who will create aggregated reports with the data so that they are able to provide better support and intervention for you as a student at the University.

We use third party organisations (known as data processors) who carry out services on the University’s behalf under contract. We will ensure that only the minimum amount of relevant personal data necessary for the purpose is transferred. We will ensure that contractual agreements exist to ensure compliance with data protection law and that data is used solely under our instruction. In these circumstances personal data shall be deleted after the contract has terminated.
Sometimes it is necessary for your personal information to be shared:

  • with competent authorities (such as the police, NCA) or action fraud for law enforcement purposes (for substantial public interest reasons – Article 9(2)(g) – for preventing or detecting unlawful acts, safeguarding or fraud purposes.
  • with our professional advisors where it is necessary for the establishment, exercise or defence of legal claims – Article 9(2)(f).

Occasionally the University may, if appropriate, legitimate and necessary, rely on relevant exemptions to UK GDPR provisions as are allowed under the Data Protection Act 2018 (e.g. in relation to crime).

Transfer of your information outside of the UK

When it is necessary for us to transfer your personal information across national boundaries to a third party data processor, such as one of our service providers, we will ensure this safeguards your personal information by requiring such transfers are made in compliance with all relevant data protection laws.

How long your personal data will be retained?

We will retain your individual access data for a period of up to 18 months. Deidentified data will be retained indefinitely.


The University is committed to holding your data securely and treating it with sensitivity and in accordance with the Data Protection Act 2018 and the United Kingdom General Data Protection Regulation (UK GDPR).

We will ensure that security measures are in place to prevent the accidental loss, unauthorised use, or access to your data. Access is given to staff on a ‘need to know’ basis. Our staff are required to keep your data safe and complete data protection training.

We have procedures in place to deal with any data security incidents and will notify you and the ICO in the event of a data breach where we are required to do so.

Your rights

Please be aware of the following rights which can be accessed free of charge by contacting

  • know how we are using your personal information and why (right to information)
  • access the personal data held by us (subject access request)
  • ask for correction of any mistakes (rectification)
  • to object to direct marketing
  • to complain to the ICO

In some circumstances you also have the right to:

  • object to how we are using your information
  • ask us to delete information about you (the right to be forgotten)
  • have your information transferred electronically
  • object to automated decisions which significantly affect you
  • restrict us from using your information.

For further guidance regarding your rights please see the ICO website.

Your right to complain to the Information Commissioner

You have the right to lodge a complaint with the Information Commissioner's Office.

Their helpline telephone number is: 0303 123 1113.


If you have any questions or concerns about the way the University has used your data, or wish to exercise any of your rights, please consult our website.

The University’s Data Protection Officer can be contacted at:

Print version

Document review date

This policy will be reviewed annually by Information Services Committee.

Policy approved: 11.05.2023





Information Services, University of Kent

Contact IS  |  Feedback on IS  |  IS Regulations

Last Updated: 25/01/2024