How does the library handle personal data and what does it use them for? How does it protect them? This article offers basic answers to these questions. Complete information about the protection of personal data used by the Municipal Library of Prague is provided to clients in the Library Rules. The handling of personal data reflects the requirements arising from the European General Data Protection Regulation (GDPR, hereinafter the Regulation), which comes into effect on 25 May 2018.
The Municipal Library of Prague processes users’ personal data, if it needs them to provide its services. When processing personal data, we comply with the legislation of the European Union and related legislation of the Czech Republic.
The library is an open space and anybody can use its services. The basic document stipulating the rights and obligations of the library and users are the Library Rules. The library may provide certain services only to a specific person, for which reasons their personal data must be known. This particularly concerns the loaning of documents outside of the library (off-site) and related services (reader account management, reservations, borrowing history), but also certain services provided directly on the library premises (reservations of space, registration for certain events with limited participation). We offer these direct services to registered readers, who apply for the services by completing a registration form.
To lend documents to readers outside the library, we need basic information about the person who wishes to use these services, meaning their name and surname, date of birth, address and identification card details. As for children under the age of 15, we require the same data from their legal guardian. These data are processed primarily to protect the library fund, imposed on the library by the Library Act No. 259/2001 Coll.
The library also processes data about whether the reader is a ZTP/ZTP-P (disability) pass holder, if the reader wishes to enjoy the associated advantages (e.g. free membership or longer borrowing periods).
We use contact data (e-mail address, telephone number) for more effective communication with readers and to inform them about the status of their reader account, fulfilled reservations or new services and library events. Through their reader account, the reader may set whether they wish to receive e-mail messages from the library. We use the reader’s mailing address if the reader wishes to be information via these means about a fulfilled reservation, but also if it is necessary to send a reminder about an unreturned loan.
The library keeps a loan history and records on use of the readers’ card and movement of the library unit in order to solve potential disputes and to provide the reader with an overview of their reading history. If the reader does not wish to keep a loan history, they may request its deletion via e-mail to firstname.lastname@example.org.
Based on the knowledge of users who regularly use the library, and their needs, we can continue to develop our services. Data from loaning activity may serve e.g. to develop the library network, modify opening hours or purchase new documents.
The libraries may be equipped with a monitoring camera system, which ensures better security in areas with poor visibility. Such branches are marked with a camera pictogram on the entrance door and information is provided in the branch profile at www.mlp.cz/en/branches.
We keep data for the term of validity of the readers’ card, extended by one year. During this year, the reader has the possibility to easily renew their membership, without losing the history of their loans. After the passing of this period, the library anonymises the data, which means that it deletes all data based on which the reader can be identified, and thus the remaining data cannot be assigned to them. The library can continue to use anonymous data acquired in this way are used for statistical purposes. The reader may request anonymisation at an earlier time, if they no longer wish to use the library’s service, in writing to the address email@example.com, via mail or in person at the library. The library may reject the request for anonymisation if the reader has outstanding liabilities.
The reader may also request the storing of their data for an additional year, even if they do not have a valid readers’ card, even repeatedly.
The library stores data from the camera system for 3 days after recording, or for the period required to investigate the recorded incident.
A preview of most of the personal data which the library keeps about readers is available in the online reader account, which is available to every reader upon signing in (username, password) on the library’s website at www.mlp.cz/en. The reader account offers not only a list of data about the person (identification and contact data), but also an overview of current loans, loan history since the start of registration, payment data including payment history, information about the paid deposit and entered reserves, and any other information (purchased/ordered tickets).
The reader has the right to request access to their personal data processed by the library, and may also obtain this statement in electronic format. We provide the first statement free of charge within one month from receiving the request and necessary verification of the applicant’s identification. Requests are handled by the library’s legal department.
The library strives to keep the stored personal data up to date, and therefore asks users about their currency when they extend the validity of the reader’s card in person. We ask readers to inform the library about any changes in their personal data during their next visit in person. Readers may change some personal data themselves in their reader account (contact address, e-mail, telephone).
Please note that the library sends some messages electronically only. This refers for instance to reminders of the approaching end of the borrowing period, invitations to events or automatic confirmation of book returns. Hence, we can send you these messages only if we have your correct e-mail address.
The library processes the personal data of its registered users in its own Koniáš library system and therefore does not provide them to any other party for management. We provide personal data to the collection company for the purpose of debt recovery, but the potential debtor is always informed of this sufficiently in advance. In some cases, we use the services of other providers, e.g. the Colloseum booking system or the online services of Google when signing up for library events. The personal data which the library processes electronically may be sent to another party of the reader’s choice at the express request of the reader and after verifying their identity.
The library secures the managed data, but you can also contribute to their security with your responsible behaviour. Do not lend your reader’s card to other persons; anybody can register with the library. Do not share your login data for your online reader account with other people. Choose a password according to the recommendations for a safe password.
The Czech Republic, as a European Union member state, is obliged to respect the common legislation of the European Union. At present, as concerns personal data protection, this is Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as the GDPR, which is effective from 25 May 2018. Compliance with the Regulation is overseen by the Personal Data Protection Office, which you can contact if you have any complaints, questions or to investigate uncertainties. However, we would be happy if you addressed your issues concerning your personal data to the legal department of the Municipal Library of Prague first.