This data protection declaration covers the processing of personal data on this website, including the services offered there as well as our social media channels and to the extent that no special information is provided.

For more information on the processing of your data, please use the contact details given below.

The library is a central institution of the university. Responsible for the processing within the meaning of the data protection laws, in particular the General Data Protection Regulation (GDPR), is the

University of Music Würzburg
Hofstallstr. 6-8
97070 Würzburg
Phone: +49 (0)931-32187-0
Fax: +49 (0)931-32187-2800

The University of Music Würzburg is a corporation under public law and a state institution (Art. 4 para. 1 BayHIG). It is represented by the President of the University of Music Würzburg, Prof. Dr. Christoph Wünsch.

You can contact the data protection officer as follows:

Data Protection Officer of the University of Music Würzburg
Felix Eisenmenger
Hoftstallstr. 6-8
97070 Würzburg
E-Mail: datenschutz@hfm-wuerzburg.de

The library provides its users with a comprehensive range of services on the basis of its user regulations. The library requires personal data at various points in order to carry out this task and to provide and ensure the associated services.
For university members, their data is processed on the basis of Art. 6 para. 1 lit. e GDPR in conjunction with Art. 4 et seq. Art. 4 ff. BayDSG and the General User Regulations of the Bavarian State Libraries (ABOB). The university is entitled to process personal data insofar as this is necessary for the lawful fulfillment of its tasks. This includes in particular the provision of media for use in the library and for lending.

The university library requires your data in order to be able to admit you to use the university library or to provide you with media to borrow. If you do not provide the required data, you will not be able to use or borrow items.

We collect and use the personal data of our users only to the extent necessary to provide, optimize and secure a functional website and our content and online services (e.g. ordering media for lending, use of databases, inquiries or orders for digital copies, etc.).

The university processes the personal data exclusively for a specific purpose, i.e. only for the purpose for which the data was collected in each individual case.

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Personal data that is processed in connection with use will not be passed on to third parties unless it is intended to be passed on.
Processing in the SISIS Sunrise library management system is carried out by the Central Office of the Bavarian Library Network, a department of the Bavarian State Library, on server computers at the LRZ.

The University Library procures, catalogs and manages the media required for teaching, research and studies and makes them publicly accessible. User administration - both on site and online - requires the basic processing of your personal basic user data in a user account (contact data, identity data, login data: Last name, first name, primary identifier, user group, status, e-mail address) and is a prerequisite for admission.

With library admission, data processing in the context of your use is legitimized in accordance with our General Library Regulations of the university. The recipients of your personal data are exclusively the university, in particular the permanent employees of the university library and, in the case of fee-based processing, the responsible employees of the finance department.

Members and affiliates of the university may make full use of all our library services with a valid library card. For students, lecturers and employees, the university's multifunction card serves as a user card. To activate this card for borrowing from the library, a valid identity card or ID and registration certificate must be presented at the library and a registration form completed.

The lending of media from the university library is managed via the library management system (SISIS Sunrise). SISIS Sunrise is the central management software used to process the library's procedures. This includes, among other things, the administration of library user data in the context of media loans, the renewal of loans, reservations for loans, the implementation of fee and reminder processes and communication with users.
Processing in the library management system takes place in this cloud-based system by way of order processing by the central office of the Bavarian Library Network.

In this system, we create a library account for you in which we store the following data

• Personal details:
  o Surname, first name, date of birth, user group, gender
  o Primary identifier, library user group, status, date of last user activity, user role, other identifiers, student ID number if applicable)
  o Contact information (postal address, university email address)
  o Blocks, fees
• Usage data as part of the loan procedure:
  o Loans (title, due date, loan date, loan status, loan note)
  o Returns (title, return date)
  o Reservations (title, order date)

Our library operates an online catalog on the Internet. The library's entire collection is listed and searchable in this online public access catalog. Members and affiliates of the university can also use the online catalog to renew items in their loan account and view their fee account.
The following data is stored in this system:

• Search queries
• IP address of the user's device

Search queries are stored in order to be able to offer the "search history" function. The IP address is stored temporarily in order to be able to detect misuse of the data by bots, crawlers, etc.

Members and affiliates of the university can reserve borrowed media for themselves. For this purpose, the ID number, contact details, title, media type and notification deadlines are regularly processed in the university's library system.

The use of the library is generally free of charge for all users. For individual library services, however, a fee notice or reimbursement of expenses may be issued in accordance with the Costs Act and the Schedule of Costs. The fees will be displayed in your user account. Fees are managed by the university's budget department. Deletion takes place according to the retention periods of the HGB and the AO (regularly six or ten years).

The EZproxy service enables access to the library's electronic media offerings (databases, e-books, e-journals) from outside the university network in accordance with the legal tasks of providing the necessary media for teaching, research and studies.
Please note the access requirements and licensing information of the providers, who are themselves responsible for data protection in the context of access.
The EZproxy platform is web-based and does not require any plug-ins, client software or special browser settings.
EZproxy connects users remotely to the electronic resources they need for teaching and research, using existing university login data. EZproxy connects to an authorized IP address to allow access by content providers and also uses a set of robust and customizable security rules to detect and disable compromised credentials before they can be used to misuse systems or data. EZproxy accesses are logged in this respect.

Data that is processed:

• Pseudonymized user ID
• Technical usage information in server log files: Access time, URLs accessed from external providers, HTTP status code and size of the server response

Deletion takes place when the purpose is fulfilled, but after 90 days at the latest.
The system is hosted at the university.

On our website, we offer forms that can be used to submit suggestions for procurement (books, sheet music, sound recordings, films, databases).
The following personal data can be collected by these forms:

• Name
• Contact details (e-mail address)
• Degree programme

With regard to the processing of your personal data, you as a data subject have the following rights in accordance with Art. 15 et seq. GDPR:

• You can request information as to whether we process your personal data. If this is the case, you have a right to information about this personal data and to further information related to the processing (Art. 15 GDPR). Please note that this right to information may be restricted or excluded in certain cases (see in particular Art. 10 BayDSG).
• In the event that personal data concerning you is not (or no longer) accurate or incomplete, you may request that this data be rectified and, if necessary, completed (Art. 16 GDPR).
• If the legal requirements are met, you can request the erasure of your personal data (Art. 17 GDPR) or the restriction of the processing of this data (Art. 18 GDPR). However, the right to erasure pursuant to Art. 17 (1) and (2) GDPR does not apply if, among other things, the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 17 (3) (b) GDPR).
• If you have consented to the processing or a contract for data processing exists and the data processing is carried out using automated procedures, you may have a right to data portability (Art. 20 GDPR).
• If there is an international transfer of personal data without the basis of an adequacy decision by the EU Commission, you have the right to receive a copy of the contractual guarantees from us on request.
• You have the right to complain to a supervisory authority within the meaning of Art. 51 GDPR about the processing of your personal data. The competent supervisory authority for Bavarian public bodies is the Bavarian State Commissioner for Data Protection, Wagmüllerstraße 18, 80538 Munich. In addition to the right to lodge a complaint, you can also lodge a judicial remedy.

If the processing is based on consent, you have the right to withdraw your consent at any time. The revocation only takes effect for the future; this means that the revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.

For reasons arising from your particular situation, you can also object to the processing of your personal data by us at any time (Art. 21 GDPR).

If the legal requirements are met, we will then no longer process your personal data. If the above-mentioned rights are exercised, the public authority will check whether the legal requirements for this are met.

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services.