Privacy Policy

If you have any questions or concerns about this privacy policy, please contact us via email at [email protected].

Introduction

Thank you for visiting the Empire State Development ("ESD") websites (hereinafter referred to simply as "website"). The website is designed to make it easier and more efficient for individuals and businesses to get information from and, in certain circumstances, to interact with ESD.

The website is owned by New York State and operated by ESD. ESD is the umbrella organization for New York’s two principal economic development entities: The New York State Urban Development Corporation and the Department of Economic Development. You can find out more about ESD here: https://esd.ny.gov/corporate-info. We refer to ESD as “we”, “us” or “our” in this privacy policy about how and why we collect, store, use and share your personal data. It also explains your rights. When we collect and use personal data about individuals in the EU and the UK we are subject to the provisions of the EU General Data Protection Regulation (EU GDPR) and the UK General Data Protection Regulation (UK GDPR).

ESD does not collect any personal data about you unless you provide that information voluntarily by sending an e-mail, responding to a survey, visiting our websites, or completing an on-line transaction.

If you do submit personal data and requests via this website, that information may be used by ESD or its affiliates:

  • In the compilation of data for use only by ESD and its affiliates;
  • To improve our website and other services;
  • To help with the security of the website and our data; and
  • To provide you with information or materials about ESD or New York State or to distribute prizes.

Where appropriate, ESD may add additional terms and conditions of use and privacy for some interactive events or programs. In those circumstances, the additional terms and conditions will be conspicuously displayed.

In this privacy policy personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

State Agency Web site shall have the meaning set forth in section 202 of the State Technology Law. 

User shall have the meaning set forth in section 202 of the State Technology Law. 

Where appropriate, ESD may add additional terms and conditions of use and privacy for certain interactive events or programs. In such circumstances, access to the additional terms and conditions will be conspicuously displayed. 

Personal data we collect about you:

A. Information Collected Automatically When You Visit this Website 

When visiting this website ESD automatically collects and stores the following information about your visit: 

  1. User client hostname.
  2. HTTP header, "user agent." The visitor information includes the type of browser, its version, and the operating system on which the browser is running.
  3. HTTP header, "referrer." The referrer specifies the web page from which the visitor accessed the current web page.
  4. System date. The date and time of the visitor’s request.
  5. Full request. The exact request the visitor made.
  6. Status. The status code the server returned to the visitor.  There’s an explanation of what a status code is here https://en.wikipedia.org/wiki/List_of_HTTP_status_codes.
  7. Content length. The content length, in bytes, of any document sent to the visitor.
  8. Method. The request method used.
  9. Universal Resource Identifier (URI). The location of a resource on the server.
  10. Query string of the URI. Anything after the question mark in a URI.
  11. Protocol. The transport protocol and the version used.

Some of this information may be, or may include, your personal data. The information that is collected automatically is used to improve this website's content and to help ESD understand how visitors are interacting with the website. This information is collected for statistical analysis, to determine what information is of most and least interest to our visitors, and to improve the utility of the material available on the website. The information is not collected for commercial marketing purposes and ESD will not sell or otherwise disclose this information collected from the website for commercial marketing purposes. 

When you visit or interact with our website, services, applications, tools, or messaging, we or our authorized service providers may use cookies, tracking pixels (also called web beacons), or other technologies (which we collectively call “Tools”) for storing information to help provide you with a better, faster, and safer experience, and to help us (including for advertising purposes).

B. Cookies 

Cookies are simple text files stored on your web browser to provide a means of distinguishing among visitors to this website.  To better serve you, we may use cookies to enhance or customize your visit to this website.

We will ask for your consent to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested. You can withdraw any consent to the use of cookies by clicking the appropriate box on the website when it appears.

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go for example to the UK Information Commissioner’s webpage on cookies: https://ico.org.uk/for-the-public/online/cookies/.

For further information on cookies generally, including how to control and manage them, visit regulatory guidance on cookies such as Online Tracking | FTC Consumer Information by the U.S. Federal Trade Commission or guidance from the UK Information Commissioner’s Office here https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/what-are-cookies-and-similar-technologies/.

The cookies we place or may in the future place on your device fall into the following categories:

  • Strictly necessary/security cookies: these cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to things like logging in or filling in forms.  We also use strictly necessary cookies for security and to help make our websites resilient.  You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
  • Performance cookies: these cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.  Currently, we do not use any performance cookies.
  • Targeting or Advertising cookies: these cookies may be set through our site by advertisers and organizations involved in advertising. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising; and
  • Functional cookies: these cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, then some or all services may not function properly.

The cookies we use will only be accessed by us and, where applicable, by certain third parties, including Google, Meta, Amazon, and LinkedIn. We will take steps to try and ensure that that data cannot be accessed by any other third party.  We have limited control over some of the third-party cookies which appear on our site.  We will make efforts to try to ensure that those cookies will not be accessed by any other third party who is not disclosed in this privacy policy or the linked disclosures made from this policy (for example in a privacy policy of the provider of the cookie linked from this policy).  As you will appreciate given the nature of the internet, we cannot fully control this however and we cannot guarantee that your data will not be seen by third parties.

The third parties mentioned above and below may also transfer your data outside of your home country.  To find out more about the data transfers that they undertake and the measures they put in place to protect those data transfers please visit their privacy policies. 

Google Cookies

We may use a number of cookies from Google and its associated companies including DoubleClick.  Google is based at 600 Amphitheatre Parkway, Mountain View, California, USA.  We also use various Google services including Google Analytics and YouTube. Google’s privacy policy is here – http://www.google.com/policies/privacy/. Both ESD and Google may also use analytics tools from Google to collect internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site.  Note that Google may aggregate data from various sources including from these Tools.  If you use a Google Chrome browser Google may also match information from your browser use with the data they collect from cookies and other Tools.  Google may aggregate data to sell it including through its DoubleClick subsidiary.

Microsoft Cookies

We may use a number of cookies from Microsoft. Microsoft is based at One Microsoft Way, Redmond, Washington, USA.  We also use various Microsoft services including LinkedIn and this data may help Microsoft enrich the data it sells through services like bing.com.  Microsoft’s privacy statement is here – https://privacy.microsoft.com//privacystatement.   Note that Microsoft may aggregate data from various sources including from these Tools and from your use of LinkedIn.  If you use a Microsoft browser like bing.com or solutions which may share data with Microsoft, such as ChatGPT or DALL-E, Microsoft may also match information from your internet use with the data they collect from cookies and other Tools.

Twitter Cookies

We may use a number of cookies from Twitter. Twitter is based at Market Square, 1355 Market St #900, San Francisco, United States. Twitter’s privacy policy is here – https://twitter.com/en/privacy.

Meta Cookies

We may use a number of cookies from Meta and its associated entities including Facebook and Instagram. Meta is based at 1 Hacker Way, Menlo Park, California, USA. Meta’s Privacy Centre is here https://en-gb.facebook.com/privacy/policy/. Note that Meta may aggregate data from various sources including from these Tools and from your use of Meta services and products. Meta may use that data to enrich the data it sells to advertisers.

SiteImprove Cookies

We may use a number of cookies from SiteImprove. SiteImprove is based at Havneholmen 33, 1561 Copenhagen V, Denmark.  Their privacy policy is here – https://www.siteimprove.com/privacy

Amazon Cookies

We may use a number of cookies from Amazon including its associate Amazon Web Services (AWS).  Amazon is based at 410 Terry Ave N, Seattle 98109, Washington, USA.  You can view Amazon’s privacy notice here: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ

Current List of Cookies

To the best of our knowledge, below is a chart containing all cookies that are active as of January 2024,  with their purpose and expiration dates. We intend to update this chart at least once a year. 

Name Value Purpose Domain Expiration Date / Max-Age
mus 0 Advertising, Analytics .addthis.com 2024-12-04T18:51:06.598Z
na_id 2023050813191817300852570263 Advertising, Analytics .addthis.com 2025-01-11T14:21:31.800Z
AWSALBCORS

BSV15wYwrRDows6vx5VqdUUGoRcpH0KDQY+ 5EDH+UswZ32WYdSd/ EVAehLnBNzk4pj DrJGc44SWmjJM1EDbX e3x+d3r0fAavRO29 Zuba9dQdg1kNHNj6FTwHer6i

Advertising, Analytics 1577.global
siteimprove
analytics.io
2024-01-11T17:31:24.008Z
DV I2M9Xtg3mf8xgECHvg6TiGhC 4XhYzdh83KBXke DvMyIBAMD4RF 76uFSRzkgAAAA Advertising, Analytics .google.com 2024-01-04T17:41:19.935Z
AEC Ackid1QSvlwgFfWZ7jd0IitRAtRD85ZAHrYe6SqC-iI1_UBiG95znrA3jwo Functionality, Security .google.com 2024-07-02T17:31:18.121Z
1P_JAR 2024-01-04-17 Advertising, Analytics .google.com 2024-02-03T17:31:20.085Z
_gat_UA-46452137-3 1 Advertising, Analytics .esd.ny.gov 2024-01-04T17:32:23.000Z
_gid GA1.3.1922694192.1704389483 Advertising, Analytics .esd.ny.gov 2024-01-05T17:31:23.000Z
ouid 6458f6d60001c251a1f4e 032ef94789e2860f0242b35b6fc341c Advertising, Analytics .addthis.com 2025-01-11T14:21:31.800Z
_gcl_au 1.1.575327456.1704389483 Functionality, Security .ny.gov 2024-04-03T17:31:22.000Z
_ga GA1.3.1832335524.1682947476 Functionality, Security .esd.ny.gov 2025-02-07T17:31:23.325Z
_fbp fb.1.1682947476050.168844482 Functionality, Security .ny.gov 2024-04-03T17:31:23.000Z
NID 511=ToVzyYv FyJ-9GCLyS4gJh_ XWCLUywH8FHjpyGs7mL CyDAomCbEPrc FUgF0bh7td6abOBH wxgVLJ4QOh- WGIItjlKcc3FDkF9mAu5s YNARTO0sPv 6IKMWttAq-tL0iaAgMsITxW885Ys_ a8CmvjrKUog RgLoIJyjpE2O- iI1NK boE8wyVxmke8br EwwMrNAbF08FZ Advertising, Analytics .google.com 2024-07-05T17:31:18.028Z
__cf_bm A2VX5O6xYqWb2l.7KMU ul80urfW7XyxRtmkXp 1pquW8-1704389480-1- AeXI8TK/eWL/jYE2FMp+96oEJOfjoPGWLQARQMi +++U/B8A2cZb2gk CZKOqTRcHcd7 SoXq9b53aW0ujw4lB9A9M= Functionality, Security .ny.gov 2024-01-04T18:01:21.014Z
_ga_LKJLF04R2K GS1.1.1704389482.1.1.1704389482.60.0.0 Functionality, Security .ny.gov 2025-02-07T17:31:22.851Z
nmstat 1d7d5011-4886-a535-e975-f9fb332dfd3e Functionality, Security .ny.gov 2024-06-04T13:24:35.977Z
_gat_UA-2262436-13 1 Advertising, Analytics .esd.ny.gov 2024-01-04T17:32:23.000Z
uid 6458f6d601fdae3c Functionality, Security .addthis.com 2025-01-11T14:21:31.800Z
_ga GA1.1.1832335524.1682947476 Functionality, Security .ny.gov 2025-02-07T17:31:22.843Z

This part of the privacy policy about cookies only relates to your use of our website. On our website we may link to other websites owned and operated by third parties. These other third-party websites may also use cookies or similar technologies in accordance with their own separate policies. For privacy information relating to these other third-party websites, including their use of cookies, please consult their policies as appropriate.

C. Information Collected When You Email Or Complete A Transaction 

During your visit to this website, you may send an e-mail to ESD. Your e-mail address and the contents of your message will be collected. The information collected is not limited to text characters and may include audio, video, and graphic information formats included in the message. Your e-mail address and the information included in your message will be used to respond to you, to address issues you identify, to improve this website, or to forward your message to another State agency for appropriate action. Your e-mail address is not collected for commercial purposes and the ESD is not authorized to sell or otherwise disclose your e-mail address for commercial purposes. 

During your visit to this website, you may complete a transaction such as a survey, registration, or order form. The information, including personal data, volunteered by you in completing the transaction is used by ESD to operate ESD' s programmes, which include the provision of goods, services, and information. The information collected by ESD may be disclosed by ESD for those purposes that may be reasonably ascertained from the nature and terms of the transaction in which the information was submitted. 

Given the nature of our website, we do not expect to collect the personal data of anyone under 13 years old. If you are aware that any personal data of anyone under 13 years old has been shared with our website, please let us know so that we can delete that data.  We strongly encourage parents and teachers to be involved in children's Internet activities and to provide guidance whenever children are asked to provide personal data on-line. 

D. The Basis on Which We Use Your Personal Data

Under data protection law, we can only use your personal data if we have a proper reason, for example:

  • Where you have given consent;
  • To comply with our legal and regulatory obligations;
  • For the performance of a contract with you or to take steps at your request before entering into a contract; or
  • For our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. Our legitimate interests are those where we consider that we have implemented sufficient checks and protections to ensure that your rights and interests are not unreasonably intruded on. However, you can object to processing based on legitimate interests, and if you do so, we will stop processing the personal data unless we can show compelling legitimate grounds which override your rights and interests, or we need the data to establish, exercise or defend legal claims.

As noted above, ESD does not collect any personal data about you unless you provide that information voluntarily by sending an e-mail, responding to a survey, visiting our website or completing an on-line form. You may choose not to send us an e-mail, respond to a survey, visit, or complete an on-line form. While your choice not to participate in these activities may limit your ability to receive specific services or products through this website, it will not normally have an impact on your ability to take advantage of other features of the website, including browsing or downloading information provided that you set up your browser and your device to do this without sharing your data with us.

E.  Disclosure of Information Collected Through This Website – Who We Share Your Personal Data With 

Further, concerning the disclosure of information, ESD may share your personal data with:

We may also share your personal data with:

  • Our external auditors, e.g. in relation to the audit of our accounts;
  • Our professional advisors, e.g. lawyers and other advisors; and,
  • Law enforcement agencies, governmental authorities, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations. For example, we may respond to a request by US federal or state law enforcement authorities to enforce ESD’s rights against unauthorized access or attempted unauthorized access to ESD's information technology assets.

We may also disclose your personal data:

  • To enforce our policies;
  • In the public interest;
  • In connection with actual or proposed litigation; or,
  • To protect our property, security, people and other rights or interests.

If you have asked us to share data with third party websites (such as social media sites), their servers may not be secure. Note also that, despite the measures taken by us and the third parties we engage, the internet is not secure. As a result, others may unlawfully intercept or access private transmissions or data.

If any part of ESD is sold, or some of its assets transferred to a third party, your personal data, as a valuable asset, may also be transferred to the acquirer, even if they are not in the same line of business as us. Our customer database could be sold separately from the rest of the business, in whole or in a number of parts.

Potential purchasers and their advisors may have limited access to data as part of the sale process. However, use of your personal data will remain subject to this privacy policy. Similarly, your personal data may be passed on to a successor in interest in the unlikely event of a liquidation, bankruptcy or administration.

Please remember that when you share information publicly on an ESD website, it may be indexable by search engines, including Google, which may mean that the information is made public.

F. Retention of Information Collected Through this Website 

We will not keep your personal data collected through the website for longer than we need it for the purpose for which it is used. Different retention periods apply for different types of personal data. Further information concerning these retention periods can be obtained from the contact person in the “Contact Information” section later below. Following the end of the of the relevant retention period, we will delete your personal data.

G. Access to Correction of Personal Information Collected via this Website 

Any visitor to this website may submit a request to ESD to determine whether personal data pertaining to that visitor has been collected through this website. Any such request shall be made in writing and must be accompanied by reasonable proof of identity of the visitor. Reasonable proof of identity may include verification of a signature, inclusion of an identifier generally known only to the user, or similar appropriate identification. The address to which such requests should be made is: 

Counsel's Office

Empire State Development

Albany, N.Y. 12445

USA

Within five (5) business days of the receipt of a proper request ESD will attempt to: provide a response or access to the personal data; deny access in writing, explaining the reasons therefore; or, acknowledge the receipt of the request in writing, stating the approximate date when the request will be granted or denied, which date shall usually not be more than one month from the date of the request. 

See also the “Your Rights” section later below.

H. Confidentiality & Integrity of Personal Information 

ESD is strongly committed to protecting personal data collected through this website against unauthorized access, use or disclosure. Consequently, ESD limits employee access to personal data collected through this website to only those employees who need access to the information in the performance of their official duties. Employees who have access to this information follow appropriate procedures in connection with any disclosures of personal information. 

We take what we consider to be reasonable, appropriate technical and organizational measures to guard against unauthorized or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data. While no system is completely secure, we believe the measures implemented for the website reduce our vulnerability to security problems to a level appropriate to the type of data involved. ESD has implemented procedures designed to safeguard the integrity of its information technology assets, including, but not limited to, authentication, monitoring, auditing, and encryption. These security procedures have been integrated into the design, implementation, and day-to-day operations of this website as part of our continuing commitment to the security of electronic content as well as the electronic transmission of information. 

For website security purposes and to maintain the availability of the website for all visitors, ESD employs software to monitor traffic to identify unauthorized attempts to upload or change information or otherwise damage this website.

We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

International Data Transfers

It may sometimes be necessary for us to transfer your personal data to countries outside your current location including from EU countries or the UK to the United States of America (or elsewhere). In such instances we will put in place what we consider to be appropriate security measures to safeguard your personal data where any transfer is made, and we will take steps to ensure that your privacy rights continue to be protected in compliance with applicable data protection law(s) and this privacy policy. If your personal data is transferred to us, including through a vendor, as regards the EU, any transfer of your personal data will be subject to an EU-approved mechanism, and, as regards the UK, any transfer of your personal data will be subject to a UK-approved mechanism.

Marketing

With regard to the EU and the UK, if you have given permission, we will use your personal data to send you updates, by email, text message/SMS text, telephone or post, about our services.

If you prefer not to receive any direct marketing communications from us, you can opt out at any time by following the unsubscribe instructions included in these communications, or you can contact the person in the “Contact Information” section below.

We will always treat your personal data with the utmost respect and never sell or share it with other organizations for marketing purposes except as outlined in this privacy policy.

Your Rights

Not only do you always have the right to opt-out of receiving marketing communications from us, but, in addition, if you access this website from an EU country or the UK, under GDPR, you have the right to object to the processing of your personal data for direct marketing purposes. If your objection is not to direct marketing in general, but to direct marketing by a particular channel, e.g. email or telephone, please specify the channel you are objecting to.

Also, under GDPR, you have the right to access, correct, delete, restrict, be forgotten, or object to processing of, or request data portability of the personal data collected about you, subject to some conditions and exceptions. You can find out more about these rights in the EU by reading the General Data Protection Regulation here: https://eur-lex.europa.eu/eli/reg/2016/679/oj. You can find out more about these rights in the UK by reading the UK General Data Protection Regulation (UK GDPR) here https://www.legislation.gov.uk/eur/2016/679/ contents (please also see the UK Information Commissioner Office’s guidance here https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/).

In addition, under EU GDPR or UK GDPR, whichever is applicable, you also have the right to lodge a complaint with a data protection regulator.  In the case of the EU you can find out details of EU Supervisory Authorities here https://edpb.europa.eu/about-edpb/about-edpb/members_en.  In the case of the United Kingdom this is the Information Commissioner’s Office (https://ico.org.uk).

 

  1. Privacy Policy Updates 

The information provided in this privacy policy should not be construed as giving business, legal, or other advice, or warranting as fail proof, the security of information provided.

We reserve the right to change this privacy policy at any time. We encourage you to bookmark this page and check it occasionally for updates. We also suggest that you print out a copy of this privacy policy for your records.

J. Contact Information 

For questions regarding this privacy policy, please contact: 

Counsel' s Office

Empire State Development

Albany, N.Y. 12445

USA

+1 518-292-5120

Last update: January 4 2024.