Privacy and confidentiality of library records and data at the New York Law Institute June 2023

Policy summary

This privacy policy (the “Privacy Policy”) explains your privacy and confidentiality rights and responsibilities, the steps The New York Law Institute (the “New York Law Institute,” “we,” “us” or “our”) takes to respect and protect your privacy when you use our resources, and how we handle personally identifiable information we collect from our patrons, including without limitation through our website, available at: https://www.nyli.org/, as well as information collected through any of our products and services that are accessible via those websites (collectively, the “Site”).

Please contact a member of the NYLI staffif you have questions about this policy. We take your privacy rights seriously and are here to help.

Introduction

The New York Law Institute takes steps to protect the privacy and confidentiality of all library patrons. Our commitment to your privacy and confidentiality has deep roots not only in the law but also in the ethics and practices of librarianship. In accordance with Article III of the American Library Association’s Code of Ethics: “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted.” The New York Law Institute’s privacy and confidentiality policies are in compliance with applicable federal, state, and local laws.

State law requires us to protect your library records from disclosure if a member of the public or the media requests them. Library records include your circulation records, your name together with your address or telephone number, and your email address. Library records may be subject to disclosure to law enforcement officials under provisions of state law, the USA PATRIOT Act, in a civil lawsuit or in connection with a valid court or other legal order. We may be prohibited from disclosing to you that your records have been sought or obtained by law enforcement under provisions of the USA PATRIOT Act.

Privacy and confidentiality policy

We publicly post our privacy and information-gathering policies. We avoid creating unnecessary records, retaining records not needed for library business purposes, and engaging in practices that might place personally identifiable information on public view without your consent.

Information we may collect and retain about library patrons includes the following:

• Information required to register for a library card/barcode (e.g., name, firm, address, telephone number, email address);
• Information regarding your account (e.g., username and password);
• Records of material checked out, charges owed, and payments made;
• Records of electronic access information such as the barcode number used to log onto remote library electronic resources;
• Requests for interlibrary loan or reference service;
• Registration information for library webinars and programs;
• Information about topics searched for in electronic resources;
• Information contained in documents saved on our public computers after usage;
• Information submitted in connection with poetry or other contests;
• Information about authors, attendees, or other visitors related to book clubs and webinars; and
• Information related to payments such as a billing contact’s phone number, address, and email (but we do not collect payment card information)

 

Access to accounts and patron responsibility

Protecting Your Library Barcode

It is your responsibility to notify the library immediately if you believe someone is using your barcode number without your permission. We encourage you to protect your barcode and password for your privacy and security.

Keeping Account Information Up-To-Date

You may access your personally identifiable information held by us via the MyNYLI Account link on our website and are responsible for keeping your information accurate and up-to-date. If you have questions about the process for accessing your information or if you would like to have it updated, please contact us as specified in the “Contact Us” section of this Privacy Policy.

Security Measures

We take reasonable steps and follow generally accepted industry data practices to protect personal information submitted to us from accidental loss and from unauthorized access, use, alteration, and disclosure.  We take steps to de-identify personally identifiable information when using it to create aggregate, summary data.  

Our policies and procedures limit access to data and ensure that those individuals with access do not use the data for unauthorized purposes. We limit access through the use of strong passwords that are changed regularly and store data on secure servers or computers.

Staff may access personally identifiable information stored in our computer systems only for the purpose of performing their assigned library duties. Staff will not disclose any personally identifiable information to any third party except as permitted herein, where required by law or to fulfill your service request.

Children’s Personal Information

The Site is geared toward a general audience, is not directed to children under 13 years of age and we do not knowingly collect personal information from children under the age of 13.  If we become aware that we have collected personal information from a child under the age of 13, we will promptly delete the information, unless we are legally obligated to retain such information.  If you believe a child under the age of 13 may have provided us with personal information, please contact us as specified in the “Contact Us” section of this Privacy Policy.

Cookies

A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer or mobile phone or device browser from a website’s server and is stored on your device’s hard drive. Each website can send its own cookie to your browser if the browser preferences you have set allow it.

We use cookies in order to verify that you are an authorized user and to allow access to licensed library resources such as our eBooks and databases.  Cookies are text files with small pieces of data — like a username and password — that are used to identify your computer as you use a computer network. When users access our remote resources, they are logged in via our proxy server (OCLC EZProxy) which uses cookies in order to keep users logged in and to provide us with usage statistics for the length of their user/browser session.  EZProxy sessions last 2 hours after the last remote resource has been used and then users are automatically logged off.

You can control or delete cookies, or otherwise manage cookies, through your browser or device settings. For more details, please visit https://www.allaboutcookies.org or https://www.aboutcookies.org. Please understand, however, that you may be unable to use all of the functionality of our services and the Site if you choose to reject cookies.

 

Google Analytics

We use Google Analytics to collect data about the use of our website. We use this information to make improvements on our website and to track trends. Our website collects the following data via Google Analytics:

• Browser type
• Anonymized internet address
• Operating system type
• Web address of the page from which you linked to our site
• Device
• Network service provider
• Interaction data

You may opt out of having your data used by Google Analytics by following the instructions to install a browser add-on at: https://tools.google.com/dlpage/gaoptout/.

Public Computers

The library does not keep a record of your activities on any public computer or laptop. Any record of browsing history and activities are removed by the Reference Staff periodically.

 

In-Person Visits to the Library

If you visit NYLI in person, you will be required to provide personal information, including contact information (name, employer, telephone number, email address, etc.). 

 

Third-Party Vendors

The library enters into agreements with third-parties to provide online services, digital collections, and more.  Third-party vendors may collect and share your information, including:

• Personally identifiable information you knowingly provide. This includes: when you register for the site, provide feedback and suggestions, request information, or create shared content.
• Other information that could be used to identify you. This includes: your Internet Protocol Address (IP Address), search history, location-based data, and device information.
• Technical usage information. This includes: your ad views, analytics, browser information (type and language), cookie data, date/time of your request, demographic data, hardware/software type, interaction data, serving domains, page views, and the web page you visited immediately prior to visiting the site.
• Other data as described in the vendor’s privacy policy and terms of use.

For more information on these services and the types of data that is collected and shared, refer to their Terms of Use and Privacy Policies webpage. You may choose not to use these third-party vendors if you do not accept their terms of use and privacy policies. Please read them carefully.

We make reasonable efforts to ensure that the library’s contracts and licenses reflect our policies and legal obligations concerning patron privacy and confidentiality. The library expects vendors to:

• Follow all privacy related items in the vendor contract and licensing agreements.
  • Refrain from collecting or sharing additional information about customers, other than is needed for delivery of the library services provided.
  • Have a publicly posted privacy policy.
  • Library patrons must understand when using remote or third-party vendor sites that there are limits to the privacy protection the library can provide.

Third party services provided through the New York Law Institute have other terms and policies that affect the privacy of your personally identifiable information. You must understand when accessing remote or third party vendor sites that there are limits to the privacy protection we can provide, and your privacy rights with respect to such third parties shall be governed solely by the terms and conditions of the respective third party’s policies. This policy does not apply to information collected by means not described herein, or information collected by third parties, third-party websites, or content or applications of third parties, including any that may be linked to or accessible from or on the Site.

NYLI’s Third-Party Vendors & their Privacy Policies

• Adobe Digital Editions: https://www.adobe.com/privacy/policies/ade.html
• Altarama (Reftracker): https://altarama.com/privacy-policy/
• Google Analytics: https://policies.google.com/privacy?hl=en-US
• Hein-Online: https://help.heinonline.org/kb/what-is-heinonlines-privacy-policy/
• LLMC-Digital: https://llmc.com/privacy.aspx
• MailChimp (Intuit): https://accounts-help.intuit.com/app/privacy
• MonsterInsights: https://www.monsterinsights.com/privacy-policy/
• OCLC EZProxy: https://policies.oclc.org/en/privacy/privacy-statement.html
• OverDrive: https://company.cdn.overdrive.com/policies/privacy-policy.htm
• Proquest Congressional and Proquest EBL eBooks: https://about.proquest.com/en/about/privacy-policy/
• Quickbooks (Intuit): https://accounts-help.intuit.com/app/privacy
• Sirsi Dynix EOS: https://www.sirsidynix.com/privacy/
• SpringShare (LibGuides): https://springshare.com/privacy.html
• Zoho (Creator): https://www.zoho.com/privacy.html

We will periodically update this page to reflect additions and removals to our list of third-party vendors.  Please contact the Library Director if you would like additional information.

General Data Protection Regulation (“GDPR”)

We process personal information for the purposes described in this Privacy Policy.  We use different legal bases under the GDPR for processing personal information depending on whether the processing is:

• based on your consent;
• necessary for the performance of a contract;
• necessary to comply with a legal, regulatory, tax or other obligation;
• necessary for our legitimate interests, such as offering products and services based on user interests, improving services, managing customer relationships and preventing fraud.

Where we obtain your consent to collect and use your personal information, you may withdraw your consent at any time by contacting us as described in the “Contact Us” section of this Privacy Policy.  This will not impact the lawfulness of any processing based on consent prior to its withdrawal.

You may exercise your rights with respect to your personal information as set forth in the “Requests” section of this Privacy Policy.

You may also have the right to lodge a complaint with the data protection authority in your jurisdiction if you believe that a violation of applicable data protection law in your jurisdiction has occurred.

Requests

If you have a question, concern, or complaint about our handling of your personally identifiable information or this policy you may contact the New York Law Institute’s Executive Director at the email address listed in the “Contact Us” section of this Privacy Policy.  You may also contact the New York Law Institute’s Executive Director if you wish to access, correct, amend, know, update, request restrictions on the use of, transfer or delete personal information about you. It is the policy of the New York Law Institute not to treat any person who chooses to exercise any of the foregoing rights in a discriminatory manner. In responding to your request, we may request information from you and use information previously collected to verify your identity, or take other actions that we believe are appropriate.

Please understand that we may not be able to alter or delete your personal information if we are required under applicable law to maintain that information. While we will make reasonable efforts to accommodate your request, we are not obligated to comply with requests that are unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In some circumstances, we may charge a reasonable fee to fulfill your request, if allowed or required by applicable law.

The Executive Director is custodian of library records and is authorized to receive or comply with public records requests or inquiries from law enforcement officers. The Director may delegate this authority to designated members of our management team. We will not make library records available to any agency of state, federal, or local government unless a subpoena, warrant, court order or other investigatory document is issued by a court of competent jurisdiction, showing good cause and in proper form. We have trained all library staff and volunteers to refer any law enforcement inquiries to the Executive Director.

While we will make reasonable efforts to accommodate your request, we also reserve the right to impose certain restrictions and requirements on such requests, if allowed or required by applicable law.

Changes to our Privacy Policy

We may update this policy to reflect changes to our information practices. If we make any material changes to how we treat the personal information of visitors to the library or whom access the library services, we will provide notice by updating the date the policy was last revised.  We encourage you to periodically review this page to learn of any changes we have made to this policy.

Contact Us

If you have any comments or questions about this Privacy Policy or our personal information practices, please contact us by email at lcurcigonzalez@nyli.org.