Päivitetty: 30.3.2023

Information from the controller to the data subject.
EU General Data Protection Regulation (2016/679), Articles 13 and 14


This is a joint register of customers of the libraries of Päijät-Häme cities and municipalities (Asikkala, Hartola, Heinola, Hollola, Kärkölä, Lahti, Orimattila, Padasjoki and Sysmä).

Contact person for matters concerning the register

Service Manager Riku Lehtimäki
Heinola City Library
tel. 044 469 4374

Leena Lähdesmäki, Library Officer in charge
Lahti City Library
Kirkkokatu 31, 15140 LAHTI
tel. 044-4163235

Data Protection Officer

City of Lahti Data Protection Officer / tietosuoja@lahti.fi
Data Protection Officer of the City of Heinola / tietosuojavastaava@heinola.fi

Purposes and legal basis for the processing of personal data

The customer register is used for the library’s customer service activities, loan control, collection of materials, self-service activities and for collecting statistical, monitoring and planning data on library services.

The processing of personal data is necessary to fulfil a statutory task (Act on Public Libraries 1492/2016). When applying for a library card, the customer gives his/her consent to the processing of his/her personal data or the personal data of persons under 15 years of age who are responsible for the library card.

Software robotics is used for the processing of personal data. The software robot stores the application on the City of Heinola’s server, where the applications are kept for 1 month. The robot stores the application data in the Aurora customer register of the Lastu libraries. If the customer data is already in the register, the data will be updated.

What personal data is collected and processed

  • Customer data: customer ID number, name (surname and first name), personal identification number, date of birth and contact details (address, telephone number, e-mail address), language of use, responsible person data for customers under 15 years of age and community customers, bans, customer group, home unit
  • Library card: number and pin code, date of last modification or use, expiry date of library card
  • Method of sending customer mail (pick-up, late and due date notifications, invoices)
  • Loan control transaction data: information on materials on loan, valid reservations, outstanding overdue and other charges, library car parks used by the customer, lending bans, self-help library bans, loan history if the customer wants his/her loans to be recorded
  • Customer-related messages
  • The information on the home library service customer also includes the information necessary for the implementation of material transport, permission or refusal to record the preferences of the customer, i.e. the customer profile and the loan history

Recipients or categories of recipients of personal data

Persons responsible for library services in Asikkala, Hartola, Heinola, Hollola, Kärkölä, Lahti, Orimattila, Padasjoki and Sysmä.

Data security measures

Personal data from the library card application and the customer register of the Lastu libraries can only be processed by library staff whose job duties include the processing of personal data. The libraries’ Aurora system is logged in with a personal user name and password. User logs are stored for the viewing and processing of personal data in the system.

Library card applications are processed by a software robot which, according to its programming code, stores the application data in the libraries’ Aurora system. The robot logs into the program with its own user name and password.

Retention period for personal data

The customer’s personal data are stored for as long as the customer wishes to use the library card services or for as long as the libraries are legally entitled to collect their claims from the customer.

Libraries may delete customer data from the customer register if it is deemed appropriate due to the lack of use of the services. At the same time, customer data will also be deleted from the Lastu online library. The customer’s borrowing data will be kept for 60 days in the volume-specific borrowing history.

Library card applications are kept in a temporary storage for 1 month, after which the applications are destroyed.

Rights of the data subject and requests relating to rights

The data subject has the right to inspect his/her data in the register. The data subject has the right at any time to request the correction or deletion of his/her data from the register. If you have any questions about the processing of personal data in the Lastu Libraries’ customer register, you can contact the contact person indicated above.

If you wish to make a request for information, please contact the contact person named above.

Transfers of personal data outside the EU/EEA

Data will not be transferred outside the EU/EEA.

Automated decision-making or profiling

No automated decision-making or profiling.