Privacy Notices of Turku University Library

Contact Information of the data controller

Mailing address:
Turku University Library
Customer Service (Feeniks Library)
FI-20014 UNIVERSITY OF TURKU
Email: library@utu.fi
Tel. +358 29 450 2354, +358 40 726 5016

Visiting address:
Turku University Library
Feeniks Library (University Hill)
FI-20014 UNIVERSITY OF TURKU

Purpose of processing data

• The customer register is set up to manage customer data in the Turku University Library.
• The main purpose of the register is to maintain the personal data and addresses of the users of the Turku University Library in order to manage the customer relationship. Personal data is linked to a personal library card and/or UTU account. The register is also used for communicating between the library and its customers, for example, pickup notices, overdue notices, invoicing, customer satisfaction surveys and compilation of statistics. Compilation of statistics does not include personal data.

Legal basis for data processing

Processing is based on the main task of the university set out in 2§ of the Universities Act (558/2009) and its implementation and in article 6.1(b) and article 6.1(a) of the EU General Data Protection Regulation: "processing is necessary for the performance of a contract to which the data subject is party" and "the data subject has given consent to the processing of his or her personal data for one or more specific purposes". http://www.privacy-regulation.eu/en/6.htm, Data Protection Act (1050/2018).

Personal data categories

Information in the customer register:

First and last names, date of birth, phone number(s) submitted by customer, mailing address(es) submittd by customer, email address(es).

Customer identification:

• UTU account or library card number and personal PIN
• customer and statistical categories

Only the name, address, e-mail address and telephone number are collected for the interlibrary loan service.

In payment-related situations, in addition to customer database information, library card number, loan information, amount of overdue fees and billing and collection information are stored.

There is electronic surveillance in library premises, see Privacy Notice for more information (only in Finnish).

Sources of personal data

Personnel and student information from the University of Turku is available from the University’s Data Warehouse. For other customers, the information is collected from the person himself/herself.

Retention period of personal data

Customer Register:
Personal data will be deleted 6 years after they have been created if the customer has not been active in the last 3 years. Personal data created over 6 years ago will be disposed of after 3 years from the date when the customer was no longer active.

Overdue payments by installment:
Personal information will be deleted after all payments have been made.

Invoicing:
The personal data collected by the library will be destroyed 6 years after their creation (6 years + this year).

Interlibrary loan service:
The personal data will be destroyed 2 years after the loan is returned.

Forms:
The information provided on the library card order form, interlibrary loan form and the storage request form will be sent to the interlibrary services staff's shared mailbox or service request management system. Information retention period for each is described on their own section below. 

User agreements of Eikon-terminal:
The user agreements will be deposited in the Turku School of Economics Library in a safetied space, and the data will be deleted upon expiry of the agreement.

Data handlers

Personnel responsible for the library system and its maintenance as well as customer service staff. The staff of the library are bound by the confidentiality obligation.

Data receiver groups

Personal data related to customer invoicing will be transferred to the university's SAP system and, where applicable, to the collection agency (Lindorff Oy).

When requesting material from the National Repository Library, the customer accepts that part of his / her customer information will be temporarily transferred to the National Repository Library customer register. Personal information will be removed from the National Repository library register when the customer has returned their loans.

Personal data related to the interlibrary loan service will be transferred to the WebKake-system maintained by kirjastot.fi (https://www.kirjastot.fi/rekisteriselosteet/webkake?language_content_entity=fi , only in Finnish).

Customer’s right of access to e-resources is identified by their UTU account or an IP address. The personal data, i.e. the UTU account or the IP address, are transmitted in a secure connection to the e-resource provider. Licensing agreements with e-resource providers have ensured compliance with the EU's general data protection regulation.

Transfer of information outside the EU or EEA

Data will not be transferred outside the EU or the European Economic Area.

Right of access, right of correction, right to be forgotten, right of restriction, right to object

• You have the right to ask the data controller access to your data and to request correction or removal of information or restrict and object to the processing of your data. Contact address: kirjaamo@utu.fi.
• Deleting data can be done if the customer is no longer active and the customer has no loans or payments. Deleting data requires customer authentication.
• Contact information of the Data Protection Officer of the University of Turku by e-mail: dpo@utu.fi
• You have the right to file a complaint with the supervisory authority.
• The principles of personal data protection are described on a separate page: https://www.utu.fi/fi/privacy/data-security-description 

Contact information of the data controller

Mailing address:
Turku University Library
Publication Services (Educarium)
FI-20014 UNIVERSITY OF TURKU
Email: julkaisut@utu.fi
Phone: + 358 29 450 3712; +358 50 353 7684

Visiting address:
Turku University Library
Educarium (Assistentinkatu 5)
FI-20014 UNIVERSITY OF TURKU

Purpose of processing data

The purpose of processing personal data is

• To distribute ISBN, ISSN and other serial numbers for the publications of the University of Turku.
• To agree on publishing publications of the University of Turku in the Annales Universitatis Turkuensis series and to enable publishing in the UTUPub Publications Archive. 
• To manage and develop services related to university’s publishing activities and to perform tasks related to the content management and technical development of the UTUPub Publication Archive.

From the customers point of view publishing a thesis (a doctoral thesis, Master’s thesis or other thesis) is a compulsory part of the degree. Not publishing a thesis results in not being able to graduate. It is not possible to publish in the Annales series without an ISBN and a serial number. However, it is possible to publish a doctoral dissertation without an ISBN by self-publishing it according to the faculty’s instructions.

Legal basis for data processing

Processing is based on the main task of the University set out in section 2 of the Universities Act (558/2007) and its implementation and in Article 6.1(b) and 6.1(c) of the EU General Data Protection Regulation:  "processing is necessary for the performance of a contract to which the data subject is party" and "processing is necessary for compliance with a legal obligation to which the controller is subject". http://www.privacy-regulation.eu/en/6.htm.

Personal data categories

First and last names, title/occupation, email address, mailing address (agreements), affiliation (faculty)

Source of data

Information is requested from the data subject himself or herself.

Retention period of personal data

Personal data will be deleted 5 years after their creation. The agreements will be permanently deposited in the University’s Central Archives.

Data handlers

The staff of the library’s Publication Services.

Data receiver groups

Information about the publication (author, affiliation and title) in the UtuPub Publication Archive will be transferred to the National Library’s Dspace system.  

Transfer of information outside the EU or EEA

Information about the publication (author, affiliation and title) in the National Library’s Dspace system can be harvested outside the EU or the European Economic Area.

Right of Access, right of correction, right to be forgotten, right of restriction, right to object

• You have the right to ask the data controller access to your data and to request correction or removal of information or restrict and object to the processing of your data. Contact address: kirjaamo@utu.fi.
• You have the right to change the visibility of your master thesis (delivered through the UTUGradu-system). Theses are public documents which can be read/studied by everyone. Permament removal of the document is not possible. Contact address: julkaisut@utu.fi.
• Information given with the ISBN form is required in order to publish a publication of the University of Turku in the  Annales Universitatis Turkuensis series.
• Contact information of the Data Protection Officer of the University of Turku: dpo@utu.fi
• You have the right to file a complaint with the supervisory authority.
• The principles of personal data protection are described on a separate page: https://www.utu.fi/fi/privacy/data-security-description 

Contact information

Mailing address:
Turku University Library
Metadata (Feeniks Library)
FI-20014 UNIVERSITY OF TURKU
Email: metatieto@utu.fi
Tel: +358 29 450 2096, +358 50 523 5159

Visiting address:
Turku University Library
Feeniks Library (University Hill)
FI-20014 UNIVERSITY OF TURKU

The purpose of processing personal data

• The purpose of processing personal data is to create consistent authorized forms of personal names or corporate names, so that all the publications of the same writer can be found under one author name or subject heading in spite of the different name variants in the National Library’s Asteri Authority Database and, consequently, also in the Melinda and Volter databases.

• The main purpose of the register is to manage publicly available information related to the publishing activities  of the data subject

Legal basis for data processing

The processing is based on the main task of the university as set out in section 2 of the Universities Act (558/2007) and its implementation and in the article 6.1(e) of the EU General Data Protection Regulation: "processing is necessary for the performance of a task carried out in the public interest". http://www.privacy-regulation.eu/en/6.htm.

Personal data categories

First and last names, title, date of birth.

Sources of data

The information is received from publicly accessible data resources.

Retention period of data

In the National Library’s Asteri database, data is kept until further notice.

Data Handlers

Personnel responsible for the metadata and cataloguing. The staff of the library is bound by the confidentiality obligation.

Data receiver groups

The Melinda database of the National Library of Finland

Transfer of information outside the EU or EEA

The information can be transferred from the National Library’s database via the international search engines outside the EU or EEA.

Right of access, right of correction, right to be forgotten, right of restriction, right to object

• You have the right to ask the data controller access to your data and to request correction or removal of information or restrict and object to the processing of your data. Contact address: kirjaamo@utu.fi.
• Contact information of the Data Protection Officer of the University of Turku by e-mail: dpo@utu.fi
• You have the right to file a complaint with the supervisory authority.
• The principles of personal data protection are described on a separate page: https://www.utu.fi/fi/privacy/data-security-description 

Contact information

Mailing address:

Turku University library
Metrics and Evaluation Services
FI-20014 UNIVERSITY OF TURKU
Email: tietopalvelu@utu.fi
Tel: +358 29 450 2659; +358 41 544 7762 (Jukka Rantasaari)

Visiting address:

Turku University Library
FI-20014 UNIVERSITY OF TURKU

Purpose of processing data

Personal data is processed for the following purposes:

• For publication analysis: in order to identify publications and to carry out the publication analysis
• For purposes related to the bibliometric assessment of the university’s research

Legal basis for processing data

The processing is based on the university’s missions and their implementation as set out in sections 2 and 87 of the Universities Act (558/2009) as well as on the following points of Article 6(1) of the EU’s General Data Protection Regulation:

- a and b (publication analyses requested by the data subject herself or himself): "the data subject has given consent to the processing of his or her personal data for one or more specific purposes" and "processing is necessary for the performance of a contract to which the data subject is party"

- c and f (publication analyses requested by the university): "processing is necessary for compliance with a legal obligation to which the controller is subject" and " processing is necessary for the purposes of the legitimate interests pursued by the controller"

In the context of the bibliometric analysis of the research assessment exercise, the processing of personal data is based on the university’s missions and their implementation as set out in sections 2 and 87 of the Universities Act (558/2009) as well as on point c of Article 6(1) of the EU’s General Data Protection Regulation (EU).

http://www.privacy-regulation.eu/fi/6.html .

Personal data categories

Last and first name, publication list, departmental affiliation, contact information of the workplace (email address, postal address, cost centre).

In order to carry out the bibliometric analysis of the research assessment exercise the researcher’s card id information in the current research information system may be needed.

Sources of personal data

From the researcher himself or herself (individual analysis), from the list of publications, from the data warehouse report of the current research information system, from a bibliometric database (Web of Science, Scopus, Google Scholar, InCites).

In the course of the bibliometric analysis of the university’s research assessment exercise: the current research information system, the Web of Science database, the publication data reported by departments or other publication data collected by the university.

Retention period of personal data

Personal data will be deleted after three years of the completion of the commission contract.

The bibliometric analysis documents of the research assessment exercise carrying personal data will be deleted after 10 years of the completion of the commission contract.

Data handlers

Library’s metrics and evaluation services personnel. The invoices are also handled by the university’s finances/sales and invoicing personnel.

In the course of the bibliometric analysis of the research assessment exercise the personnel of the library’s metrics and evaluation services and project employees.

Data receiver groups

Invoices may be processed by the collection agency chosen by the University of Turku (in 2018 Lindorff).

In the course of the bibliometric analysis of the research assessment exercise personal data may be processed by the contact person of the University of Turku IT Services.

Transfer of personal data to a third country

Data is not transferred to a third country.

Right of access, right of correction, right to erasure, right of restriction, right to object

Publication analyses

• You have a right to ask the data controller for access to your personal data and a right to have this data rectified or erased and a right to restrict and object the processing of this data. Contact address: kirjaamo@utu.fi. 
• You have a right to withdraw your consent by sending email to tietopalvelu@utu.fi.
• Without consent to process personal and publication data the publication analysis cannot be carried out reliably.
• Contact information of the Data Protection Officer of the University of Turku: dpo@utu.fi
• You have a right to lodge a complaint with the supervisory authority.
• The principles of the information security of personal data are described at: http://www.utu.fi/en/unit/university-services/it-services/information_security/Pages/Data-Security-Description.aspx

Bibliometric analysis of the research assessment excercise

• You have a right to ask the controller for access to personal data which have been collected concerning you and a right to have this data rectified, but no right to erasure (”right to be forgotten”), because the processing is in compliance with the legal obligation (Universities Act (558/2007) 87 §). Contact address: kirjaamo@utu.fi.
• Contact information of the Data Protection Officer of the University of Turku: dpo@utu.fi
• You have a right to lodge a complaint with the supervisory authority.
• The principles of personal data protection are described on a separate page: https://www.utu.fi/fi/privacy/data-security-description 

Contact Information of the data controller

Mailing address:

Turku University Library
Information Resource Availability Services
FI-20014 TURUN YLIOPISTO
e-mail: kirjasto@utu.fi  
Telephone: +358 (0)29 450 2769; +358 (0)50 439 3501

Visiting address:
Turku University Library
Feeniks Library (Yliopistonmäki)
FI-20014 TURUN YLIOPISTO

Purpose of processing data

The purpose of the processing of personal data of donors is

• to support biographical and historical research
• to aid in the planning of museum exhibitions and other exhibitions where biographical information is needed
• to support genealogical research

Legal basis for data processing

The processing of personal data is based on the EU General Data Protection Regulation, article 6.1(e): “processing is necessary for the performance of a task carried out in the public interest”. Starting from the beginning of 2017 the processing is also based on article 6.1(a): “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”. http://www.privacy-regulation.eu/en/6.htm

Personal data categories

In the old card index of donors (until 1992): last names and first names, profession, address or place of residence

From 1993 onwards, donors may be included in the Library’s publicly accessible Volter database (as per the wish of the donor): first name(s) and last name(s)

Sources of personal data

Information about donors is obtained from the persons themselves, or, where a donation is made in the name of a deceased person, from their heirs.

Retention period of personal data

Personal data in the old card index of donors will be retained indefinitely.

In the new register (the public Volter database), the name of the donor will be erased, should the donor wish so or if the donated material is written off.

Data handlers

Library personnel responsible for the selection, acquisition and cataloguing of information resources.

Data receiver groups

The data will not be disclosed to parties outside the Library.

Transfer of information outside the EU or EEA

Data will not be transferred outside the EU or the European Economic Area.

Right of access, right of correction, right to be forgotten, right of restriction, right to object

• You have the right to ask the data controller for access to your data, and to request that your data be corrected, removed or restricted, and to object to the processing of your data. Contact address: kirjaamo@utu.fi
• You have the right to cancel your consent for processing your data. In such cases, contact kirjasto@utu.fi.
• Contact information of the Data protection officer of the University of Turku: dpo@utu.fi 
• You have the right to file a complaint with the supervisory authority.
• The principles of personal data protection are described on a separate page: http://www.utu.fi/en/unit/university-services/it-services/information_security/Pages/Data-Security-Description.aspx 

Contact information

Mailing address:
Turku University Library
Information Services (Feeniks Library)
FI-20014 UNIVERSITY OF TURKU
Email: kirjasto@utu.fi
Tel: + 358 29 450 2277; +358 40 839 8630

Visiting address:
Turku University Library
Feeniks Library (University Hill)
FI-20014 UNIVERSITY OF TURKU

Purpose of processing data

The purpose of processing personal data is

• to collect information about attendance at library training for credit recording purposes
• when necessary, to enable contacting the course participants or registrants for the purposes of asking for feedback or informing about possible changes.

Legal basis for processing 

Categories of personal data 

Last and first names, phone number, email address and in some cases the student number and the main subject.

Sources of personal data

Registration to courses, where attendance is obligatory, is done via the study administration data system Nettiopsu. Possible further details (e.g. group division) are received from the faculty.

On courses requested by the subject teacher, attendance information is collected during the teaching session and will be reported to the subject teacher. Attendance data may also be received from the subject teacher in advance. If the subject teacher attends the teaching session, s/he is responsible for recording attendance.

Persons attending voluntary teaching sessions deliver their personal data electronically  (Webropol).

Retention period of personal data

Personal data will be stored three full academic years.

Data handlers

Data is processed only by library personnel whose work tasks include processing of the teaching-related information.

Data receiver groups

Information about attendance is reported to the study administration data system or to the subject contact person, if the teaching is obligatory/part of the curriculum or on the request of the subject teacher.

Transfer of personal data to a third country 

Data will not be transferred outside the EU or the European Economic Area.

Right of access, right of correction, right to erasure, right of restriction, right to object

• You have a right to ask the data controller for access to your personal data and a right to have this data rectified or erased and a right to restrict and object the processing of this data. Contact address: kirjaamo@utu.fi. 
• You have a right to withdraw your consent by sending email to kirjasto@utu.fi.
• Contact information of the Data Protection Officer of the University of Turku: dpo@utu.fi
• You have a right to lodge a complaint with the supervisory authority.
• The principles of the information security of personal data are described at: http://www.utu.fi/en/unit/university-services/it-services/information_security/Pages/Data-Security-Description.aspx

Contact information of the data controller

Mailing address (acquisition requesters):
Turku University Library Availability Services 
FI-20014 UNIVERSITY OF TURKU
Email: library@utu.fi
Phone: 029 450 2769; 050 439 3501

Mailing address (publishers and aggregators):
Turku University Library Acquisition Services 
FI-20014 UNIVERSITY OF TURKU
Email: hankinta@utu.fi
Phone: +358 29 450 3719

Visiting address:
Turku University Library Feeniks Library (Yliopistonmäki)
FI-20014 UNIVERSITY OF TURKU

Purpose of processing data

The purpose of processing the personal data of the acquisition requesters is to inform the requester about the arrival of new resources to be able to keep in contact with the requester in case the acquisition request gives reason for further clarification or if the resource is not acquired The purpose of processing the personal data of the publishers and aggregators is to administer the acquisitions by enabling the contacts when making the orders and in the questions related to the acquisitions

Legal basis for data processing

The processing is based on the main task of the University set out in the 2§ of the Universities Act (558/2009) and its implementation and in the article 6.1(a) (acquisition requesters) and (b) (publishers and aggregators) of the EU General Data Protection Regulation: " the data subject has given consent to the processing of his or her personal data for one or more specific purposes" and "processing is necessary for the performance of a contract to which the data subject is party". http://www.privacy-regulation.eu/en/6.htm.

Personal data categories

Acquisition requesters: First and last names, email address, phone number, library card number.

Publishers and aggregators: First and last names, title, phone number, email address.

Sources of personal data

For acquisition requesters the information is requested from the person himself. The library card number is available at the library’s customer register. All the other acquisition requests, apart from the course book acquisition requests, can be made anonymously. For publishers and aggregators the information is requested from the person himself.

Retention period of personal data

The personal data of the acquisition requesters will be deleted from the register after the library has acquired and received the resource requested by the requester, the resource has been catalogued and the information of the arrival of the resource to the library has been sent to the requester. The personal data of the publishers and aggregators will be destroyed from the register if no resource has been acquired from the publisher or aggregator in question during a period of two years or if the person in question no longer works for the publisher or aggregator in question.

Data handlers

The personnel responsible for the selection, acquisition and cataloguing of the library resources. The staff of the library is bound by the confidentiality obligation.

Data receiver groups

Data will not be transferred outside the library.

Transfer of information outside the EU or EEA

Data will not be transferred outside the EU or the European Economic Area.

Right of access, right of correction, right to be forgotten, right of restriction, right to object

• You have the right to ask the data controller access to your data and to request correction or removal of information or restrict and object to the processing of your data. Contact address: kirjaamo@utu.fi.
• You have the right to cancel your acceptance by informing it to the email address library@utu.fi · Contact information of the Data Protection Officer of the University of Turku by e-mail: dpo@utu.fi
• You have the right to file a complaint with the supervisory authority.
• The principles of the information security of personal data are described at: https://www.utu.fi/fi/privacy/data-security-description 

Contact information of the data controller

Mailing address:
Turku University Library
Acquisition Services (Feeniks Library)
FI-20014 UNIVERSITY OF TURKU
Email: kirjasto-hankintatiimi@utu.fi 
Phone: +358 29 450 3719

Visiting address:
Turku University Library
Feeniks Library (Yliopistonmäki)
FI-20014 UNIVERSITY OF TURKU

 
Purpose of processing data

The purpose of processing the personal data of the ordering department personnel
to be able to keep in contact with the person in question in case the department acquisition gives reason for further clarification or if the resource is not acquired

Legal basis for data processing

The processing is based on the main task of the University set out in the 2§ of the Universities Act (558/2009) and its implementation and in the article 6.1(b) of the EU General Data Protection Regulation: "processing is necessary for the performance of a contract to which the data subject is party". http://www.privacy-regulation.eu/en/6.htm. 

Personal data categories

First and last names, email address.

Sources of personal data

The information is requested from the person himself.

Retention period of personal data

The personal data will be deleted from the register after the library has acquired and received the resource requested by the person in question.

Data handlers

The personnel responsible for the acquisition and cataloguing of the department acquisitions. The staff of the library is bound by the confidentiality obligation.

Data receiver groups

Data will not be transferred outside the library.

Transfer of information outside the EU or EEA

Data will not be transferred outside the EU or the European Economic Area.

Right of access, right of correction, right to be forgotten, right of restriction, right to object

• You have the right to ask the data controller access to your data and to request correction or removal of information or restrict and object to the processing of your data. Contact address: kirjaamo@utu.fi.
• You have the right to cancel your acceptance by informing it to the email address library@utu.fi
• Contact information of the Data Protection Officer of the University of Turku by e-mail: dpo@utu.fi
• You have the right to file a complaint with the supervisory authority.
• The principles of the information security of personal data are described at: https://www.utu.fi/fi/privacy/data-security-description 

General information

The library communicates with customers through shared mailboxes, chat service and the service request management system (RT ticketing system).

Email addresses integrated to the service request management system are tietopalvelu@utu.fi, researchportal@utu.fi, finna@utu.fi, openutu@utu.fi, kirjasto@utu.fi and lainaus@utu.fi. The service request management system has a privacy notice of its own.

Shared mailbox addresses include kaukopalvelu@utu.fi, kirjasto-laskutus@utu.fi, tietoaineistot@utu.fi, metatieto@utu.fi, hankinta@utu.fi, kirjasto-hankintatiimi@utu.fi, kirjasto-palaute@utu.fi, julkaisut@utu.fi.

Copies of chat conversations will be stored.

Service forms on the library webpages are configured to send data to the shared mailboxes.

Contact information

Mailing address:
Turku University Library
Feeniks Library
FI-20014 UNIVERSITY OF TURKU
Email: kirjasto@utu.fi
Tel: +358 294503389

Visiting address:
Turku University Library
Feeniks Library (University Hill)
FI-20014 TURUN YLIOPISTO

Purpose of processing data

Personal data is handled for the purposes of communicating with customers and carrying out services.

Messages received in the shared mailboxes can be transferred to other recipients involved. Data can only be accessed by library personnel whose work tasks include processing of the register information.

Legal basis for processing data

Processing is based on the main task of the university set out in section 2 of the Universities Act (558/2009) and its implementation and on the points a, b and c of Article 6(1) of the EU’s General Data Protection Regulation: "the data subject has given consent to the processing of his or her personal data for one or more specific purposes", "processing is necessary for the performance of a contract to which the data subject is party" and "processing is necessary for compliance with a legal obligation" to which the controller is subject". (http://www.privacy-regulation.eu/fi/6.htm .)

Categories of personal data

Email address and other information given by the customer either as a freely formulated email or on the service form. Data may include, for example, customer’s name, address, library card number, date of birth, phone number, borrowing-related information, acquisition requests and publication data.

Sources of personal data

Personal data is obtained from the person himself or herself by email or on the service form.

Retention period of personal data

• kaukopalvelu@utu.fi: 2 years
• kirjasto-laskutus@utu.fi: 7 years (6 + 1)
• tietoaineistot@utu.fi: 2 years
• metatieto@utu.fi: 2 years
• hankinta@utu.fi: current and previous year
• kirjasto-hankintatiimi@utu.fi: current and previous year
• kirjasto-palaute@utu.fi: 2 years
• volter@utu.fi: 14 months
• julkaisut@utu.fi: 5 years
• copies of chat conversations: 2 years

Data handlers

Data is processed only by library personnel whose work tasks include processing of the register information. The library staff is bound by the confidentiality obligation.

Data receiver groups

Messages in the shared mailbox are mainly processed in the library. When necessary, messages can be transferred within the university, for example, to the IT Services. Email messages will not be transferred outside the university without the customer’s consent.

Based on the university’s Records Retention Schedule, an individual message may be transferred outside the system.

Transfer of personal data to a third country

Data will not be transferred outside the EU or the European Economic Area.

Right of access, right of correction, right to erasure, right of restriction, right to object

• You have a right to ask the data controller for access to your personal data and a right to have this data rectified or erased and a right to restrict and object the processing of this data. Contact address: kirjaamo@utu.fi. 
• You have a right to withdraw your consent by sending email to kirjasto@utu.fi .
• Contact information of the Data Protection Officer of the University of Turku: dpo@utu.fi
• You have a right to lodge a complaint with the supervisory authority.
• The principles of the information security of personal data are described at: https://www.utu.fi/fi/privacy/data-security-description 

General information

The library communicates with customers through shared mailboxes, chat service and the service request management system (RT ticketing system). The privacy notice of the service request management system is available at

• Email addresses integrated to the service request management system are tietopalvelu@utu.fi, researchportal@utu.fi, finna@utu.fi, openutu@utu.fi, lainaus@utu.fi, kirjasto@utu.fi and library@utu.fi. 
• Shared mailbox addresses are kaukopalvelu@utu.fi, kirjasto-laskutus@utu.fi, tietoaineistot@utu.fi, metatieto@utu.fi, hankinta@utu.fi, kirjasto-hankintatiimi@utu.fi, kirjasto-palaute@utu.fi, julkaisut@utu.fi. Shared mailboxes have a privacy notice of their own.

Copies of chat conversations will be stored.

Contact information

Mailing address:
Turku University Library
Feeniks Library
FI-20014 UNIVERSITY OF TURKU
Email: kirjasto@utu.fi
Tel: +358 29 450 2277; +358 40 839 8630

Visiting address:
Turku University Library
Feeniks Library (University Hill)
FI-20014 TURUN YLIOPISTO

Purpose of processing data 

The purpose of handling personal data is

• to manage email service requests received from customers of the Turku University Library and to communicate with them. 
• Based on the email address that the message is sent to, the requests are assigned  to subscribing recipients within the ticketing system. Data can only be accessed by personnel whose work tasks include using the register. Groups of staff members work on ticket queues assigned to them based on the service email address.

Legal basis for processing data

Processing is based on the main task of the university set out in section 2 of the Universities Act (558/2009) and its implementation and on the point a of Article 6(1) of the EU’s General Data Protection Regulation: "the data subject has given consent  to the processing of his or her personal data for one or more specific purposes". (http://www.privacy-regulation.eu/fi/6.htm.)

Categories of personal data

Last and first names, email address, other personal data that the message may contain.

Sources of personal data

Personal data is obtained from the person himself or herself when creating the request.

Retention period of personal data

The retention period for each service request queue is determined separately. The retention period may vary from two to 20 years (2-20).

Data handlers

Personnel responsible for each service. The staff of the library are bound by the confidentiality obligation.

Data receiver groups

Personal data is not transferred outside the ticketing system. Based on the university’s Records Retention Schedule, an individual message or service process may be transferred outside the system.

Transfer of personal data to a third country

Data will not be transferred outside the EU or the European Economic Area.

Right of access, right of correction, right to erasure, right of restriction, right to object

• You have a right to ask the data controller for access to your personal data and a right to have this data rectified or erased and a right to restrict and object the processing of this data. Contact address: kirjaamo@utu.fi. 
• You have a right to withdraw your consent by sending email to kirjasto@utu.fi.
• Contact information of the Data Protection Officer of the University of Turku: dpo@utu.fi
• You have a right to lodge a complaint with the supervisory authority.
• The principles of the information security of personal data are described at: https://www.utu.fi/fi/privacy/data-security-description 

Contact Information

Mailing address:
Turku University Library
Feeniks Library
FI-20014 UNIVERSITY OF TURKU
Email: merja.himanka@utu.fi
Tel: +358 29 450 2218

Visiting address:
Turku University Library
Feeniks Library, University Hill
FI-20014 UNIVERSITY OF TURKU

Purpose of processing data

Research room allocation procedure

Legal basis for data processing

Processing is based on the main task of the university set out in 2§ of the Universities Act (558/2009) and its implementation and article 6.1b of the EU General Data Protection Regulation ‘Processing is necessary for the implementation of the agreement to which the registered subject is a party’. http://www.privacy-regulation.eu/en/6.htm

Personal data categories

Name, address, title, telephone number, email, place of research, post in University of Turku or elsewhere, leave of absence, office in University of Turku or elsewhere, application period, topic, quality and phase of research, information about sharing a room, other possible justifications, previous periods of use, granted season and room number

Sources of personal data

Research room applicant, service secretary, library director

Retention period of personal data

Application form: 2 years, summary of the applicants’ information: 10 years (updated 2.6.2022, previously 5 years), library director´s decision: 10 years, user agreement: 10 years (updated 2.6.2022, previously period of validity + 2 years)

Data handlers

Library director, service manager, service secretary

Data receiver groups

Data will not be transferred outside the Turku University Library.

Transfer of information outside the EU or EEA

Data will not be transferred outside the EU or the European Economic Area.

Right of access, right of correction, right to be forgotten, right of restriction, right to object

•    You have the right to ask the data controller access to your data and to request correction or removal of information or restrict and object to the processing of your data. Contact address: kirjaamo@utu.fi.
•    Contact information of the Data Protection Officer of the University of Turku by e-mail: dpo@utu.fi
•    You have the right to file a complaint with the supervisory authority.
•    The principles of personal data protection are described on a separate page: https://www.utu.fi/en/privacy/data-security-description

The privacy notice of Volter (utuvolter.fi) can be found at: ExLibris Privacy Policy

Contact information of the data controller

Purpose of processing data

• To manage and develop services related to university’s publishing activities and to perform tasks related to the content management and technical development of the UTUPub publication archive.
• To enable the electronic publishing of the University of Turku publications.
• Personal data of the registered users are processed for usage rights management reasons.

Legal basis for data processing

Personal data categories

Source of personal data

Retention period of personal data

Data handlers

Categories of personal data

Transfer of personal data to a third country

• You have a right to ask the data controller for access to your personal data and a right to have this data rectified or erased and a right to restrict and object the processing of this data. Contact address: julkaisut@utu.fi. Details on the removal of publications from UTUPub have been set out in the publishing agreement.
• You have the right to change the visibility of your master thesis (delivered through the UTUGradu-system). Theses are public documents which can be read/studied by everyone. Permament removal of the document is not possible. Contact address: julkaisut@utu.fi.
• Personal information given with the agreement form are required for publishing the publication.
• Information about registered users cannot be deleted, but if necessary, they can be anonymized. Contact address: julkaisut@utu.fi.
• Contact information of the Data Protection Officer of the University of Turku: dpo@utu.fi
• You have the right to file a complaint with the supervisory authority.
• The principles of personal data protection are described on a separate page: http://www.utu.fi/en/unit/university-services/it-services/information_security/Pages/Data-Security-Description.aspx

Contact Information of the data controller

Mailing address:
Turku University Library
Customer Service (Feeniks Library)
FI-20014 UNIVERSITY OF TURKU
Email: library@utu.fi
Tel. +358 29 450 2354, +358 40 726 5016

Visiting address:
Turku University Library
Feeniks Library (University Hill)
FI-20014 UNIVERSITY OF TURKU

Purpose of processing data

The main purpose of the register is to enable booking of library’s premises and devices and communication with customers if needed.

Legal basis for data processing

Processing is based on the main task of the university set out in 2§ of the Universities Act (558/2009) and its implementation and in article 6.1(b) and article 6.1(a) of the EU General Data Protection Regulation: "processing is necessary for the performance of a contract to which the data subject is party" and "the data subject has given consent to the processing of his or her personal data for one or more specific purposes". http://www.privacy-regulation.eu/en/6.htm, Data Protection Act (1050/2018).

Personal data categories

Information in the customer register:
When signing in with UTU account or using HAKA login the following information is transferred: first name, last name, email address, user id.
When creating Asio account user submits the following information: first name, last name, email address, phone number.

Sources of personal data

Personnel and student information from the University of Turku is available from the University’s Data Warehouse. With HAKA login information is transferred when signing in. For other customers, the information is collected from the person himself/herself.

Retention period of personal data

Customer Register information is deleted every 18 months.

 
Data handlers

Personnel responsible for the booking system and its maintenance as well as customer service staff. The staff of the library are bound by the confidentiality obligation.

 
Transfer of personal data outside the EU or EEA

Data will not be transferred outside the EU or the European Economic Area.

Right of access, right of correction, right to be forgotten, right of restriction, right to object

• You have the right to ask the data controller access to your data and to request correction or removal of information or restrict and object to the processing of your data. Contact address: kirjaamo@utu.fi.
  • Deleting data can be done if the customer has no longer active bookings. Deleting data requires customer authentication.
• Contact information of the Data Protection Officer of the University of Turku by e-mail: dpo@utu.fi
• You have the right to file a complaint with the supervisory authority.
• The principles of personal data protection are described on a separate page: https://www.utu.fi/en/privacy/data-security-description