General statement
The University of Pennsylvania Libraries is committed to providing access to services and information online in a manner that respects your privacy. The Libraries’ policy follows privacy protections established by the University Privacy Policy and adheres to the principles of American Library Association’s Code of Ethics. In addition, the following explains the Library's specific policy and practices regarding the use of information collected online.
Personal information
We collect information from you in order to meet your needs to access Library resources and services, and to ensure the unimpeded functioning of Penn’s Libraries. In the context of this policy, the “personal information” or “personal data” we collect or store is data that either identifies you as an individual or may relate to your personal identity when combined with other information. We use that information primarily to provide services, and to satisfy legal, policy and administrative requirements.
The types of personal information that may be collected include, but are not limited to:
- Your name,
- Email address,
- PennKey,
- Numeric Penn ID,
- Affiliation, such as your school and whether you're faculty, student or some other class of user,
- The internet (IP) address of your computer, and
- Other information logged by our web servers, such as browser types, operating systems, dates and times, and referring URLs.
We do not collect information pertaining to your age, gender, race or ethnicity.
In practice, we collect personal information online from the following sources. Not every type of personal data listed above is collected by these sources:
- The Libraries’ website,
- Application that controls book circulation, fines and other account information,
- Forms used to request services, such as room reservations and chat sessions,
- Desktop computers located in our facilities,
- Card swipes at certain building entrances, and
- Library-provided applications you install in your browser, such as Lean Library and Power Notes.
Functions that require personal information
The systems listed in the previous section may be locally managed, such as our website, or managed by third-parties. The latter includes firms that provide Penn services under contract or license, for example publishers, content aggregators, and software platforms, like the vendors that manage the BorrowDirect+ service and Library circulation functions. This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website or service to which the Library links. The inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates. We encourage you to read the privacy statements of other sites for assurance that their practices safeguard your privacy.
The various Library functions that ask you to provide or rely on the use of stored personal information or data include, but are not limited to, the following:
- Checking out physical materials from Penn’s collections, including Special Collection, or through Interlibrary Loan,
- Creating of or accessing Canvas course sites,
- Requesting 3D printing, room reservations, or research consultations with librarians,
- Using communication services, for example Library Chat or LibAnswers,
- Logging in to access electronic resources, such as JStor, from off campus with a PennKey,
- Using the Libraries’ website. Web server logs capture and store your internet address, referring URL, and session data such as time/date and browser type.
- Our website and third-party sites also use cookies. Cookies are pieces of information stored directly on the computer that you are using. Cookies allow us to collect information such as browser type, time spent on the Services, pages visited, language preferences, and other traffic data. We and our third party service providers use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience. We also gather statistical information about use of the Services in order to continually improve their design and functionality, understand how they are used and assist us with resolving questions regarding them. If you do not want information collected through the use of cookies, most browsers allow you to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website. You may also wish to refer to www.allaboutcookies.org/manage-cookies/index.html. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Services.
Use of personal information
Disclosure
The Libraries do not sell personal information or data, and reject its use by licensors for promotional purposes. Unless required by contract or to comply with applicable laws and regulations, the Libraries do not disclose personal information to third parties. Library users may elect to disclose their personal information to receive added services from Library third-party contractors, once authenticated as valid users of the contracted service.
Service provision
The Libraries use personal information and data to fulfill services, as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so.
Analysis of Personal Information
We analyze personal data stored in Library and third-party systems, if available, in order to optimize services and ensure service continuity and security. Our analytical activities use only aggregated and anonymized forms of personal information based on processes that strip away personally identifiable data and reduce or synthesize that data to prevent re-identification. We retain personal information in an unmodified form only as long as required for operational purposes.
- Perform analyses and identify trends based on the use of digital systems in order to effect service improvements,
- Improve our understanding of your needs so the Libraries can deliver content that is relevant and interesting to you,
- Verify that business processes function in compliance with legal, regulatory, or contractual requirements,
- Monitor for fraudulent use of Library resources or compromises of Library systems security and user privacy,
- Evaluate the effective performance and continuity of Library services and operations, and to prevent potential hazards to those operations.
The Libraries may use Google Analytics or other web log analyzers to collect and assess information about the use of services. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at tools.google.com/dlpage/gaoptout.
Security
We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
Retention
We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you have an account with us or keep using our services); We do not retain information about materials you borrow after loans are completed.
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Other matters pertaining to privacy and security
Relevant Laws and Policies
- USA Patriot Act (Pub L. no. 107-56(2001))1
- Pennsylvania Statute regarding library circulation records(24 P.S. 4428 (2002))
- University of Pennsylvania Policy on Privacy in the Electronic Environment
These three items, taken together, generally afford privacy protection to the data described above, but also allow for disclosure in the event of authorized law enforcement investigations and limited additional situations.
Contact Us - How to contact the Libraries with privacy concerns
If you would like to contact us for any reason regarding our privacy practices, please use the following address: faq.library.upenn.edu/ask.
Changes to this Privacy Policy
The Libraries will notify you of changes to the University of Pennsylvania Libraries’ Website Privacy Policy by posting updates on this page with a notification link from our homepage.
Last Update: June 11, 2019
1For additional information regarding the Patriot Act and its impact on libraries, see www.ala.org/washoff/patriot.html.