GDPR

Arena is continuously developed to meet the GDPR (General Data Protection Regulation) requirements. The following has been implemented so far:

• A user can read all information stored in the system (both Arena and backend information) on the My Profile page, under top heading My profile. The backend decides what user information is stored and returned in a call from Arena.
• A user will be reminded to check the profile information in the system regularly. A reminder text is shown (in the login portlet) if the profile information has not been updated for a set number of days (default 365 days; set by Axiell). The user has two choices:
• Go to my profile and possibly update the information.
• Dismiss the text. It is the backend that decides if this feature is used or not.

• There are links to the informative text about loan history and general agreements on the My Profile page, for a user to read (if enabled in the portlet). In My Profile, under Registered accounts the user can enable/disable loan history (the loan history itself is found on the page where the Loan history portlet has been added).
• A user can choose to delete their account by contacting library staff who deletes the account in the backend. All data stored in Arena will then also be deleted. If the user has a nick/display name it will be anonymised. Written reviews are not deleted but shown with the anonymised nick/display name.
• When registering for an event, the user’s email address is stored along with the number of registered attendees, for the library to be able to inform about updates or cancellation of events. The stored information is deleted when:
  • The event has been completed
  • The event has been cancelled