1. PURPOSE AND LEGAL GROUNDS FOR THE PROCESSING OF YOUR PERSONAL DATA
Ghent University Library is a heritage library, as established in the Heritage Decree. As part of the collection documentation process, all lending transactions are tracked, which includes online click behaviour on the website, lending data and information about document consultation in a reading room. Reports on this data to, for example, the Flemish Government always occur at an aggregated level, so that individuals are not directly identifiable.
The personal data provided by you or through your Ghent University Account will be processed in accordance with the Ghent University Library Regulations, so that you are able to make use of our services and we can monitor and report the use of our collections. We distinguish three categories of users:
Users with a Ghent University Account, such as students and employees, can use the services of the Ghent University Library without additional registrations. Your Ghent University Account is automatically activated and deactivated in the library systems of the university.
Users of other research and educational institutions, such as the Ghent University Association, and interested third parties can use the services of the University Library if they register beforehand.
Unidentified users can visit the libraries of Ghent University and consult the collections made available on open shelves. The websites of the Ghent University Library can also be used on the open internet.
The processing of your personal data will always be done with the utmost attention and care and solely with a view to providing our library services, both online at lib.ugent.be / aleph.ugent.be / libservice.ugent.be / libadmin.ugent.be and in any library at Ghent University.
We are allowed to process your personal data because (i) you give us your consent to do this when creating an account and / or registering, (ii) these processing operations are necessary for the execution of the loan agreement which you are a party of, and (iii) certain processing operations are necessary to be able to pursue our legitimate interests (such as keeping our collection documentation intact).
2. WHO IS RESPONSIBLE FOR THE DATA PROCESSING AND HOW CAN YOU CONTACT US?
Ghent University is responsible for the processing of personal data. For questions, comments or suggestions about the processing of your personal data, please contact the Ghent University Library at email@example.com or the Data Protection Officer of Ghent University at firstname.lastname@example.org.
The library services are provided by the library staff of the Faculties and the Central Administration of Ghent University. They can be assisted by external employees, consultants and suppliers, who respect the same or an equivalent code of conduct as the staff of the Ghent University Library.
3. WHICH PERSONAL DATA ARE PROCESSED?
When you sign up to use the library services, the following information is collected: your name, date of birth, e-mail address, domicile address and a start / end date. You can also choose a “home library”. If you don't, the Book Tower will be used by default.
For users with a Ghent University Account, such as Ghent University students and staff, the work address, the work telephone number and the job function and department are also collected. If the end date of your Ghent University Account is less than a year away, that date will also be used in the library systems, for example, to determine an appropriate lending period.
If a work is not available on an open shelf, you can request a loan or scan and will be kept informed by e-mail. When you lend items, you will regularly receive an e-mail with the status of your loan and any upcoming deadlines. Our library systems keep track of the progress in your request file and all steps to be followed.
If you wish to receive SMS notifications for a specific request, you can provide a mobile number. That mobile number is only used for that one request by an automated system.
When you visit a website of the Ghent University Library, your visit is registered by us in two ways:
The web server itself receives all clicks to be able to show you the correct information. The technical server log of these clicks contains only your IP address, and no other personal data.
In your web browser (e.g., Firefox), your clicks are also registered by us for the sole purpose of conducting usage analyses and determining the improvement potential of our websites. For the websites of the Ghent University Library, these clicks are processed by Hotjar and Google Analytics, without these external systems, for example, seeing your actual IP address. This click stream is instantly anonymized by us before sending it to them.
For its library services, the Ghent University Library does not process any special personal data categories (“sensitive data”) that reveal racial or ethnic origin, political views, religious or philosophical beliefs, or union membership, nor does it process genetic data, biometric data for the unique identification of a person, or health data, or data related to a person's sexual behaviour or sexual orientation.
If you lose valuable items, such as a wallet or a Ghent University access badge, and these are brought to a library counter, the Ghent University Library can try to contact you, for example, using the information available about you in the found item.
4. WHO HAS ACCESS TO YOUR PERSONAL DATA?
The employees of the Ghent University Library, both in the Faculties and in the Book Tower, have access to the collection documentation and the lending transactions (i.e., the current as well as past requests), which contain your personal data. This right of access only applies for the purposes stated in this privacy statement.
Employees of the Book Tower who are in charge of technical support for the library systems can view all personal data on a strict need-to-know basis, including data processing that is managed entirely by machines.
If you request a document delivery from another library (“Interlibrary Loan”), your personal data will not be sent to the supplying library.
If you request to collect the items from a library lending machine, your e-mail address will be passed on to BPost, which manages the Cubee lending machine and will provide only you with the secret access code via an automated system.
The Ghent University Library ensures that your data is not passed on to third parties, except in the cases mentioned above, if you have given prior consent or if the access, use, retention or disclosure of your personal data is reasonably necessary (e.g., to comply with the applicable rules and regulations, to detect technical or security issues and to protect the rights, property or safety of the Ghent University Library).
5. FOR HOW LONG WILL YOUR PERSONAL DATA BE PROCESSED?
Your personal data is processed in order to provide library services and develop our collection documentation, in which all lending transactions are stored. All personal data used to register lending transactions will be retained indefinitely, even after your activities have ended. For this, we rely on the legitimate interest as a legal basis to be able to guarantee a conclusive collection documentation process.
Anyone with a Ghent University Account can use the services of the Ghent University Library without any additional registrations. This means that your Ghent University Account is automatically activated in the library systems. If you do not have any lending transactions, your data will also be automatically removed from the library systems when your Ghent University Account is deactivated.
Click streams from our websites are tracked in raw form on the server for up to 3 months and then anonymized for further processing.
6. SECURITY OF YOUR PERSONAL DATA
The Ghent University Library takes the appropriate technical and organizational measures to protect your personal data against any form of loss or unlawful processing.
All employees of the Ghent University Library, both in the Faculties and in the Book Tower, respect the Generic Code of Conduct for the processing of personal data and confidential information (approved on 18 May 2018 by the Executive Board of Ghent University) and have access to online manuals to support them in the correct use of your personal data.
7. WHICH RIGHTS DO YOU HAVE WITH REGARD TO THE PROCESSING OF YOUR PERSONAL DATA?
When we collect and use your personal data, you enjoy a number of rights that you can exercise as described below. Please note that if you wish to exercise a right, we will ask you for a proof of identity. We do this to avoid a personal data breach, for example, because an unauthorized person acts as you and exercises a right in your name.
You have the right to access your personal data, which means that you can ask us to provide you with information about the personal data we hold about you. You can even request a copy of your personal data. Please note that you must indicate for which processing activities you wish to have access to your personal data. If you repeatedly make the same request and cause obvious inconvenience, we may refuse these successive requests or charge you an administrative fee to cover the costs. We can also refuse or only partially grant you the right to access your personal data, if such access could disproportionately damage the rights and freedoms of others, including those of Ghent University.
You have the right to request that we correct your personal data if you can demonstrate that the personal data we process about you is incorrect, incomplete or out of date. Please indicate in which context we use your personal data, so that we can assess your request quickly and accurately.
If we have requested and obtained your consent to collect and use your personal data, for example, to send you newsletters, you always have the right to withdraw this previously given consent.
You can request that we delete your personal data if it is no longer needed for the purposes for which we collected it, if it was unlawful to collect it or if you have successfully exercised your right to withdraw your consent or your right to object to the processing of your personal data. If any of these circumstances apply, we will delete your personal data immediately, unless legal obligations or administrative or court orders prohibit us from deleting your personal data.
You can ask us to restrict the processing of your personal data in the following circumstances:
- while we assess your request to correct your personal data;
- while we assess your objection to the processing of your personal data;
- if such processing was unlawful, but you prefer a restriction to a deletion;
- if we no longer need your personal data, but you need it for the establishment, exercise or defense of legal claims.
If we are processing your personal data for the purposes of our own legitimate interests, in other words, you have not given us consent and we do not need it for the execution of an agreement or to comply with legal obligations, you have the right to object to our processing of your personal data. If our interest relates to direct marketing, we will immediately grant your request. For other interests, for example, our security interests, we ask you to describe the specific circumstances that give rise to the request. In this case, we will weigh your circumstances against our interests. If this consideration leads to your circumstances outweighing our interests, we will stop processing your personal data.
If we collected your personal data based on your consent or because it was necessary for the execution of an agreement with you, you have the right to obtain a copy from us in a structured, widely used and machine-readable format. This right only applies to the personal data that you have provided to us.
If you would like to exercise any of these rights, please send us an e-mail at email@example.com or visit the information counter of the Book Tower.
You can rest assured that we will not interpret an e-mail from you stating that you wish to exercise a right as your consent to the processing of your personal data beyond what is necessary to process your request. A request must clearly state and specify which right you wish to exercise. Always indicate in which context we have obtained your personal data, so that we can process your request quickly and with care. Your request must also be dated and signed, and accompanied by a digitally scanned copy of a valid identity card proving your identity. We will immediately notify you of the receipt of this request. If the request proves to be well-founded, we will inform you as soon as possible and no later than 30 days after receipt of the request.
If you have a complaint about the processing of your personal data by Ghent University, you can contact the Data Protection Officer of Ghent University at firstname.lastname@example.org. If you are not satisfied with our answer, you can file a complaint with the competent data protection authority, namely the Belgian Data Protection Authority and / or the Flemish Supervisory Committee.
8. AMENDMENTS TO THE PRIVACY STATEMENT
This privacy statement can be amended if new or modified services or functionalities are available and / or to continue to comply with the applicable rules and regulations.
If the privacy statement is amended, this will be mentioned in our e-mails and a link to the amended privacy statement will be included.