Privacy Statement

Downstate.edu's Commitment to Privacy

At the State University of New York (SUNY) Downstate Medical Center University Hospital of Brooklyn, we are committed to protecting your privacy and making it easier and more efficient for individuals and businesses to interact with SUNY Downstate. We recognize that it is critical for individuals and businesses to be confident that their privacy is protected when they visit downstate.edu. You can travel through most of downstate.edu without giving us any information about yourself. Sometimes we do need information to provide services that you request, and this commitment of privacy explains our online information practices.

SUNY Downstate does not collect any personal information about you unless you provide that information voluntarily by sending an e-mail, completing the SUNY Downstate Information Request Form, or completing the online application.

This policy is consistent with the provisions of the Internet Security and Privacy Act, the Freedom of Information Law, and the Personal Privacy Protection Law.

 

Information Collected Automatically When You Visit downstate.edu

When visiting downstate.edu, SUNY automatically collects and stores the following information about your visit:

  • The Internet Protocol address of the computer that accessed our Web site
  • The type of browser, its version and the operating system on which that browser is running
  • The Web page from which the user accessed the current Web page
  • The date and time of the user's request
  • The pages that were visited and the amount of time spent at each page 

None of the above-mentioned information is deemed to constitute personal information by the Internet Privacy and Security Act. The information that is collected automatically is used to improve downstate.edu's content and to help SUNY Downstate understand how users are interacting with its Web site. This information is collected for statistical analysis and to determine what information is of most and least interest to our users. The information is not collected for commercial marketing purposes and SUNY Downstate is not authorized to sell or otherwise disclose the information collected from downstate.edu for commercial marketing purposes.

 

Information Collected When You E-mail downstate.edu or Complete a Transaction

During your visit to downstate.edu you may send an e-mail to SUNY Downstate. Your e-mail address and the contents of your message will be collected. The information collected is not limited to text characters and may include audio, video, and graphic information formats included in the message. Your e-mail address and the information included in your message will be used to respond to you, to address issues you identify, to improve this Web site, or to forward your message to another SUNY Downstate campus for appropriate action. Your e-mail address is not collected for commercial purposes and SUNY Downstate is not authorized to sell or otherwise disclose your e-mail address for commercial purposes.

During your visit to downstate.edu you may complete a transaction such as an online application or the SUNY Downstate Information Request Form. The information collected by SUNY Downstate, including personal information volunteered by you in completing the transaction, is used by SUNY Downstate and may be disclosed by SUNY Downstate for those purposes that may be reasonably ascertained from the nature and terms of the transaction in which the information was submitted.

SUNY Downstate does not knowingly collect personal information from children under the age of 13 or create profiles of children under the age of 13. Users are cautioned, however, that the collection of personal information submitted in an e-mail will be treated as though it was submitted by an adult, and may, unless exempted from access by federal or State law, be subject to public access.

 

Disclosure of Information Collected Through This Web site

The collection of information through downstate.edu and the disclosure of that information are subject to the provisions of the Internet Security and Privacy Act. SUNY Downstate will only collect personal information through downstate.edu or disclose personal information collected through downstate.edu if the user has consented to the collection or disclosure of such personal information. The voluntary disclosure of personal information to SUNY Downstate by the user, constitutes consent to the collection and disclosure of the information by SUNY Downstate for the purposes for which the user disclosed the information to SUNY Downstate.

However, SUNY Downstate may collect or disclose personal information without consent if the collection or disclosure is: (1) necessary to perform the statutory duties of SUNY Downstate, or necessary for SUNY Downstate to operate a program authorized by law, or authorized by state or federal statute or regulation; (2) made pursuant to a court order or by law; (3) for the purpose of validating the identity of the user; or (4) of information to be used solely for statistical purposes that is in a form that cannot be used to identify any particular person. 

Further, the disclosure of information, including personal information, collected through downstate.edu is subject to the provisions of the Freedom of Information Law and the Personal Privacy Protection Law. 

SUNY Downstate may disclose personal information to federal or state law enforcement authorities to enforce its rights against unauthorized access or attempted unauthorized access to SUNY Downstate’s information technology assets.

 

Retention of Information Collected Through this Web site

The information collected through downstate.edu is retained by SUNY Downstate in accordance with the records retention and disposition requirements of the New York State Arts & Cultural Affairs Law. Information on the requirements of the Arts & Cultural Affairs Law may be found here. In general, the Internet services logs of SUNY Downstate, comprising electronic files or automated logs created to monitor access and use of Agency services provided through downstate.edu, are retained for 21 business days and then destroyed. Information concerning these records retention and disposition schedules may be obtained through the Internet privacy policy contact listed in this policy.

 

 

Access to and Correction of Personal Information Collected Through this downstate.edu

Any user may submit a request to SUNY Downstate's privacy director to determine whether personal information pertaining to that user has been collected through suny.edu. Any such request shall be made in writing and must be accompanied by reasonable proof of identity of the user. Reasonable proof of identity may include verification of a signature, inclusion of an identifier generally known only to the user, or similar appropriate identification. The address of the security officer is:

Security Officer
SUNY Downstate Medical Center
Information Services
450 Clarkson Ave.
Box #17
Brooklyn, New York 11203

The security officer shall, within five (5) business days of the receipt of a proper request, provide access to the personal information; deny access in writing, explaining the reasons therefore; or acknowledge the receipt of the request in writing, stating the approximate date when the request will be granted or denied, which date shall not be more than thirty (30) days from the date of the acknowledgment. 

In the event that SUNY Downstate has collected personal information pertaining to a user through downstate.edu and that information is to be provided to the user pursuant to the user’s request, the privacy director shall inform the user of his or her right to request that the personal information be amended or corrected under the procedures set forth in section 95 of the Public Officers Law.

 

 

Confidentiality and Integrity of Personal Information Collected Through downstate.edu

SUNY Downstate is strongly committed to protecting personal information collected through downstate.edu against unauthorized access, use or disclosure. Consequently, SUNY Downstate limits employee access to personal information collected through downstate.edu to only those employees who need access to the information in the performance of their official duties. Employees who have access to this information follow appropriate procedures in connection with any disclosures of personal information

In addition, SUNY Downstate has implemented procedures to safeguard the integrity of its information technology assets, including, but not limited to, authentication, authorization, monitoring, auditing, and encryption. These security procedures have been integrated into the design, implementation, and day-to-day operations of downstate.edu as part of our continuing commitment to the security of electronic content as well as the electronic transmission of information.

For Web site security purposes and to maintain the availability of downstate.edu for all users, SUNY Downstate employs software to monitor traffic to identify unauthorized attempts to upload or change information or otherwise damage downstate.edu.

 

Cookies

Cookies are small pieces of information that are stored by the user's browser on the hard drive of your computer. Downstate.edu does not use cookies.

 

 

Disclaimer

The information provided in this privacy policy should not be construed as giving business, legal, or other advice, or warranting as fail proof, the security of information provided through downstate.edu.

 

 

Contact Information

For questions regarding this Internet privacy policy, please contact our security officer via regular mail at:

 

Security Officer
SUNY Downstate Medical Center
Information Services
450 Clarkson Ave.
Box #17
Brooklyn, New York 11203 

 

Definitions

The following definitions apply to, and appear in italics, in this policy:

Personal information: For purposes of this policy, “personal information” means any information concerning a natural person which, because of name, number, symbol, mark, or other identifier, can be used to identify that natural person.

User: shall have the meaning set forth in subdivision 8 of section 202 of the State Technology Law.