Privacy Policy | Data Protection Guarantee

1. Introduction and Scope

The Sofia City Library is committed to protecting the privacy and personal data of all our users, visitors, and stakeholders. This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our library services, visit our facilities, or interact with our digital platforms.

This policy applies to all personal data processing activities conducted by the Sofia City Library, including but not limited to library membership registration, book lending services, event participation, digital resource access, and general facility usage.

2. Data Controller Information

The Sofia City Library acts as the data controller for all personal information collected and processed through our services. We are responsible for ensuring that your personal data is handled in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and Bulgarian data protection legislation.

As a public institution serving the citizens of Sofia, Bulgaria, we maintain the highest standards of data protection and privacy compliance in all our operations.

3. Personal Data We Collect

Registration and Membership Data

Full name and contact information (address, phone number, email)
Date of birth and identification document details
Library membership number and registration date
Emergency contact information when required

Usage and Activity Data

Books borrowed, returned, and reservation history
Digital resource access logs and usage patterns
Event attendance and program participation records
Computer and internet usage within library facilities

Technical Data

IP addresses and device information for digital services
Website cookies and browsing behavior on our platforms
Security camera footage within library premises
WiFi connection logs and network usage data

4. Legal Basis and Purpose of Processing

We process your personal data based on several legal grounds under GDPR Article 6, including legitimate interests for library operations, contract performance for membership services, and legal obligations for record-keeping requirements.

Primary Purposes: Providing library services, maintaining accurate lending records, ensuring facility security, improving user experience, complying with legal and regulatory requirements, and facilitating educational and cultural programs.

We also process data to communicate important information about library services, overdue materials, upcoming events, and policy changes that may affect your library experience.

5. Data Sharing and Third Parties

The Sofia City Library does not sell, rent, or trade your personal information to third parties for commercial purposes. We may share limited data only in specific circumstances:

With authorized government agencies when legally required
With our technology service providers under strict confidentiality agreements
With partner libraries for interlibrary loan services
With emergency services when necessary for safety and security

All third parties who may access your data are contractually bound to maintain the same level of data protection and confidentiality that we uphold.

6. Your Rights Under GDPR

As a data subject, you have comprehensive rights regarding your personal information:

Right of Access: Request copies of your personal data we hold
Right to Rectification: Correct inaccurate or incomplete information
Right to Erasure: Request deletion of your data under certain conditions
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a structured format
Right to Object: Oppose processing based on legitimate interests

To exercise any of these rights, please visit our main information desk or submit a written request. We will respond to all legitimate requests within one month of receipt.

7. Data Security and Retention

We implement robust technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include encrypted data storage, secure network protocols, regular security audits, and staff training on data protection best practices.

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected. Membership records are typically maintained for the duration of active membership plus seven years for administrative purposes. Lending history may be anonymized for statistical analysis after the retention period expires.

8. Cookies and Digital Tracking

Our website uses essential cookies to ensure proper functionality and improve user experience. We also employ analytics cookies to understand how visitors interact with our digital services, helping us enhance our online offerings.

You can control cookie preferences through your browser settings. However, disabling certain cookies may limit your ability to use some features of our digital services.

9. Children's Privacy

We are committed to protecting the privacy of children who use our services. For users under 16 years of age, we require parental or guardian consent for membership registration and data processing. We collect only the minimum necessary information for children's accounts and apply additional safeguards to protect their personal data.

10. Policy Updates and Changes

This Privacy Policy may be updated periodically to reflect changes in our practices, services, or applicable laws. We will notify users of significant changes through our website, email communications, or posted notices within library facilities. Continued use of our services after policy updates constitutes acceptance of the revised terms.

We encourage all users to review this policy regularly to stay informed about how we protect and handle your personal information.