The general TUHH Data Privacy Statement applies.
Supplementary Privacy Statement of the University Library (TUB)
For the domains of the library `*.tub.tuhh.de`
This supplementary privacy statement describes additional processing operations of personal data within the framework of library use.
Note: Please refer to the main privacy statement of the Hamburg University of Technology (TUHH) for information about the responsible party, data protection officer, data subject rights, and general provisions.
Data Processing for the Registration of Underage Users
For the use of the library, a usage contract is required. Minors under 18 years can only enter into this contract with the consent of their legal guardians (§ 104 et seq. BGB). For this reason, we require a supplementary form signed by the legal guardians at registration. The processing of personal data (e.g. name, date of birth, address, contact details as well as usage and borrowing data) is carried out on the basis of Art. 6 para. 1 lit. b GDPR for the creation and execution of the usage contract. Without the consent of the legal guardians, no valid contract can be concluded, and therefore no processing of the data for library services can take place.
1. Creation of a User Account
The processing of personal data serves to provide and manage library use. This includes in particular lending, renewal, reservation, ordering, and access to other library resources. The required data are collected from users during independent registration via the digital registration form. After verification and confirmation of the entries, the library account is activated and can be used for the mentioned services after collection of the library card.
Purpose of Processing
To use certain library services, the registration of a user account is required.
Processed Data
The following data are stored until the expiration date of your library account:
- Last name, first name
- Date of birth
- Address
- Matriculation number (only for persons enrolled at TUHH)
- Language (DE | EN)
- Email address
- ILN (library identifier)
- Affiliation (user group)
- Barcode of the library card
- Processing date
- Expiry date
Legal Basis
Art. 6 para. 1 lit. e GDPR in conjunction with §§ 3 and 4 HmbHG in conjunction with § 111 para. 1 HmbHG as well as the current house and user regulations of the University Library of TUHH.
Storage Duration
The data is deleted as soon as it is no longer required to achieve the purpose or the contractual relationship ends and no legal retention obligations or post-contractual purposes exist. If the library account is not extended, the data will be deleted at the end of the calendar year.
2. Scope of Lending and Account Use
Purpose of Processing
The processing of personal data in the context of lending and account use serves to manage and organize library services. This includes recording and processing loans, renewals, reservations, orders, and administration of fees. The processing ensures the proper provision of media and resources, checks user eligibility, and efficiently handles lending traffic.
Processed Data
During the use of the library account, the following data are temporarily collected additionally:
- Loans
- Loan periods
- Renewals
- Reservations
- Orders
- Fees
- Internal comments on the library account
Legal Basis
Art. 6 para. 1 lit. e GDPR in conjunction with §§ 3 and 4 HmbHG in conjunction with § 111 para. 1 HmbHG as well as the current house and user regulations of the University Library of TUHH.
Storage Duration
The data is deleted as soon as it is no longer necessary or the contract ends and no legal archiving or post-contractual reasons exist.
3. Processing of Personal Data within the “Open Library”
Within the use of the Open Library, the university has implemented technical measures to ensure safe and orderly operation. Video recordings are made in a defined area of the library’s main entrance, two counting cameras are used, and library card numbers of users are recorded.
3.1 Video Recording
Purpose of Processing
The purpose is the prevention of crimes as well as protection of persons and property against vandalism, theft, and violence. It also serves securing evidence and supporting law enforcement and civil claims. Video recordings are made at the entrance, and the library card number is stored when the access restriction is passed or opened by library card.
Processed Data
- Video surveillance images
- Date and time of recording
Legal Basis
Art. 6 para. 1 lit. e GDPR in conjunction with para. 3 GDPR and § 9 para. 1 HmbDSG.
Storage Duration
Recordings are stored locally and deleted after 72 hours unless longer retention is required due to a support of law enforcement.
3.2 Anonymous Visitor Counting
Purpose of Processing
Two cameras are used solely to count people flows: one at the main entrance and one at the transition to the staff area. The purpose is to statistically analyze library usage in order to better plan, for example, opening hours, room capacities, and service offerings. Counting cameras do not process any identifying image or video data. The recording is anonymous; no conclusion about individuals is possible. No image material is stored. Cameras are visibly marked.
3.3 Logging of Library Card Numbers
Purpose of Processing
When entering the library during extended opening hours as provided via our Open Library, the visitor’s library card number is processed for access logging. This enables technical access control and tracing in case of security-relevant incidents. Persons excluded from the Open Library use are denied access.
Processed Data
- Library card number
Legal Basis
Art. 6 para. 1 lit. e GDPR in conjunction with §§ 3 and 4 HmbHG and § 111 para. 1 HmbHG and the current house and user regulations of University Library TUHH.
Storage Duration
Data is processed solely for this purpose and stored for 7 days, then automatically deleted. Data is stored in the Microsoft Azure Cloud. TUHH has a data processing agreement with the Open Library system provider, who has a similar agreement with Microsoft.
4. Statistical Evaluations (Web Analysis)
The library uses the web analytics tool Matomo for statistical purposes.
- Your IP address is anonymized before storage.
- The processing is to improve the web service and analyze usage.
5. Use of “Akismet” for Spam Prevention
This website uses the Akismet plugin by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA.
Purpose: To distinguish between genuine and spam comments.
All comment information is sent to a server in the US, where it is analyzed and stored for four days for comparison.
Processed Data: Name (if provided), email address (if provided), IP address, comment content, referrer, browser and system info, time of comment submission.
Storage Duration: 4 days for comments not classified as spam; longer for spam comments. Use under pseudonym or without name/email is possible.
You can completely prevent the transfer of data by not using our commenting system.
Deletion of Data: You can object to the use of your data by Akismet anytime by sending an email to `bibliothek@tuhh.de` with subject “Deletion of Data stored by Akismet”.