Privacy Policy

CEU Library


The CEU Library complies with the principles of GDPR. The six overall guiding principles are:

  • Lawfulness, transparency and fairness
  • Purpose Limitation
  • Data Minimisation
  • Accuracy
  • Storage limitation
  • Confidentiality and integrity

Your privacy and security is of the utmost importance to us. We will always follow these principles and ask you how you would like us (or our partners) to communicate with you.


1. General Provisions

We process your personal data so that we can provide library services. The CEU Library is the responsible party in accordance with the Data Protecion Regulation (GDPR). We protect your data in compliance with all legal regulations, especially the Austrian Data Protection Act and the EU General Data Protection Regulation (GDPR).


2. How We Use Your Information

(Change all of this with CEU Library details)
We use your data to provide library services, including

  • issuing a library card
  • using the library’s holdings and loaning items
  • loaning of media equipment
  • interlibrary loan (ILL) and document delivery
  • providing access to e-resources
  • processing and managing loans and overdue notices and fines.

The collection, processing and storage of this information takes place only on the basis of the applicable legal provisions or contractual agreements below:

  • EU-GDPR Art 6 para 1 lit b – contract agreements
  • EU-GDPR Art 6 para 1 lit a – consent of user
  • EU-GDPR Art 6 para 1 lit f – protection of legitimate interest

Without this information, the services offered by the library cannot be used.


3. Data Transfer to Third Parties

(Change all of this with CEU Library details)
All data processed through the library system are stored on servers of Ex Libris Germany GmbH in the EU.  Data is only being transferred to third parties, in case of contractual relationships or public interest.

In addition, we also work with other external IT service providers (Formsite, others?) that provide technical services for the library’s IT systems and have access to the data. All processors are obligated to comply with the GDPR. We have data protection agreements with providers so that user data are being processed legally and safely.


4. Storage Period

(Change all of this with CEU Library details)
The data are kept in storage for 15 months after the expiry of the patron’s library card, the return of all borrowed information media, the payment of all outstanding fees, and the end of the patron’s access to electronic library resources. If any fees were incurred during the validity period or any costs charged for specific services, the data are only erased after the end of the statutory 7-year retention period. Data connected to course registrations, events, and reservations of scanners, databases, and seats are deleted after 12 months.


5. Your Rights

(Change all of this with CEU Library details)
As a data subject in the context of these data processing operations, you have the following rights vis-a-vis CEU Library: information and access, rectification, deletion, restriction of data processing, data portability, and objection.





Contact us with questions or feedback,