INTERNET PRIVACY POLICY
10.
Introduction Thank you for visiting the HEAP Oil Buying Program’s
("HEAPOil”) website. This website was developed by the New York State
Energy Research and Development Authority (NYSERDA) to make it easier and more
efficient for businesses to interact with HEAP Oil Buying Program. NYSERDA
recognizes that it is critical for individuals and businesses to be confident
that their privacy is protected when they visit the HEAPOil website.
Consistent with the provisions of the Internet Security and
Privacy Act, the Freedom of Information Law, and the Personal Privacy
Protection Law, this policy describes NYSERDA’s privacy practices regarding
information collected from users of this website. This policy describes what
information is collected and how that information is used. Because this
privacy policy only applies to this website, you should examine the privacy
policy of any website, including other state agency websites, that you
access using this website.
For purposes of this policy, "personal information"
means any information concerning a natural person who, because of name, number,
symbol, mark, or other identifier, can be used to identify that natural person.
NYSERDA does not collect any personal information about you unless you
provide that information voluntarily by sending an e-mail, responding to a
survey, or completing an on-line transaction.
Information Collected Automatically When You Visit this
Website When visiting this website HEAPOil may automatically collect and
store the following information about your visit:
(i) User client hostname. The hostname or Internet
Protocol address of the user requesting access to the website.(ii) HTTP
header, "user agent." The user agent information
includes the type of browser, its version, and the operating system on which
that the browser is running.(iii) HTTP header, "referrer." The
referrer specifies the web page from which the user accessed the current
web page. (iv) System date. The date and time of the user's request. (v)
Full request. The exact request the user made. (vi) Status. The status
code the server returned to the user. (vii) Content length. The content
length, in bytes, of any document sent to the user. (viii) Method. The
request method used. (ix) Universal Resource Identifier (URI). The location of
a resource on the server. (x) Query string of the URI. Anything after the
question mark in a URI. (xi) Protocol. The transport protocol and the version
used.
None of the foregoing information is deemed to constitute personal
information.
The information that is collected is automatically used to
improve this website's content and to help NYSERDA understand how users
are interacting with the website. This information is collected for statistical
analysis, to determine what information is of most and least interest to our users,
and to improve the use of the material available on the website. The
information is not collected for commercial marketing purposes and NYSERDA is
not authorized to sell or otherwise disclose the information collected from the
website for commercial marketing purposes.
Information You
Voluntarily Provide through this Website When visiting this website, you may voluntarily
provide information through the use of the password protected ‘Vendor Log-In’
function. HEAPOil may collect and store the following information about your
visit:
(i) Username. The username
provided to log-in to the site.
(ii) Password. The
password provided to log-in to the site.
(iii) Pricing Information.
Retail pricing information including dates and price per gallon.
None of the foregoing
information is deemed to constitute personal information.
This information is
collected for statistical analysis, program monitoring and evaluation. This information is not collected for
commercial marketing purposes and NYSERDA is not authorized to sell or
otherwise disclose the information collected from the website for commercial
marketing purposes.
Cookies Cookies are simple text files stored on your
web browser to provide a means of distinguishing among users of this
website. The use of cookies is a standard practice among Internet websites. To
better serve you, we occasionally use "session cookies" to enhance or
customize your visit to this website. Session cookies can be created
automatically on the device you use to access this website but do not contain personal
information and do not compromise your privacy or security. We may use the
cookie feature to store a randomly generated identifying tag on the device you
use to access this website. A session cookie is erased during operation of your
browser or when your browser is closed.
The software and hardware you use to access the website
allows you to refuse new cookies or delete existing cookies. Refusing or
deleting these cookies may limit your ability to take advantage of some
features of this website.
Information Collected When You E-mail this Website or
Complete a TransactionDuring your visit to this website you may send an
e-mail to HEAPOil. Your e-mail address and the contents of your message will be
collected. Your e-mail address and the information included in your message
will be used to respond to you, to address issues you identify, to improve this
website, or to forward your message to another State agency for appropriate
action. Your e-mail address is not collected for commercial purposes and
NYSERDA is not authorized to sell or otherwise disclose your e-mail address for
commercial purposes.
During your visit to this website you may complete a
transaction such as a survey. The information, including personal
information, volunteered by you in completing the transaction may be used
by NYSERDA to operate the HEAP Oil Buying Program, which may include the
provision of goods, services, and information. The information collected by
HEAPOil may be disclosed by NYSERDA for those purposes that may be reasonably
ascertained from the nature and terms of the transaction in which the
information was submitted.
HEAPOil does not knowingly collect personal information
from children or create profiles of children through this website. Users
are cautioned, however, that the collection of personal information
submitted in an e-mail will be treated as though it was submitted by an adult,
and may, unless exempted from access by federal or State law, be subject to
public access. NYSERDA strongly encourages parents and teachers to be involved
in children's Internet activities and to provide guidance whenever children are
asked to provide personal information on-line.
Information and ChoiceAs noted above, HEAPOil does
not collect any personal information about you unless you provide that
information voluntarily by sending an e-mail or responding to a survey. You may
choose not to send us an e-mail or respond to a survey. While your
choice not to participate in these activities may limit your ability to receive
specific services or products through this website, it will not normally have
an impact on your ability to take advantage of other features of the website,
including browsing or downloading information.
Disclosure of Information Collected Through This Website
The collection of information through this website and the disclosure of
that information are subject to the provisions of the Internet Security and
Privacy Act. HEAPOil will only collect personal
information through this website or disclose personal information
collected through this website if the user has consented to the
collection or disclosure of such personal information. The voluntary
disclosure of personal information to HEAPOil by the user,
whether solicited or unsolicited, constitutes consent to the collection and
disclosure of the information by HEAPOil for the purposes for which the user
disclosed the information to HEAPOil, as was reasonably ascertainable from the
nature and terms of the disclosure.
However, NYSERDA may collect or disclose personal
information without consent if the collection or disclosure is: (1)
necessary to perform NYSERDA's statutory duties, or necessary for NYSERDA to
operate a program authorized by law, or authorized by state or federal statute
or regulation; (2) made pursuant to a court order or by law; (3) for the
purpose of validating the identity of the user; or (4) of information to
be used solely for statistical purposes that is in a form that cannot be used
to identify any particular person.
Further, the disclosure of information, including personal
information, collected through this website is subject to the provisions of
the Freedom of Information Law and the Personal Privacy Protection Law.
NYSERDA may disclose personal information to federal
or state law enforcement authorities to enforce its rights against unauthorized
access or attempted unauthorized access to NYSERDA's information technology
assets.
Retention of Information Collected Through this Website The
information collected through this website is retained by NYSERDA in accordance
with the records retention and disposition requirements of the New York State
Arts & Cultural Affairs Law. Information on the requirements of the Arts
& Cultural Affairs Law may be found at http://www.archives.nysed.gov/a/nysaservices/ns_mgr_retention_records-dis.shtml. In general, the Internet services logs of HEAPOil,
comprising electronic files or automated logs created to monitor access and use
of Agency services provided through this website, are retained for the
equivalent of three backup cycles and then destroyed. Information, including personal
information, that you submit in an e-mail or when you complete a survey,
registration form, or order form is retained in accordance with the records
retention and disposition schedule established for the records of the program
unit to which you submitted the information. Information concerning these
records retention and disposition schedules may be obtained through the Internet
privacy policy contact listed in this policy.
Access to and Correction of Personal Information Collected
Through this Website Any user may submit a request to NYSERDA's
privacy compliance officer to determine whether personal information
pertaining to that user has been collected through this website. Any
such request shall be made in writing and must be accompanied by reasonable
proof of identity of the user. Reasonable proof of identity may include
verification of a signature, inclusion of an identifier generally known only to
the user, or similar appropriate identification. Requests should be
addressed to:
New York State Energy Research and Development AuthorityAttn:
Privacy Compliance Officer17 Columbia CircleAlbany, New York 12203-6399
The privacy compliance officer shall, within five (5) business
days of the receipt of a proper request, provide access to the personal
information, should any exist; deny access in writing, explaining the
reasons therefore; or acknowledge the receipt of the request in writing,
stating the approximate date when the request will be granted or denied, which
date shall not be more than thirty (30) days from the date of the
acknowledgment.
In the event that NYSERDA has collected personal information
pertaining to a user through the HEAPOil website and that information is
to be provided to the user pursuant to the user's request, the
privacy compliance officer shall inform the user of his or her right to
request that the personal information be amended or corrected under the
procedures set forth in section 95 of the Public Officers Law.
Confidentiality and Integrity of Personal Information Collected
Through this Website NYSERDA is strongly committed to protecting personal
information collected through this website against unauthorized access, use
or disclosure. Accordingly, NYSERDA limits employee access to personal
information collected through this website to only those employees who need
access to the information in the performance of their official duties.
Employees who have access to this information follow appropriate procedures in
connection with any disclosures of personal information.
In addition, NYSERDA has implemented procedures to safeguard the
integrity of its information technology assets, including, but not limited to,
authentication, monitoring, auditing, and encryption. These security procedures
have been integrated into the design, implementation, and day-to-day operations
of this website as part of our continuing commitment to the security of
electronic content as well as the electronic transmission of information.
For website security purposes and to maintain the availability of
the website for all users, NYSERDA may employ software to monitor
traffic to identify unauthorized attempts to upload or change information or
otherwise damage this website.
Disclaimers Information is provided on this website to
allow the public immediate access to public information. Every reasonable
attempt is made to provide only accurate, current and reliable information.
However, NYSERDA, its officers, agents and employees expressly disclaim any
express or implied warranty or representation as to the accuracy, completeness,
currency, suitability or reliability of any information provided by this
website.
In order to provide users with certain information, this
website may provide links to other websites including local, State, and federal
governmental agencies. A website link does not constitute an endorsement of the
content, viewpoint, accuracy, opinions, policies, products, services or
accessibility of that website. Once you link to another website from this
website, including one maintained by the State, you become subject to the terms
and conditions of that website including, but not limited to, its privacy
policy.
Further, the information provided in this privacy policy should
not be construed as giving business, legal, or other advice.
Contact Information For questions regarding this Internet
privacy policy, please contact:
New York State Energy Research and Development AuthorityAttn:
Privacy Compliance Officer17 Columbia CircleAlbany, New York 12203-6399
Definitions The following definitions apply to terms
appearing in italics, in this policy:
Personal Information shall have the meaning set forth in
subdivision 5 of section 202 of the State Technology Law.
State Agency Website shall have the meaning set forth in
subdivision 7 of section 202 of the State Technology Law.
User shall have the meaning set forth in subdivision 8 of
section 202 of the State Technology Law.
This Policy last updated September 20, 2005.