The English text of this Privacy Statement is a translation. In case of confusion or contradictions between the English and the Dutch versions, the Dutch version takes precedence.
Thank you for using the Library Website (Bibliotheekwebsite). Your library uses digital applications for its operations. Your Library uses the Cultuurconnect Basic Digital Library Infrastructure (Basisinfrastructuur Digitale Bibliotheek) as instructed by the Flemish government for a number of those applications. The Library Website (Bibliotheekwebsite) forms part of such Basic Infrastructure (Basisinfrastructuur). Your personal data are processed within the Library Website (Bibliotheekwebsite).
We take data protection extremely seriously. To do so, we base ourselves on the provisions of the European General Data Protection Regulation (also known as the GDPR).
This privacy statement relates to the processing and protection of your personal data within the context of the use of the Library Website (Bibliotheekwebsite).
Your Library has undertaken not to post any additional privacy statement(s) on the Library Website (Bibliotheekwebsite) that might contain any data in conflict with such Library Website (Bibliotheekwebsite) Privacy Statement. If this is nevertheless the case, then the provisions in this Library Website (Bibliotheekwebsite) Privacy Statement will prevail.
The Basic Digital Library Infrastructure (Basisinfrastructuur Digitale Bibliotheek) also consists of the Library System (Bibliotheeksysteem) in addition to the Library Website (Bibliotheekwebsite). The Library System (Bibliotheeksysteem) is software that orders and catalogues work processes, and makes inventory management, loaners’ administrative services, lending, financial management and reporting/statistics in the Library possible for all Dutch-language libraries in Flanders and Brussels. The Library System (Bibliotheeksysteem) is not the subject matter of this privacy statement.
By using the Library Website (Bibliotheekwebsite), you provide information that makes it possible to identify you as a person. This Privacy Statement provides detailed information regarding the manner in which we process your personal data. We advise you to read this document carefully.
Anyone using the Library Website (Bibliotheekwebsite) accepts this Privacy Statement.
1. WHO IS THE CONTROLLER (i.e. PERSON RESPONSIBLE FOR PROCESSING YOUR DATA)?
Cultuurconnect vzw is a Flemish government organisation. It wishes to support and manage public libraries and culture centres in focusing on and bring to fruition their goals in the digital community. Cultuurconnect wants to use the Library Website (Bibliotheekwebsite) to innovate and scale up the public library sector, so that your Library can offer you, the user, more efficient and high-quality service provision.
Miriam Makebaplein 1, 9000 Ghent
Enterprise number: 0629.858.909
The Cultuurconnect Data Protection Officer (DPO) can be reached via the above-mentioned address (Attn Data Protection Officer), or at email@example.com.
2. WHAT IS THE LIBRARY WEBSITE?
The Library Website (Bibliotheekwebsite) forms the public interface of the website, the catalogue and the My Library (Mijn Bibliotheek) services of your Library.
Cultuurconnect wants to keep the Library Website (Bibliotheekwebsite) efficient, relevant and up to date and, if necessary or desirable, will also bring about new developments and/or links with other systems, with a view to matters such as:
- keeping the service provision up to date with current (technological) developments and tendencies,
- supra-local cultural purposes,
- the further innovation of the local culture policy,
- and amendments to legislation and regulations.
As controller, Cultuurconnect will in this regard always take appropriate measures to protect your personal data.
3. WHAT IS THE ROLE OF YOUR LIBRARY?
Your Library must be able to process your personal data via the Library Website (Bibliotheekwebsite) to be able to provide you with its services. Cultuurconnect and your Library have concluded an agreement with that aim. Such agreement lays down what your Library can do with the data that have provided within the framework of the Library Website (Bibliotheekwebsite).
A number of cases fall under the (processing) responsibility of your Library as such. In particular, your Library can itself opt to provide a number of additional services, such as newsletters, online payment, etc. If your Library does this, then, as controller, it needs to provide you with the necessary information regarding the impact that the additional services have on your privacy.
1. IN WHAT WAY ARE YOUR DATA COLLECTED?
A limited number of visitors’ data are stored when you visit your Library’s Library Website (Bibliotheekwebsite). This concerns anonymous or aggregated data (such as browser type, the operating system that you use, the pages that you visit on our website, etc.) on the one hand and your IP address on the other hand. This is explained in detail in the separate Cookie Statement, which you will find in the footer of this Library Website (Bibliotheekwebsite). The Cookie Statement also explains what you personally can do to (partially) prevent such data from being stored.
When registering on the Library Website (once only), you must choose your Library and make a one-off link with your library membership and the Library System (Bibliotheeksysteem). From then on, you can login with a My Library (Mijn Bibliotheek) login by using the user name or email address and self-chosen password. In this way, you can always be correctly identified when you log in (and it will always be possible to verify, for example, if you are still a valid library member, and can therefore use the online services of your Library). In addition, your municipality, date of birth and gender (optional) may be asked within the framework of pseudonymised statistic analyses.
Web forms can be used within the framework of subscription for/participation in your Library’s activities or events. A number of personal data that are intended to make it possible to administratively process your subscription will be used in this regard.
2. WHAT DATA ARE COLLECTED?
- identity data: surname and first name;
- contact data: email address;
- login data: user name and password;
- personal properties: municipality, date of birth and gender (optional);
- library system data: library membership data, loan history (what was borrowed when, when it was returned and what was reserved), payment history (which amounts are still outstanding and which amounts were paid when);
- Mylibrary-id: unique number that is generated and used within the framework of the authorisation process to be able to use your Library;
- user activity log data, e.g. IP address;
- communication preferences: message delivery preference, e.g., by email or letter, language preference and message preferences within the framework of direct marketing communication;
- anonymous or aggregated data within the framework of the use of the website, e.g. browser type, the operating program used, pages visited (see also the Cookie Statement in the Library Website footer); and
- lists containing favourite titles, which you made via the Library Website (Bibliotheekwebsite).
3. WHY ARE YOUR DATA STORED AND PROCESSED?
Your data are kept up to date and processed for the following purposes:
- identification and authorisation purposes,
so that you can be correctly authorised in My Library (Mijn Bibliotheek);
- functional purposes,
so that we can provide you with the Library Website (Bibliotheekwebsite) services;
so that we can permanently optimise the website for the users;
so that we can notify you of functional or technical changes to the Library Website (Bibliotheekwebsite) that are important within the framework of the use thereof;
- data exchange purposes,
so that you can use the online services of your Library and the Library System (Bibliotheeksysteem);
so that your data can be visualised in external applications (for instance the ‘Mijn Burgerprofiel’ application);
- management purposes,
such as user management by competent library employees and helpdesk by competent employees of Cultuurconnect or the IT suppliers (processors) of Cultuurconnect;
- logging purposes,
such as registration of user activities for problem solving and auditing, and within the scope of optimising the service provision to you as user;
- statistical purposes,
such as pseudonymised generation and viewing of reports and statistics based on use from the perspective of your Library and from the supra-local (regional or Flemish) perspective;
- Communication and direct marketing purposes,
such as communication concerning activities and services of your Library and of available library services and applications.
If you do not agree with the processing of your personal data within the scope of the purposes stated in point 7, then you can indicate this in various ways (for more details, see point 8).
4. WHAT IS THE LEGAL BASIS FOR THE PROCESSING?
The processing of your personal data is based on the following legal processing grounds:
- processing within the scope of the following purposes: identification, authorisation, functionality (communication), management and data exchange.
- Personal data processing in accordance with the use of Mijn Bibliotheek (My Library) (including the use of digital applications) is done based on the agreement between Cultuurconnect and the user pursuant to the user’s creation of a Mijn Bibliotheek profile or login to a digital application. Such processing is essential to be able to provide users with the requested services.
- processing within the scope of logging purposes.
- processing within the framework of logging is done based on the legitimate interest of Cultuurconnect and the public libraries;
- reliable log data are essential to provide public libraries and Cultuurconnect with new insights into the vast functioning of the library so that the digital library services for end users can be innovated and improved;
- a number of anonymous or aggregated data and your IP address can be filed by means of cookies when you use the library website. With regard to non-essential cookies, this is only done based on your express consent, by means of an active opt-in (see also the Cookie Statement in the footer of the Library website).
- processing within the scope of statistic purposes
- further processing for statistic purposes means processing that is compatible with the original purposes of the processing (see Article 89 of the GDPR; see also the Data Protection Act of 30 July 2018). Processing for statistic purposes is done in a pseudonymised manner;
- reliable statistic data are essential to provide public libraries and Cultuurconnect with new insights into the vast functioning of the library so that the digital library services for end users can be innovated and improved.
- processing within the scope of direct marketing purposes
- bringing you up to date with other digital products and services within the platform of Mijn Bibliotheek is a form of processing that is compatible with the Mijn Bibliotheek profile and falls within the legitimate interests of the public libraries and Cultuurconnect (in this regard, see also 9. “Can you enter your choice regarding communication and direct marketing?”).
- However, you do still have the possibility of indicating that you do not wish this by doing so during the Mijn Bibliotheek registration process or at a later point in time by way of the Profile Menu or by opting out from any further communication.
- processing for the purpose of data visualisation in external applications (e.g. the ‘Mijn Burgerprofiel’ app from Digital Flanders)
- processing in connection with visualisation purposes in external applications is based on your explicit consent. This permission is requested when you log in to the external application with your ‘Mijn Bibliotheek’ profile.
- You can manage this permission in your ‘Mijn Bibliotheek’ profile; if you withdraw this permission, you can still use ‘Mijn Bibliotheek’ without any problems.
5. WHERE ARE YOUR DATA STORED?
All data that are collected within the framework of the use of the Library Website (Bibliotheekwebsite) are hosted on an external location within the EU in the scope of the IT suppliers’ actual management of the systems.
Your data are not transmitted to third parties unless this is necessary for the intended processing (see above: role of your Library and role of the IT suppliers of the systems). Your data are not transmitted outside the EU.
6. HOW LONG ARE YOUR DATA STORED?
The data communicated within the scope of registration and login to the Library Website (Bibliotheekwebsite) are stored for a maximum of two years after the last time you used your My Library (Mijn Bibliotheek) login.
The data communicated within the scope of the use of web forms are stored for a maximum of two years after the subscription has been administratively processed and completed.
The anonymous or aggregated data and the IP address, collected through cookies within the scope of the use of the Library Website (see also the Cookie Statement in the footer of the Library Website), are stored for 26 months.
This storage period enables us to perform adequate use analysis to optimise the Library Website (Bibliotheekwebsite), on the one hand, and to draw up pseudonymised reports and statistics from the perspective of your Library and from the supra-local (regional or Flemish) perspective, on the other hand.
7. WHAT HAPPENS IF YOU WANT TO USE ONE OF THE OTHER DIGITAL APPLICATIONS OF YOUR LIBRARY?
Cultuurconnect develops other digital applications (digital collections, reading tips, etc.) that are accessible via the My Library (Mijn Bibliotheek) login. Where your Library purchases the respective application from Cultuurconnect, you, as a library member, can use such application via your My Library (Mijn Bibliotheek) login.
If you use these digital applications, then your library and mylibrary-id are transmitted to the application supplier, so that these can be used to grant you access to the application and within the scope of the pseudonymised statistical analyses. Your user name and email address may also be transmitted if that is necessary with a view to, and only for the purposes of, functional communication that is required to use the application.
If other personal data are requested or additional processing takes place within the scope of the use of digital applications, then your attention will explicitly be drawn to this in a supplementary privacy statement before logging in to the respective application.
8. CAN YOU ENTER YOUR CHOICES REGARDING STORAGE OF YOUR LOAN HISTORY?
You can personally choose whether or not your loan history is activated, so that you can see in Mijn Bibliotheek which titles you have lent. If you do not wish this to be done, the standard practice of preserving your loan history in the Library system for a period of 90 days is applied to facilitate proper functioning and efficient loan management. An overview of the copies lent makes it possible to find out who may have caused any damage, assess penalty fines that are disputed by a loaner, etc. If you do not wish to activate your loan history, then it is automatically pseudonymised after a period of 90 days has expired. In this way, your loan history still remains useful for statistic purposes so that your library can avail itself of reliable and correct statistics (see also 4 in this regard “What is the legal basis for the processing”). If you do not activate your loan history, then you will not be able to make that available either within the framework of the “Mijn Leestipper” - “My Reading Tips” - application (for the purposes of higher quality book recommendations. In this regard, see also 1. “How are your data collected?”). You may tick your choice to activate or not activate your loan history by way of the Loan History menu on the Library website or you can inform the person behind the counter in your library that you do not wish to do so. This functionality is only available in the new Library System to which the libraries are being connected (in phases during the period 2019-2022).
9. CAN YOU ENTER YOUR CHOICES REGARDING COMMUNICATION AND DIRECT MARKETING?
You may be sent the following communication:
- Functional communication
Cultuurconnect can notify you of functional or technical changes to the Library Website (Bibliotheekwebsite) that are important within the framework of its use.
- Direct marketing communication
Cultuurconnect can use your email address to send you communication regarding the Cultuurconnect activities, products and services (e.g. digital collections) to which your Library is subscribed.
You can determine your choice regarding such messages at the moment that you create a My Library (Mijn Bibliotheek) login. If you do not/no longer wish to receive such messages, you have various possibilities of communicating this:
- you can exercise your right to object (see below in “How do you enforce your rights?”);
- you can indicate this via the Library Website (Bibliotheekwebsite) Profile menu.
Please note that you might also receive communication and newsletters from your Library. Your Library is personally responsible for this and your permission in this regard may have been obtained in another way (e.g. by accepting the library regulations). The fact that you indicate on the Library Website (Bibliotheekwebsite) that you do not wish to receive any direct marketing from Cultuurconnect does therefore not automatically have the consequence that you will not receive any newsletters from your own Library.
In the future, your Library will be able to send your direct marketing communication via the Library System (Bibliotheeksysteem) marketing module. You will be able to indicate your message preferences through the Library Website (Bibliotheekwebsite) as soon as such system is operational.
You always have the right to do the following with, the personal data that you have communicated (subject to the conditions stated in the GDPR):
- request and view (Article 15 of the GDPR) or transfer them (Article 20 of the GDPR); within that framework, you can obtain a complete export of your personal data in a structured, commonly used and machine-readable format;
- (have someone) change or complete them (Article 16 of the GDPR), and
- (have someone) erase them (Article 17 of the GDPR).
This can be done with regard to one or several of the above-mentioned purposes.
You also request to be completely removed from all databases. You are then “forgotten” and will not be contacted in any manner whatsoever.
You can (partially) exercise the above rights through the Library Website (Bibliotheekwebsite) or in full at your Library’s counter, on condition that you prove your identity.
In addition, you also still have the right to do the following:
- request that the processing be restricted (Article 18 of the GDPR);
- object to the processing (Article 21 of the GDPR).
You can also exercise your rights merely be sending a request by email to firstname.lastname@example.org. However, we do request that you prove your identity in this matter by means of a copy of (the front and reverse sides of) your identity card.
Always mention the following in your request:
- first name and surname of the person that you want to erase or change;
- email address of the person that you want to erase or change;
- precisely what personal data you want to view or request;
- precisely which changes you want to make or precisely which data you want to remove;
- where appropriate: what restriction you request of the processing;
- where appropriate: the content of your objection, and the consequence that you wish to attach to it.
You will be provided with information regarding the consequence attached to your request within one month after the request has been received (subject to an extension of such period, in accordance with Article 12 of the GDPR).
Cultuurconnect takes appropriate technical and organisational security measures to protect your personal data and to guarantee their reliability, availability and integrity.
Anyone who is authorised on behalf of Cultuurconnect, your Library or the above-mentioned processors, has been adequately informed of the importance of protecting personal data and privacy and is obliged to keep such information confidential.
We handle your personal data as carefully as possible and store them securely.
If your personal data are spread due to data theft or data leaks, such fact cannot give cause for damage claims against us unless it is constituted that we were in default of providing an adequate security level.
If, despite our preventive measures, you still have any complaints regarding our use of your personal data then you can contact email@example.com.
You will find more information regarding complaint procedures on the Flemish Supervisory Commission.
This Privacy Statement may be changed. We amend the rules and conditions to protect your privacy as well as possible and to handle your personal data transparently. It is therefore advisable to regularly have a look at it. The most recent amendment dates back to January 12 2024.