Privacy notice: Processing of customer data of Häme University of Applied Sciences Library
Processing of customer data of Häme University of Applied Sciences Library
Privacy notice: Processing of customer data of Häme University of Applied Sciences Library: joint informative document for data subjects (Articles 13 and 14 of the General Data Protection Regulation [2016/679]).
Purposes of processing personal data
The purpose of the register is managing customer relations. The register is used for:
- monitoring borrowing activities and borrowing rights
- statistical purposes which do not include individual-level data
- sending customer notifications
- recovering unreturned material
- interlibrary loan services.
Legal basis for processing
The processing of personal data is based on the execution of a contract / an agreement.
Personal data content and retention periods of the register
|Data category name||Retention period|
|Customer name||Customer validity period|
|Customer’s e-mail address||Customer validity period|
|Customer’s personal identity code||Customer validity period|
|Customer’s library card number||Customer validity period|
|Customer’s PIN code||Customer validity period|
|Customer’s contact details (postal address, phone number)||Customer validity period|
|Customer’s active loans||For the loan period.
The loan data will be removed:
|Customer’s active reservations||Validity period of the reservation.
The reservation data will be removed:
|Customer’s pending charges||The data will be removed when the customer has paid the pending charges.|
|The most recent contact and update date||The data will be removed when the customership terminates and the customer data related to it is deleted.|
|The name and e-mail address of customers who have made interlibrary loan requests||2 years. Until the end of the following academic year|
The library will remove any customer data relating to customers who have not borrowed any material for more than seven (7) years and who have no pending payments to the library.
The register contains the following:
- HAMK students who are customers of the library or who have given their permission to transfer their data from the student register to the customer register of the library
- HAMK and HAMI personnel who are customers of the library
- external customers of the library.
Regular sources of data
- data provided by the customer him/herself
- the student register of Häme University of Applied Sciences
- data stored in the database in connection with borrowing activities
Basic data concerning new students are transferred with students’ consent from the HAMK student register to the HAMK Library register.
Before becoming a customer, the library personnel will verify the customer’s identity with a ID card (including a photograph). The customer is responsible for notifying of any changes.
If a customer cannot be reached using the contact details contained in the customer register, the personnel may, where necessary, check the customer’s contact details from the student register, the Population Register Centre or from another address or telephone service.
Regular disclosures of data
In connection with invoicing, the necessary data will be disclosed to the financial administration department of Häme University of Applied Sciences.
Statistical information is collected for libraries’ joint statistics from the register. Häme University of Applied Sciences Library performs the recording in the joint statistics. The statistics do not include individual-level data.
Principles of data protection of the register
A Manual material
The customer information form will be immediately destroyed when the data has been recorded in the register. No confidential information is disclosed to third parties.
B Data processed through automated data processing
Data is stored in an information system or network drive. Users have personal user IDs. Access is granted only to those designated persons of the data controller with a password who are entitled to access and use the data in the system in order to perform their duties. Only admins who have personal user IDs can access the server environment.
The lawful processing of personal data is ensured by categorisation of data and with operating methods that are in compliance with the data handling rules concerning data set.
Standardised methods are used in technical data protection.
No automated decision-making is performed on the recorded data.
Transfer of data outside the EU or EEA
No data is transferred outside the EU or EEA.