The customer, material, and event register of the library system

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)

1. Controller

Seinäjoki University of Applied Sciences, SeAMK Library
Kalevankatu 35, Kampustalo
FI-60100 Seinäjoki, Finland
+358 40 830 0410
kirjasto(at)seamk.fi

2. Controller’s representative

Jaana Latvanen, Head of Library and Information Services
+358 40 830 4203
jaana.latvanen(at)seamk.fi

2a. Official responsible for the personal data file

Jarkko Meronen, Planning Officer, Library Services
040 830 4250
jarkko.meronen(at)seamk.fi

2b. Contact persons in matters relating to the data file

Jarkko Meronen, Planning Officer, Library Services
040 830 4250
jarkko.meronen(at)seamk.fi

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
jarmo.jaskari(at)seamk.fi

3. Name of the data file

The customer, material, and event register of the library system

4. Purpose of processing personal data/data file use

Customer register:
Register of all the borrowing customers of the Library, which includes a record for each person registered as a borrowing customer. The register is included in the database of the library system in use, allowing the person having booked or borrowed material to be connected to the material in question, fees, and customer messages.

Material register:
The descriptive metadata includes the author data and target data of the materials described for data search and the combination of works and authors.

User register:
The staff users of the library system entitled to use the functions of the system in question in the borrowing, purchase, description, and management applications.

5. Purpose of maintaining the data file

Enables the logistic management of the library materials and the recognition of the user, as well as the implementation of independent services in the library system and its customer interfaces.
The data of the customer register are used for the management of customer data. The Library uses the data of the customer register for the supervision of borrowing and borrowing rights, communication with the customer, and statistics. The statistics do not include personal-level data.

5a. Data content of the file

User data*:

  • Name
  • Address
  • Telephone number
  • Email
  • EduPersonPrincipalName (SeAMK customers)
  • Library card number
  • Primary id
  • Borrowed items
  • Bookings
  • Fees
  • Statistic group
  • Validity of customer data
  • Notifications
  • Customer’s user statistics
  • PIN

Inactive customer data are automatically deleted from the register after one year from the expire date of the customer data. If a customer has borrowed items or bookings 30 days before the expire date, the validity of the customer account is prolonged by the Library by 6 months. The borrowing data of the two last borrowers are kept at the volume level. Otherwise, the volume-level borrowing history is anonymised.

*Students’ personal data are maintained in the Student Management System.

5b. Information systems using the data file

Library system*, discovery service, student’s mobile application, online payments service.

*During the change of library system, the descriptive metadata and customer data including active events (the customer having current borrowings, bookings, fees), and the valid customer data are transferred to the new system.

6. Regular sources of data

SeAMK’s Student Management System and the person themselves.

7. Regular disclosure of data

The data can be transferred to an invoicing program or debt collection if it is necessary to send the customer an invoice for unreturned materials or outstanding late fees. The data of the numbers of customers by statistic group is annually transferred to the joint statistics of the scientific libraries in an anonymised form.

8. Transfer of data outside the EU or the EEA

Data is not transferred outside the EU or the EEA.

9. Principles of data file protection

A.      Manual material

When a customer has filed an application for a library card, the data are checked and entered in the register, and the application form is returned to the customer.

B.      Computer-processed data

The data included in an electronic application for a library card (E-form) are entered in the register, and the E-form is deleted. The customer’s identity is checked while the person is question is picking up their library card.

The library staff have personal identifiers to access the software used for the maintenance of the register. The connection to the database is encrypted.

Each registered customer only sees the data related to them. A registered user can access their data through the discovery service, logging in either through HAKA or their email.

x (x)
x (x)
x (x)