Penn Libraries Privacy Policy

Main content

General statement

The University of Pennsylvania Libraries is committed to providing access to services and information online in a manner that respects your privacy. The Libraries’ policy follows privacy protections established by the University Privacy Policy and adheres to the principles of American Library Association’s Code of Ethics. In addition, the following explains the Library's specific policy and practices regarding the use of information collected online.

Personal information

We collect information from you in order to meet your needs to access Library resources and services, and to ensure the unimpeded functioning of Penn’s Libraries. In the context of this policy, the “personal information” or “personal data” we collect or store is data that either identifies you as an individual or may relate to your personal identity when combined with other information. We use that information primarily to provide services, and to satisfy legal, policy and administrative requirements.

The types of personal information that may be collected include, but are not limited to:

  • Your name,
  • Email address,
  • PennKey,
  • Numeric Penn ID,
  • Affiliation, such as your school and whether you're faculty, student or some other class of user,
  • The internet (IP) address of your computer, and
  • Other information logged by our web servers, such as browser types, operating systems, dates and times, and referring URLs.

We do not collect information pertaining to your age, gender, race or ethnicity.

In practice, we collect personal information online from the following sources.  Not every type of personal data listed above is collected by these sources:

  • The Libraries’ website,
  • Application that controls book circulation, fines and other account information,
  • Forms used to request services, such as room reservations and chat sessions,
  • Desktop computers located in our facilities,
  • Card swipes at certain building entrances, and
  • Library-provided applications you install in your browser, such as Lean Library and Power Notes.

Functions that require personal information

The systems listed in the previous section may be locally managed, such as our website, or managed by third-parties. The latter includes firms that provide Penn services under contract or license, for example publishers, content aggregators, and software platforms, like the vendors that manage the BorrowDirect+ service and Library circulation functions. This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website or service to which the Library links. The inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates. We encourage you to read the privacy statements of other sites for assurance that their practices safeguard your privacy.

The various Library functions that ask you to provide or rely on the use of stored personal information or data include, but are not limited to, the following:

Use of personal information


The Libraries do not sell personal information or data, and reject its use by licensors for promotional purposes. Unless required by contract or to comply with applicable laws and regulations, the Libraries do not disclose personal information to third parties. Library users may elect to disclose their personal information to receive added services from Library third-party contractors, once authenticated as valid users of the contracted service.

Service provision

The Libraries use personal information and data to fulfill services, as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so.

Analysis of Personal Information

We analyze personal data stored in Library and third-party systems, if available, in order to optimize services and ensure service continuity and security. Our analytical activities use only aggregated and anonymized forms of personal information based on processes that strip away personally identifiable data and reduce or synthesize that data to prevent re-identification. We retain personal information in an unmodified form only as long as required for operational purposes.

The Libraries may use Google Analytics or other web log analyzers to collect and assess information about the use of services. You can learn about Google’s practices by going to, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at


We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.


We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.

The criteria used to determine our retention periods include:

Other matters pertaining to privacy and security

Relevant Laws and Policies

These three items, taken together, generally afford privacy protection to the data described above, but also allow for disclosure in the event of authorized law enforcement investigations and limited additional situations.

Contact Us - How to contact the Libraries with privacy concerns

If you would like to contact us for any reason regarding our privacy practices, please use the following address:

Changes to this Privacy Policy

The Libraries will notify you of changes to the University of Pennsylvania Libraries’ Website Privacy Policy by posting updates on this page with a notification link from our homepage.

Last Update: June 11, 2019


1For additional information regarding the Patriot Act and its impact on libraries, see