Privacy & Confidentiality of Library Records

Approved June 9, 2020

For definitions and other information relevant to understanding Library Policies, please see Introduction to Library Policies.
The Library is committed to protecting the privacy of all library users and donors. This commitment is based on applicable law and on the ethics and practices of librarianship. In relevant part, Connecticut law (General Statutes of Connecticut, Chapter 190, Section 11-25) provides that:

  • [R]ecords maintained by libraries that can be used to identify any library user, or link any user to a library transaction, regardless of format, shall be kept confidential, except that the records may be disclosed to officers, employees and agents of the library, as necessary for operation of the library.
  • Information contained in such records shall not be released to any third party, except (A) pursuant to a court order, or (B) with the written permission of the library user whose personal information is contained in the records.
  • No provision of this [law] shall be construed to prevent a library from publishing or making available to the public statistical reports regarding library registration and use of library materials, if such reports do not contain personally identifying information.

In furtherance of the Library’s commitment to privacy, it aims to collect and use information from and about its users only as required for proper operation of the Library and in order to deliver Library services. In addition, the Library only retains such information in accordance with Library guidelines for so long as needed to satisfy the intended use of such information. Any Library record or other information collected by the Library is only subject to disclosure pursuant to a court order or as otherwise authorized by applicable law.

This Policy explains what information the Library collects from or about users and how that information is used and shared. Users can request additional information regarding Library use, retention, sharing, and disposal of their information by contacting the Library staff at https://www.greenwichlibrary.org/forms/contact-library-management/ or at a Library location.

Data Collection. The Library collects information about users directly from users, from automatically-collected network logs, and through cookies. In addition, some information may be retained in backup storage systems, hard copy form, or as required by law.

Information collected about a user may be de-identified and aggregated with information collected about other users such that the information cannot be used to reasonably identify any individual user. Among other things this aggregated information helps the Library to provide and improve Library services, analyze usage, provide security, support donor outreach, and identify new users of Library services.

Users can manage most of their information within their registered user account or by contacting the Library staff at (203) 625-6524, lendingservices@greenwichlibrary.org, or at a Library location.

User-Provided Data. Depending on the user’s engagement with the Library and its services, the Library may collect the information described below from users. Such engagement includes: registration for a Library card or an online user account, requests for or borrowing of Library materials, email queries relating to the Library and its services, donations to the Library, and participation in Library programs or events. With respect to a user’s Library account, users are responsible for keeping their information accurate and up to date. Below are examples of information that users provide to the Library:

  • Personal Information that can personally identify a user, such as a user’s name, physical address, email address, phone number, patron barcode, payment information, and linked account information and other similar information.
  • Residency/Employment Information, including a copy of government-issued identification or other proof of residency, reviewed (but not retained) to verify eligibility for access to Library services and materials.
  • Login Credentials, including username, password and set of personal questions that are provided as part of the process to create an online account.
  • Library Records containing personal information relating to a user’s use of the Library’s materials, and participation in Library programs or events.
  • Shared Content created by users, such as book recommendations, that they choose to make public on the Library’s website and social media accounts or their Bibliocommons accounts.

The Library does not collect the information listed above without user consent. The Library maintains any such information confidentially, and does not sell, license, or disclose personal information to any third party without user consent, except on a confidential basis to an agent working under contract with the Library or as required by law.

Automatically-Collected Data. When users utilize Library services, including its website, mobile applications. and booking calendar, the Library’s computer servers automatically capture and retain data regarding such usage. Below are examples of information that the Library collects automatically on an anonymized basis (i.e., the user’s personal information is not included):

  • User’s Internet Protocol (IP address)
  • User’s location
  • Device data including hardware address and type of device
  • Web browser used
  • Date and time of access
  • Website used before arriving at the Library website
  • Pages viewed on the Library website
  • Certain searches/queries conducted

Users should consult the Use of Electronic Resources Policy for additional information regarding use of Library computers or the Library’s wireless internet connection.

Cookies. Cookies are small data files generated when users access the Library website, as well as any third party sites linked to our website, to provide users with a personalized and often simplified online experience. Such websites use cookies to verify that a person is an authorized user in order to allow access to licensed Library resources, to customize web pages to that user’s specifications, and to analyze how visitors use the websites. Users may disable cookies by changing their browser setting, but should note that portions of websites may not function well in that case.

Data Usage. Library use of personal information will vary depending on the type of services accessed by such user. Below are some examples of ways in which the Library utilizes the user’s information to provide services.

  • Personal information and residency, employment, or school verification are used to issue Library cards and to provide access to the Library’s Innovation Lab.
  • Login credentials, library records, and shared content are used, in accordance with the instructions you provide and the preferences you establish, to enhance or personalize the Library’s services.
  • Library records are used to maintain the Library collection and to manage payment of users’ fines and fees.
  • Personal information, login credentials, and residency verification are used to provide access to e-books, audio books and other digital materials.
  • Personal information is used to further engage with the users through outreach, advocacy, marketing, and fundraising campaigns on behalf of the Library.
  • Personal information and library records are used in connection with meeting room use and program and event attendance.
  • Cookies are used to collect information about user activity, browser, and device in order to provide Library services.

Library staff may access personal data only for the purpose of performing their assigned Library duties. Library internal policies prohibit staff from disclosing any personal data collected from users to any other party except to the extent necessary to fulfill a user’s service request, where required by law, or otherwise with the user’s consent.

Data Sharing. In connection with providing services to users, the Library may share user’s information with third-parties as follows:

  • As required by law: Any Library record or other information collected by the Library is subject to disclosure pursuant to a court order or as otherwise authorized by applicable law.
  • Shared content: Users may choose to share content, such as book lists and recommendations, through the Library’s online services, in which case such information will be publicly accessible.
  • Services providers: The Library maintains licenses with a variety of third-party service providers to provide e-content and databases to users through Library computers or the Library website. The Library seeks to ensure that its agreements with such service providers reflect the Library Policies concerning privacy and confidentiality. In addition, the Library provides limited information that authenticates a user. Nevertheless, users must be aware when accessing third party sites they are subjecting themselves to the privacy policy and practices of such sites and the Library is not responsible for how the third parties collect or use a user’s information. The Library encourages users to review the privacy policies of all third-party providers.
  • Fundraising and Marketing Outreach: The Library will from time to time send requests to support the Library to users or others who have expressed interest in Library programs or services. The Library does not sell or license information about its users or donors nor does it send donor solicitation mailings on behalf of any other organization.

Minors’ Data. The Children’s Online Privacy Protection Act regulates online collection of information from children under the age of 13. The Library uses filtering software on its computers to restrict access to certain types of sites based on the Children’s Internet Protection Act guidelines. Parents and guardians of children under the age of 13 may view their children’s Library records. Parents and guardians of children between the ages of 13 and 17 (inclusive) may also view their children’s Library records, but require their children’s consent. The Library may require parents and guardians to sign consent forms for the collection of information about their children before they gain access to optional programs and services, such as enrolled programs. The Library may partner with third-party services to provide educational content for children online. Parents and guardians should review those services’ privacy policies before permitting their children to use them. Such services may require parental or guardian consent for use by children.

Security. The Library has physical, electronic, and administrative measures in place to prevent unauthorized access to the information collected. Although these measures are designed to be effective, the Library cannot assure that such measures will function as intended. Users are cautioned that any electronic communication utilizing the internet or a wireless network is subject to unauthorized interception.

General. By visiting the Library, using its services, using the Library website, downloading Library mobile applications or content, or donating to the Library, users are deemed to have agreed to this Policy. Users agree to let the Library use email and postal addresses to communicate about Library programs, services, events, fundraising efforts, and more.