The Library’s customer register - privacy notice

EU’s General Data Protection Regulation (2016/679)

Last update 10.8.2020

1. Name of the register

JAMK Library Customer Register

2. Controller

JAMK University of Applied Sciences
Library
P.O. Box 207
FI-40101 Jyväskylä, Finland

3. Contact person in matters concerning the register, contact information during office hours

Library Director Teemu Makkonen (tel. +358 40 594 6587)
firstname.surename[a]jamk.fi

4. Purpose of the processing of personal data

The library user’s customer relationship management. The Library uses the register to supervise borrowing and borrowing rights and to compile statistics. The Library uses the register to control access to the self-service library and to compile usage statistics. Check the Library's recording surveillance video system register.

5. Data contents of the register

The register contains the customer’s personal data:

  • name (obligatory)
  • social security number or date of birth, individualized user identifier generated by the Peppi system (obligatory)
  • addresses (obligatory)
  • telephone number(s)
  • email address
  • student ID
  • library card barcode
  • patron group and statistical category
  • organization
  • the date of the latest transaction in the library’s circulation system

The personal data of JAMK students are transferred automatically from the Peppi system. The personal data of other customers are maintained in the library system. The register contains information about the customer’s current loans, reservations and fees, including fees related to unreturned materials and administrative handling invoicing. When a loaned item is returned, its lending data related to the borrower in question is removed from the register.

Reservations are picked up from a self-service shelf wherein the customer’s name can be seen connected to the reserved material. If the customer does not want their name to be shown connected to the reservation, they need to contact the Library’s customer service and ask that the reservation is kept at the customer service desk. In this case the reservation can be picked up only during the Library’s customer service hours.

The Library has the right to register the customer's social security number (the Finnish Data Protection Board's decision 57/29.11.1993). The social security number is used when giving or taking away a library card and borrowing rights. The social security number is also used in the Library’s debt collection. The customer’s patron group and statistical category data is used for the Library’s statistics and to enable the use of the self-service library.

6. Legal bases for processing personal data

The consent of the data subject

How can you withdraw your consent?
See paragraph 10.

7. Regular sources of data

JAMK students:
The data of JAMK students are transferred automatically from the Peppi student and study information system into the library system. Students update their own contact information in the Peppi system and the library borrowing rights are valid for the duration of the studies.

Other customers:
One becomes a library customer by giving their personal data via a form via the Library’s website or at the Library’s customer service desk. The customer’s notice, the student register, the Population Register Centre and other address information services can be used to update the customer’s contact data.

8. Regular transfer of data and transfer of data into countries outside the European Union or the European Economic Area

In invoicing cases, data is handed over to the collection agency used by JAMK.

The self-service library saves the user data (the name and library card barcode of the registered customer) received from the library system for 14 days. The customer data and visual surveillance camera material collected by the self-service library can be handed over for the purposes of taking care of JAMK’s internal safety or to the police for preliminary investigation.

Data is not transmitted outside the EU or EEA, or international organizations.

9. Principles of register protection

A. Printed material

The application forms used by the borrower will be destroyed immediately after the data has been saved in the customer register.

B. Electronic data

Standard methods are used to ensure the technical protection of data. The library system’s and self-service library’s servers are located in a closed place and the data held in the servers is backed up. The use of the system requires a personal user name and password. The library staff is bound by professional secrecy.

10. Retention period or criteria for determining

JAMK students:
The library borrowing rights of JAMK students expire when the customer graduates and has no unreturned loaned items and no fees. The customer can get back their borrowing rights if they so wish.

Other customers:
The library borrowing rights of other customers expire when the customer has no unreturned loaned items and no fees and has not borrowed any material in one year and has not notified the library that they wish to continue the borrowing rights. The customer can get back their borrowing rights if they so wish.

11. Automatic decision-making/profiling

Automated profiling related to personal data is not conducted.

12. Rights of the Data Subject

A registered data subject (i.e. the customer) can check their personal data and borrowed items by logging in to the Library’s web service.

Personal data can be checked during the Library’s customer service hours at the Library’s customer service desk. The request must be made either in writing, hold enough distinctive information about the requester and be accompanied by a personal signature, or alternatively personally to the library staff, in which case the identity of the requester is checked. The library staff will correct any mistakes immediately when they notice them.

JAMK students are responsible for the correctness of their contact information and personal data in the Peppi system.

JAMK students have library borrowing rights during their studies via the Peppi system, but can ask their customer information to be changed to an inactive setting in which case the borrowing and self-service library rights are not valid.

Other customers have the right to request the erasure of their personal data from the register if they have returned all their borrowed items and paid all their fees. The erasure request must be made either in writing, hold enough distinctive information about the requester and be accompanied by a personal signature, or alternatively personally to the library staff, in which case the identity of the requester is checked. Before the erasure of data, the staff will make sure that the aforementioned obligations have been fulfilled.

Written requests are addressed to: JAMK University of Applied Sciences Library, Postal address PL 207, 40101 Jyväskylä, Finland

Read more information about the JAMK’s Privacy Policy, Data Protection Officer and the rights of the data subject and their implementation.

Last update 10.8.2020