Register description

The following is a description of which personal data is handled at Nordic Culture Point and in which ways the data is handled. In its data protection policies, the Nordic Culture Point complies with Finnish legislation and the general EU data protection regulation (GDPR), 2016/679.

Contact person for the registers

Fredrik Lundin
IT Advisor
PB 231, FI-00171 Helsinki
fredrik.lundin@nordiskkulturkontakt.org
+358 10 583 1004

Purpose of the registers

Nordic Culture Point collects and processes personal data:

  1. in order to maintain a borrower register and manage the library’s customer relations,
  2. when arranging events and meetings, and for the payment of fees,
  3. to document the business. The material may be used in Nordic Culture Point’s annual report, on the website, in social media and other digital marketing, for internal needs (e.g. presentations), and for future archiving,
  4. to send information to subscribers to our newsletters, and
  5. in connection with camera surveillance at the library. The purpose of camera surveillance is to: protect property, protect customers and staff, prevent crime, and help solve any crimes that do occur.

Names of the registers

  1. Borrower register for the Nordic Culture Point special library
  2. Administration of Nordic Culture Point’s digital survey system
  3. Nordic Culture Point media archive
  4. Nordic Culture Point newsletter
  5. Nordic Culture Point camera surveillance

Data content of the registers

  1. Borrower register
    • Borrower’s name, address, gender, phone number, and e-mail address
    • information on the borrower type for borrowing functions
    • information on the borrower’s mother tongue and communication language for customer service purposes
    • library card number and borrower ID
    • password (pin code) for identification
    • civil registration number
    • information about the borrower’s current loans
    • information about the borrower’s current reservations
    • information about the borrower’s unpaid fees
    • information about outdated contact details, any powers of attorney, contact details of guardians, and measures taken due to unreturned loans and unpaid fees, as well as notification settings, registration date, and most recent loan date

    The following are used as data sources:

    • information provided by the borrower and stored on the computer system
    • public address and phone number services
    • information stored through the library’s activities

    The borrower is responsible for giving notice of any changes. In the event of the need for recovery measures, address information can be checked via the Finnish Population Registry Centre

  2. Digital survey systems (data collected through/using the web services Webropol, Zoom, Microsoft Teams, Microsoft Forms or Zef). The information collected depends on the purpose of use but may be:
    • Personal data (first name, surname, organisation, supervisor, address, e-mail address, phone number, civil registration number, country, allergies, dietary requirements)
    • Bank details (only for payment of fees)
    • Employment and positions of trust
    • Events
  3. Media archive
    The register contains pictures and video material created during Nordic Culture Point’s events or to document the organisation’s other activities.
  4. Newsletters
    E-mail addresses and names (collected through/using the web service Mailchimp)
  5. Camera surveillance
    The register contains recorded visual material created by way of surveillance cameras located in the Nordic Culture Point library.

Regular submission and transfer of data within the EU or EEA

  1. Borrower register
    • The borrower’s personal data, loan data, and payment data can be transferred to third parties for invoicing and recovery.
    • Borrower information, the borrower’s personal data, loans, and reservations are displayed but not stored when logging into the online library. Borrower card number, pin code, and e-mail address are stored in the online library.
  2. Digital survey systems
    Information can be transferred to third parties for the administration of events, invoicing, and the payment of fees.
  3. Media archive
    No personal data is regularly disclosed or transferred from the register.
  4. Newsletters
    No personal data is regularly disclosed or transferred from the register.
  5. Camera surveillance
    Material is only transferred to an authority when investigating a crime.

Principles for the protection of the registers

  1. Borrower register
    1. Manual material
      The forms with borrower information that the borrower filled in are destroyed once the information is entered into the digital library system
    2. Computer-stored material
      The borrower register is used by Nordic Culture Point’s staff and by the computer planners who are responsible for maintaining the library system to the extent that their tasks require.
      The server that contains the borrower register is located in premises monitored by Axiell Finland Oy. Operations personnel have the right to use the server.
  2. Digital survey systems
    The right to use the register is limited to Nordic Culture Point’s staff. Staff have personal user accounts that are protected with usernames and passwords. The user account is deleted once the employment relationship with Nordic Culture Point ends.
  3. Wepbropol Oy, Zoom Inc, or Microsoft act as service providers. The register is maintained on the service providers’ servers. The service providers are responsible for the maintenance and security of the tool. Nordic Culture Point and the service providers have drawn up a data processor agreement.
  4. Media archive
    Material is stored on Nordic Culture Point’s Azure virtual server, which is protected with a password. Only Nordic Culture Point’s staff have access to the register. A backup is made on a server located on Nordic Culture Point’s premises. The material is saved indefinitely.
  5. Newsletters
    The right to use the register is limited to Nordic Culture Point’s staff. Staff have personal user accounts that are protected with usernames and passwords. The user account is deleted once the employment relationship with Nordic Culture Point ends.Mailchimp serves as a service provider. The register is maintained on the service providers’ servers. The service providers are responsible for the maintenance and security of the tool.
  6. Camera surveillance
    Material is stored on Nordic Culture Point’s own server, which is protected with a password. Only Nordic Culture Point’s IT staff have access to the register. The material is saved for 30 days.

Transfer of data to non-EU or non-EEA countries

Not transferred

Right of access

Under §26 of the Swedish Personal Data Protection Act, everyone has the right to know which data has been stored about them in the personal register. The data subject can check some of the information in the library system’s online library themselves. The data subject may request, in writing, a review of their data.

Correction of data

The data controller has a duty to, without undue delay, on their own initiative or at the request of the data subject, correct, delete, or supplement personal data in a personal register which, in view of the purpose of its processing, is incorrect, unnecessary, deficient, or obsolete (§29 of the Swedish Personal Data Act).

The data subject has the right to request that incorrect data be corrected. The library can delete borrower information that has not been used for a long time. The material in the camera surveillance system is deleted automatically after 30 days.

The data subject can notify Nordic Culture Point of a change to their personal data by writing to Nordic Culture Point, PB 231, FI-00170 Helsinki, Finland or e-mailing gdpr@nordiskkulturkontakt.org.

The borrower can notify Nordic Culture Point or the library of a change to their contact details by writing to Nordic Culture Point, PB 231, FI-00170 Helsinki, Finland, by e-mailing bibba@nordiskkulturkontakt.org, or by logging in and changing their details in the online library.