Description of the personal data file
EU General Data Protection Regulation (2016/679)
1. Name of register
Customer register of the Helmet libraries
2. Register controller
Espoo: City of Espoo
Helsinki: Director of Library Services
Kauniainen: City of Kauniainen
Vantaa: Education Committee
3. Person responsible for the data file
Espoo: Director of Library Services
Helsinki: Director of Library Services
Kauniainen: Chief Librarian
Vantaa: Director of Library Services
4. Contact person for the data file
Espoo: Library Service Manager, Espoo City Library
Helsinki: Head of Public Services, Helsinki City Library, Pasila Library
Kauniainen: Informatician, Kauniainen City Library
Vantaa: Special Library Assistant, Vantaa City Library, Tikkurila Library
City of Espoo
PO BOX 1
FI-02070 CITY OF ESPOO
City of Helsinki
PO BOX 10 (Pohjoisesplanadi 11-13)
FI-00099 City of Helsinki
City of Kauniainen
PO BOX 52 (Kauniaistentie 10)
FI-02701 City of Kauniainen
City of Vantaa
FI-01300 City of Vantaa
5. Purpose and legal grounds for processing personal data
Personal data recorded in the register is processed for the purpose of organising library services. Libraries use the register for the purposes of monitoring circulation, debt collection, statistics, communications, providing online and mobile services as well as self-service library and other library services and user identification.
Legal grounds for processing personal data:
According to article 6, point c, of the EU General Data Protection Regulation, processing is necessary for compliance with a legal obligation to which the controller is subject.
EU General Data Protection Regulation (679/2016)
Public Libraries Act (1492/2016)
Act on the Openness of Government Activities (621/1999)
Data Protection Act (1050/2018)
6. The register’s data content
The following personal information will be recorded in the data file:
- name, personal ID, customer ID, encrypted PIN code, address, phone number, e-mail address, date of birth, customer group (e.g. child, adult, home service customer, institution)
- for statistic purposes: gender
- for sending out customer mail: language selection and preferred mode of communication
- circulation events, information on current loans and reserved items
- unresolved issues (e.g. open payments) and related notifications
Personal data of a person acting as the person responsible for a child under the age of 15 and of a person acting as the contact person of an institution or other community will be recorded in a corresponding manner.
Customers can access some of the data via the library online service at helmet.fi. Customers will need a user ID and a personal PIN code to view their personal data.
7. Regular sharing of the personal data
Each City Library sees to the debt collection on loaned items that have not been returned. Data on registered adults who have not returned loaned items within 60 days from the due date will be handed over to a debt collection agency once a week as a line transfer. The transferred file will include the name, address, phone number and personal ID of the person registered, as well as the due date and title and price information of the unreturned items.
Personal data will be processed by the following suppliers of services that are provided by the library and used by the customer:
- library management system software provider
- library management system’s hosting service provider
- self check-out and return machines’ providers
- self-service library systems’ providers
- online service providers
- mobile service providers
- online payment service provider
- e-material providers
- providers of devices and equipment intended for customer use
Anonymised data will be used for:
- recommendation services
- statistical and research purposes
Contracts have been signed for the aforementioned services with the service providers.
Some of the service providers also operate outside the EU or EEA.
Personal data in the data file may be disclosed to parties who have a legal right to obtain the data, such as the city’s social welfare under the Child Welfare Act or the police under the Police Act.
8. Data retention time
Personal details submitted in advance by the customer in the library’s customer register via the library online service will be removed if the customer has not picked up their library card in three months.
Personal details that have not been used by the customer for three years and that do not involve unresolved issues (e.g. open payments) will be removed from the customer register. Data is removed from the register once a year.
9. Information sources for personal data
Personal data is acquired from the customer. The customer can update some of their personal data themself in the library’s customer register via the library online services at helmet.fi. Updating the data requires that the customer has a user ID and PIN code.
(Address) Details provided by the customer can be verified and updated through the Finnish Population Information System.
10. Informing the people registered
The library card provided to the customer includes information on the website that features links to the description of the personal data file, user regulations and contact information of the City Libraries.
Description of the personal data file and user regulations can be requested from any library in Espoo, Helsinki, Kauniainen or Vantaa.