Joining the BnL is dependent on providing the following information and supporting documents: surname, first name, date of birth, private address, e-mail address, and copy of an ID document or a digital signature. The BnL reserves the right to require provision of proof of residency and/or proof of enrolment at a secondary- or higher-education establishment approved by the State of Luxembourg.

This information (the “personal data”) is necessary to validate the registration and to open a personal reader account. A printed copy of the registration form is retained in the BnL archives. The registration period with the BnL is two years, unless extended. Twenty-four months after expiry of all the user’s enrolments with libraries in the bibnet.lu network, the personal data will be erased automatically. The loans history will be retained in an anonymised fashion for the statistical reporting to be given by the library. The personal data will be recorded in the “shared file of readers” of the integrated system for management of the network of Luxembourgish libraries bibnet.lu, which is jointly shared by the member libraries in the network. The list of member libraries can be viewed at www.bibnet.lu.

The username and password are common to all libraries in the bibnet.lu network where the user is registered or can join. The personal data is liable to be processed by a limited number of persons duly authorised and trained for the purposes set out below.

Personal data is gathered and processed for:

• Joining the BnL and updating the data on the reader account;
• Reservations for loans and for viewing documents at the library, and for reproduction of documents;
• Requests for international loans;
• Contacting the user for reservations, reminders and fines on loans;
• Use of IT tools provided by the BnL;
• Access to and viewing online resources provided for the user by the BnL;
• Preparation of anonymised statistics to improve the services offered by the BnL;
• Detection of frauds and abuses whilst using the digital resources provided for the user by the BnL;
• Managing requests under the right to access, to rectification, to object to processing and other rights in relation to personal data by the BnL;
• Subscribing to the BnL newsletter, managed with the assistance of the subcontractor Mailjet, Paris.

When the user accesses the digital resources of the BnL’s digital library, their personal data are processed by the BnL. The BnL manages an infrastructure for authentication and access to its digital resources.

The processed data are:

• A session cookie containing a unique identifier (deleted after 120 minutes of inactivity) to manage the user’s access to digital resources.
• An access log including the user’s IP address and the resources consulted to establish usage statistics. The IP address is anonymised after 18 months.
• A user log including the username and the resources consulted (kept for 30 days) to identify improper use of the resources (such as systematic or automated downloading of data).

For data processed by publishers of digital resources, please consult their respective data protection policies.