top of page

Privacy Policy

HEAT Program at SUNY Downstate Health Sciences University

Privacy Policy

Effective Date: January 1, 2024

1. Introduction & Scope

The Health & Education Alternatives for Teens (HEAT) Program at SUNY Downstate Health Sciences University (“HEAT,” “we,” “us,” or “our”) is committed to protecting the privacy and security of all individuals who engage with our websites, forms, and digital communications.

This Privacy Policy explains how we collect, use, share, and safeguard information when you visit our websites, interact with HEAT through online forms, or engage with our digital advertising and outreach channels (including but not limited to Meta Ads on Facebook and Instagram).

This policy complies with applicable federal, state, and local privacy regulations, including the New York State Department of Health (NYS-DOH) requirements, the New York SHIELD Act, and relevant HIPAA privacy and security standards.

By using our websites or submitting information, you consent to the practices described in this policy.

2. Definitions

  • Personal Information (PII): Data that identifies or can reasonably identify an individual, such as name, email, phone number, or address.

  • Protected Health Information (PHI): Information about an individual’s health status, medical history, or care that is protected under HIPAA.

  • Tracking Technologies: Tools such as cookies, pixels, and analytics tags that collect website usage data.

  • Service Providers: Vendors or partners (e.g., Meta, Google, Mailchimp) that assist HEAT in digital communication, analytics, or outreach operations.

3. Information We Collect

A. Information You Provide:
When you fill out forms or request services on our websites, we may collect:

  • Name, email, and phone number

  • ZIP code and demographic data (if voluntarily provided)

  • Health or service-related information related to our program offerings

B. Information Collected Automatically:
When you browse our sites, we may automatically collect:

  • IP address, browser type, and device information

  • Pages visited, duration of visit, and referring website

  • Cookie data or pixel tracking through Meta Ads, Google Analytics, or similar platforms

C. Information from Third Parties:
We may receive aggregated or de-identified information from digital ad platforms or analytics tools to evaluate program performance and outreach impact.

4. How We Use Your Information

We use collected information only for authorized purposes that align with HEAT’s public health mission, including:

  • Responding to inquiries and connecting individuals with services

  • Improving website functionality and outreach materials

  • Measuring and optimizing Meta and Google ad performance

  • Conducting data analysis and reporting required by NYS-DOH or funders

  • Sending relevant health or event updates (with consent)

We do not sell personal or health-related information.

5. Legal Basis & Consent

We collect and process information when:

  • You have provided explicit consent through a website form or communication

  • It is necessary for public health or research functions authorized by NYS-DOH

  • It is required for compliance with applicable laws or regulations

  • It is necessary to ensure system integrity, fraud prevention, or site security

Sensitive or health-related data is collected only when necessary and is managed in accordance with HIPAA and SUNY Downstate Health Sciences University security protocols.

6. Information Sharing

HEAT may share limited data under the following conditions:

  • With service providers (e.g., Meta, Google, email delivery partners) that process data under confidentiality and security agreements

  • With public health authorities such as NYS-DOH, when required by law

  • With research partners or funders under approved data use agreements

  • To comply with legal obligations (e.g., subpoenas, court orders)

  • With your explicit consent, for coordinated care or referrals

All partners handling data on our behalf must comply with HIPAA Business Associate Agreements (BAAs) and New York SHIELD Act safeguards.

7. Meta Ads, Analytics & Cookies

We use cookies and tracking technologies to understand user interactions, measure ad performance, and improve outreach. These include:

  • Meta Pixel for Facebook and Instagram advertising analytics

  • Google Analytics for site performance insights

  • Conversion tracking for campaign evaluation

You can adjust your browser settings or platform preferences to limit or disable cookies and targeted advertising.

HEAT does not share personally identifiable or health-related information with Meta, Google, or any third-party advertiser.

8. Data Security & Retention

HEAT follows strict data security standards set by SUNY Downstate and NYS-DOH, including:

  • Encryption of all sensitive data in transit and at rest

  • Restricted access to authorized personnel only

  • Secure disposal of records according to SUNY retention schedules

Personal data is retained only for as long as necessary to fulfill program, reporting, or legal obligations, and then securely deleted or de-identified.

9. Your Rights

You have the right to:

  • Request access to or correction of your personal information

  • Withdraw consent to receive non-required communications

  • Request deletion of personal data (as permitted by law)

  • File a privacy complaint with the SUNY Downstate Privacy Office or NYS-DOH

Contact:
Privacy Officer – HEAT Program
SUNY Downstate Health Sciences University
450 Clarkson Avenue, Brooklyn, NY 11203
Email: [insert official HEAT contact email]

10. Youth Privacy

The HEAT Program provides youth-centered services and complies with all federal and New York State child privacy protections.
For minors under 18, certain information may require parental or guardian consent in accordance with NYS-DOH and HIPAA guidelines.

11. Updates to This Policy

This policy may be updated to reflect new laws or operational changes. Any updates will be posted with an updated effective date. Material updates will be communicated clearly on our website.

12. Compliance Statement

The HEAT Program at SUNY Downstate Health Sciences University complies with:

  • New York State Department of Health (NYS-DOH) Privacy Regulations

  • HIPAA Privacy & Security Rules

  • New York SHIELD Act

  • NYS Internet Security and Privacy Act

  • SUNY Information Security Program Policies

By visiting or submitting information through HEAT’s websites, you acknowledge that you have read and agree to this Privacy Policy.

We Need Your Support Today!

HEAT LOGO SMALL.png

For Clinical or Program Information Contact:

HEAT Program
SUNY DOWNSTATE HEALTH SCIENCES UNIVERSITY
450 Clarkson Avenue, Basic Science Building 5-13
Brooklyn, NY 11203
phone: (718) 613-8543

Email: HEAT@downstate.edu 

Join Our Mailing List

Thanks for submitting!

For Information about Donating:

Development & Philanthropy
SUNY DOWNSTATE HEALTH
SCIENCES UNIVERSITY
450 Clarkson Avenue, Box 93
Brooklyn, NY 11203
phone: (718) 270-6375

© 2025 by #LetsCreateStudio for the Health and Education Alternatives for Teens (HEAT) Program |  Terms of Use  |  Privacy Policy

bottom of page