Data protection at the Swiss National Library
1. General considerations
The Swiss National Library (NL) respects and protects its users’ rights in respect of data protection and privacy.
Data protection at the NL is governed by the Swiss Confederation’s general provisions on data protection, with specific details and additions as set out in this policy.
By using the collections and services of the NL, users consent to their personal data being used in the ways set out therein.
2. Use of the NL’s collections and services
Why does the NL collect and process personal data?
Collecting and processing users’ personal data is essential for the NL to fulfil its statutory mandate, and in particular to provide certain services offered within the scope of that mandate. The NL has put in place the measures required by law to protect personal data.
These services include, in particular, the administration of user accounts for borrowing publications listed in the NL’s catalogue (Helveticat), the provision of various types of information to the public via the NL’s websites and applications, and additional information services to which users can subscribe.
NL websites are generally hosted by the Confederation, in the form of the Federal Office of Information Technology, Systems and Telecommunication (FOITT).
- e-Helvetica Deposit, the platform for publishers and members of Web Archive Switzerland to submit individual electronic books and websites, which is hosted by the company Puzzle ITC based in Bern;
- e-newspaperarchives.ch, the platform for digitised newspapers of the NL and partner institutions, which is hosted by Rero based in Martigny;
- Helveticat, the catalogue of the NL’s General Collection, the Bibliography of Swiss History (BSH) and the catalogue of the Swiss Poster Collection, which are hosted by Ex Libris based in Hamburg.
What personal data must be provided when opening an NL user account?
When opening a user account for borrowing purposes, the following personal data must be supplied: last name, first name and title, date of birth, home and e-mail addresses and preferred language for correspondence. These data are stored in Helveticat for as long as the user account is maintained (though only the year of birth rather than the full date of birth is retained).
A copy of an official identification document (and BibliOpass, if available) is also required during the registration process. This is used for a one-time check of the correctness of the information supplied and is destroyed immediately the check is complete.
What personal data are created when documents are borrowed in Helveticat?
When a document is borrowed in Helveticat, the user account is linked to the selected document. This link is maintained only during the loan period and is automatically and irreversibly anonymised immediately after the document has been duly returned, so that it cannot in any way be recreated.
What personal data are processed or shared with third parties in connection with administrative or criminal proceedings?
The NL stores and processes data in connection with administrative and criminal proceedings relating to loans for as long as is necessary for the conduct of those proceedings. Data relating to administrative measures taken in respect of a user, such as warnings, blocking of accounts or refusal of access to the library, may be supplied to other libraries to the extent that such measures reflect conduct against which the library receiving the data is entitled to protect itself (e.g. repeatedly damaging or stealing books, inappropriate behaviour, etc.).
What information is automatically stored when accessing the NL’s websites and applications?
When accessing the NL’s websites and applications, the following data are stored in log files: IP address, date, time, browser request and general information on the operating system and browser. These data form the basis for anonymous statistical evaluations to identify trends and so enable the federal authorities to improve the services they offer. The evaluations serve, among other things, to protect the intellectual property and personality rights of third parties associated with the services and documents used.
Cookies are small text files that are placed on the user’s computer to facilitate the use of websites and applications or enable certain functions. For example, they are essential to the provision of certain services such as search and order functions in Helveticat (shopping cart, search history, etc.). Most of the cookies used by the NL are deleted from the user’s hard drive at the end of the browser session.
Users can set their browser to notify them in advance that cookies are being placed on their computer and decide whether or not to accept them, or to prevent cookies from being placed at all. However in the latter case not all functions of the websites and applications will be fully usable.
Who has access to the user data in Helveticat?
The user account can only be accessed externally after entering the personal password.
To facilitate certain administrative and technical processes, selected members of staff of the NL and the contractor operating Helveticat on behalf of the NL (Ex Libris in Hamburg) also have access to the user account.
User data are encrypted and sent over the internet by means of secure data transfer to the contractor, with which the NL has concluded data protection agreements ensuring that the data are processed securely and in accordance with the law. The contractor’s servers are located in the Netherlands, a country whose legislation, in the opinion of the Federal Data Protection and Information Commissioner FDPIC, guarantees adequate data protection (see Art. 6 para. 1 of the Federal Act on Data Protection and the corresponding FDPIC list). The contractor processes the data solely on behalf of the NL and only to the extent that the NL is itself permitted to process them.
What data are processed when using additional NL information services such as newsletters, invitations to cultural events, text alerts for special opening times, etc.?
When users voluntarily contact the NL, for example to subscribe to a newsletter or leave feedback using the web form provided for that purpose, their e-mail address is added to a separate database that is not linked to the anonymous log files. Users may cancel their registration at any time.
In order to use certain NL information services, users must supply the personal data necessary for those services to be provided. These may vary depending on the nature of the service, and may include the e-mail address, name, title and language when ordering electronic newsletters, the e-mail address and name when requesting information about events, or the mobile phone number and name for alerts regarding special opening times. These data will be used by the NL only to provide the requested service and will only be retained until the user terminates their use of the service.
3. Obtaining further information about data protection at the NL
Under the Federal Act on Data Protection (FADP), users have the right to be informed free of charge of the data stored about them (Art. 8) and to have incorrect data corrected (Art. 5 para. 2). Requests to this effect, as well as any further questions about the collection, processing or deletion of personal data, can be sent to the following address:
Swiss National Library
+41 58 462 89 35
+41 58 462 84 08