Library, publications, language services

This privacy notice applies to personal data processed in the Library, Publication, and Language Services of South-Eastern Finland University of Applied Sciences Ltd.

Updated 30.6.2023

This document is based on Articles 13 and 14 of the European Union’s General Data Protection Regulation (GDPR) and the Data Protection Act 1050/2018.

South-Eastern Finland University of Applied Sciences

P.O. Box 68 (Patteristonkatu 3)

50101 Mikkeli

Business ID: 2472908-2

Responsible for the Library, publications, language services information group

Pekka Uotila, Manager

050 312 5087

firstname.surname@xamk.fi

Data Protection Officer

Pekka Uotila, Manager

050 312 5087

tietosuojavastaava@xamk.fi

Personal data is processed for the purposes of customer service and in order to complete other tasks assigned to the Library, Publication, and Language Services.

The Library Services are entitled to use personal data in tasks related to, for example:

  • lending, customer service, distance loans, acquisition of materials, invoicing, and management and improvement of customer relationships, including customer communication
  • production, development, and quality assurance of services
  • monitoring and analysis of the use of services and materials
  • monitoring of use, e.g., camera surveillance and self-service library service

In relation to publication activities, publication data gathering, publication archiving, and services of open science and research, Xamk may use personal data e.g., for the following purposes:

  • management and improvement of customer relationships, including customer communication
  • production, development, and quality assurance of services
  • publication statistics and reporting

In Xamk’s language services (editing and translation), personal data and materials submitted for translation may be used e.g., for the following purposes.

  • management and improvement of customer relationships, including customer communication
  • production, development, and quality assurance of services  

The processing of personal data is based on the following:

  • a necessity for the performance of a task carried out in the public interest (Article 6.1 e)
  • for the performance of a contract (Article 6.1 b) or
  • consent given by the data subject (Article 6.1 a).

According to the Data Protection Act, personal identity numbers may be processed, for example, in renting and lending activities and debt collection (Section 29). For personal identity numbers, processing is based on the necessity to reliably and unambiguously identify the data subject to ensure their legal protection, best interests, rights, and responsibilities (Section 29).   

Agreement is mandatory, for example, for writers publishing in Xamk’s publication series who are not Xamk staff members. Consent is required, for example, from Xamk staff members publishing in Xamk’s publication series and holders of the parental responsibilities for children under 15 years of age. Publication activities are carried out in collaboration with contractual cooperation partners.

The Library, Publication, and Language Services process the personal data of Xamk staff and students and external customers.

Personal identification data

  • names
  • personal identification number or date of birth
  • contact information: address, email, phone number
  • library card number and ID
  • Xamk network username

Customer data entries

  • loans
  • reservations
  • distance loans
  • payments
  • validity and duration of customer relationship
  • notes
  • billing data
  • network printing data (students, staff)
  • date and time of customer data entries
  • sent and received messages

Statistical data

  • customer group
  • statistical group
  • statistical data

Camera surveillance data

  • continuous recording and recordings
  • for a more detailed description of the processing of personal data, see the privacy notice for Xamk’s camera surveillance systems.

Personal data related to publication activities

  • preliminary form for publications: the authors’ first and last name, email, basic information about the publication proposal, invoicing information, contact details (name and email) of possible expert readers, and other information related to the publication
  • publication agreement and consent: the author’s first and last name, email, and title of the work to be published
  • reviewer’s statement: the reviewer’s name, position, email, and relation to the manuscript and its authors, the manuscript’s authors and title, review text, and information on whether the manuscript is accepted or rejected.
  • editing request: the manuscript’s author and email and details about the publication.
  • training courses and event registration: depending on the nature of the event, e.g., first and last name, email, and field

 Information related to publication data gathering

  • basic information about the author: first name, last name, unit
  • information about the publication: title, publication type
  • general publication data: year of publication, number of authors, organisation’s authors (first name, last name, unit, ORCID ID)
  • other bibliographic and metadata concerning the publication
  • author information in publication incentive notifications: the publication’s ID in the Justus service, publication type, title, the author’s first and last name, number of publication points, the author’s unit, and incentive amount
  • author’s information concerning self-archiving: first name, last name, title of publication and publication series, publication type, the author’s consent to self-archiving, the version of the publication submitted by the author

Personal data related to language services

  • internal language services: first and last name, unit, and email of the person ordering the service; Text type, number of pages, title, place of publication, deadline, material submitted for translation
  • external language services: first and last name, unit, and email of the person ordering the service; Text type, number of pages, title, place of publication, cost centre, and price

Personal data is disclosed, if necessary and in accordance with the intended purpose, to e.g.,

  • The debt collection agency used by the South-Eastern Finland University of Applied Sciences
  • Ministry of Education and Culture
  • The National Library’s Finna service
  • CSC – IT Center for Science Ltd
  • Mikro-Väylä Oy (e.g., self-service points for borrowing and returning, self-service library system)

The library system is part of an open consortium, but only the National Library has access to personal data necessary for technical support.

Personal data is also disclosed to Arene ry’s (the Rectors’ Conference of Finnish Universities of Applied Sciences) Theseus publication system, publication archive, and Theseus service as a whole and, in terms of data recorded into the Edufication service, to Tammi Digital Oy.

Publication data is saved through the JUSTUS publication data service provided by CSC, which requires an Eduuni ID account to log in. Data saved in the Eduuni service includes the employee’s name, identifier (UID), email, organisational domain, organisation identifier, and role (Eduuni-ID Privacy Policy). The data is saved through the VIRTA publication information service to a research data resource, from which it is published in the Research.fi service administered by CSC.

Language services which cannot be carried out internally or which the ordering party requests to be carried out externally are acquired from the language company Lingsoft. Confidentiality and privacy policies of Lingsoft’s services are based on the agreement between Xamk and Lingsoft.

If there are official requests for clarification or information concerning the processed matters, personal data may also be disclosed in response to these if the nature of the matter in question so requires.

Data is disclosed for internal use, reporting, and operations management of the South-Eastern Finland University of Applied Sciences, necessary data is transferred to Xamk’s database.

Xamk does not transfer personal data to countries outside the EU or EEA.

However, Xamk provides Microsoft services, such as email and cloud storage space (OneDrive), for the use of staff and students. As a rule, Microsoft processes data in the EU/EEA and in regional data centres. Microsoft is committed to complying with the EU General Data Protection Regulation. Microsoft’s Privacy Statement can be found at: https://privacy.microsoft.com/fi-FI/privacystatement

Data is stored in accordance with the storage periods defined in the data management and filing plan of the South-Eastern Finland University of Applied Sciences.

Personal data is erased from the library system

  • on the customer’s request if the customer has no loans or pending payments
  • preliminary information provided by the customer is erased within a year if the customer has not activated their card during this time
  • if there have been no customer data entries for four years
  • if the validity of customer data has expired.

In publication activities, personal data that is not archived is stored as follows:

  • In terms of data related to daily publishing activities, as long as it is needed. Unnecessary data is deleted twice a year.
  • Personal data collected for the purpose of publication data gathering is stored from a period of three previous years in addition to the current year.

Texts submitted to language services for translation and their translations are stored in the Wordfast translation memory software to improve the quality and consistency of translations as long as necessary. Unnecessary data is deleted once a year.

The data subject has the right to

  • know whether their personal data is processed or not have access to the personal data that has been processed
  • demand a rectification of incorrect data for a justified reason. The demand for rectification must specify the personal data the data subject wants to be rectified.
  • request for their personal data to be erased
  • under certain circumstances, request a restriction on the processing of their personal data
  • under certain circumstances, object to the processing of their personal data

The data subject has the right to request for the personal data which they have provided to be transmitted from one controller to another in a machine-readable format. The processing of data must be carried out by automated means, and data will be transmitted where technically feasible.

Whenever the controller is processing personal data based on a data subject’s consent, the data subject has the right to withdraw their consent. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. The withdrawal of consent may, however, affect the usability and functionality of the service.

If the data subject regards the processing of their personal data as unlawful, they have the right to lodge a complaint to the Data Protection Ombudsman. The complaint is addressed to Data Protection Ombudsman at https://tietosuoja.fi/en/home.

Personal data is processed on the grounds of customer relationship management. Personal data is required for access to the library services.

Customers may disclose personal data for the use of library and publication activities through e.g., the following applications/services: Tuudo Oy (mobile card), Turnitin LLC (plagiarism checker). Students’ contact details may be checked and updated from the student administration system.

Personal data of staff is collected from Xamk’s publications and telephone directory for the purposes of publication data gathering.