The English text of this Privacy Statement is a translation. In case of confusion or contradictions between the English and the Dutch versions, the Dutch version takes precedence.
Thank you for using the Library system (Bibliotheeksysteem). The public library uses digital applications for its operations. Your public library uses the Cultuurconnect Basic Digital Library Infrastructure (Basisinfrastructuur Digitale Bibliotheek) as instructed by the Flemish government for a number of those applications. The Library System (Bibliotheeksysteem) forms part of such Basic Infrastructure (Basisinfrastructuur). Your personal data are processed within the Library System (Bibliotheeksysteem).
We take data protection extremely seriously. To do so, we base ourselves on the provisions of the European General Data Protection Regulation (also known as the GDPR).
This Privacy Statement relates to the processing and protection of your personal data within the context of the Library System (Bibliotheeksysteem). With regard to the processing of your data within the Library System (Bibliotheeksysteem), we understand this to include library membership.
The Basic Digital Library Infrastructure (Basisinfrastructuur Digitale Bibliotheek) also consists of the Library Website (Bibliotheekwebsite) in addition to the Library System (Bibliotheeksysteem). The Library Website (Bibliotheekwebsite) forms the public interface of the website, the catalogue and My Library (Mijn Bibliotheek) services of the public library. The Library Website (Bibliotheekwebsite) is not the subject matter of this Privacy Statement.
By becoming a member of the public library, and therefore using the Library System (Bibliotheeksysteem), you provide information that makes it possible to identify you as a person. This Privacy Statement provides detailed information regarding the manner in which we process your personal data. We advise you to read this document carefully.
Anyone using the Library System (Bibliotheeksysteem) accepts this Privacy Statement
1. WHO IS THE CONTROLLER (i.e. PERSON RESPONSIBLE FOR PROCESSING YOUR DATA)?
Cultuurconnect vzw is a Flemish government organisation. It wishes to support and manage public libraries and culture centres in focusing on and bring to fruition their goals in the digital community. Cultuurconnect wants to use the Library System (Bibliotheeksysteem) to innovate and scale up the public library sector, so that libraries can offer you, the user, more efficient and high-quality service provision.
Priemstraat 51, 1000 Brussels
Enterprise number: 0629.858.909
The Cultuurconnect Data Protection Officer (DPO) can be reached via the above-mentioned address (Attn Data Protection Officer), or at firstname.lastname@example.org.
2. WHAT IS THE LIBRARY SYSTEM (BIBLIOTHEEKSYSTEEM)?
The Library System (Bibliotheeksysteem) is software that orders and catalogues work processes, and makes inventory management, loaners’ administrative services, lending, financial management and reporting/statistics in the library possible for all Dutch-language libraries in Flanders and Brussels.
Cultuurconnect wants to keep the Library System (Bibliotheeksysteem)efficient, relevant and up to date and, if necessary or desirable, it will also bring about new developments and/or links with other systems, with a view to matters such as:
- keeping the service provision up to date with current (technological) developments and tendencies,
- supra-local cultural purposes,
- the further innovation of the local culture policy,
- and amendments to legislation and regulations.
As controller, Cultuurconnect will in this regard always take appropriate measures to protect your personal data.
3. WHAT IS THE ROLE OF YOUR OWN LIBRARY?
Your library must be able to view, use, change, file, etc. your personal data to be able to provide you with its services, otherwise it cannot register you as a library member, lend you any copies or send you a reminder when the copies that you have borrowed have been returned out late for example.
Cultuurconnect and your library have concluded an agreement with that aim. Such agreement lays down what your library can do with the data that you have provided within the framework of the Library System (Bibliotheeksysteem).
A number of cases fall under the responsibility of your library as such. For example, it can opt to provide supplementary services (such as custom direct marketing). If your library does this, then, as controller, it must provide you with the necessary information regarding the impact of the supplementary services relating to your privacy (see also under the heading “Will you be sent messages?”).
1. IN WHAT WAY ARE YOUR DATA COLLECTED?
A number of personal data are requested at the moment that you become a member of a public library. The library employee then enters such personal data in the Library System (Bibliotheeksysteem). The libraries working with e-ID software read personal data from the e-ID, which immediately applies as a library card. If you were already a member of a library, then your personal data from the existing (local or provincial) library system is migrated to the Library System (Bibliotheeksysteem) at the moment at which your library becomes a member of the Library System (Bibliotheeksysteem).
2. WHAT DATA ARE COLLECTED?
- identity data: surname and first name (read from the e-ID, where appropriate);
- contact data: principal place of residence (read from the e-ID, where appropriate), any additional address (e.g. your work or digs address), telephone number or email address;
- personal characteristics: gender (read from the e-ID, where appropriate), date of birth (read from the e-ID, where appropriate);
- national registry number and/or SS (social security) ID (read from the e-ID, where appropriate);
- library data: library card number, subscription data, loan history (what was borrowed when, when it was returned and what was reserved), payment history (which amounts are still outstanding and which amounts were paid when) and message history (which messages were received);
- communication preferences: message delivery preference, for example, by email or letter and language preference.
Cultuurconnect and your library are authorised to use your national registry number in the Library System (Bibliotheeksysteem). If and to the extent that authorisation was obtained and with due regard for the terms and conditions of (Article 5 of) the Act of 8 August 1983 regulating a National Registry, a link is made between the National Registry to consolidate and update the loaners’ address data. In that case, Cultuurconnect assumes responsibility for the technical link and, to do so, it takes adequate technical measures to prevent possible access to personal data other than those to which the authorisation applies. The Service Integrator of the Flanders Information Agency (MAGDA) will be called upon where appropriate. Your national registry number will then be used to retrieve such data from the National Registry.
3. WHY ARE YOUR DATA STORED AND PROCESSED?
Your data are kept up to date and processed for the following purposes:
- identification and authorisation purposes,
so that you can be correctly authorised in the Library System (Bibliotheeksysteem);
- functional purposes,
such as determining your type of subscription, sending functional communication such as reminder emails, reservation messages and invoices;
- data exchange purposes,
so that your data are stored correctly and updated (e.g. the possible link with the National Registry);
- management purposes,
such as user management by competent library employees (e.g. subscribing a member, retrieving a member to lend him or her a copy, to de-duplicate a member whose name appears twice in the system, etc.) and helpdesk by competent Cultuurconnect employees or competent employees working for the IT supplier (processor) of Cultuurconnect;
- statistical purposes,
such as pseudonymised generation and viewing of reports and statistics based on use from the perspective of your own library and from the supra-local (regional or Flemish) perspective;
- communication and direct marketing purposes,
such as communication concerning activities and services of your own library and of available library services and applications (see also below under point 8).
If you do not agree with the processing of your personal data within the scope of the purposes stated in point 6, then you can indicate this in various ways (for more details, see below under “How you enforce your rights”).
4. WHERE ARE YOUR DATA STORED?
All data that are collected within the framework of the use of the Library System (Bibliotheeksysteem) are hosted on an external location within the EU in the scope of the IT supplier’s actual management of the system.
Your data are not transmitted to third parties unless this is necessary for the intended processing (see above: role of your library and role of the IT supplier of the system). Your data are not transmitted outside the EU.
5. HOW LONG ARE YOUR DATA STORED?
Your data in the Library System (Bibliotheeksysteem) are stored for a maximum period of two years after your library membership has been terminated and on condition that there are no outstanding transactions and costs. There can in fact still be administrative work processes requiring your data after library membership has been terminated. The storage period of two years only starts running after the subscription has been terminated and on condition that there are no outstanding transactions and costs. The data, including the National registry number, is removed automatically after such storage period has expired.
Your personal data will be removed if your library no longer participates in the Library System (Bibliotheeksysteem).
6. ARE YOUR DATA SEEN BY OTHER LIBRARIES?
No. Unless libraries have a far-reaching and formally organised form of collaboration according to which loaners are members of the collaboration and can therefore loan, return, reserve, etc. copies from various libraries with such membership, libraries cannot see or search one another’s loaners. Your library will draw your attention to the fact if it concludes such a form of collaboration.
Where a library wants to make a person who is already a member of the system in another library, a member of it, it will be alerted to the fact that such person already exists in the system. The library can then create an additional membership for such person. Unless there is far-reaching collaboration with the other library, the library will not see any of the loaner’s data from the other library.
7. WHY IS YOUR LOAN HISTORY STORED IN THE LIBRARY SYSTEM (BIBLIOTHEEKSYSTEEM)?
You can personally choose whether or not your loan history is stored, which means that you can see which titles you have borrowed. If you do not wish to store your loan history, the standard practice is that it is stored in the Library System (Bibliotheeksysteem) for a period of 90 days to facilitate proper functioning and efficient loan management (see also your library’s user regulations). An overview of the copies lent enables one to verify who may have caused any damage, to assess penalty fines that have been contested by the loaner, etc. The loan history is automatically removed after such period has expired. You can communicate what you choose at your library counter or you can tick off this option in the Loan History menu on the Library Website (Bibliotheekwebsite).
8. WILL YOU BE SENT MESSAGES?
There are various forms of communication options in the Library System (Bibliotheeksysteem).
Functional communication, such as emails that form part of the administrative working processes of the library, e.g. if a reservation is ready to be picked up, if materials borrowed are not returned on time, penalty emails, etc. The standard practice is to send these emails if you have provided an email address. Such messages are sent by letter if you have not provided an email address.
Direct marketing communication, such as when your library uses the Library System (Bibliotheeksysteem) marketing module to send newsletters and launch campaigns. If applicable, you can personally indicate any message preferences through your library’s Library Website (Bibliotheekwebsite).
If your library uses your email address (custom direct marketing) outside the Library System (Bibliotheeksysteem) to send you communication about its activities, products and services, then your library is the controller for such communication (for more details, see “How do you enforce your rights?”).
You always have the right to do the following with, the personal data that you have communicated (subject to the conditions stated in the GDPR):
- request and view (Article 15 of the GDPR) or transfer them (Article 20 of the GDPR); within that framework, you can obtain a complete export of your personal data in a structured, commonly used and machine-readable format;
- (have someone) change or complete them (Article 16 of the GDPR), and
- (have someone) erase them (Article 17 of the GDPR).
This can be done with regard to one or several of the above-mentioned purposes.
You also request to be completely removed from all databases. You are then “forgotten” and will not be contacted again in any manner whatsoever.
You can (partially) exercise the above rights through your library’s Library Website (Bibliotheekwebsite) or in full at your library’s counter, on condition that you prove your identity.
In addition, you also still have the right to do the following:
- request that the processing be restricted (Article 18 of the GDPR);
- object to the processing (Article 21 of the GDPR).
You can also exercise your rights merely be sending a request by email to email@example.com. However, we do request that you prove your identity in this matter by means of a copy of (the front and reverse sides of) your identity card.
Always mention the following in your request:
- first name and surname of the person that you want to erase or change;
- email address of the person that you want to erase or change;
- precisely what personal data you want to view or request;
- precisely which changes you want to make or precisely which data you want to remove;
- where appropriate: what restriction you request of the processing;
- where appropriate: the content of your objection, and the consequence that you wish to attach to it.
You will be provided with information regarding the consequence attached to your request within one month after the request has been received (subject to an extension of such period, in accordance with Article 12 of the GDPR).
You must address objections against custom direct marketing from your library directly to it. You can do this at the library counter, for example.
Cultuurconnect takes appropriate technical and organisational security measures to protect your personal data and to guarantee their reliability, availability and integrity.
Anyone who is authorised on behalf of Cultuurconnect, your library or the above-mentioned processor, has been adequately informed of the importance of protecting personal data and privacy and is obliged to keep such information confidential.
We handle your personal data as carefully as possible and store them securely.
If your personal data are spread due to data theft or data leaks, such fact cannot give cause for damage claims against us unless it is constituted that we were in default of providing an adequate security level.
If despite our preventive measures, you still have any complaints regarding our use of your personal data, then you can contact firstname.lastname@example.org.
This Privacy Statement may be changed. We amend the rules and conditions to protect your privacy as well as possible and to handle your personal data transparently. The most recent amendment dates back to 20 March 2020.