Privacy is essential to the exercise of free speech, free thought, and free association. The New York Public Library (“NYPL” or “Library”) is committed to protecting your privacy, whether you are a patron, visitor, and/or donor. This Privacy Policy explains what information we collect from you and why.
By using our website, attending our events, participating in our programs, downloading our mobile applications, accessing our databases, visiting a Library location, or donating to us, you agree to this policy.
With your consent, you agree to let us use your email address and/or phone number and postal address to communicate with you about our programs, services, and fundraising efforts. However, in accordance with New York State law (NY CPLR Section 4509) and our own commitment to your privacy, information about materials that you check out and information that you access is kept confidential.
This Privacy Policy may change from time to time and we will notify you by posting such changes on our website, so we encourage you to check back periodically for updates. We will alert you to material changes that have been made by indicating on the policy the date it was last updated, by placing a notice on our website, by sending you an email, and/or by some other means.
We collect information about you in three ways:
We typically keep information only for so long as it is needed for the proper operation of the Library and in order to deliver better Library services to you. We may retain some information in backup storage systems, hard copy form, or as required by law. We collect different types of information from you depending on how you choose to engage with our Library services and the information needed in order to provide you with access to those services. We only collect the minimum we need to deliver the service you are using at the time and we do our best to remove it at the earliest possible opportunity.
When you register for an account for our Library services or to get a Library card, we ask you to share certain information with us. If you register with us, we offer you the opportunity to review and, when practical, to update, change, or delete some information you have provided us. You can do this by:
If you deactivate your library card account or delete key information—such as your Library card number—you may not be able to continue using certain Library services that require registration.
When you use our Library services, such as our website and mobile applications, our computer servers automatically capture and save information electronically about your usage of our Library services. Again, we make sure to only collect the minimum amount of data needed for our services to work. In most cases we do not store this data; while we do sometimes look at the data in aggregate, we do not focus on you as an individual. Examples of information that we may collect include the Internet Protocol Address (IP Address) of the computer you are using; your general location; type of web browser, operating system, or electronic device; date, time, and length of your visit; the website that you visited immediately before arriving at our own website; pages that you visited on our website; and searches/queries that you conducted or other interaction data. Note that this information is captured in aggregate and not in any individually identifiable way. For additional details about these information types, please see our Further Privacy Details and Information page.
If you are using a Library-provided device, we may also record your Library card’s barcode, time and length of your session, and the websites that you visited. If you are using our public Wi-Fi network, we may, in addition, also collect the MAC address and name of your Wi-Fi device.
Cookies. A cookie is a small data file sent from your web browser to a web server and is stored on your computer’s, or electronic device’s, hard drive. They are generated by websites to provide users with a personalized and often simplified online experience. You have the option of disabling such cookies if you choose to. If you prefer, you can usually remove or reject browser cookies through the settings on your browser or device. Most web browsers are set to accept cookies by default. Keep in mind, though, that removing or rejecting cookies could affect the availability and functionality of our Library services.
Security Cameras: For more information about footage from security cameras used in NYPL buildings, please see our Further Privacy Details and Information page.
When you create an account for a card in our circulating Library, we require that you provide certain personal information—such as a name, address, email, phone number, date of birth. We hold onto this information for only as long as you keep an NYPL account. You can, at any time, close your account, which will then delete this information from our circulation system. Even while you have an active circulating Library account, our systems only retain the information about your borrowing records for the time during which those items (books, CDs, etc.) are on loan to you. And, as long as there are no outstanding fines on the borrowed materials, we delete the record of those loans soon after you return the borrowed materials.
Outside of our circulation system, there are other places in the Library—such as in our Research Division, NYPL classes and programming, or via third-party vendors, etc.—where information you have provided would be retained or deleted under different guidelines. See, in particular, Section 3 (“Third-party vendors and websites”), Section 4.a (“Personal information used by NYPL”), and Section 4.c (“When You Share Content with the Broader Public”).
We often use third-party Library service providers and technologies to help deliver some of our services to you, including our cataloguing services, online services such as databases, digital classes and programs, digital collections, streaming media content, communications to you, collaboration, projects, etc. We will make every effort to let you know when a third-party company is being used to deliver our services. If and when you choose to use such services, we may need to share your information with these third parties, but only as necessary for them to provide the services on behalf of NYPL. We may also display links taking you to third-party services or content. By following these links, you may be providing information (including, but not limited to personal information such as your name, username, email address, and password) directly to a third party, to us, or to both.
By using these services, you will be acknowledging and agreeing that NYPL is not responsible for how those third parties collect or use your information.
Library patrons must understand when using remote or third-party vendor sites that there are limits to the privacy protection the Library can provide.
We make reasonable efforts to ensure that third parties conform to NYPL’s Privacy Policy and we ensure that they comply with the Children's Online Privacy Protection Act. We continually monitor and evaluate such vendors to ensure that their policies remain in line with our requirements of them or our formal agreements with them.
We also make reasonable efforts to ensure that the Library's contracts, licenses, and offsite computer service arrangements reflect our policies and legal obligations concerning patron privacy and the confidentiality of patron data.
The Library expects third-party service providers to:
Where we negotiate contracts to use third-party services, those services must also be in keeping with our privacy values.
There are instances where terms of use are not individually negotiated. In those instances, we educate staff who are making such purchasing decisions so that they are aware of our expectations regarding privacy, and they remain vigilant to ensure the services are in line with our values.
Third-party service providers may collect and share your information, including:
For more information on these services and the types of data that are collected and shared, refer to the Terms of Use and Privacy Policies on their webpages. You may choose not to use these third-party services if you do not accept their terms of use and privacy policies. Please take the time to read them carefully.
We encourage you to review the privacy policies of every third-party website or service with whom you interact through our Library services. You can always choose not to use third-party websites or services if you do not accept their privacy policies.
The Library also suggests links to external websites that are not under contract or our direct control. In these instances, you are not required to give these sites your Library card or any other personally identifiable information in order to use their services.
Depending on the specific Library services you choose to use, the following are some examples of the ways we use your information in order to provide those services to you.
For additional examples and details, please see our Further Privacy Details and Information page.
Sometimes the information collected about you through any of our services may be de- identified and aggregated with other information collected about other users, visitors, or donors. This de-identified and aggregated information cannot be used to reasonably identify you. The information we compile like this helps us to administer services, analyze usage, provide security, and count the number of new people using our Library services. In addition, it helps us to improve your user experience and allows the Library to promote its work to stakeholders and donors, and advocate for additional support for our services and resources.
You can manage most information within your registered user account or you can ask our staff to assist you by phone at 1-917-ASK-NYPL, by emailing us at gethelp@nypl.org, or by visiting a Library location and speaking to our staff. Our information storage systems are configured in a way that helps us to protect information from accidental or malicious destruction. To that purpose, the information we collect is also saved, on the same terms we have outlined above, in backup storage systems. Therefore, any update, change, or deletion you make to your information or preferences may not immediately be reflected in all copies of the information we have and may not be removed from our backup storage systems until they are updated and overwritten.
For more information about the choices and control over your personal information, please refer to our Further Privacy Details and Information page.
Sometimes the law requires us to share your information, such as if we receive a valid subpoena, warrant, or court order. On such occasions, we will share your information if:
As explained earlier above, we are bound by New York State CPLR Section 4509, which specifically protects library patron data.
If NYPL receives a valid subpoena, warrant, or court order for a patron’s information, it is our policy to notify the patron via email before any information is disclosed, with certain exceptions such as being required by authorities not to contact the patron, or if we have no way to contact the patron.
The Children’s Online Privacy Protection Act (COPPA) regulates online collection of information from children under the age of 13. If you are under the age of 13, you may not be allowed to use our online services without your parent’s or guardian’s permission, especially when your personal information may be automatically collected. Parents and guardians of children under the age of 13 may view their children’s Library records.
Parents and guardians of children between the ages of 13 and 17 (inclusive) may also view their children’s Library records, but require their children’s consent to do so. We may partner with third-party services to provide educational content for children. Parents and guardians should review those services’ privacy policies before permitting their children to use them. Parents and guardians may also need to sign additional consent forms for the collection of information about their children before they can gain access to optional programs and services, such as our enrolled programs.
For more information about internet safety for minors, please see the Library’s Internet Safety for Children and Teens notice.
The Library does not keep a record of your activities on any Library-provided computer or laptop. Any records of browsing history and activities are removed when you log out. The next patron cannot see any of your information. Please see our Further Privacy Details and Information page for more information.
All personally identifiable information is purged within 24 hours of the end of your public computer reservation. An anonymous log is created that includes only the computer terminal number, reservation time, and duration of the session. These anonymous reservation statistics remain in the system.
All connected devices you borrow from the Library (e.g. tablets, e-readers) have their history manually cleared by Library staff immediately after you return the device.
The Library uses software programs that monitor network traffic and computer activity to identify and prohibit unauthorized attempts to compromise Library technology, including preventing malware, viruses, and bad actors from entering the Library’s network, or otherwise disrupt Library operations. No attempts are made by the Library to identify individual patrons or their usage habits and no software is installed on patron-owned devices. Please see Section 2.b (“Information collected and stored automatically”) and our Further Privacy Details and Information page for further clarification.
If you have questions or concerns about our Privacy Policy and practices, please send an e-mail to privacy@nypl.org.
You can also contact our help desk (AskNYPL) by:
In addition, general contact information for NYPL can be found on our Contact Us page.
For more information about NYPL’s specific privacy practices, please refer to our Further Privacy Details and Information page.