Data protection description 14 May 2018: Library of Statistics’ borrower register

1. Controller of the register

Statistics Finland
Postal address: FI-00022 Statistics Finland
Visiting address: Työpajankatu 13, Helsinki, Finland
Telephone: +358 29 551 1000 (switchboard)

Contact person: Marketta Lukkari, tel. +358 29 551 2240,
info@stat.fi

Person responsible for data protection: Johanna Rantanen,
tietosuoja@stat.fi

2. Name of the register

Borrower register ─ customer data in the library system database

3. Purpose for the processing of personal data

Customer relationship management. The borrower register of the library system includes data on persons registered as borrower customers and their valid loans. By means of the register, a person having reserved or borrowed the material is combined to the material and customer messages concerned.

Starting from 1 June 2018, the Finna search service is the customer interface to library materials and the customer's self-service functions (own data, reservations, storage inquiries, etc.). More detailed information on the processing of customer data and the data protection notice can be found in the Finna search service.

4. Data subjects and data concerning them (group/groups of data subjects and data or data groups relating to them)

The register contains persons having applied for a borrower's card.

For all data subjects, the name or library card number is used as the identification data for the persons.

For the persons in the borrower register, the data contents given by the borrower in the register are:

  • Home address
  • Telephone number
  • Email address
  • Contact information for place of work or study
  • Customer group
  • First name last name
  • Personal identity code

The number of the borrower's card in the register is information provided by the controller of the register. The remaining information is given by the person having applied for a borrower's card. For registration, at least the person's first and last names and one address are needed.

5. Regular release and transfer of personal data outside the European Union or the European Economic Area

As a rule, personal data are not transferred outside the EU or the EEA. In some technical problem situations, the support may be located outside the EU or the EEA.

6. Regular sources of data for the register

The register data are collected from the data subjects.

7. Principles applied in the protection of the data in the register

All Statistics Finland's employees sign a pledge of secrecy in which the employees pledge not to disclose the confidential data they receive in their work. Data may be handled at Statistics Finland only by persons who need them for their tasks.

The protection of register data is based on passage control, personal user IDs and restricted access rights.

The following principle is applied to the manual data protection related to the register:
• The data are stored in the locked premises of the controller of the register.

The following principles are applied to the data protection of the electronic library system:
• The technical protection of the register against security breaches or the like has been handed over to a professional service provider. CSC - IT Center for Science is responsible for the technical maintenance and protection of the server and the database. The National Library of Finland's system office is in charge of the system management services.

8. Storage period of personal data

Personal data are retained from the beginning of the customer relationship until the customer informs about terminating the customer relationship for at most for five years, however. Removal of non-active borrowers (no borrowing events for five years) are made on the server with a tool produced for it. Borrowing event data are retained for one year, after which they are anonymised in the system, which means that the event is no longer connected to that person.