Homepage | News | Contact | Contents | Help | Česky

Online Catalogues

• Catalogue of Books
• Catalogue of Journals
• Circulation System
• Other Catalogues
• Citation Linker

Sources of Information

• Databases and Journals
  Online and CD-ROMs
• WWW Search
• Practical Information

List of Services

• Lending Services
• Interlibrary Lending Services
• Reference Services
• Other Services, Study Rooms

Information of the STL

• Basic Information
• Library Regulations
• STL Price List
• Organizational Structure
• Other Information

Appendix III to the Library Regulations of the State Technical Library
Effective from March 1^st 2005

The State Technical Library (furthermore referred to as the "STL") is the administrator of personal data according to the provisions of Act No. 101/2000 Coll., Personal Information Protection Act (furthermore referred to as "the Act").
According to Section 4 of the Act, as personal data any data related to a particular person the identity of which can be directly or indirectly deducted from the personal data are understood. In the case of the STL, this applies especially to addresses and users' identification data or to data concerning the user's Lendings or other transactions. When processing personal data, the STL proceeds in conformity with to the Act, the STL Library Regulations and to other generally binding provisions. Personal data are processed by the STL staff members manually or by using computers. The STL processes only true and precise personal data, which are checked for validity for that purpose.

I. The purpose of processing user's personal data:

• Protection of property bought from public budget sources, especially of the library collections designated to be Lendinged outside the premises of the STL,
• Provision of quality services by the STL based on the possibility of the STL to contact users in cases specified by the STL Library Regulations or in cases when the users requests to be contacted; to keep precise records of all user-related transactions, concerning especially his/her Lendings, their subject, beginning and end with the use of available system resources (while registering library staff members who performed these transactions); to perform quality checks of services provided and consistent checking of claims made by users; to perform statistical evaluation of its activities, especially Lending activities and its evaluation in order to provide effective acquisition policy and management of library collections,
• The fulfilment of duties imposed on the STL by generally binding provisions, especially:
  • Act No. 257/2001 Coll., Libraries and Conditions for the Operation of Public Libraries and Information Services (Library Act),
  • Act No. 563/1991 Coll., Accounting Act as amended,
  • Act No. 121/2000 Coll., Copyright Act, on rights pertinent to copyright and on change of some acts (Copyright Act).

II. Extent of Processed User's Personal Data

The STL processes personal data of its users and - in the case of underage users - of their legal parents (in the same structure).

Basic user's identification data:

• name and surname,
• maiden name,
• birth certificate number or date of birth,
• address of permanent residence,
• type and number of ID card, used for the verification of the identity of the user and of his/her identification data, optionally also the country of issue of this ID, provided the user is a foreign national.

If users want to use the services provided by the STL in their full extent, they are obliged to provide these data and give consent to their processing in the STL database. User not giving consent to the processing of basic identification data can use only services provided anonymously, e. g. study in study rooms, reference and search services, copy services and the like. Basic identification data are verified by the STL with the use of valid personal identity documents s issued by authorities of the state and self-government in order to prove identification, which can be used to verify all basic identification data. In the case of Czech nationals, their identity card usually serves this purpose. User's basic identification data are verified by the STL during registration, each prolongation of the validity of the STL User's Card and whenever any of the data listed above are changed. In order to protect and effectively use its library collections, the STL tries to prevent the setting up of multiple accounts for a single user; that is why authorized representatives check for duplicate entries in the user database, using available personal data.

Other user contact information (provided the user is willing to provide them):

• academic title,
• contact or temporary address,
• telephone,
• e-mail,
• employer, school,
• (for foreign nationals) residence permit date.

Service data:

• data on issued and cancelled User's Cards,
• information of user's violation of provisions and prohibitions, influencing the conditions for the prolongation or cancellation of the User's Card.

III. Manner in which the personal data are processed and stored

• on original forms:
  
  - Agreement on the Use of STL Services.
  This document is stored in a locked filing cabinet throughout the validity of the STL User's Card; whenever the card is prolonged or any personal data are changed, a new Agreement is signed and the original Agreement is returned to the user; access to these documents is restricted only to employees using them to perform their jobs.
  
  
• in a computer database:
  
  - STL user database
  records reader's basic identification data, other user contact information and service data. The database is stored on a designated STL server, access to this database is protected by a system of access accounts, passwords and permissions defined in an extent necessary for the fulfilment of tasks by individual employees of the STL. Data stored in the database are protected against viruses and security copies stored outside the building of the STL.
  
  
• on archiving media:
  
  the database is regularly backed up on DLT tapes.

IV. Staff members' obligations during the processing of personal data of STL users

All members of the STL staff are obliged to process personal data exclusively within the framework of their work and tasks specified by their managers, in the extent specified above and in accordance with provisions of the Act, the appropriate internal directives and other binding provisions.

Employees of the STL are obliged

• Check the accuracy of the processed personal data and verify them against documents provided for this purpose,
• to refrain from any behaviour which might lead to unauthorized access of third parties to personal data of a STL user,
• to report immediately to their managers any complaints made by a user verbally or in writing concerning the protection of their personal data,
• to keep private personal data and information on security precautions even after they leave their jobs at the STL.

Employees of the STL are not allowed

• to communicate their STL network access password to anybody,
• to communicate to unauthorized persons information on safety precautions made for the protection of the collections,
• to allow for the movement of unauthorized persons in areas where personal data are processed and stored,
• to communicate in a loud voice personal data in public areas of the STL, unless specifically asked to do so by the subject of the data,
• to enable for unauthorized persons to view documents and computer screens provided these contain personal data,
• to communicate information on other users.

Breach of these duties of STL employees can be considered to be a breach of working discipline and penalized in accordance with Section 46, paragraph 1 of Act No. 65/1965 Coll., Work Code as amended.

V. Erasure of personal data

The STL processes personal data of its users from the moment when the user signs the Agreement on the Use of STL Services, thus giving consent with the processing of his/her personal data.
Personal data of STL users are kept until the user asks in writing for their liquidation, until the User's Card has been valid for five years or until the last liability has been settled, whichever comes last.
If a user asks for the processing of his/her personal data to be terminated or if the above period is over, the STL considers the Agreement to be terminated and erases the user's personal data:

• by destroying the original documents - Agreement on the Use of STL Services is physically destroyed in accordance with the STL Document Destroying Regulations,
• by making personal data in the STL user database anonymous - the name, surname birth certificate number or date of birth, permanent address are overwritten by a text string indicating liquidation of personal data, while the year of birth is extracted from the birth certificate number or from the date of birth and stored in a backup copy for statistical purposes; anonymised data cease to be personal and are not used further.

Access to archive and backup copies containing users' personal data, which cannot be turned into anonymous data, is provided to a limited number of STL employees only, authorized by a written decision of the Director of the STL. Restoring of data from archival and backup copies is possible on the basis of a written directive of the Director of the STL and a written protocol must be made on each data recovery. When restoring data from archive or backup copies, data of all users meeting the above conditions have to be made anonymous again.

Failure to meet the requirements set by Act No. 101/2001 Coll., Personal data Protection Act, makes the STL liable for any damages which might have incurred to a third party, and legally liable for a delinquency in accordance with Act No. 101/2001 Coll. Should a user discover that the STL has failed to fulfil its duties, he/she has the right to ask the STL for immediate remedy, or optionally to turn to the Office for the Protection of Personal Data, asking it to provide for an action leading to remedy.

Prague, February 28^th 2005

Ing. Martin Svoboda
Director, State Technical Library

1. 3. 2005   Public Relations Section