Privacy at NYPL: Further Privacy Details and Information

QUESTION: What are the “information types” that patrons might choose to provide to NYPL (as mentioned in Section 2.a of the NYPL Privacy Policy)?

When you register for an account for our Library services or to get a Library card, we ask you to share certain information with us. If you register with us, we offer you the opportunity to review and, when practical, to update, change, or delete some information you have provided us. If you deactivate your library card account or delete key information—such as your Library card number—you may not be able to continue using certain Library services that require registration.

Below are some of the information types patrons might choose to provide the Library and what they might encompass.

Personally Identifiable Information (PII): Any information that can personally identify you, such as your name, physical address, email address, phone number, Library barcode, payment information, and other similar information.
Residency Verification: This is proof of information, such as from a driver’s license, other government-issued identification, and utility bills containing a postal address (click here for a complete list of acceptable forms of proof of residency), used only to verify address and date of birth. We do not store any other information from your verification document(s).
Shared Content: This includes anything created by you that you choose to make public by using our Library services. Your registered user account and any information you have chosen to display may accompany your shared content.
Social Media Information: This includes the option of using your social media accounts and posting content on our social media pages, our crowdsourcing sites, or elsewhere on the Internet, and such information you allow to be shared with us.
Login Credentials: This includes username, password, and a set of personal questions about you and is provided as part of the process to create an online user account which allows you to view your Library Records at any time by logging into your account.
Library Record: This contains your Personal Information related to your personal use of circulating and non-circulating Library materials, including, but not limited to, computer database searches, interlibrary-loan transactions, reference queries, emails, faxes, requests for photocopies of Library materials, title reserve requests, and the use of audio-visual materials such as films and music.

QUESTION: What are the “information types” that NYPL might automatically collect about a patron (as mentioned in Section 2.b of the NYPL Privacy Policy)?

When you use our Library services, such as our website and mobile applications, our computer servers automatically capture and save information electronically about your usage of our Library services. Again, we make sure to only collect the minimum amount of data needed for our services to work. In most cases we do not store this data; while we do sometimes look at the data in aggregate, we do not focus on you as an individual. Examples of information that we may collect include the Internet Protocol (IP) address of the computer you are using; your general location; type of web browser, operating system, or electronic device; date, time, and length of your visit; the website that you visited immediately before arriving at our own website; pages that you visited on our website; and searches/queries that you conducted or other interaction data. Note that this information is captured in aggregate and not in any individually-identifiable way.

Below are examples of information types we may automatically collect about a patron.

Your Internet Protocol (IP) Address: for example, this is briefly used to verify your location when applying for a digital library card, but is not stored beyond the verification process.
Your Location: for example, this is also used, but not stored, to verify your location when applying for a digital library card, or briefly when using SimplyE or our other mobile apps to verify your eligibility for a library card.
Kind of Web Browser, Operating System, or Electronic Device You Use: this data is used in aggregate and is not specific to you, but is used for us to gather overall metrics about how our digital products and services are used.
Date, Time, and Length of Your Visit: this data is used in aggregate and is not specific to you, but is used for us to gather overall metrics about how our digital products and services are used.
Website You Visited Immediately Before Arriving at Our Website: it is not captured in any individually identifiable way—this data is used in aggregate and is not specific to you, but is used for us to gather overall metrics about how our digital products and services are used.
Pages You Viewed on Our Website: this data is used in aggregate and is not specific to you, but is used for us to gather overall metrics about how our digital product and services are used.
Certain Searches/Queries that You Conducted, or Other Interaction Data: this data is used in aggregate and is not specific to you, but is used for us to gather overall metrics about how our digital product and services are used.

QUESTION: How is my personal information used and who has access to it? (from Sec. 4.a)

Depending on the specific Library services you choose to use, the following are some examples of the ways we use your information in order to provide those services to you.

Library Records: Library records are records that contain names or other personally identifiable details regarding library users and include, but are not limited to, circulation records, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies, title reserve requests, or the use of a/v, films, or phonorecords.
Personal Information and Residency Verification to Issue Library Cards: If a user chooses to provide an email address, NYPL may use it to send account alerts and other communications. We use Library Records to assist in maintaining our collections and to verify records of users’ paid and unpaid fines.
Shared Content, Login Credentials, and Library Records: Used, as allowed by you and in accordance with the preferences you have established, to deliver enhanced or personalized services.
Personal Information, Login Credentials, and Residency Verification: Used to provide access to e-books through our mobile applications.
Personal Information: Used when collecting or processing payments, fines, and retail shop purchases.
Personal Information: Used to administer promotions and surveys.
Personal Information: Used to provide opportunities to further engage with the Library through advocacy and fundraising campaigns.
Cookies: These are small files of letters and numbers that we store on your browser or the hard drive of your computer. They can be stored either for a single browser session or more permanently. We use cookies to collect information about your browsing activities, distinguish you from other users, provide functionality, and analyze use of Library services. The types of cookies we may use to collect information are as follows:
- Strictly necessary cookies. Some cookies are strictly necessary to make Library services available to you. We cannot provide you with the Services without this type of cookies.
- Functional cookies. These are used to recognize you when you return to the Library services. This enables us to adapt our content for you and remember your preferences (for example, your choice of language or region).
- Analytical or Performance cookies. We also use cookies for analytics purposes in order to operate, maintain, and improve our services. We may use our own analytics cookies or use third-party analytics providers such as Google Analytics to collect and process certain analytics data on our behalf. These providers may also collect information about your use of other websites, apps, and online resources. You can opt out of Google Analytics by installing Google’s browser plug-in located here.

QUESTION (from section 4.a): How does NYPL use my information?

In addition to library card account information, the Library may use additional information for the following purposes to enhance and improve services:

Event registration information, including name and email address
Education programs
- We collect PII as part of enrollment-based programs
- We use PII for internal/external evaluations
- We use photos/videos of program participants on our website (with consent)
- We use work product on our web (with consent)
- Ed tech software programs/platforms by which NYPL or patron establishes an account or to which we give access
- Collect information for NYPL newsletters
- So that patrons can be given access to NYPL “Studio 40” (at the Stavros Niarchos Foundation Library (SNFL)) and to provide pre-training
- For state-funded programs (such as literacy and language training)
- For career services programs
Enrollment information for programs and classes (e.g., ESOL, technology classes, programs for kids and teens)
Anonymized or aggregated information from surveys (gender, income, education), other data collected anonymously, and used in the aggregate
E-communications: email addresses and e-communication preferences are collected to send e-newsletters to subscribers
Advocacy campaign information: information including name, address, and email address is collected for advocacy campaigns; patron messages and information may be sent to elected officials during the campaign as described on advocacy web pages
Fundraising: name, address, and donation history (NO credit card history, or other institutions to which people have given) are used in order to suggest donation amounts
Third-party services may use information according to their own privacy policies

In every case where possible, we inform patrons when and how their information is used for the program’s purposes.

QUESTION (from section 4.c): What does “sharing content publicly” mean and how can I control it?

If you choose to share content or comments through our programs or online services, the Shared Content may be publicly accessible. You may be able to delete some content that you have shared, but some interactive shared content may persist in association with you and/or your registered user account, even after your account is terminated. Below are some examples of the types of content that may be shared publicly.

Survey comments that are anonymized or used with permission (e.g., anonymous quotes given in answering surveys)
Blog comments, comments or ‘likes’ on social media, library-campaign comments, and submissions (e.g., digital ‘sticky notes’)
Public reviews (e.g. reviews posted on Google business, App Store, Google Play)
Photos which may be shared after the Library obtains release/permission

QUESTION (from section 5): What choices do I have in managing my Library account information?

You can manage most information within your registered user account or you can ask our staff to assist you by phone at 1-917-ASK-NYPL, by emailing us at gethelp@nypl.org, or by visiting a Library location and speaking to our staff. Our information storage systems are configured in a way that helps us to protect information from accidental or malicious destruction. To that purpose, the information we collect is also saved, on the same terms we have outlined above, in backup storage systems. Therefore, any update, change, or deletion you make to your information or preferences may not immediately be reflected in all copies of the information we have and may not be removed from our backup storage systems until they are updated and overwritten.

QUESTION: How do I manage my e-communications from the Library, including e-newsletters, library information, fundraising messages, and more?

There are many ways you can manage the communications you receive electronically from the Library. Some examples are below.

Manage your existing NYPL e-newsletter subscriptions: If you would like to select which e-newsletters you receive from NYPL, click on the "Manage Subscriptions" link at the bottom of the NYPL e-newsletter you received or click here.
Unsubscribe from one NYPL e-newsletter or a type of message: If you would like to unsubscribe from a certain e-newsletter or type of email message from NYPL, click "1-Click Unsubscribe" at the bottom of the NYPL email you received. Your removal will be processed instantly.
Unsubscribe from all NYPL emails: Click here to be removed from all NYPL emails, including e-newsletters, event invitations, action alerts, and fundraising messages.
You can always contact Ask NYPL for more information or for information about how to navigate your choices.

QUESTION: How do I remove myself from postal mail (snail mail) related to fundraising?

To be removed from fundraising postal mail, please contact friends@nypl.org.

Occasionally, Library cardholders may receive postal mail related to your library card/account. To request deletion of your library card account, see question above regarding Section 5 of the Privacy Policy.

QUESTION (from section 2.b): What type of information is captured and stored by NYPL’s security cameras?

Our security cameras are located inside of—and often on the exterior—of most of our facilities. Footage from these cameras is for monitoring Library security only, is kept for a maximum of 30 days, and is shared outside of NYPL only under subpoena or warrant, as specified in the ‘Legal Requests’ section (Section 6) of our Privacy Policy.

QUESTION (from section 3): What kind of biometric data and information is captured by NYPL’s third-party services?

When you use a service that the Library does not own, that service might collect data about you or people near you. That data can include biometric data such a sounds of voices or images of faces captured by your computer or mobile device. For example, if you take part in an online program from home, voices or faces of people in your home could be captured.

The Library does not collect or control data gathered by third-party services. Though we take steps to vet these services, be sure to read the Privacy Policy of any services you use through the Library. Voice and facial data can be used by third parties, along with other data they collect through services the Library does not use.

QUESTION: How does the SimplyE app use my information?

ANSWER: SimplyE is an NYPL-designed application whose creation incorporated best-practice privacy controls including the following:

The "camera" permission is used when you wish to take a picture of your library card number rather than type it in. Many of our patrons already have physical library cards and this feature was added for convenience. The image is not saved as a photo on your device. On newer devices you do have the option to allow the app to use this feature. On older models you can disable this feature after you download the app by going to the app settings.
The "Location" feature is used only to verify that you are in New York State when you first apply for an NYPL library card. When you register for a card, you are asked to enable Location Access. However, your GPS location is not sent to any server. If your device is not within New York State, the SimplyE mobile app simply won’t initiate the signup process. The signup process itself doesn't receive or store location data. If you already have a library card, you can opt to disable Location Access at any time.
The "storage" permission is needed to store downloaded e-books on your device storage.
The "Wi-Fi" permission allows the app to check to see if Wi-Fi is enabled. You can also choose to have the app only use Wi-Fi and not network data to access e-books.
The current release of the SimplyE mobile app asks for permission to use the device microphone, but this is unnecessary, because SimplyE never actually accesses the device microphone. This was caused by a mistake on our part; SimplyE does not need this permission, never accesses the device microphone, and as of the next release will not ask for access to it.

The descriptions of the permissions seen on the Play Store description of the SimplyE mobile app are Google’s general descriptions of what an app with these permissions could do. They don’t represent what the SimplyE mobile app actually does. As an example, an app with the “take pictures and videos” permission can use the device camera whenever the app is open, but SimplyE only uses it in one specific situation: when a patron wants to take a picture of their library card.

The source code underlying the SimplyE mobile app is available for public inspection, and we welcome bug reports, especially regarding security and privacy problems.

We do not use or access these features to do anything other than the specific activities described above.

Please feel free to contact NYPL if you have further questions about the SimplyE app or any of NYPL's services.

QUESTION (from section 8): When I use an NYPL public computer or NYPL Wi-Fi, what happens to my data?

When you make a reservation to use a Library desktop computer or Library laptop, your barcode number, date, and time of reservation are recorded for a period of 30 days. After this time, the data is anonymized for statistical reporting and kept indefinitely.

When you connect your device to NYPL Wi-Fi, your device's MAC address and confirmation that you have accepted the terms of services is stored for seven days.

All NYPL web traffic is filtered for compliance with the Children’s Internet Protection Act (CIPA). The filtering system logs top level domains visited, category of the site, data/time of the visit, disposition (i.e., whether access to a particular website was allowed, blocked, etc.), and IP address of the requesting system. Content viewed or transferred is not monitored or logged. Personally Identifiable Information (PII) is not stored with this data. This non-PII data is retained for a period of 30 days.

QUESTION (from section 10): How can I reach someone at NYPL to ask a privacy question or questions about my personal data held by the Library or by its vendors?

If you have questions or concerns about our Privacy Policy and practices, please send us an e- mail at privacy@nypl.org.

You can also contact our help desk (Ask NYPL) by:

Phoning 917-ASK-NYPL (917-275-6975)
Submitting a question through our webform.
Writing to us at:
Ask NYPL
The New York Public Library
SC Mezzanine
476 Fifth Ave.
New York, NY 10018

In addition, general contact information for NYPL can be found here.

Privacy at NYPL: ​Further Privacy Details and Information