Privacy & Confidentiality of Library Records
Approved June 9, 2020
Greenwich Library (the “Library”) is committed to protecting the privacy of all library patrons, other users and donors (collectively, “users”). This commitment is based on applicable law and on the ethics and practices of librarianship. In relevant part, Connecticut law (General Statutes of Connecticut, Chapter 190, Section 11-25) provides that:
- [R]ecords maintained by libraries that can be used to identify any library user, or link any user to a library transaction, regardless of format, shall be kept confidential, except that the records may be disclosed to officers, employees, and agents of the library, as necessary for the operation of the library.
- Information contained in such records shall not be released to any third party, except (A) pursuant to a court order, or (B) with the written permission of the library user whose personal information is contained in the records.
- No provision of this [law] shall be construed to prevent a library from publishing or making available to the public statistical reports regarding library registration and use of library materials if such reports do not contain personally-identifying information.
In furtherance of the Library’s commitment to privacy and confidentiality, it aims to collect and use information from and about its users only as required for proper operation of the Library and in order to deliver Library services to users. In addition, the Library only retains such information in accordance with the Library’s guidelines for so long as needed to satisfy the intended use of such information. Any Library record or other information collected by the Library is only subject to disclosure pursuant to a court order or as otherwise authorized by applicable law.
This Policy explains what information the Library collects from or about users and how that information is used and shared. Users can request additional information regarding the Library’s use, retention, sharing, and disposal of their information by contacting the Library staff at https://www.greenwichlibrary.org/forms/contact-library-management/ or at a Library location.
The Library collects information about users directly from users, from automatically collected network logs, and through cookies. In addition, some information may be retained in backup storage systems, hard copy form, or as required by law.
Information collected about a user may be de-identified and aggregated with information collected about other users such that the information cannot be used to reasonably identify any individual user. Among other things this aggregated information helps the Library to provide and improve Library services, analyze usage, provide security, support donor outreach, and identify new users of Library services.
Users can manage most of their information within their registered user account or by contacting the Library staff at (203) 625-6524, email@example.com, or at a Library location.
Depending on the user’s engagement with the Library and its services, the Library may collect the information described below from users. Such engagement includes: registration for a Library card or an online user account, requests for or borrowing Library materials, email queries relating to the Library and its services, donations to the Library, and participation in Library programs or events. With respect to a user’s Library account, users are responsible for keeping their information accurate and up to date. Below are examples of information that users provide to the Library:
- Personal Information that can personally identify a user, such as a user’s name, physical address, email address, phone number, patron barcode, payment information, and linked account information, and other similar information.
- Residency/Employment Information, including a copy of government-issued identification or other proof of residency, reviewed (but not retained) to verify eligibility for access to Library services and materials.
- Login Credentials, including username, password, and set of personal questions that are provided as part of the process to create an online account.
- Library Records containing personal information relating to a user’s use of the Library’s materials, and participation in Library programs or events.
- Shared Content created by users, such as book recommendations, that they choose to make public on the Library’s website and social media accounts or their Bibliocommons accounts.
The Library does not collect the information listed above without user consent. The Library maintains any such information confidentially, and does not sell, license, or disclose personal information to any third party without user consent, except on a confidential basis to an agent working under contract with the Library or as required by law.
When users utilize the Library’s services, including its website, mobile applications, and booking calendar, the Library’s computer servers automatically capture and retain data regarding such usage. Below are examples of information that the Library collects automatically on an anonymized basis (i.e., the user’s personal information is not included):
- User’s Internet Protocol (IP address)
- User’s location
- Device data including hardware address and type of device
- Web browser used
- Date and time of access
- Website used before arriving at the Library’s website
- Pages viewed on the Library’s website
- Certain searches/queries conducted
Users are encouraged to consult the Library’s Use of Digital Resources Policy for additional information regarding the use of Library computers or the Library’s wireless internet connection.
The Library’s use of personal information will vary depending on the type of services accessed by such user. Below are some examples of ways in which the Library utilizes the user’s information described in “Data Collection” above to provide services.
- Personal information and residency, employment, or school verification are used to issue Library cards and to provide access to the Library’s Innovation Lab.
- Login credentials, library records, and shared content are used, in accordance with the instructions you provide and the preferences you establish, to enhance or personalize the Library’s services.
- Library records are used to maintain the Library’s collection and to manage payment of users’ fines and fees.
- Personal information, login credentials, and residency verification are used to provide access to e-books, audiobooks, and other digital materials.
- Personal information is used to further engage with the users through outreach, advocacy, marketing, and fundraising campaigns on behalf of the Library.
- Personal information and library records are used in connection with meeting room use and program and event attendance.
- Cookies are used to collect information about user activity, browser, and device in order to provide Library services.
Library staff may access personal data only for the purpose of performing their assigned Library duties. The Library’s internal policies prohibit staff from disclosing any personal data collected from users to any other party except to the extent necessary to fulfill a user’s service request, where required by law, or otherwise with the user’s consent.
In connection with providing services to users, the Library may share user’s information with third-parties as follows:
- As required by law: Any Library record or other information collected by the Library is subject to disclosure pursuant to a court order or as otherwise authorized by applicable law.
- Shared content: Users may choose to share content, such as book lists and recommendations, through the Library’s online services, in which case such information will be publicly accessible.
- Fundraising and Marketing Outreach: The Library will from time to time send requests to support the Library to users who have expressed interest in the Library’s programs or services. The Library does not sell or license information about its users or donors nor does it send donor solicitation mailings on behalf of any other organization
The Children’s Online Privacy Protection Act regulates online collection of information from children under the age of 13. The Library uses filtering software on its computers to restrict access to certain types of sites based on the Children’s Internet Protection Act guidelines. Parents and guardians of children under the age of 13 may view their children’s Library records. Parents and guardians of children between the ages of 13 and 17 (inclusive) may also view their children’s Library records, but require their children’s consent. The Library may require parents and guardians to sign consent forms for the collection of information about their children before they gain access to optional programs and services, such as enrolled programs.
The Library may partner with third-party services to provide educational content for children online. Parents and guardians should review those services’ privacy policies before permitting their children to use them. Such services may require parental or guardian consent for use by children.
The Library has physical, electronic, and administrative measures in place to prevent unauthorized access to the information collected. Although these measures are designed to be effective, the Library cannot assure that such measures will function as intended. Users are cautioned that any electronic communication utilizing the internet or a wireless network is subject to unauthorized interception.
By visiting a Library location, using its services, using the Library website, downloading the Library’s mobile applications or content, or donating to the Library, users are deemed to have agreed to this Policy. The Library may update this Policy from time to time, and will notify users by posting the updated Policy to its website, by sending users an email or by some other means. Users also agree to let the Library use email and postal addresses to communicate about Library programs, services, events, fundraising efforts, and more.
Replaces Privacy and Confidentiality Policy
Adopted November 5, 2013