Shorewood-Troy Public Library District Privacy Policy

Patron Privacy

The Shorewood-Troy Public Library District (the “District”) is committed to protecting patron privacy by using its best efforts to keep patron personally identifiable information confidential. The District’s commitment to patron privacy has deep roots in the law and in the ethics and practices of librarianship. The District holds true to the values of the American Library Association affirming that, “Privacy is essential to the exercise of free speech, free thought, and free association.” As such, we “protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted.” Patron privacy is governed by this Privacy Policy established by the District’s Board of Trustees and any applicable rules or regulations adopted by the District. The Director has discretion in determining what use is “in the best interest of the Library” and is authorized to act accordingly. The Board of Trustees may modify, amend or supplement this Privacy Policy, as it deems necessary and appropriate.

The Library Records Confidentiality Act protects registration and circulation records from disclosure. Although the District does everything it can in order to protect patron privacy, there are times when the District may be required by law to provide this information. Registration and circulation records may be subject to disclosure by court order or to law enforcement officials under provisions of the Library Records Confidentiality Act, the USA PATRIOT Act, or other applicable law. The District and its staff may be prohibited from reporting to you that your records have been requested or obtained by a government agency under provisions of the USA PATRIOT Act.

Information Collected

The personal information patrons provide to the District is kept confidential in accordance with the Library Records Confidentiality Act. The District will not sell, license, or disclose it to any third-party except those working under contract or as required by law. The District may collect the following personal information to access library services: ● Name ● Address ● Telephone Number ● Phone Carrier ● Email address Draft Policy 9/10/20 ● Date of Birth ● Library barcode number ● Photo ● Grade ● School and/or Teacher ● Age ● Items currently checked-out, requested, canceled holds, and interlibrary loans ● Overdue items (until returned) ● Fine history ● Sign-up information for library classes and events The District does not keep a record of patron reading history beyond operational requirements. Once a patron returns an item it is removed from the patron’s account. A patron may choose to turn on the reading history feature in their online account to keep a log of items checked out. Items with late fees will remain on a patron’s account until paid. Third-party vendors may keep a record of a patron’s borrowing history. The District uses Google Analytics to collect data about the use of the District’s website. Here is a link to their Terms of Service. The District uses this information to make improvements on its website and to track trends. Patron personal information (e.g. name, address, etc.) is not tracked by the District. Whenever possible, the District will not track patrons who have enabled the Do Not Track option in their browsers. The District’s website collects the following data: ● Anonymized internet address ● Web address of the page from which you linked to our site ● Interaction data ● Language ● Country ● State ● City ● Browser ● Operating System (PC & Mobile) ● Screen Resolution ● Age ● Gender ● Interest Affinities ● Mobile Device Draft Policy 9/10/20 Any personal information given in email messages, chat sessions, web forms, in-person or telephone reference, or other communications is only used for the purpose for which the patron submitted it and will not be used by the District for any other purpose.

The District uses an app that collects the following information in addition to library account specific information: ● Language ● Country ● State ● City ● Browser ● Operating System iOS or Android) ● Screen Resolution ● Type of Mobile Device ● Anonymized User ID Information Access All patron records are confidential. Library records may only be disclosed to: ● Library staff performing job duties; ● Cardholders upon proof of identity; ● Parents or guardians of minor children; ● Anyone with written consent of the cardholder; ● Under court order or subpoena; or ● As required under the Library Records Confidentiality Act, USA PATRIOT Act or other applicable law. If the library cardholder is under the age of 18, the parent or guardian listed in the library record may be given information about that child's record. Proof of the parent or guardian's identity is required through photo identification. The District reserves the right to associate (link) the accounts of parents and/or guardians to the accounts of their children under the age of 18. Adult patrons (age 18 and older) may grant the District permission to associate their own account to the account of other designees of their own choosing. In creating these associations, adults give permission to other adults with whom they are linked to use their personal library Draft Policy 9/10/20 cards for holds pickup, to check on or pay fees. General checkout on an adult’s card by someone other than the cardholder is not permitted. Associations may only be requested by adults who are both physically present and provide photo ID. All patrons can view and update their personal information. This can be done online via the catalog website or in person. Proof of identity through photo identification is required to update information in person. A username/library barcode and PIN are required to change this information online. Website and Public Computer Cookies A cookie is a small file sent to the browser by a website each time that site is visited. Cookies are stored on a computer and can transmit personal information. Cookies are used to remember information about preferences on the pages that are visited. A patron can refuse to accept cookies, disable cookies, and remove cookies from their device. However, this may result in a lack of access to some library services. The library’s servers use cookies to verify that a person is an authorized user. This allows a patron access to licensed third-party vendors and to customize webpages to a patron’s preferences. Cookies obey the privacy settings that a patron has chosen in their browser. The District will not share cookie information with external third parties. Data & Network Security The District uses software programs that monitor network traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. No other attempts are made to identify individual patrons or their usage habits. Public Computers & Connected Devices

The District does not keep a record of patron activities on any public computer or laptop. Any record of browsing history and activities are removed when a patron logs out. The next patron cannot see any of the previous patron’s information. All personally identifiable information is purged immediately upon the end of a public computer reservation. An anonymous log is created that includes only the computer terminal number, Draft Policy 9/10/20 reservation time, and duration of the session. These anonymous reservation statistics remain in the system for two months. Email & RSS Feeds A patron may choose to subscribe to a variety of mailing lists and/or RSS feeds from the District. The mailing lists and RSS feeds are serviced by MailChimp. See below for information about how the District works with this and other third-party vendors. Using third-party vendors The District enters into agreements with third-parties to provide online services, digital collections, streaming media content, and more. When using some of these services, a patron may also connect with social networks and other users. Third-party vendors may collect and share a patron’s information, including: ● Personally identifiable information a patron knowingly provides. This includes: when a patron registers for the site, provides feedback and suggestions, requests information, or creates shared content. ● Other information that could be used to identify a patron. This includes: a patron’s Internet Address (IP Address), search history, location-based data, and device information. ● Non-personally identifiable information. This includes: a patron’s ad views, analytics, browser information (type and language), cookie data, date/time of a request, demographic data, hardware/software type, interaction data, serving domains, page views, and the web page a patron visited immediately prior to visiting the site. ● Other data as described in the vendor's privacy policy and terms of use. For more information on these services and the types of data that is collected and shared, refer to the Terms of Use and Privacy Policies webpage. A patron may choose not to use these third- party vendors if a patron does not accept their terms of use and privacy policies. The District makes reasonable efforts to ensure that the District's contracts, licenses, and offsite computer service arrangements reflect its policies and legal obligations concerning patron privacy and confidentiality. The District’s contracts address restrictions on the use, aggregation, sharing, and sale of information, particularly about minors. The District expects vendors to: ● Follow all privacy related items in the vendor contract and licensing agreements. Draft Policy 9/10/20 ● Conform to the District’s privacy policies. ● Provide a product which complies with the Children's Online Privacy Protection Act. ● Refrain from collecting or sharing additional information about patrons, other than is needed for delivery of the District services provided. ● Have a publicly posted privacy policy. The District’s patrons must understand when using remote or third-party vendor sites that there are limits to the privacy protection the library can provide. The District also suggests links to external websites that are not under contract. A patron is not required to give these sites his/her library card or any other personally identifiable information in order to use their services. Review The Board of Trustees of the Shorewood-Troy Public Library District will review this Privacy Policy and regulations periodically and reserve the right to amend them at any time. The Board authorizes the Executive Director to waive regulations under appropriate circumstances. An appeals for changes to, or exceptions to, any portion of this Privacy Policy will be considered. An individual wishing to file an appeal shall submit it to the Executive Director in writing. The Director will respond in writing.