The English text of this Privacy Statement is a translation. In case of confusion or contradictions between the English and the Dutch versions, the Dutch version takes precedence.
Thank you for using the Library Website (Bibliotheekwebsite). Your library uses digital applications for its operations. Your Library uses the Cultuurconnect Basic Digital Library Infrastructure (Basisinfrastructuur Digitale Bibliotheek) as instructed by the Flemish government for a number of those applications. The Library Website (Bibliotheekwebsite) forms part of such Basic Infrastructure (Basisinfrastructuur). Your personal data are processed within the Library Website (Bibliotheekwebsite).
We take data protection extremely seriously. To do so, we base ourselves on the provisions of the European General Data Protection Regulation (also known as the GDPR).
This privacy statement relates to the processing and protection of your personal data within the context of the use of the Library Website (Bibliotheekwebsite).
Your Library has undertaken not to post any additional privacy statement(s) on the Library Website (Bibliotheekwebsite) that might contain any data in conflict with such Library Website (Bibliotheekwebsite) Privacy Statement. If this is nevertheless the case, then the provisions in this Library Website (Bibliotheekwebsite) Privacy Statement will prevail.
The Basic Digital Library Infrastructure (Basisinfrastructuur Digitale Bibliotheek) also consists of the Library System (Bibliotheeksysteem) in addition to the Library Website (Bibliotheekwebsite). The Library System (Bibliotheeksysteem) is software that orders and catalogues work processes, and makes inventory management, loaners’ administrative services, lending, financial management and reporting/statistics in the Library possible for all Dutch-language libraries in Flanders and Brussels. The Library System (Bibliotheeksysteem) is not the subject matter of this privacy statement.
By using the Library Website (Bibliotheekwebsite), you provide information that makes it possible to identify you as a person. This Privacy Statement provides detailed information regarding the manner in which we process your personal data. We advise you to read this document carefully.
Anyone using the Library Website (Bibliotheekwebsite) accepts this Privacy Statement.
1. WHO IS THE CONTROLLER (i.e. PERSON RESPONSIBLE FOR PROCESSING YOUR DATA)?
Cultuurconnect vzw is a Flemish government organisation. It wishes to support and manage public libraries and culture centres in focusing on and bring to fruition their goals in the digital community. Cultuurconnect wants to use the Library Website (Bibliotheekwebsite) to innovate and scale up the public library sector, so that your Library can offer you, the user, more efficient and high-quality service provision.
Priemstraat 51, 1000 Brussels
Enterprise number: 0629.858.909
The Cultuurconnect Data Protection Officer (DPO) can be reached via the above-mentioned address (Attn Data Protection Officer), or at email@example.com.
2. WHAT IS THE LIBRARY WEBSITE?
The Library Website (Bibliotheekwebsite) forms the public interface of the website, the catalogue and the My Library (Mijn Bibliotheek) services of your Library.
Cultuurconnect wants to keep the Library Website (Bibliotheekwebsite) efficient, relevant and up to date and, if necessary or desirable, will also bring about new developments and/or links with other systems, with a view to matters such as:
- keeping the service provision up to date with current (technological) developments and tendencies,
- supra-local cultural purposes,
- the further innovation of the local culture policy,
- and amendments to legislation and regulations.
As controller, Cultuurconnect will in this regard always take appropriate measures to protect your personal data.
3. WHAT IS THE ROLE OF YOUR LIBRARY?
Your Library must be able to process your personal data via the Library Website (Bibliotheekwebsite) to be able to provide you with its services. Cultuurconnect and your Library have concluded an agreement with that aim. Such agreement lays down what your Library can do with the data that have provided within the framework of the Library Website (Bibliotheekwebsite).
A number of cases fall under the (processing) responsibility of your Library as such. In particular, your Library can itself opt to provide a number of additional services, such as newsletters, online payment, etc. If your Library does this, then, as controller, it needs to provide you with the necessary information regarding the impact that the additional services have on your privacy.
1. IN WHAT WAY ARE YOUR DATA COLLECTED?
A limited number of visitors’ data are stored when you visit your Library’s Library Website (Bibliotheekwebsite). This concerns anonymous or aggregated data (such as browser type, the operating system that you use, the pages that you visit on our website, etc.) on the one hand and your IP address on the other hand. This is explained in detail in the separate Cookie Statement, which you will find in the footer of this Library Website (Bibliotheekwebsite). The Cookie Statement also explains what you personally can do to (partially) prevent such data from being stored.
When registering on the Library Website (once only), you must choose your Library and make a one-off link with your library membership and the Library System (Bibliotheeksysteem). From then on, you can login with a My Library (Mijn Bibliotheek) login by using the user name or email address and self-chosen password. In this way, you can always be correctly identified when you log in (and it will always be possible to verify, for example, if you are still a valid library member, and can therefore use the online services of your Library). In addition, your municipality, date of birth and gender (optional) may be asked within the framework of pseudonymised statistic analyses.
With your My Library login you can also log on to My Reading Tipper, if your library purchases this service from Cultuurconnect. My Reading Tipper is a web application with which we provide personalised reading tips to library members. During the onboarding process, and after you have logged in, we will ask you some additional personal questions which are necessary to provide this service. You may also agree to disclose your loan history in order to receive more qualitative book recommendations. On the basis of the personal information provided through the questionnaire (and, if applicable, your loan history), a reading profile is drawn up, which is used to send you individual book recommendations. No legal consequences or significant implications are involved (it only results in a set of individual book recommendations), it does not concern automated individual decision making in the sense of Art. 22 of the GDPR.
Web forms can be used within the framework of subscription for/participation in your Library’s activities or events. A number of personal data that are intended to make it possible to administratively process your subscription will be used in this regard.
2. WHAT DATA ARE COLLECTED?
- identity data: surname and first name;
- contact data: email address;
- login data: user name and password;
- personal properties: municipality, date of birth and gender (optional); on the basis of a questionnaire (only for My Reading Tipper): favourite genres, specific interests, reading preferences, favourite books (a reading profile is created);
- library system data: library membership data, loan history (what was borrowed when, when it was returned and what was reserved), payment history (which amounts are still outstanding and which amounts were paid when); No library system data is processed in My Reading Tipper, except possibly the loan history if you indicate that your loan history may be used to generate reading tips;
- Mylibrary-id: unique number that is generated and used within the framework of the authorisation process to be able to use your Library;
- user activity log data, e.g. IP address;
- communication preferences: message delivery preference, e.g., by email or letter, language preference and message preferences within the framework of direct marketing communication;
- anonymous or aggregated data within the framework of the use of the website, e.g. browser type, the operating program used, pages visited (see also the Cookie Statement in the Library Website footer);
- User feedback (only for My Reading Tipper);
- lists containing favourite titles, which you made via the Library Website (Bibliotheekwebsite).
3. WHY ARE YOUR DATA STORED AND PROCESSED?
Your data are kept up to date and processed for the following purposes:
- identification and authorisation purposes,
so that you can be correctly authorised in My Library (Mijn Bibliotheek) and can be assigned to use digital applications (such as My Reading Tipper);
- functional purposes,
so that we can provide you with the Library Website (Bibliotheekwebsite) services;
so that we can permanently optimise the website for the users;
so that we can notify you of functional or technical changes to the Library Website (Bibliotheekwebsite) that are important within the framework of the use thereof; to generate and send you reading tips (if you have indicated that you would like to receive reading tips by e-mail);
- data exchange purposes,
so that you can use the online services of your Library and the Library System (Bibliotheeksysteem);
- management purposes,
such as user management by competent library employees and helpdesk by competent employees of Cultuurconnect or the IT suppliers (processors) of Cultuurconnect;
- logging purposes,
such as registration of user activities for problem solving and auditing, and within the scope of optimising the service provision to you as user;
- statistical purposes,
such as pseudonymised generation and viewing of reports and statistics based on use from the perspective of your Library and from the supra-local (regional or Flemish) perspective;
- Communication and direct marketing purposes,
such as communication concerning activities and services of your Library and of available library services and applications.
Specifically with regard to the My Reading Tipper application:
- Authorised staff of the My Reading Tipper IT supplier only have access to your My Library ID in relation to authorisation, and the additional data collected (based on the questionnaire and optional loan history). You are not required to disclose your loan history. However, the more personal information is available, the better the quality of the reading tips. These data are only processed to perform calculations using the data in order to come up with optimal book recommendations. Any other use of these data is explicitly and contractually forbidden.
- If you indicate that you would like to receive reading tips by e-mail, only authorised Cultuurconnect staff members have access to your e-mail address. The IT supplier does not have access to your e-mail address.
- Authorised Cultuurconnect staff members monitor your user behaviour on the Reading Tips page and collect your user feedback. These data are transmitted, after being made anonymous, to the IT supplier in order to adjust the algorithm, with the sole purpose of improving the quality of the reading tips.
If you do not agree with the processing of your personal data within the scope of the purposes stated in point 7, then you can indicate this in various ways (for more details, see point 8).
4. WHERE ARE YOUR DATA STORED?
All data that are collected within the framework of the use of the Library Website (Bibliotheekwebsite) are hosted on an external location within the EU in the scope of the IT suppliers’ actual management of the systems.
Your data are not transmitted to third parties unless this is necessary for the intended processing (see above: role of your Library and role of the IT suppliers of the systems). Your data are not transmitted outside the EU.
5. HOW LONG ARE YOUR DATA STORED?
The data communicated within the scope of registration and login to the Library Website (Bibliotheekwebsite) are stored for a maximum of two years after the last time you used your My Library (Mijn Bibliotheek) login.
The data communicated within the scope of the use of web forms are stored for a maximum of two years after the subscription has been administratively processed and completed.
The anonymous or aggregated data and the IP address, collected through cookies within the scope of the use of the Library Website (see also the Cookie Statement in the footer of the Library Website), are stored for 26 months.
The additional personal data collected in the context of your use of My Reading Tipper will be kept for up to one year after you have deactivated My Reading Tipper. You can do this yourself via the web application or by sending an e-mail to firstname.lastname@example.org in which you must prove your identity by means of a copy of your ID card (front and back) (see also below 'How do you enforce your rights').
This storage period enables us to perform adequate use analysis to optimise the Library Website (Bibliotheekwebsite including My Library and My Reading Tipper), on the one hand, and to draw up pseudonymised reports and statistics from the perspective of your Library and from the supra-local (regional or Flemish) perspective, on the other hand.
6. WHAT HAPPENS IF YOU WANT TO USE ONE OF THE OTHER DIGITAL APPLICATIONS OF YOUR LIBRARY?
Cultuurconnect develops other digital applications (digital collections, reading tips, etc.) that are accessible via the My Library (Mijn Bibliotheek) login. Where your Library purchases the respective application from Cultuurconnect, you, as a library member, can use such application via your My Library (Mijn Bibliotheek) login.
If you use these digital applications, then your library and mylibrary-id are transmitted to the application supplier, so that these can be used to grant you access to the application and within the scope of the pseudonymised statistical analyses. Your user name and email address may also be transmitted if that is necessary with a view to, and only for the purposes of, functional communication that is required to use the application.
If other personal data are requested or additional processing takes place within the scope of the use of digital applications, then your attention will explicitly be drawn to this in a supplementary privacy statement before logging in to the respective application.
7. CAN YOU ENTER YOUR CHOICES REGARDING STORAGE OF YOUR LOAN HISTORY?
You can personally choose whether or not your loan history is stored, which means that you can see which titles you have borrowed. If you do not wish to store your loan history, the standard practice is that it is stored in the Library System (Bibliotheeksysteem) for a period of 90 days to facilitate proper functioning and efficient loan management (see also your Library’s user regulations). An overview of the copies lent enables one to verify who may have caused any damage, to assess penalty fines that have been contested by the loaner, etc. The loan history is automatically removed after such period has expired. You can communicate what you choose at your Library counter or you can tick off this option in the Loan History menu on the Library Website (Bibliotheekwebsite). This functionality is only available in the new Library System (Bibliotheeksysteem), of which the libraries are members (phased during the period 2019-2021).
If you indicate that you would like to save your loan history, you may also agree to disclose it in the context of your use of My Reading Tipper, in order to receive more qualitative book recommendations.
8. CAN YOU ENTER YOUR CHOICES REGARDING COMMUNICATION AND DIRECT MARKETING?
You may be sent the following communication:
- Functional communication
Cultuurconnect can notify you of functional or technical changes to the Library Website (Bibliotheekwebsite) that are important within the framework of its use.
- Direct marketing communication
Cultuurconnect can use your email address to send you communication regarding the Cultuurconnect activities, products and services (e.g. digital collections) to which your Library is subscribed.
You can determine your choice regarding such messages at the moment that you create a My Library (Mijn Bibliotheek) login. If you do not/no longer wish to receive such messages, you have various possibilities of communicating this:
- you can exercise your right to object (see below in “How do you enforce your rights?”);
- you can indicate this via the Library Website (Bibliotheekwebsite) Profile menu.
Please note that you might also receive communication and newsletters from your Library. Your Library is personally responsible for this and your permission in this regard may have been obtained in another way (e.g. by accepting the library regulations). The fact that you indicate on the Library Website (Bibliotheekwebsite) that you do not wish to receive any direct marketing from Cultuurconnect does therefore not automatically have the consequence that you will not receive any newsletters from your own Library.
In the future, your Library will be able to send your direct marketing communication via the Library System (Bibliotheeksysteem) marketing module. You will be able to indicate your message preferences through the Library Website (Bibliotheekwebsite) as soon as such system is operational.
You always have the right to do the following with, the personal data that you have communicated (subject to the conditions stated in the GDPR):
- request and view (Article 15 of the GDPR) or transfer them (Article 20 of the GDPR); within that framework, you can obtain a complete export of your personal data in a structured, commonly used and machine-readable format;
- (have someone) change or complete them (Article 16 of the GDPR), and
- (have someone) erase them (Article 17 of the GDPR).
This can be done with regard to one or several of the above-mentioned purposes.
You also request to be completely removed from all databases. You are then “forgotten” and will not be contacted in any manner whatsoever.
You can (partially) exercise the above rights through the Library Website (Bibliotheekwebsite) or in full at your Library’s counter, on condition that you prove your identity.
In addition, you also still have the right to do the following:
- request that the processing be restricted (Article 18 of the GDPR);
- object to the processing (Article 21 of the GDPR).
You can also exercise your rights merely be sending a request by email to email@example.com. However, we do request that you prove your identity in this matter by means of a copy of (the front and reverse sides of) your identity card.
Always mention the following in your request:
- first name and surname of the person that you want to erase or change;
- email address of the person that you want to erase or change;
- precisely what personal data you want to view or request;
- precisely which changes you want to make or precisely which data you want to remove;
- where appropriate: what restriction you request of the processing;
- where appropriate: the content of your objection, and the consequence that you wish to attach to it.
You will be provided with information regarding the consequence attached to your request within one month after the request has been received (subject to an extension of such period, in accordance with Article 12 of the GDPR).
Cultuurconnect takes appropriate technical and organisational security measures to protect your personal data and to guarantee their reliability, availability and integrity.
Anyone who is authorised on behalf of Cultuurconnect, your Library or the above-mentioned processors, has been adequately informed of the importance of protecting personal data and privacy and is obliged to keep such information confidential.
We handle your personal data as carefully as possible and store them securely.
If your personal data are spread due to data theft or data leaks, such fact cannot give cause for damage claims against us unless it is constituted that we were in default of providing an adequate security level.
If, despite our preventive measures, you still have any complaints regarding our use of your personal data then you can contact firstname.lastname@example.org.
You will find more information regarding complaint procedures on the Flemish Supervisory Commission.
This Privacy Statement may be changed. We amend the rules and conditions to protect your privacy as well as possible and to handle your personal data transparently. It is therefore advisable to regularly have a look at it. The most recent amendment dates back to 29 november 2021.