The New York Public Library Privacy Policy
Arabic | العَرَبِية · Bengali | বাঙালি · Chinese (Simplified) | 简体中文 · Chinese (Traditional) | 繁體中文 · English · French | Français · Haitian Creole | kreyòl ayisyen · Korean | 한국어 · Polish | Polski · Russian | Русский · Spanish | Español · Urdu | اُردُو
Revised: September 2021
1. Your right to privacy
Privacy is essential to the exercise of free speech, free thought, and free association. The New York Public Library (“NYPL” or “Library”) is committed to protecting your privacy, whether you are a patron, visitor, and/or donor. This Privacy Policy explains what information we collect from you and why.
By using our website, attending our events, participating in our programs, downloading our mobile applications, accessing our databases, visiting a Library location, or donating to us, you agree to this policy.
With your consent, you agree to let us use your email address and/or phone number and postal address to communicate with you about our programs, services, and fundraising efforts. However, in accordance with New York State law (NY CPLR Section 4509) and our own commitment to your privacy, information about materials that you check out and information that you access is kept confidential.
This Privacy Policy may change from time to time and we will notify you by posting such changes on our website, so we encourage you to check back periodically for updates. We will alert you to material changes that have been made by indicating on the policy the date it was last updated, by placing a notice on our website, by sending you an email, and/or by some other means.
2. What personal information does NYPL collect and store, why and what do we do with it?
We collect information about you in three ways:
- directly from you,
- from automatically collected network logs, and
- through cookies.
We typically keep information only for so long as it is needed for the proper operation of the Library and in order to deliver better Library services to you. We may retain some information in backup storage systems, hard copy form, or as required by law. We collect different types of information from you depending on how you choose to engage with our Library services and the information needed in order to provide you with access to those services. We only collect the minimum we need to deliver the service you are using at the time and we do our best to remove it at the earliest possible opportunity.
2.a Information that you provide
When you register for an account for our Library services or to get a Library card, we ask you to share certain information with us. If you register with us, we offer you the opportunity to review and, when practical, to update, change, or delete some information you have provided us. You can do this by:
- logging into your cardholder account on our website
- asking our staff to assist you by phone at 1-917-ASK-NYPL
- emailing us at gethelp@nypl.org
- visiting a Library location and speaking to our staff
If you deactivate your library card account or delete key information—such as your Library card number—you may not be able to continue using certain Library services that require registration.
- The information that you provide can include personally identifiable information (PII), where you live, shared content, social media information, login credentials (email address, password, Library card barcode number and pin, or other login mechanisms depending on the system), and your Library account record. For additional details about these information types, please see our Further Privacy Details and Information page.
2.b Information collected and stored automatically
When you use our Library services, such as our website and mobile applications, our computer servers automatically capture and save information electronically about your usage of our Library services. Again, we make sure to only collect the minimum amount of data needed for our services to work. In most cases we do not store this data; while we do sometimes look at the data in aggregate, we do not focus on you as an individual. Examples of information that we may collect include the Internet Protocol Address (IP Address) of the computer you are using; your general location; type of web browser, operating system, or electronic device; date, time, and length of your visit; the website that you visited immediately before arriving at our own website; pages that you visited on our website; and searches/queries that you conducted or other interaction data. Note that this information is captured in aggregate and not in any individually identifiable way. For additional details about these information types, please see our Further Privacy Details and Information page.
If you are using a Library-provided device, we may also record your Library card’s barcode, time and length of your session, and the websites that you visited. If you are using our public Wi-Fi network, we may, in addition, also collect the MAC address and name of your Wi-Fi device.
Cookies. A cookie is a small data file sent from your web browser to a web server and is stored on your computer’s, or electronic device’s, hard drive. They are generated by websites to provide users with a personalized and often simplified online experience. You have the option of disabling such cookies if you choose to. If you prefer, you can usually remove or reject browser cookies through the settings on your browser or device. Most web browsers are set to accept cookies by default. Keep in mind, though, that removing or rejecting cookies could affect the availability and functionality of our Library services.
Security Cameras: For more information about footage from security cameras used in NYPL buildings, please see our Further Privacy Details and Information page.
2.c Patron circulation records
When you create an account for a card in our circulating Library, we require that you provide certain personal information—such as a name, address, email, phone number, date of birth. We hold onto this information for only as long as you keep an NYPL account. You can, at any time, close your account, which will then delete this information from our circulation system. Even while you have an active circulating Library account, our systems only retain the information about your borrowing records for the time during which those items (books, CDs, etc.) are on loan to you. And, as long as there are no outstanding fines on the borrowed materials, we delete the record of those loans soon after you return the borrowed materials.
Outside of our circulation system, there are other places in the Library—such as in our Research Division, NYPL classes and programming, or via third-party vendors, etc.—where information you have provided would be retained or deleted under different guidelines. See, in particular, Section 3 (“Third-party vendors and websites”), Section 4.a (“Personal information used by NYPL”), and Section 4.c (“When You Share Content with the Broader Public”).
3. Third-party vendors and websites
We often use third-party Library service providers and technologies to help deliver some of our services to you, including our cataloguing services, online services such as databases, digital classes and programs, digital collections, streaming media content, communications to you, collaboration, projects, etc. We will make every effort to let you know when a third-party company is being used to deliver our services. If and when you choose to use such services, we may need to share your information with these third parties, but only as necessary for them to provide the services on behalf of NYPL. We may also display links taking you to third-party services or content. By following these links, you may be providing information (including, but not limited to personal information such as your name, username, email address, and password) directly to a third party, to us, or to both.
By using these services, you will be acknowledging and agreeing that NYPL is not responsible for how those third parties collect or use your information.
Library patrons must understand when using remote or third-party vendor sites that there are limits to the privacy protection the Library can provide.
We make reasonable efforts to ensure that third parties conform to NYPL’s Privacy Policy and we ensure that they comply with the Children's Online Privacy Protection Act. We continually monitor and evaluate such vendors to ensure that their policies remain in line with our requirements of them or our formal agreements with them.
We also make reasonable efforts to ensure that the Library's contracts, licenses, and offsite computer service arrangements reflect our policies and legal obligations concerning patron privacy and the confidentiality of patron data.
The Library expects third-party service providers to:
- Conform to Library privacy policies.
- Provide a service that complies with the Children's Online Privacy Protection Act.
- Refrain from collecting or sharing additional information about patrons, other than what is needed for delivery of the Library services provided.
- Have a publicly posted privacy policy.
Where we negotiate contracts to use third-party services, those services must also be in keeping with our privacy values.
There are instances where terms of use are not individually negotiated. In those instances, we educate staff who are making such purchasing decisions so that they are aware of our expectations regarding privacy, and they remain vigilant to ensure the services are in line with our values.
Third-party service providers may collect and share your information, including:
- Personally identifiable information you knowingly provide. This includes when you register for access to their site, provide feedback and suggestions, request information, or create shared content.
- Other information that you may not knowingly provide, but that could be used to identify you, such as your Internet Protocol Address (IP Address), search history, location-based data, and device information.
- Biometric data such as facial recognition, voice recognition. For more information, please see our Further Privacy Details and Information page.
- Non-personally identifiable information. This includes advertisements on the pages that you visit, analytics, browser information (type and language), cookie data, date/time of your request, demographic data, hardware/software type, interaction data, serving domains, page views, and the web page you visited immediately prior to visiting the third-party site.
- Other data as described in the vendor's privacy policy and terms of use.
For more information on these services and the types of data that are collected and shared, refer to the Terms of Use and Privacy Policies on their webpages. You may choose not to use these third-party services if you do not accept their terms of use and privacy policies. Please take the time to read them carefully.
We encourage you to review the privacy policies of every third-party website or service with whom you interact through our Library services. You can always choose not to use third-party websites or services if you do not accept their privacy policies.
The Library also suggests links to external websites that are not under contract or our direct control. In these instances, you are not required to give these sites your Library card or any other personally identifiable information in order to use their services.
4. How is my personal information used and who has access to it?
4.a Personal information used by NYPL
Depending on the specific Library services you choose to use, the following are some examples of the ways we use your information in order to provide those services to you.
We use:
- Residency verification for Library cards.
- Personal information for Library records—such as book borrowing details, help desk and reference queries, fine/fee payments, surveys, and promotional and fundraising campaigns.
- Login Credentials, Shared Content and Cookies for delivery of enhanced or personalized services.
- When you sign up for a digital library card through your mobile device, we verify that you are in our service area by checking the geo-location of your device. We do not store or keep this data.
For additional examples and details, please see our Further Privacy Details and Information page.
4.b Aggregated data
Sometimes the information collected about you through any of our services may be de- identified and aggregated with other information collected about other users, visitors, or donors. This de-identified and aggregated information cannot be used to reasonably identify you. The information we compile like this helps us to administer services, analyze usage, provide security, and count the number of new people using our Library services. In addition, it helps us to improve your user experience and allows the Library to promote its work to stakeholders and donors, and advocate for additional support for our services and resources.
4.c Personal information which NYPL shares
- When You Share Content with the Broader Public. If you choose to share content or comments through our programs or online services, the Shared Content may be publicly accessible. If you do not want to share content publicly, you may be able to use your privacy settings to limit sharing (see our for additional information), but not always. You may delete some content that you have shared, but some interactive shared content may persist in association with you and/or your registered user account, even after your account is terminated. Therefore, you should keep this in mind when participating in shared content activity through our Library services. We will make every attempt to make it clear before you contribute (at the point of submission/participation): a) whether this information will become public, and b) whether you have control over your content once submitted.
- Fundraising Outreach. We do not rent or sell your personal information, but, as is customary in the nonprofit world, we do share names and postal addresses of our donors (only) with some other nonprofit cultural organizations. Sharing this information with other reputable charitable organizations is the most cost-effective way to offer our services to new users, share program offerings, and attract new donors. If you would prefer that your information not be shared with other organizations, (a) click here to request removal from the exchange, or (b) contact the Development Office by phone at 212-930-0653 or email friends@nypl.org.
- Funders and Other Contributors. We are often only able to provide certain programs and services, which we would not otherwise be able to afford, due to the generous support of donors, funders, and contributors. These funds are occasionally dependent upon NYPL complying with the reporting requirements of the donor, funder, or contributor. If you participate in these optional programs and services, your information may be included in these reports. When appropriate and practical, we will tell you the names of funders and contributors associated with these programs and services, as well as what data and information we may need to share with them, in the registration process.
5. Your choice and consent
You can manage most information within your registered user account or you can ask our staff to assist you by phone at 1-917-ASK-NYPL, by emailing us at gethelp@nypl.org, or by visiting a Library location and speaking to our staff. Our information storage systems are configured in a way that helps us to protect information from accidental or malicious destruction. To that purpose, the information we collect is also saved, on the same terms we have outlined above, in backup storage systems. Therefore, any update, change, or deletion you make to your information or preferences may not immediately be reflected in all copies of the information we have and may not be removed from our backup storage systems until they are updated and overwritten.
For more information about the choices and control over your personal information, please refer to our Further Privacy Details and Information page.
6. Legal Requests
Sometimes the law requires us to share your information, such as if we receive a valid subpoena, warrant, or court order. On such occasions, we will share your information if:
- Our careful review leads us to believe that the subpoena, warrant, or court order is valid, and that the law, including state privacy law applicable to Library records, requires us to do so.
OR - The Library is the complainant.
OR - Exigent circumstances exist (for example, a life-and-death emergency or the risk of serious physical injury).
As explained earlier above, we are bound by New York State CPLR Section 4509, which specifically protects library patron data.
If NYPL receives a valid subpoena, warrant, or court order for a patron’s information, it is our policy to notify the patron via email before any information is disclosed, with certain exceptions such as being required by authorities not to contact the patron, or if we have no way to contact the patron.
7. Children’s Information
The Children’s Online Privacy Protection Act (COPPA) regulates online collection of information from children under the age of 13. If you are under the age of 13, you may not be allowed to use our online services without your parent’s or guardian’s permission, especially when your personal information may be automatically collected. Parents and guardians of children under the age of 13 may view their children’s Library records.
Parents and guardians of children between the ages of 13 and 17 (inclusive) may also view their children’s Library records, but require their children’s consent to do so. We may partner with third-party services to provide educational content for children. Parents and guardians should review those services’ privacy policies before permitting their children to use them. Parents and guardians may also need to sign additional consent forms for the collection of information about their children before they can gain access to optional programs and services, such as our enrolled programs.
For more information about internet safety for minors, please see the Library’s Internet Safety for Children and Teens notice.
8. Public Computers and Connected Devices
The Library does not keep a record of your activities on any Library-provided computer or laptop. Any records of browsing history and activities are removed when you log out. The next patron cannot see any of your information. Please see our Further Privacy Details and Information page for more information.
All personally identifiable information is purged within 24 hours of the end of your public computer reservation. An anonymous log is created that includes only the computer terminal number, reservation time, and duration of the session. These anonymous reservation statistics remain in the system.
All connected devices you borrow from the Library (e.g. tablets, e-readers) have their history manually cleared by Library staff immediately after you return the device.
9. Data and Network Security
The Library uses software programs that monitor network traffic and computer activity to identify and prohibit unauthorized attempts to compromise Library technology, including preventing malware, viruses, and bad actors from entering the Library’s network, or otherwise disrupt Library operations. No attempts are made by the Library to identify individual patrons or their usage habits and no software is installed on patron-owned devices. Please see Section 2.b (“Information collected and stored automatically”) and our Further Privacy Details and Information page for further clarification.
10. For more information
If you have questions or concerns about our Privacy Policy and practices, please send an e-mail to privacy@nypl.org.
You can also contact our help desk (AskNYPL) by:
- Phoning 917-ASK-NYPL (917-275-6975).
- Submitting a question through our webform.
- Writing to us at:
AskNYPL
The New York Public Library
SC Mezzanine
476 Fifth Ave.
New York, NY 10018
In addition, general contact information for NYPL can be found on our Contact Us page.
For more information about NYPL’s specific privacy practices, please refer to our Further Privacy Details and Information page.
Arabic | العَرَبِية · Bengali | বাঙালি · Chinese (Simplified) | 简体中文 · Chinese (Traditional) | 繁體中文 · English · French | Français · Haitian Creole | kreyòl ayisyen · Korean | 한국어 · Polish | Polski · Russian | Русский · Spanish | Español · Urdu | اُردُو