New York State Department of Environmental Conservation
Issuing Authority: Basil Seggos , Commissioner
Date Issued: 8/27/2004
Latest Date Revised: 11/03/2023
Thank you for visiting the NYS Department of Environmental Conservation (DEC) website. DEC recognizes that visitors to this website may be concerned about privacy and DEC is committed to preserving a user’s privacy when visiting this website.
For purposes of this policy, “personal information” means information pertaining to a natural person (as opposed to information pertaining to, for instance, a corporate entity, company, or partnership) that, because of name, number, symbol, mark, or other identifier, can be used to identify that natural person. DEC only collects personal information about web users when information is provided voluntarily by sending an email or initiating an online transaction, such as a survey, registration, or order form.
Information Collected Automatically When Visiting This Website
When visiting dec.ny.gov, DEC automatically collects and stores the following information:
- The Internet Protocol address and domain name of the visitor’s Internet service provider;
- The Internet Protocol address is a numerical identifier assigned either to the Internet service provider or directly to a computer, which can be used to direct internet traffic to a user;
- The type of browser and operating system used;
- The date and time of visits to this website;
- The webpages or services accessed at this website;
- The URL or website address of the website visited prior to coming to this website and from any web page linked to this website; and
- If forms were downloaded and the form that was downloaded.
None of the foregoing information constitutes personal information.
The information DEC collects automatically is used to improve this website’s content and to help DEC understand how people are using this website. This information is collected for statistical analysis to determine what information is of most and of least interest to our visitors, and to identify system performance or problem areas. The information is not collected for commercial marketing purposes and DEC does not sell or distribute the information collected from the website for commercial marketing purposes.
During a visit to this website, a registration form may be completed in order to personalize the use of the website. In such an event, DEC may store a “persistent” cookie on a computer’s hard drive. Persistent cookies will allow our website to recognize repeat visitors and tailor the information presented based on likely needs and interests. DEC uses persistent cookies only with users’ permission.
A browser allows users to refuse new cookies or delete existing cookies. Refusing or deleting these cookies may limit the ability to take advantage of some of the features of this website.
Information Collected When Emailing or Initiating an Online Transaction Through this Website
If during a visit to this website an email is sent to DEC, that email address and the contents of the email will be collected. The information collected is not limited to text characters and may include audio, video, and graphic information formats sent to DEC. If applying for a specific license, some of the necessary information could include name, address, and email. More information could be necessary depending upon the type of form being accessed. The information DEC collects may be used for the purpose of account registration. The information is retained in accordance with the public record retention provisions in the State Arts and Cultural Affairs Law. A user’s email address and the information contained in an email will be used to respond to the email, to address issues identified, to further improve this website, or to forward the email to another agency for appropriate action. The information provided is not collected for commercial marketing purposes and DEC does not sell or distribute this information for any purposes.
During a visit to this website, users may initiate transactions such as a survey, registration, or order form. The information, including personal information, voluntarily submitted during the transaction is used by DEC to operate DEC programs, which include the provision of goods, services, and information. We may disclose the information we collect in order for the transaction to occur; these disclosures should be reasonably ascertained from the nature and terms of the transaction.
Currently, DEC does not knowingly collect personal information from children or create profiles of children through dec.ny.gov. We caution that the collection of personal information provided by any individual in an email or through an online transaction will be treated the same as information given by any adult, and may, unless exempted from access by federal or State law, be subject to public access. DEC encourages parents and teachers to be involved in children’s Internet activities and to provide guidance whenever children are asked to provide personal information online.
Information and Choice
As noted above, DEC does not collect any personal information about web users during their visit to this website, unless they provide that information voluntarily by sending an email or initiating an online transaction such as survey, registration, or order form. A web user may choose not to send us an email, respond to a survey, or complete an order form. While a web user’s choice not to participate in these activities may limit their ability to receive specific services or products through this website, it will not prevent them from requesting services or products from DEC by other means and will not normally have an impact on their ability to take advantage of other features of the website, including browsing or downloading most publicly available information.
A web user always has the option to conduct transactions with DEC by going to a local DEC office in person. Licensing and other forms can also be printed directly from the DEC website and be mailed to DEC’s Central Office or a Regional Office location.
Disclosure of Information Collected Through This Website
The collection of information through this website and the disclosure of that information are subject to the provision of the Internet Security and Privacy Act. DEC will only collect personal information through this website, or disclose such personal information, if the user has consented to the collection and disclosure of such personal information. The voluntary disclosure of personal information to DEC by the user, whether solicited or unsolicited, constitutes consent for DEC to collect and disclose information for the purposes that the user disclosed the information, as was reasonably ascertainable from the nature and terms of the disclosure.
However, notwithstanding any other provision of this policy, DEC may collect or disclose personal information without user consent if the collection or disclosure is: (1) necessary to perform statutory duties of DEC, or necessary for DEC to operate a program authorized by law, or authorized by state or federal statue or regulation; (2) made pursuant to a court order or pursuant to other legal process; (3) for purpose of validating the identity of the user; or (4) of information to be used solely for statistical purposes that is in a form that cannot be used to identify any particular person.
Further, the disclosure of information, including personal information, collected through this website is subject to the provisions of the Freedom of Information Law and the Personal Privacy Protection Law. Additionally, DEC may disclose personal information to federal or State law enforcement authorities to enforce its rights against unauthorized access or attempted unauthorized access to DEC’s information technology assets and any other inappropriate use of its website.
Retention of Information Collected Through this Website
Access to and Correction of Personal Information Collected Through this Website
Any user may submit a request to the DEC privacy officer to determine whether personal information pertaining to that user has been collected through this website. Any such request shall be made in writing to the address below and must be accompanied by reasonable proof of identity of the user. Reasonable proof of identity may include verification of a signature, inclusion of an identifier generally known only to the user, or similar appropriate identification. The address of DEC’s privacy compliance officer is: Chief Legal Information Officer, Office of General Counsel, New York State Department of Environmental Conservation, 625 Broadway, Albany, New York 12233-1500.
The privacy compliance officer shall, within five (5) business days of the date of the receipt of a proper request: (i) provide access to the personal information; (ii) deny access in writing, explaining the reasons therefore; or (iii) acknowledge the receipt of the request in writing, stating the approximate date when the request will be granted or denied, which date shall not be more than thirty (30) day from the date of the acknowledgment.
In the event that DEC has collected personal information pertaining to a user through the state agency website, and that information is to be provided to the user pursuant to the user’s request, the privacy compliance officer shall inform the user of their right to request that the personal information be amended or corrected under the procedures set forth in section 95 of the Public Officers Law.
Confidentiality and Integrity of Personal Information Collected Through this Website
DEC limits employee access to personal information collected through this website to only those employees who need access to the information in the performance of their official duties. Employees who have access to this information are required to follow appropriate procedures in connection with any disclosure of personal information.
In addition, DEC has implemented procedures to safeguard the integrity of its information technology assets, including, but not limited to, authentication, monitoring, auditing, and encryption. These security measures have been integrated into the design, implementation, and day-to-day operations of this website as part of our continuing commitment to the security of electronic content, as well as the electronic transmission of information.
This policy should not be construed as the provision of business, legal, or other advice, or as warranting that the security of information provided via this website is fail proof. For website security purposes and to ensure that this website remains available to all users, DEC employs software to monitor traffic to identify unauthorized attempts to upload or change information or otherwise cause damage to this website.
Retention of Information by Third Party Vendors
DEC may share website server data with vendors for the purposes of fraud detection and identity verification, and DEC requires that those vendors use reasonable security measures to secure such data. Vendors may have data retention policies that differ in data retention length from the New York State Arts and Cultural Affairs law, which could result in a lengthier data retention period by such vendors.
Information provided on this website is intended to allow the public access to public information. While DEC makes every reasonable attempt to provide accurate, current, and reliable information, DEC recognizes the possibility of human and/or mechanical error. Therefore, DEC, its employees, officers, and agents make no representations as to the accuracy, completeness, currency, or suitability of the information provided by this website, and deny any expressed or implied warranty as to the same.
III. Purpose and Background:
Users of the Department’s website need to know what kind of information the Web site collects, to whom it gives that information, and how it uses the information. Personal information that can be used to identify or contact the user, such as name, e-mail address, home or work address, or telephone number should not be collected without the user’s permission. The Department’s Web site only has access to such personal information that the user knowingly provides. For example, the Web site cannot determine a user’s e-mail address unless the user provides it.
The Division of Communication, Education & Engagement in collaboration with the Office of General Counsel are responsible for updating this Policy, for responding to inquires related to this Policy, and ensuring that a statement of this Policy is posted on the Department’s website.
Each Department division, office, contractor, subcontractor, and trusted partner that collects personal information from users as described in this Policy, is responsible for developing the appropriate procedures necessary to implement this Policy.
VI. Related References:
Chapter 57-A of the Consolidated Laws, State Technology Law - Article II Internet Security and Privacy Act, Sections 201-207
Chapter 47 of the Consolidated Laws, Public Officers Law - Article 6-A, Personal Privacy Protection Law Sections 91-99
IT Guideline NYS-G01-001, Internet Privacy Policies, Office of Information Technology Services (4/13/2023).
15 USC 6501 - Children’s Online Privacy Protection