Library services

Persons concerned by this information

The persons whose data are processed as readers in the libraries of the BUMP and the Faculty of Law of the University of Namur (the "Libraries") fall into the following categories

  • Students registered at the University of Namur
  • Members of staff of the University of Namur
  • Readers of the libraries of UCLouvain and USL-B
  • Other persons requesting registration and access card (annual or for a limited period) to the Libraries or to their resources (interlibrary loans)

Uses of readers' data

Creation of a reader profile for the libraries of the University of Namur and generation of the access card

Purposes and categories of data processed. The University of Namur uses the following categories of data for the creation of a Library reader profile entitling the reader to access the Library premises and to borrow works under the conditions defined in its regulations:

  • General identification data (surname, first name and other first names, photograph, contact details, etc.)
  • Identifiers assigned by the University of Namur (eID, student number, etc.)
  • Personal data (gender, date of birth, etc.)
  • Reader category (external, student, staff member)
  • Data on affiliation to an entity or membership of a group entitling the reader to special access conditions (e.g. student of another higher education institution, etc.)
  • Professional data (University of Namur entity and categories of staff members (department, faculty, services - for staff members...)
  • Academic data (reference to BAC/Orientation registration for students)
  • Data associated with the reader's card (card number, type of card, start and end date of validity, QR code...)
  • Reader status data (active, deactivated, blocked...)
  • Electronic identification data

This data is used for :  

  • Creation and management of library reader accounts
  • Creation and management of library cards
    • Access to the Libraries
    • Access to various ancillary services (photocopying, printing, scanning of documents) and management of related payments.
    • Management of access to online resources
    • Management of access to computer resources available in the Libraries

Legal basis of the processing. The University of Namur is entrusted with missions of public interest in terms of teaching, research and services to the community. For the purposes of carrying out these missions, the University of Namur processes the data of all staff members and students, as well as external persons who request access to the services of the Libraries (Article 6, (1), e) of the GDPR).

Persons having access to the data. The data is only accessible to IT staff and Library staff for issuing and creating access and cards. Some data are integrated into the SIGB as explained under point 2.

Retention period and deletion. The data is kept as long as the reader is considered active and is deleted at the latest 12 months after the end of the reader's activity.

Management of access to the Libraries of the University of Namur, UCLouvain and USL-B 

The University of Namur, the Catholic University of Louvain and the University of Saint-Louis Brussels collaborate to offer library users of the three institutions access to the library premises and to the consultation and/or loan of works in their libraries.  

For the technical management of the identification of resource users, the three institutions use a common integrated library management system (SIGB). Data on the readers of the three universities are stored in this SIGB. Each of the universities can access and use this data when a reader from one of the other two universities requests an access card or a loan.

However, the operational use of the data is the responsibility of each University (definition of the status of reader and granting of this status, encoding of loans and returns, definition of loan rules, procedures for notifying loan deadlines, management of the non-return of works and the imposition of late payment fines).

Purposes and categories of data processed. The three institutions jointly manage the SIGB in its technical aspects, in particular as regards the connection and security system.

The primary purpose of the system is the creation and management of reader accounts valid in the three institutions.

Each of the universities uses the data contained in the SIGB under its own responsibility and according to its own operational rules for

  • The management of the loans and returns of books of the three Universities
  • The management of late fines

The use of the SIGB by the Universities covers

1. The creation of a reader account. This involves importing the following reader data from the University's internal application into the SIGB

  • General identification data (first and last name, contact details, etc.)
  • Identifier granted by the University
  • Personal data (gender, date of birth, etc.)
  • Data associated with the reader's card (card number, expiry date)
  • Reader category (external, student, staff member)
  • Reader status
  • Reader card data (card number, card expiry date)

These data can be consulted by the library staff of the three institutions to manage access to their library resources.

The deactivation or blocking of a reader's access implies the suspension of the entire library service in the three linked Universities.

This data is associated with the borrowing data. The system allows the processing of the following data:

  • The record of the copy of the work borrowed
  • The start date of the loan
  • The return date
  • The delay delta
  • The amount of the fine
  • Amount of fine paid
  • Date of payment

These data can be encoded and consulted by the library staff of the three institutions for the management of borrowing and return of works.

Some of the data in the reader's account can also be accessed online by the reader via personal identification codes.

The account contains the following personal data of the reader

  • Name and surname
  • Gender
  • Date of birth
  • Main e-mail address
  • Legal address (except for staff members: address of the University which is their employer)
  • Card number
  • Card expiry date
  • Identifier assigned by the University
  • Category (external, student, staff)

The following borrowing data (the "borrowing history"):

  • The record of the copy of the book borrowed
  • The record of the copy of the book reserved
  • The start date of the loan
  • The date of return
  • The amount of the unpaid fine (calculated by the system)
  • The expected return date

2. The creation of a borrowing history. A process for creating a borrowing history in which the readers' data associated with the loans are not included is automatically set up. This borrowing history is updated daily and kept indefinitely, regardless of whether or not a borrowing history is kept for a reader account. This anonymised data can be used by the universities for the management of loans (information support for the adaptation of the content of the copy offer).

3. The management of security and connections to the SIGB and readers' accounts by the latter. The web connection to the SIGB is done via the authentication system of each University and through the connection codes granted to the reader by the University.

The SIGB is hosted on European territory by the UCLouvain, which ensures its security.

In this context, the electronic identification data are kept for the purpose of managing the security of access to the data.

Legal basis for processing. Higher education institutions are entrusted with a public interest mission to support teaching, research and community services (Article 6, (1), e of the RGPD). It is in this context and for the purposes of carrying out this mission that a library service is proposed.

For the purposes of these missions, the following are involved

  • The processing activity related to the creation of reader profiles and reader accounts (creation and management of a SIGB)
  • The activity of processing data related to the management of loans (restitution and imposition of fines) under the operational responsibility of each of the Universities

Persons with access to the data. The data is processed internally by the staff of the libraries and the IT services of the universities. 

Retention and deletion periods. Minimum retention periods are defined according to the following criteria:

  • Identification data is kept as long as the reader has an active card in at least one of the Universities
  • By default, the borrowing history is kept for 1 year from the borrowing date. However, the reader can activate the deletion of the history at any time via his/her account
  • Borrowing data is kept as long as the borrowing is not closed by the return of a book and the payment of the fine(s) recorded in the event of late return
  • A cleaning of the SIGB with deletion of the data is implemented at least once a year and all the data of the readers are deleted from the database:
    • For which there is no longer an active access card and for which there are no outstanding loans
    • For which there is no longer an active card and for which there has been an open loan for more than 5 years at the time the cleaning is carried out
    • Access logs to the SIGB are kept for one year

Management of compliance with library regulations

Purposes and categories of data. Access to the premises and the use of the associated resources are subject to compliance with the library regulations.

The University of Namur is likely to process the reader's data in order to record and apply the sanctions provided for by these rules in the event of a breach.

The categories of data processed in this context are as follows

  • Personal identification data (surname, first name)
  • Detailed information on the violation observed (nature of the facts, date, etc.)
  • Date and author of the comment relating to the incident
  • Data relating to the sanction
  • Status of the player (blocked or deactivated)

Legal basis for processing. The University of Namur is entrusted with missions of public interest in terms of teaching, research and services to the community. For the purposes of carrying out these missions, the University of Namur processes readers' data to manage compliance with the library regulations governing the conditions of access to and use of the library services (Article 6, (1), e) of the GDPR).

Persons having access to the data. Data may be accessed by members of the staff of the University of Namur Libraries. When the reader is a student of the University of Namur, the library regulations provide that behaviour in breach of these regulations may be referred to the Disciplinary Committee for possible sanction.

Retention and deletion period. The data is kept for one year after it has been encoded and is automatically deleted at the end of this period.

Managing the use of Library IT resources

Purposes and categories of data. Access to resources, including online resources, may involve the processing of readers' data when they use the University's Internet connections and the computer equipment made available to Library readers. In particular, access to third-party resources (documentation databases) may be subject to the use of the University of Namur's Internet network or a proxy server, which may involve the processing of data by the University of Namur in the process of accessing these services.

The University of Namur processes data to allow access to these resources and for the purposes of verifying the conditions of use of the resources, technical intervention, as well as to ensure compliance with the ethical principles relating to the use of IT tools at the University of Namur.

The categories of data processed in this context are

  • Personal identification data (surname, first name)
  • Identifiers allocated by the University of Namur (eId)
  • Access granted (date of access and revocation, resources concerned, etc.)
  • Connection data (Logs ...)
  • Authentication data (Log in, passwords, password modification date, token, ...)
  • IP addresses
  • Data related to an IT incident (Data related to incidents linked to the use of these resources)

It should be noted that the reader connects to third party services (databases of documentary resources) for which the University of Namur has obtained a licence of use for the benefit of its readers. The operators of these databases process the data of the users of their services under their own responsibility and in accordance with their own personal data processing policies.

Legal basis for processing. The University of Namur has a legitimate interest in being able to manage access to its IT resources and equipment and in being able to ensure the security of the data resulting from the application of the principles of security and responsibility provided for by the RGPD (Article 6, (1), f of the RGPD).

Persons having access to the data. The data may be accessed by members of the support teams (BUMP IT unit and University IT Service).

Retention periods. Retention periods are based on organisational considerations (for the management of access rights according to the status of the reader (staff member, student, external)), security considerations (detection and remediation of incidents) and legal considerations (period during which the University of Namur may be held accountable for access to data).

Access control and attendance of the premises 

Purposes and categories of data. The University of Namur controls the access of users to the Library premises in order to manage access to the Library premises and resources, on the one hand, and to ensure the security of goods, persons and premises, on the other. The University of Namur also uses access data to communicate, after anonymisation, attendance indicators for its premises to Affluences (www.affluences.com).

The categories of data processed in this context are

  • Card identifier
  • Date and time of entry and exit
  • Location (library concerned)
  • Gantry used and type of gantry.

Legal basis for processing. The University of Namur has a legitimate interest in being able to manage access to its premises and library resources and to work towards the security of persons, goods and premises (Article 6, (1), f of the GDPR).

Persons having access to the data. Data may be accessed by members of the support teams (BUMP IT unit). These data may also be communicated to the University of Namur's security officers or members of the security service, to the parties involved (police, judicial authorities, etc.) in the event of an incident affecting personal safety (identification of persons remaining in the building (in the event of a fire, for example) or in the event of a crime.

Retention period. The data are rendered anonymous 31 days after collection (deletion of the link to the person, but retention of the group, course and entity).

The production of statistics

Purposes and categories of data. The University of Namur produces statistics relating to the use of its infrastructure and resources. These statistics aim to identify improvements that can be made in terms of all aspects of service provision (accessibility of resources and premises, number of copies of works, etc.) and to assess needs in terms of resource allocation (staff, investment, etc.).

The categories of data processed in this context are all those processed by the University of Namur. However, two data anonymisation processes are implemented on a permanent basis: data relating to loans (loan history) and access logs to premises.

Legal basis for processing. The University of Namur is obliged to implement a quality approach in the exercise of its missions (article 6, (1), e of the RGPD). It is in this context that the analysis of data to acquire a better knowledge of the activity and needs related to the infrastructures of its libraries is included.

In some cases, statistics are produced within the framework of cooperation between higher education institutions within the Commission for Collective Academic Libraries and Services of the ARES (Académie de Recherche et d'Enseignement Supérieur) and within the Interuniversity Library of the French-speaking Community of Belgium under the aegis of the Council of Rectors of the French-speaking universities of Belgium (CRef).

The processing of data for statistical purposes is based on a legitimate interest of the University of Namur to be able to fulfil its commitments to these bodies and, where appropriate, to enable the implementation of inter-university missions and work related to the provision of library services by higher education institutions (Article 6, (1), f of the RGPD).

Persons having access to the data. For the purposes of the anonymisation process, the data are processed by the BUMP Statistics Manager.

The contact point for the exercise of users' rights is the University that issued the access card or opened a right of access to the documentary resources of other universities. 

Management of disputes, complaints and debt recovery

Purposes and categories of data. In the event of disputes, complaints or unpaid amounts, the University of Namur may process readers' data for the management of its litigation and the recovery of its debts.

The categories of data processed are potentially all of the above-mentioned categories of data, depending on the nature of the dispute, the complaint or the need to establish the identity of the debtor and the components of the debt.

Legal basis of the processing. The University of Namur has a legitimate interest in being able to manage its litigation and, if necessary, to assert rights in a pre-litigation or litigation framework (Article 6, (1), f of the GDPR).

Persons having access to the data. Depending on the case, the data may be communicated to the managers of the Libraries, to the financial department, to external consultants or collection services, and more generally to third parties involved in legal or administrative proceedings in the event of a dispute (damage, theft, failure to return works, etc.).

Duration of storage. The data is kept until the end of the procedure or until the dispute is closed. Insofar as the dispute involves accounting operations, these data are kept for the legal retention period.

Reader account and access to documentary data

Readers who have an active reader's account can log in to their account and access their personal data and data on the use of documentary resources via the Catalogue Université de Namur tool.

Contact point with the Libraries

The contact point for readers regarding their rights under the RGPD or any other question relating to data processing is the University that issued the reader's card.

For the University of Namur:

For the BUMP: direction.bump@unamur.be

For the library of the Faculty of Law: virginie.marot@unamur.be

Data protection officer of the University of Namur: