University of Szeged Klebelsberg Library * 2018
v2.5 – 07-05-2018
In the following document you will be informed about the guidelines of the University of Szeged Klebelsberg Library (hereinafter referred to as Library) in connection with the management of the users’ (patrons’) data. These data are generated by acquiring Library membership through registration, by data movements associated with this process, furthermore, by the use of the services of the Library’s homepage or any other document providing services (e.g. repositories). This document also deals with similar concerns and problems arising from digitised data (earlier documents). If there are detailed regulations on certain services, they are available on the website of the given service.
Our Library pays particular attention to carry out data management in accordance with the Act CXII of 2011 on the right to information self-determination and freedom of information, with other pertinent legislation and according to the established practices of data protection in the course of the activity of the Hungarian National Authority for Data Protection and Freedom of Information. Our Library takes into consideration and applies those issues which were defined by the Regulation 2016/679 (the General Data Protection Regulation, abbreviated as GDPR) of the European Parliament and Council and of course, regards the University of Szeged’s currently in force Policy of Data Protection and the Knowledge and Publication of Data of Public Interest as a guidance. The Library has its own Privacy Policy Statement covering the whole range of data management and protection. The Privacy Policy Statement of the University of Szeged Klebelsberg Library involves this document, as well.
Users’ data
By using the Internet services of the University of Szeged Klebelsberg Library, you may hand us over some of your personal data. We pay particular attention to manage your personal data only with the consideration of the spirit and the letter of the above mentioned acts and regulations, and only to a necessary and sufficient extent.
The Library can acquire your personal data (namely, data which can be associated with you) through the following ways:
- If you register to the Library, only your strictly necessary data are stored in our computer system in order to establish a link between them and your various authorizations, such as entering the Library, loaning, using WiFi, etc.
- You can log into our different web services with your user ID and password formerly obtained through registration.
- By using our public computers, which are equipped with Internet in the reading areas and the computer labs.
- If you use our proxy server and change certain settings of your web browser.
- “Traces” of technical data in association with your computer, web browser, Internet domain and the visited webpages are intermittently and automatically generated on our servers.
- And if you wish to get in touch with us, while using our services, you also have the opportunity to give us your name, address or any other data.
Web services
In the course of the development and operation of our web services, an effort was made to reach that your personal data’s management is only allowed to an extent necessary for the use of the homepage’s services (due to the given authentication). This management should be in accordance with your instructions and at the same time, should entirely comply with the operative legislative provisions. When you visit our homepage, the date of the visit and in some cases – depending on the settings of your computer – the type of the browser and operating system are automatically recorded, as it is usual in the case of networks. The system then automatically generates statistical information from these data. The Library establishes a link between these data and the existing personal data directory only to an extent which is absolutely essential for the service but this rarely occurs. This type of data management ensures – beyond the web-based mechanisms – the continuous contact between the registered users using the services of the web page and the controllers, in addition, it also accommodates public opinion polls. In this way, data management has either statistical purposes or aims at a certain service acquisition. The Library by no means use the formerly obtained personal data for purposes other than indicated and does not give them to a third party (except for in the cases of particular police requests, when data are given directly to the authorities).
The operation of the homepage and the management of the visitors’ data are accomplished by the Library, the resulting data are not given to a third party, except for the above mentioned joint controllership.
Identification data
Our data management is considered to be – as specified in GDPR – a joint controllership, since data on enrolment are received from university units operated by the corresponding bodies of the university (in accordance with the approval of the university citizen completing the registration form). The database containing our patrons’ data enables these personal data to serve as a background for data validation for informatics authentication services (EduRoam and EduID). (These services are requested and possessed by the user in all cases.) The scope of duties and responsibilities in connection with joint controllership is determined by the agreement (regulation) between the controllers. Therefore, the responsibility for data management is divided between them. In this respect, the user can exercise his/her rights under GDPR against every controller. We would like to emphasize the fact that every controller works at the university and is regulated in accordance with the same university legislation.
Your data associated with visiting the Library’s website or its online services can be accessed only by our staff members and only to an extent necessary for the fulfilment of their tasks, supplying your acquired services or answering any of your questions and observations.
The right to one’s own data
The person concerned shall exercise his or her rights to data management extensively. In justified cases (s)he may request personally, or with a proof of identity, in accordance with the applicable laws the following: a) information regarding the management of his or her personal data, b) rectification of his/her personal data, c) deletion or blocking of his/her personal data.
Every individual shall be entitled to request information on the following: the personal data concerning him or her managed by the Library; the sources of the aforementioned personal data; the legal base, the duration of use, and the purpose of the aforementioned personal data processing; the name and address of the data processor, as well as the activities related to the personal data management; the circumstances, effects and the preventive measures taken in the event of any privacy incident; the legal base, and the recipient in the event of any data transmission.
The Library shall provide the requested information in writing as soon as possible, and not later than 25 days after receiving the request. Only in cases specified in the „Privacy Act” (Act CXII of 2011 on Informational Self-determination and Freedom of Information) may the Library refuse to provide the requested information. In this case the Library shall inform the person concerned in writing about the applicable law regarding the refusal of providing the information, and the legal remedies available to him or her at the same time.
The personal data shall be deleted in the following cases: a) the processing of the personal data is unlawful, b) the person concerned requests to erase his or her personal data, c) the concerned personal data are incorrect or incomplete, and remedies are not applicable, d) the purpose of the personal data management has ceased, or the storage of the personal data has expired, e) the deletion has been ordered by the court, the Hungarian National Authority for Data Protection and Freedom of Information, etc.
Data Security
The Library stores personal data on its own, locally operated servers, which are under safekeeping 24/7, and stored on the Hungarian Higher Education and Research Spine-network. We use mass-storage devices provided by the Governmental lnformation Technology Development Agency on the same network for backing up the contents of the databases (not the personal data themselves!). During the process of the aforementioned joint data management, the data movements shall be effected through the university’s internal network, or on the aforementioned Higher Education and Research Spine-network in exceptional circumstances.
Data related to the supplied content:
Regarding the publication of distinct digital or digitised information, the Library pays special attention to meet the challenges of publishing information with great value and public interest, meanwhile observing the copyright laws, too. In this context, the Library aimed to establish their services with the best of intentions, regarding the public weal and in general, carrying out the procedures carefully.
Therefore, our Library’s objective was to create these services with the consideration of the spirit and the letter of Law LXXVI of 1999 currently in force. In the case of digitised information, the authors of the respective published items are generally copyright protected. From other points of view, this arranged registration of the given information can be qualified as a database having been created at great expense. In this way, its original producer, usually the publisher and its successors or even the Library, has the right to produce a database, parallel with the copyright protection. In this sense, (s)he is the person who has the right to supervise all the digital publications.
Apart from these considerations, there can be further observations (not necessarily with copyright aspects). Although the already written and published content cannot be altered ex post facto, we understand if you have any remarks on this new possibility of publicity or if you want to raise objection to you or your family being concerned. If you have any similar or other questions with legal aspects, do not hesitate to contact us. Your written requests reasoned by law will be inspected by our professionals, who will inform you about all possibilities.
The Library’s websites and any of its contents (written, auditory, visual or its arrangements) are under copyright protection. Any redistribution or reproduction of a part or all of the contents in any form – which goes beyond personal usage – is prohibited without the Library’s expressed written permission. Please note that any use of the materials on the website, in a manner contrary to the above stated, may have binding legal consequences under copyright, civil or criminal law.
Third-party websites
Please note that the Library’s website contains links to third-party – different institutions’, firms’ and other organizations’ – websites. We do not take responsibility for the contents or privacy practices of any linked site. You should investigate the data protection policy of the organization operating these third-party websites before proceeding them.
Contact and Information
Should you have any questions, remarks or notifications related to the above mentioned issues or should you like to share your opinion with us, please feel free to contact us. If you require to get further information about the management of your data, please write us an e-mail, give us a call or send us a letter by post. (Please use our dedicated email address for related questions: dataprotection@ek.szte.hu)
We at the Library believe, by giving emphasis to the self-determination of personal data, and the increase in the transparency considering the legal state of our provided digital contents (especially in an online/virtual environment) will ensure the security of the rights of the individuals and increase trust in the respective data controller. We consider the efforts to implement it to our approach and daily practice to be genuinely valuable in the long run.