Customer Register - Description of File

In accordance with Personal Data Act (523/1999) Section 10

1. Controller/Registrar

JAMK Library
Rajakatu 35 F
FI-40200 Jyväskylä

2. Person in Charge

Library Director Teemu Makkonen
Rajakatu 35 F
FI-40200 Jyväskylä
Phone: +358 40 594 6587

3. Name of the Register

JAMK Library Customer Register

4. Use of the Register

Library customer relationship management. The library uses the register for the supervision of borrowing and borrowing rights, and for the compilation of statistics. The register is used for the access control of the self-service library and for the compilation of statistics. See the register of the library's recording surveillance video system.

5. Contents of the Register

Name, statistical category, library unit, address, telephone number(s), e-mail address, patron barcode, date of birth, social security number; information on present loans, material on hold and unpaid fees. When a loan is returned, its data disappears from the patron register.

The library has the right to register the customer's social security number (the Finnish Data Protection Board's decision 57/29.11.1993). The social security number is used when giving or cancelling borrowing rights and the library card, as well as in debt collection.

6. Regular Sources of Information

Customer information is saved in the register from the registration form filled in by the customer, from the electronic form sent via the library's website, or from personally delivered customer information. Student and personnel registers, the population register or other external address registers can also be used.

7. Regular Transfer of Data and Transfer of Data into Countries outside the European Union or the European Economic Area

Customer information is delivered to JAMK's collection agency for invoicing purposes.

When using the self-service library the customer’s name and the barcode of the customer’s library card is temporarily given to a third party responsible for the self-service library system for the purpose of producing the service. The data given is used only to secure the safety of people and property, to control access, and to make user statistics compilations. The register’s data is stored as long as is necessary to fulfill the aforementioned purposes. The names and barcodes of customers are deleted by default from the third party’s server in 14 days. For a specific reason data can be stored for an even longer period of time. The data can also be handed over to the police for the purpose of preliminary investigation.

The customer information is not transferred for other outside purposes.

8. Principles of Register Securing

A. Manual register. The application form filled in by the customer will be immediately destroyed after the information has been saved in the register.
B. Electronic register. Standard methods are used to technically protect the customer data. The library staff is obliged to professional secrecy.

9. Customer's Right to Check the Registered Information

A person whose personal data has been saved in the register has the right to personally check the validity and correctness of the information. A request concerning the checking of personal information in the register can be made in writing or in person at the library. The information can be checked immediately. The register contains no such information which cannot be checked by the customer.

10. Updating the Registered Information

The customer information will be updated without delay according to the changes informed by the customer. If necessary, the correctness of the customer information will be checked from the population register. The information will be updated by the library staff. The library staff also corrects mistakes immediately when they are detected.

Personal Data Act (523/1999) Section 10

Section 10 - Description of file
The controller shall draw up a description of the personal data file, indicating:
1. the name and address of the controller and, where necessary, those of the representative of the controller;
2. the purpose of the processing of personal data;
3. a description of the group or groups of data subjects and the data or data groups relating to them;
4. the regular destinations of disclosed data and whether data are transferred to countries outside the European Union or the European Economic Area; and
5. a description of the principles based on which the data file has been secured.

The controller shall keep the description of the file available to anyone. This obligation may be derogated from, if necessary, for the protection of national security, defense or public order and security, for the prevention or investigation of crime, or for a supervision task relating to taxation or public finances.

Updated on 2 September 2015.