The English text of this Privacy Statement is a translation. In case of confusion or contradictions between the English and the Dutch versions, the Dutch version takes precedence.

INTRODUCTION

Thank you for using the Library Website (Bibliotheekwebsite). Your library uses digital applications for its operations. Your Library uses the Cultuurconnect Basic Digital Library Infrastructure (Basisinfrastructuur Digitale Bibliotheek) as instructed by the Flemish government for a number of those applications. The Library Website (Bibliotheekwebsite) forms part of such Basic Infrastructure (Basisinfrastructuur). Your personal data are processed within the Library Website (Bibliotheekwebsite). 

We take data protection extremely seriously. To do so, we base ourselves on the provisions of the European General Data Protection Regulation (also known as the GDPR).

This privacy statement relates to the processing and protection of your personal data within the context of the use of the Library Website (Bibliotheekwebsite).

Your Library has undertaken not to post any additional privacy statement(s) on the Library Website (Bibliotheekwebsite) that might contain any data in conflict with such Library Website (Bibliotheekwebsite) Privacy Statement. If this is nevertheless the case, then the provisions in this Library Website (Bibliotheekwebsite) Privacy Statement will prevail.

The Basic Digital Library Infrastructure (Basisinfrastructuur Digitale Bibliotheek) also consists of the Library System (Bibliotheeksysteem) in addition to the Library Website (Bibliotheekwebsite). The Library System (Bibliotheeksysteem) is software that orders and catalogues work processes, and makes inventory management, loaners’ administrative services, lending, financial management and reporting/statistics in the Library possible for all Dutch-language libraries in Flanders and Brussels. The Library System (Bibliotheeksysteem) is not the subject matter of this privacy statement. 

By using the Library Website (Bibliotheekwebsite), you provide information that makes it possible to identify you as a person. This Privacy Statement provides detailed information regarding the manner in which we process your personal data. We advise you to read this document carefully.

This Privacy Statement applies to the services that are provided via the Library Website (Bibliotheekwebsite). We are not responsible for the privacy policy of other websites and sources related to the Library Website (Bibliotheekwebsite).

Anyone using the Library Website (Bibliotheekwebsite) accepts this Privacy Statement.

GENERAL

1. WHO IS THE CONTROLLER (i.e. PERSON RESPONSIBLE FOR PROCESSING YOUR DATA)?

Cultuurconnect vzw is a Flemish government organisation. It wishes to support and manage public libraries and culture centres in focusing on and bring to fruition their goals in the digital community. Cultuurconnect wants to use the Library Website (Bibliotheekwebsite) to innovate and scale up the public library sector, so that your Library can offer you, the user, more efficient and high-quality service provision.  

Cultuurconnect vzw
Priemstraat 51, 1000 Brussels
Enterprise number: 0629.858.909
www.cultuurconnect.be 

The Cultuurconnect Data Protection Officer (DPO) can be reached via the above-mentioned address (Attn Data Protection Officer), or at dpo@cultuurconnect.be.

2. WHAT IS THE LIBRARY WEBSITE?

The Library Website (Bibliotheekwebsite) forms the public interface of the website, the catalogue and the My Library (Mijn Bibliotheek) services of your Library. 

Cultuurconnect wants to keep the Library Website (Bibliotheekwebsite) efficient, relevant and up to date and, if necessary or desirable, will also bring about new developments and/or links with other systems, with a view to matters such as:

  • keeping the service provision up to date with current (technological) developments and tendencies, 
  • supra-local cultural purposes, 
  • the further innovation of the local culture policy,
  • and amendments to legislation and regulations. 

As controller, Cultuurconnect will in this regard always take appropriate measures to protect your personal data.

3. WHAT IS THE ROLE OF YOUR LIBRARY?

Your Library must be able to process your personal data via the Library Website (Bibliotheekwebsite) to be able to provide you with its services. Cultuurconnect and your Library have concluded an agreement with that aim. Such agreement lays down what your Library can do with the data that have provided within the framework of the Library Website (Bibliotheekwebsite). 

A number of cases fall under the (processing) responsibility of your Library as such. In particular, your Library can itself opt to provide a number of additional services, such as newsletters, online payment, etc. If your Library does this, then, as controller, it needs to provide you with the necessary information regarding the impact that the additional services have on your privacy. 

THE HOW AND WHY OF PROCESSING YOUR DATA

1. IN WHAT WAY ARE YOUR DATA COLLECTED?

A limited number of visitors’ data are stored when you visit your Library’s Library Website (Bibliotheekwebsite). This concerns anonymous or aggregated data (such as browser type, the operating system that you use, the pages that you visit on our website, etc.) on the one hand and your IP address on the other hand. This is explained in detail in the separate Cookie Statement, which you will find in the footer of this Library Website (Bibliotheekwebsite). The Cookie Statement also explains what you personally can do to (partially) prevent such data from being stored. 

When registering on the Library Website (once only), you must choose your Library and make a one-off link with your library membership and the Library System (Bibliotheeksysteem). From then on, you can login with a My Library (Mijn Bibliotheek) login by using the user name or email address and self-chosen password. In this way, you can always be correctly identified when you log in (and it will always be possible to verify, for example, if you are still a valid library member, and can therefore use the online services of your Library). In addition, your municipality, date of birth and gender (optional) may be asked within the framework of pseudonymised statistic analyses. 

Web forms can be used within the framework of subscription for/participation in your Library’s activities or events. A number of personal data that are intended to make it possible to administratively process your subscription will be used in this regard.

2. WHAT DATA ARE COLLECTED?

  • identity data: surname and first name; 
  • contact data: email address;
  • login data: user name and password;
  • personal properties: municipality, date of birth and gender (optional); 
  • library system data: library membership data, loan history (what was borrowed when, when it was returned and what was reserved), payment history (which amounts are still outstanding and which amounts were paid when);
  • Mylibrary-id: unique number that is generated and used within the framework of the authorisation process to be able to use your Library;
  • user activity log data, e.g. IP address;
  • communication preferences: message delivery preference, e.g., by email or letter, language preference and message preferences within the framework of direct marketing communication;
  • anonymous or aggregated data within the framework of the use of the website, e.g. browser type, the operating program used, pages visited (see also the Cookie Statement in the Library Website footer); and
  • lists containing favourite titles, which you made via the Library Website (Bibliotheekwebsite).

3. WHY ARE YOUR DATA STORED AND PROCESSED?

Your data are kept up to date and processed for the following purposes:

  1. identification and authorisation purposes,
    so that you can be correctly authorised in My Library (Mijn Bibliotheek);
  2. functional purposes,
    so that we can provide you with the Library Website (Bibliotheekwebsite) services;
    so that we can permanently optimise the website for the users; 
    so that we can notify you of functional or technical changes to the Library Website (Bibliotheekwebsite) that are important within the framework of the use thereof; 
  3. data exchange purposes,
    so that you can use the online services of your Library and the Library System (Bibliotheeksysteem);
  4. management purposes,
    such as user management by competent library employees and helpdesk by competent employees of Cultuurconnect or the IT suppliers (processors) of Cultuurconnect;
  5. logging purposes,
    such as registration of user activities for problem solving and auditing, and within the scope of optimising the service provision to you as user;
  6. statistical purposes,
    such as pseudonymised  generation and viewing of reports and statistics based on use from the perspective of your Library and from the supra-local (regional or Flemish) perspective;
  7. Communication and direct marketing purposes,
    such as communication concerning activities and services of your Library and of available library services and applications.

If you do not agree with the processing of your personal data within the scope of the purposes stated in point 7, then you can indicate this in various ways (for more details, see point 8).  

4. WHERE ARE YOUR DATA STORED?

All data that are collected within the framework of the use of the Library Website (Bibliotheekwebsite) are hosted on an external location within the EU in the scope of the IT suppliers’ actual management of the systems. 

Your data are not transmitted to third parties unless this is necessary for the intended processing (see above: role of your Library and role of the IT suppliers of the systems). Your data are not transmitted outside the EU.

5. HOW LONG ARE YOUR DATA STORED?

The data communicated within the scope of registration and login to the Library Website (Bibliotheekwebsite) are stored for a maximum of two years after the last time you used your My Library (Mijn Bibliotheek) login. 

The data communicated within the scope of the use of web forms are stored for a maximum of two years after the subscription has been administratively processed and completed. 

The anonymous or aggregated data and the IP address, collected through cookies within the scope of the use of the Library Website (see also the Cookie Statement in the footer of the Library Website), are stored for 26 months. 

This storage period enables us to perform adequate use analysis to optimise the Library Website (Bibliotheekwebsite), on the one hand, and to draw up pseudonymised reports and statistics from the perspective of your Library and from the supra-local (regional or Flemish) perspective, on the other hand.

6. WHAT HAPPENS IF YOU WANT TO USE ONE OF THE OTHER DIGITAL APPLICATIONS OF YOUR LIBRARY?

Cultuurconnect develops other digital applications (digital collections, reading tips, etc.) that are accessible via the My Library (Mijn Bibliotheek) login. Where your Library purchases the respective application from Cultuurconnect, you, as a library member, can use such application via your My Library (Mijn Bibliotheek) login. 

If you use these digital applications, then your library and mylibrary-id are transmitted to the application supplier, so that these can be used to grant you access to the application  and within the scope of the pseudonymised statistical analyses. Your user name and email address may also be transmitted if that is necessary with a view to, and only for the purposes of, functional communication that is required to use the application. 

If other personal data are requested or additional processing takes place within the scope of the use of digital applications, then your attention will explicitly be drawn to this in a supplementary privacy statement before logging in to the respective application. 

7. CAN YOU ENTER YOUR CHOICES REGARDING STORAGE OF YOUR LOAN HISTORY?

You can personally choose whether or not your loan history is stored, which means that you can see which titles you have borrowed. If you do not wish to store your loan history, the standard practice is that it is stored in the Library System (Bibliotheeksysteem) for a period of 90 days to facilitate proper functioning and efficient loan management (see also your Library’s user regulations). An overview of the copies lent enables one to verify who may have caused any damage, to assess penalty fines that have been contested by the loaner, etc. The loan history is automatically removed after such period has expired. You can communicate what you choose at your Library counter or you can tick off this option in the Loan History menu on the Library Website (Bibliotheekwebsite). This functionality is only available in the new Library System (Bibliotheeksysteem), of which the libraries are members (phased during the period 2019-2021). 

8. CAN YOU ENTER YOUR CHOICES REGARDING COMMUNICATION AND DIRECT MARKETING?

You may be sent the following communication:

  • Functional communication

Cultuurconnect can notify you of functional or technical changes to the Library Website (Bibliotheekwebsite) that are important within the framework of its use. 

  • Direct marketing communication 

Cultuurconnect can use your email address to send you communication regarding the Cultuurconnect activities, products and services (e.g. digital collections) to which your Library is subscribed. 

You can determine your choice regarding such messages at the moment that you create a My Library (Mijn Bibliotheek) login. If you do not/no longer wish to receive such messages, you have various possibilities of communicating this:

  • you can exercise your right to object (see below in “How do you enforce your rights?”);
  • you can indicate this via the Library Website (Bibliotheekwebsite) Profile menu.

Please note that you might also receive communication and newsletters from your Library. Your Library is personally responsible for this and your permission in this regard may have been obtained in another way (e.g. by accepting the library regulations). The fact that you indicate on the Library Website (Bibliotheekwebsite) that you do not wish to receive any direct marketing from Cultuurconnect does therefore not automatically have the consequence that you will not receive any newsletters from your own Library.   

In the future, your Library will be able to send your direct marketing communication via the Library System (Bibliotheeksysteem) marketing module. You will be able to indicate your message preferences through the Library Website (Bibliotheekwebsite) as soon as such system is operational.

HOW DO YOU ENFORCE YOUR RIGHTS?

You always have the right to do the following with, the personal data that you have communicated (subject to the conditions stated in the GDPR):

  • request and view (Article 15 of the GDPR) or transfer them (Article 20 of the GDPR); within that framework, you can obtain a complete export of your personal data in a structured, commonly used and machine-readable format;
  • (have someone) change or complete them (Article 16 of the GDPR), and
  • (have someone) erase them (Article 17 of the GDPR).

This can be done with regard to one or several of the above-mentioned purposes.

You also request to be completely removed from all databases. You are then “forgotten” and will not be contacted in any manner whatsoever.

You can (partially) exercise the above rights through the Library Website (Bibliotheekwebsite) or in full at your Library’s counter, on condition that you prove your identity.

In addition, you also still have the right to do the following:

  • request that the processing be restricted (Article 18 of the GDPR);
  • object to the processing (Article 21 of the GDPR).

You can also exercise your rights merely be sending a request by email to dpo@cultuurconnect.be. However, we do request that you prove your identity in this matter by means of a copy of (the front and reverse sides of) your identity card. 

Always mention the following in your request:

  • first name and surname of the person that you want to erase or change;
  • email address of the person that you want to erase or change;
  • precisely what personal data you want to view or request;
  • precisely which changes you want to make or precisely which data you want to remove;
  • where appropriate: what restriction you request of the processing;
  • where appropriate: the content of your objection, and the consequence that you wish to attach to it.

You will be provided with information regarding the consequence attached to your request within one month after the request has been received (subject to an extension of such period, in accordance with Article 12 of the GDPR).

DATA SECURITY

Cultuurconnect takes appropriate technical and organisational security measures to protect your personal data and to guarantee their reliability, availability and integrity.

Processing agreements based on the system of the “reference measures for securing every personal data processing” of the Privacy Commission (currently: Data Protection Authority) have been concluded with the Library Website (Bibliotheekwebsite) IT suppliers). Said processors are established within the EU and are contractually obliged to strictly respect the Cultuurconnect privacy policy and will only act as instructed by Cultuurconnect.

Anyone who is authorised on behalf of Cultuurconnect, your Library or the above-mentioned processors, has been adequately informed of the importance of protecting personal data and privacy and is obliged to keep such information confidential. 

IF ANYTHING GOES WRONG ...

We handle your personal data as carefully as possible and store them securely. 

If your personal data are spread due to data theft or data leaks, such fact cannot give cause for damage claims against us unless it is constituted that we were in default of providing an adequate security level.

COMPLAINTS

If, despite our preventive measures, you still have any complaints regarding our use of your personal data then you can contact dpo@cultuurconnect.be.

You will find more information regarding complaint procedures on the Flemish Supervisory Commission.

AMENDMENTS

This Privacy Statement may be changed. We amend the rules and conditions to protect your privacy as well as possible and to handle your personal data transparently. It is therefore advisable to regularly have a look at it. The most recent amendment dates back to 9 December 2019.

View and download the pdf