Data protection conditions

1.1 Tallinn Central Library processes personal data to the extent necessary to achieve the purposes for which the personal data are processed, in compliance with the Personal Data Protection Act. When processing personal data, the Tallinn Central Library complies with the Public Library Act, the Public Information Act, the Public Library’s Manual of Organisation of Work, the Regulations for the Use of the Tallinn Central Library and other decrees regulating the use of the library’s services, and the data protection conditions of the City of Tallinn.

2.1 Registration as a reader is governed by the Rules for the Use of Tallinn Central Library.

2.2 The personal data of the reader is obtained by the Tallinn Central Library (hereinafter the Library) from the reader. The Library obtains the personal data of the ward (reader) and his/her legal representative (parent/guardian) from the legal representative of the ward.

2.3 The personal data of a person under the age of 18 and his/her legal representative shall be submitted to the Library by the legal representative of the person on a consent form. The consent form is published on the Library’s website.

2.4 When registering as a reader, the person and, in the case of a person under 18 years of age, the parent or legal guardian, in accordance with sections 2.1 and 2.2, shall provide the following information in order to be able to borrowing to home:

1) first name and surname;
2) personal identification number or, in the absence of a personal identification number, date of birth;
3) place of residence (postal address);
4) telephone number;
5) e-mail address.

2.5 You will be registered as a reader on the basis of a valid identity card or other proof of identity.

2.6 In the case of a reader and a person under the age of 18, the data on the place of residence of his/her legal representative will be checked in the Estonian population register.

2.7 If the reader’s residence details are not entered in the population register or if the reader does not have a permanent residence in Estonia, the Library shall require the reader to provide a deposit for the loan of materials.

2.8 Depending on the service and the choices made by the User, the Library also processes the following data:

1) personal identification data: reader card number, ID card number, residence card number, user ID, password (e.g. the library will provide an initial password to access My ESTER);
2) for the provision of public services to a person with a disability, information on the type and duration of the person’s disability, as certified by a disability card, pension certificate, Social Insurance Board certificate, medical certificate determining the type and duration of the disability or other certificate defined by another law, international treaty or European Union legislation;
(3) the data of accounts created in electronic databases and data stored when logging into accounts and using the functions therein, including user-saved records, searches and similar data;
4) Communication data, including enquiry data, feedback and complaint content, sent by email, letter, social media, forms and facilities on the website (e.g. Skype, chat) or by telephone;
5) data on the use of and satisfaction with the services;
6) data collected to fulfill obligations under the law, including data on charges for delayed time, injunctions, contractual penalties, etc;
7) details of participation in reading programmes, writing and drawing competitions and other events, including awards and prizes won;
8) images in photographs or videos taken at public events held at the library or organised or co-organised by the library or attended by the library and/or security cameras;
9) information on violations of the rules of use of the library, the internal rules of the library, the rules of use of various library services;

2.9 Personal data is processed for the following purposes:

1) reader identification;
2) the provision of public services, including the use of databases and library equipment and facilities and the management of users’ accounts, responding to requests for information and managing reservations, sending reminders and, where necessary, injunctions after the deadline for returning materials, and the collection of debts, complaints and appeals;
3) to provide services for people with disabilities;
4) for statistical analysis of data, including for submission to the State and the City, to ensure and improve the quality of services, and to develop services;
5) to ensure internal security on the library’s premises, to prevent and protect misuse of library property, to ensure the safety of staff and other service users, including the use of video surveillance with video recording facilities.

2.10 With the consent of the Users, the data will be processed for the purpose of promoting and advertising the services offered by the Library, including sending newsletters, conducting campaigns and prize draws, informing winners of the prize, including on the Library’s website and social media, and awarding the prize to the winners. People under the age of 14 may participate in various promotions, competitions, etc. with the consent of a parent or legal guardian.

2.11 The personal data listed in point 2 are processed for the performance of a task carried out in the public interest, the performance or preparation of a contract, the fulfilment of legal obligations, the fulfilment of other legal obligations, e.g. at the request of public authorities, including law enforcement authorities, bailiffs or courts, the protection of the legitimate interests of the library, including the security of its staff.

3.1 In addition to the personal data of registered users, the Library also processes personal data of other, non-registered service users:
1) users of free services, including participants in events and training;
2) users of paid services;
3) people who have addressed an application, data subject request, information request, request for clarification or a memorandum to the Library;
4) contractual and other partners of the Library.

3.2 Personal data of service users is obtained by the Library from the individual, depending on the service used.

3.3 In the case of persons under the age of 18, the Library obtains the consent of the parent or legal guardian for the disclosure of data (e.g. the winning entry in a drawing or writing competition, together with the name of the winning entry, for display in an exhibition, including on the website and social media).

3.4 Data are processed for the provision of public services, the performance or preparation of a contract, the fulfilment of obligations arising from laws and regulations and the protection of the legitimate interests of the Library, including the security of its staff.

4.1 When using the Library’s websites, the Library processes the IP addresses of users, the dates and times of visits, the addresses of the websites from which the Library’s websites were visited and what pages were visited, information about the browser and operating system used.

4.2 The Library uses cookies on its websites in order to make the use of the websites more convenient for visitors and to develop its online services. A cookie is a text file that is stored on the computer of the person visiting a website. It is up to the website visitor to adjust the settings of his/her browser to control the notification and storage of cookies and to delete cookies already stored.

4.3 The Library may process personal data for the purpose of collecting statistics on the use of the websites, solving problems and, with the consent of the visitor, personalising the visit to the websites.

4.4 To ensure the preservation of data, the Library regularly backs up websites, electronic databases and their use.

4.5 Automatic logs related to the use of the websites will be kept in backup for up to 3 months.

5.1 The Library processes personal data of employees and people under contract, applicants for employment or internship, interns and volunteers.

5.2 The Library obtains personal data of the above persons from the person himself/herself, on the basis of the person’s work and partly from third parties.

5.3 The Library processes the following personal data for the purposes of forming a contract, fulfilling its obligations under the Employment Contracts Act and other laws and regulations, monitoring compliance with the Library’s rules of operation and protecting the legitimate interests of the Library:
1) personal identification data, including name, personal identification number, date of birth, ID-card number;
2) contact details, including postal address, e-mail address and telephone number;
3) family details, including the names and identification numbers of dependants;
4) financial information, including bank account number, salary and allowances and other related information;
5) the location of the work;
6) occupational or educational details, including information on education and/or previous employment and other information contained in the CV, letter of motivation and revealed during the job interview or interview with the referencer;
7) job-related information, including job title, working and rest time and holidays, training and secondment information, summaries of probationary interviews, etc. and performance information;
8) information obtained by electronic means, including door cards;
9) images in photographs and videos taken at public events held at the Library or organised or co-organised by the Library or attended by the Library and/or security cameras;
10) image, name, etc. on the Library’s website and internal website;
11) logs of the use of IT systems;
12) data on breaches of employment contracts;
13) specific personal data, including health data, e.g. information on health and sick days, results of medical examinations, information on incapacity for work, pregnancy and intoxication.

5.4 Other processing of personal data that does not follow from laws and regulations and the contract, e.g. writing a letter of recommendation, is carried out by the library with the consent of the person.

6.1 To ensure order on the territory of the Library, to prevent and protect the misuse of the Library’s property, to ensure the safety of staff and other service users, the Library uses video surveillance with video recording capabilities.
6.2 The data will only be processed for the purpose of identifying the person who committed the offence. The data will be erased after 30 days, unless an offence has been committed, in which case the recording will be kept in accordance with the instructions of the judicial authorities.

7.1 The data of the reader and, in the case of a person under 18 years of age, the data of the parent or legal guardian, will be deleted from the readers’ database if the reader has not visited the library (counting from the last registered use of the library, e.g. from the last return of a borrowed printed book) or borrowed materials from the e-library for three years. If a reader has any obligatiory work from the library, the details of the reader or his/her legal representative will not be deleted from the reader database. These data will be kept until the obligations are fulfilled.

7.2 The reader database is linked to library services that require a login, including the use of library computers and eLibraries (e.g. OverDrive and RBdigital). Data related to services requiring log-in (except My ESTER) will be retained for three years (including the current year) after the last use of the service.

7.3 Deletion of data from the readers’ database will result in the loss of the right to use all library services that require a login.

7.4 In other cases, the Library will retain personal data for as long as necessary to achieve the purpose for which the data was collected or as required by law.

7.5 Photographs and videos taken in the library and at library-related events will be archived and may be used by the library to promote the history of the library or, for example, student research.

7.6 Responses to requests for information may be retained by the Library on a permanent basis, depending on the need (e.g. for the purpose of service improvement), and the personal data contained therein shall remain confidential.

7.7 The Library will delete or destroy the data of candidates (paper applications) no later than one year after the end of the competition, unless another deadline is agreed with the candidate at his/her request.

7.8 Data collected for library purposes, for assigning copyright and access to digital objects, and for the identification of right holders shall be permanently stored by the Library.

8.1 Access to personal data shall be granted to those library staff members who need it for the performance of their duties. For example, librarians, head librarians and library managers, as well as the library software administrator and the service director have access to the reader database.

8.2 Library staff who come into contact with personal data are under a contractual obligation to keep personal data that they become aware of in the course of their work confidential and not to make it available to third parties, except where required by law.

8.3 The transfer of personal data to third parties will only take place on the basis of the law, justified need or with the consent of the person. For example, personal identification data, contact details and details of a claim will be transmitted to a bailiff; photos and videos of public events organised or co-organised by the Library or attended by the Library will be transmitted on the Library’s social media accounts.

9.1 The Library implements measures, including organisational, physical and IT security measures, to protect the personal data processed. Access to process personal data shall be restricted to authorised people.

10.1 You have the right to access the personal data that the Library collects about you, as well as to receive explanations about the processing of your personal data and your rights.

10.2 You have the right to request the correction of inaccurate data and the deletion of data.

10.3 If you believe that your personal data is inaccurate or that the Library is processing your personal data unlawfully, you have the right to request the restriction of the processing of your personal data. Your request will be refused if your request is clearly unfounded or if the grounds for refusal are based on law.

10.4 If the processing of your data is based on your consent, you have the right to withdraw it at any time.

10.5 In order to exercise the above rights, you must submit a handwritten request to the Library or a digitally signed request electronically to keskraamatukogu@tln.lib.ee.

10.6 You may also seek redress from the Data Protection Inspectorate or a court to protect your rights.