Customer Register

Description of the personal data file

EU General Data Protection Regulation (2016/679)


1. Name of register

Customer register of the Helmet libraries

2. Register controller

Espoo: City of Espoo

Helsinki: Director of Library Services

Kauniainen: City of Kauniainen

Vantaa: Education Committee

3. Person responsible for the data file

Espoo: Director of Library Services

Helsinki: Director of Library Services

Kauniainen: Chief Librarian

Vantaa: Director of Library Services

4. Contact person for the data file

Espoo: Library Service Manager, Espoo City Library

Helsinki: Head of Public Services, Helsinki City Library, Pasila Library

Kauniainen: Informatician, Kauniainen City Library

Vantaa: Special Library Assistant, Vantaa City Library

Contact information:

City of Espoo
Registrar's Office

City of Helsinki
Registrar's Office
PO BOX 10 (Pohjoisesplanadi 11-13)
FI-00099 City of Helsinki

City of Kauniainen
Registrar's Office
PO BOX 52 (Kauniaistentie 10)
FI-02701 City of Kauniainen

City of Vantaa
Registrar's Office
Asematie 7
FI-01300 City of Vantaa

5. Purpose and legal grounds for processing personal data

Personal data recorded in the register is processed for the purpose of organising library services. Libraries use the register for the purposes of monitoring circulation, debt collection, statistics, communications, providing online and mobile services as well as self-service library and other library services and user identification.

Legal grounds for processing personal data:

According to article 6, point c, of the EU General Data Protection Regulation, processing is necessary for compliance with a legal obligation to which the controller is subject.

Central legislation:

EU General Data Protection Regulation (679/2016)

Public Libraries Act (1492/2016)

Act on the Openness of Government Activities (621/1999)

Data Protection Act (1050/2018)

6. The register’s data content

The following personal information will be recorded in the data file:

- name, personal ID, customer ID, encrypted PIN code, address, phone number, e-mail address, date of birth, customer group (e.g. child, adult, home service customer, institution)

- for statistic purposes: gender

- for sending out customer mail: language selection and preferred mode of communication

- circulation events, information on current loans and reserved items

- unresolved issues (e.g. open payments) and related notifications

Personal data of a person acting as the person responsible for a child under the age of 15 and of a person acting as the contact person of an institution or other community will be recorded in a corresponding manner.

Customers can access some of the data via the library online service at Customers will need a user ID and a personal PIN code to view their personal data.

7. Regular sharing of the personal data

Each City Library sees to the debt collection on loaned items that have not been returned. Data on registered adults who have not returned loaned items within 60 days from the due date will be handed over to a debt collection agency once a week as a line transfer. The transferred file will include the name, address, phone number and personal ID of the person registered, as well as the due date and title and price information of the unreturned items.

Personal data will be processed by the following suppliers of services that are provided by the library and used by the customer:

- library management system software provider

- library management system’s hosting service provider

- self check-out and return machines’ providers

- self-service library systems’ providers

- online service providers

- mobile service providers

- online payment service provider

- e-material providers

- providers of devices and equipment intended for customer use

Anonymised data will be used for:

- recommendation services

- statistical and research purposes

Contracts have been signed for the aforementioned services with the service providers.

Personal data in the data file may be disclosed to parties who have a legal right to obtain the data, such as the city’s social welfare under the Child Welfare Act or the police under the Police Act.

8. Data retention time

Personal details submitted in advance by the customer in the library’s customer register via the library online service will be removed if the customer has not picked up their library card in three months.

Personal details that have not been used by the customer for three years and that do not involve unresolved issues (e.g. open payments) will be removed from the customer register. Data is removed from the register once a year.

9. Information sources for personal data

Personal data is acquired from the customer. The customer can update some of their personal data themself in the library’s customer register via the library online services at Updating the data requires that the customer has a user ID and PIN code.

(Address) Details provided by the customer can be verified and updated through the Finnish Population Information System.

10. Informing the people registered               

The library card provided to the customer includes information on the website that features links to the description of the personal data file, user regulations and contact information of the City Libraries.

Description of the personal data file and user regulations can be requested from any library in Espoo, Helsinki, Kauniainen or Vantaa.