Privacy notice - library
The University of Tampere and Tampere University of Technology were merged on 1 January 2019 to create the new Tampere University. Together the new Tampere University (Tampere University Foundation sr) and Tampere University of Applied Sciences Ltd comprise Tampere Universities.
Why we process personal data
The data stored in the Tampere University Library’s customer records is used to manage customer information. The Library processes data to manage the loan of library items and printed materials (including interlibrary loans), monitor lending rights and maintain contact with customers as well as for statistical purposes. Statistics do not contain data about identifiable individuals. Loan monitoring activities also include troubleshooting and responding to problems. Personal data is also processed to develop the library's operations and ensure quality.
Lawful basis for processing personal data
Processing is necessary for the performance of a contract to which a data subject is a party as set out in the EU’s General Data Protection Regulation (GDPR; article 1, paragraph 1b). Customers enter into a contract with the Library when they receive a library card. In exchange, customers gain access to library items and resources on a temporary basis.
Processing is necessary to perform a task carried out in the public interest as set out in the EU’s General Data Protection Regulation (GDPR; article 1, paragraph 1e).
- The EU’s General Data Protection Regulation (GDPR, EU 2016/679)
- Data Protection Act (1050/2018)
- Universities Act (558/2009)
- Act on the Openness of Government Activities (621/1999)
The types of personal data we process
- personal identity code (Finnish customers)
- date of birth (international customers)
- home address
- email address
- phone number (voluntary)
- customer number
- PIN code
- preferred language
- customer group (such as student, staff, international visitor, external customer)
- special services
- loans and payments.
How we collect personal data
We collect personal data from the following sources:
- information provided by customers;
- student records of Tampere Universities;
- public address and phone number directories, the Digital and Population Data Services Agency, register office.
How we process your personal data
Your personal data stored in our information systems will only be processed for the purposes for which the data were initially collected. Personal data may also be used for statistical and research purposes. As a rule, personal data that is used for statistical or research purposes is anonymised so that individuals cannot be identified. All personal data will be stored in compliance with data protection requirements.
Who we may share your data with
Customer records are only used by the University Library. Data will not be transferred outside of the systems that are used in the delivery of library services.
Transfer of personal data outside of the EU/EEA
As set out in Tampere University’s data protection policy, the University is committed to taking special data protection measures in the event that personal data is transferred outside of the EU or the European Economic Area (EEA) to countries that are not covered by the GDPR. Any transfers of personal data outside of the EU/EEA will be managed in strict compliance with the GDPR.
How long we retain your personal data
Personal data will be stored for as long as an individual remains a customer of the Library. Data about individuals will be deleted from the customer records after they have been inactive for three years.
Rights of data subjects
Right of access (GDPR, Article 15)
You have the right to know what personal data we process and hold about you. Many of the University-provided information systems allow you to view the data that we have stored about you when you are logged in.
Right to rectification (Article 16)
You have the right to have any incorrect, inaccurate or incomplete personal details that we hold about you revised or supplemented without undue delay. You are also entitled to have any unnecessary personal data erased from our records.
Right to be forgotten (Article 17)
In certain circumstances, you have the right to have your personal data erased from our records. The right to erasure does not apply, if the processing is necessary for us to comply with our legal obligations or perform tasks carried out in the exercise of official authority.
Right to restrict processing (Article 18)
In certain circumstances, you have the right to request us to restrict processing your personal data until the accuracy of your data, or the lawful basis for processing your data, has been appropriately reviewed and potentially revised or supplemented.
Right to data portability (Article 20)
You have the right to obtain a copy of the personal data that you have submitted to the University in a commonly used, machine-readable format and transfer the data to another data controller. This right applies to situations where data is processed automatically on the basis of consent or contract.
This means that the right to data portability does not apply to data processing that is necessary for the performance of a task carried out in the public interest or to fulfil legal obligations imposed on the data controller. Consequently, this right does not generally apply to the higher education institution’s personal data registers.
Right to object (Article 21)
You may at any time object to the processing of your personal data for special personal reasons, if the basis for processing is a task carried out in the public interest, the exercise of official authority, or the higher education institution’s legitimate interests. After receiving such a request, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing your data.
Right to lodge a complaint with a supervisory authority (Article 77)
You have the right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data violates the provisions of the GDPR (2016/679). In addition, you may follow other administrative procedures to appeal against a decision made by a supervisory authority or seek a judicial remedy.
Office of the Data Protection Ombudsman
Street address: Lintulahdenkuja 4
Postal address: PO Box 800, FI-00531 Helsinki, Finland
Email: tietosuoja [at] om.ficlass="spamspan"
Switchboard: +358 2956 66700
Questions about personal data
You can view the personal data we hold about you by logging into many of the information systems owned or maintained by Tampere Universities. You can request to have any inaccurate personal data rectified in connection with the process where the data is generated. With questions about your personal data, please contact the customer services of the University Library: library [at] tuni.fi.
Please deliver all subject access requests to the data protection officer of Tampere Universities (by email at dpo [at] tuni.fi or by post to the following address: Data Protection Officer, Tampere University, FI-33014, Tampere, Finland).
This privacy notice was updated on 8 October 2021.