Data protection notice

1a. Data controller

National Library of Finland
Library Network Services
P.O. Box 15 (Unioninkatu 36)
00014 University of Helsinki
Phone: 02941 911

1b. Data protection officer

The data protection officer of the University of Helsinki can be reached at

2. Contact information for question about data processing


3. Name of the register

User data register for Finna services

4. Purpose and justification for the use of personal information

We use your personal information to maintain the unique identity of our customers and to identify users when they log onto Finna. We also use personal information to be able to provide users with customer services and personalized services on Finna. An example of a personalized service is the new entry alerts service that allows users to receive emails about new references related to their searches. Information is collected and managed for the execution of the Finna service at the National Library of Finland and CSC – IT Centre for Science (service providers).

In addition, users’ personal data are processed in an analytics system (Matomo) to monitor the use of services if users have given their consent. The analytics system used in our usage analyses is configured to anonymize the user's IP address by resetting the last two octets of the IP address to zero. We use the analytical system on the servers of CSC - IT Centre for Science so that tracking data cannot be leaked out of this safe environment.

When logging onto this online service, information about the event (e.g. the user’s IP address) is stored temporarily for processing.

Grounds for processing of personal data include the controller’s legitimate interests and data subjects’ consent (personal data processed in the analytics system).

5. Register contents

Basic user information

  • Username
  • Language
  • Name
  • Relationship to educational institution or other organisation/li>
  • Email address
  • Library card information

Information collected for personalised services

  • Personal settings
  • Favourites
  • Tags
  • Comments
  • Reviews
  • Holds
  • Checked out items
  • Fines
  • Saved searches
  • Materials added to Saved Items

Information collected for data analysis by the analytics system

  • Anonymised IP address (anonymisation occurs by resetting the last two octets of the IP address to zero)
  • Browser Type / Version
  • Browser language
  • Operating system
  • Device brand, type, model
  • Display type
  • Plug-ins used
  • Referring URL (the last page you visited)
  • Loaded pages
  • Clicks
  • The country, region, and city from which the request was sent
  • Search terms
  • Filters used (facets)
  • Type of search and target (Solr, CDI, EDS, Summon)
  • The format of the viewed record
  • The source of the viewed record
  • Whether the viewed record is available online

Other data

  • Data saved in the cache that is necessary for using the online service
  • Location data shared or entered by the user

6. Regular sources of information

We obtain personal information about users from the customer register of the user’s home organisation, or users save the data on Finna themselves. Users always save information needed for personalised services themselves.

The location data is used as a search term in Finna Street searches. This location data can be entered freely, or the user can share their location. Sharing the user’s location is voluntary, and the user’s location data will not be processed without the user’s express request. The user can also save the search terms.

7. The processing and protection of sensitive personal data

Sensitive personal information will not be processed on Finna.

8. Length of time personal information is stored and the removal of extraneous information

Personal information is stored on Finna until 18 months have passed from the date of the last login, or the user closes their account.

9. Automated decision-making and profiling

The service does not use automated decision-making or profiling based on personal information.

10. Regular information sharing

The service processes information that is transferred while using the library’s service interface. This information is processed in conjunction with activities like loaning and renewing materials, reserving items and making or browsing payments. Personal information is forwarded to the library system where the library system administrator is responsible for their management.

11. Transfer of information outside the EU or EEA

Information is not transferred outside the EU or EEA

12. Principles of registry protection

Information is stored only in electronic format. Access to information is restricted to system administrators who are identified by their username and password.

13. The right to data inspection

In order to inspect what personal information has been collected on the service, the user should contact the service administrator at the National Library by using the following feedback form

14. The right to correct data or have it removed

You may at any time remove your personal information on Finna by closing your account on the service. If there are any errors in the personal information retrieved from your home organisation, you must contact your home organisation. If needed, you can contact the service administrator at the National Library by using the feedback form

15. Other rights related to the use of personal information

The user has the right to contact the Data Protection Ombudsman ( to verify the legality of the operation of the service.