Thank you for visiting the Flex Spending Account web site, a NYS Governor's Office of Employee (GOER) web site. This web site is designed to make it easier and more efficient for individuals in government and the public to interact with GOER. GOER recognizes that it is critical for users to be confident that their privacy is protected when they visit GOER's web site.

Consistent with the provisions of the Internet Security and Privacy Act, the Freedom of Information Law, and the Personal Privacy Protection Law, this policy describes GOER's privacy practices regarding information collected from users of this web site. This policy describes what information is collected and how that information is used. Because this privacy policy only applies to this web site, you should examine the privacy policy of any web site, including other state agency web sites, that you access using this web site through a hyperlink or otherwise.

For purposes of this policy, "personal information" means any information concerning a natural person that, because of name, number, symbol, mark, or other identifier, can be used to identify that natural person. GOER does not collect any personal information about you unless you provide that information voluntarily by sending an e-mail or by initiating an online transaction, such as a survey, registration or order form.

Information Collected Automatically When You Visit this Web Site

When visiting this web site GOER automatically collects and stores the following information about your visit:
  1. The Internet Protocol Address and domain name used, but not the e-mail address. The Internet Protocol Address is a numerical identifier assigned either to your Internet service provider or directly to your computer;

  2. The type of browser and operating system you used;

  3. The date and time you visited this site;

  4. The web pages or services you accessed at this site;

  5. The web site you visited prior to coming to this web site;

  6. The web site you visit as you leave this web site; and

  7. If you downloaded a form, the form that was downloaded.

None of the foregoing information is deemed to constitute personal information.

The information that is collected automatically is used to improve this web site's content and to help GOER understand how users are interacting with the web site. This information is collected for statistical analysis, to determine what information is of most and least interest to our users, and to improve the utility of the material available on the web site. The information is not collected for commercial marketing purposes and GOER is not authorized to sell or otherwise disclose the information collected from the web site for commercial marketing purposes.


Cookies are simple text files stored on your web browser to provide a means of distinguishing among users of this web site. The use of cookies is a standard practice among Internet web sites. To better serve you, we may use "session cookies" to enhance or customize your visit to this web site. Session cookies can be created automatically on the device you use to access this state agency web site. These session cookies do not contain personal information and do not compromise your privacy or security. We may use the cookie feature to store a randomly generated identifying tag on the device you use to access this web site. A session cookie is erased during operation of your browser or when your browser is closed.

The software and hardware you use to access the web site allows you to refuse new cookies or delete existing cookies. Refusing or deleting these cookies may limit your ability to take advantage of some features of this web site.

Information Collected When You E-mail this Web site or Initiate an Online Transaction

During your visit to this web site you may send an e-mail to GOER. Your e-mail address and the contents of your message will be collected. The information collected is not limited to text characters and may include audio, video, and graphic information formats included in the message. Your e-mail address and the information included in your message will be used to respond to you, to address issues you identify, or to improve this web site. Your e-mail address is not collected for commercial purposes and GOER is not authorized to sell or otherwise disclose your e-mail address for commercial purposes.

During your visit to this web site you may initiate a transaction such as a survey, registration, or order form. The information, including personal information, volunteered by you in initiating the transaction is used by GOER to operate GOER programs. The information collected by GOER may be disclosed by GOER for those purposes that may be reasonably ascertained from the nature and terms of the transaction in connection with which the information was submitted. For example, if you fill out an application for a work-related training course online, that information may be shared with your employer.

GOER does not knowingly collect personal information from children or create profiles of children through this web site. Users are cautioned, however, that the collection of personal information submitted in an e-mail will be treated as though it was submitted by an adult, and may, unless exempted from access by federal or State law, be subject to public access. GOER strongly encourages parents and teachers to be involved in children's Internet activities and to provide guidance whenever children are asked to provide personal information online.

Information and Choice

As noted above, GOER does not collect any personal information about you during your visit to this web site unless you provide that information voluntarily by sending an e-mail or initiating an online transaction such as a survey, registration, or order form. You may choose not to send us an e-mail, respond to a survey, or complete an order form. While your choice not to participate in these activities may limit your ability to receive specific services or products through this web site, it will not prevent you from requesting services or products from GOER by other means and will not normally have an impact on your ability to take advantage of other features of the web site, including browsing or downloading publicly available information.

Disclosure of Information Collected Through This Web site

The collection of information through this web site and the disclosure of that information are subject to the provisions of the Internet Security and Privacy Act. GOER will only collect personal information through this web site or disclose personal information collected through this web site if the user has consented to the collection or disclosure of such personal information. The voluntary disclosure of personal information to GOER by the user, whether solicited or unsolicited, constitutes consent to the collection and disclosure of the information by GOER for the purposes for which the user disclosed the information to GOER, as was reasonably ascertainable from the nature and terms of the disclosure.

However, GOER may collect or disclose personal information without user consent if the collection or disclosure is:

  1. necessary to perform the statutory duties of GOER, or necessary for GOER to operate a program authorized by law, or authorized by state or federal statute or regulation;

  2. made pursuant to a court order or by law;

  3. for the purpose of validating the identity of the user;

  4. of information to be used solely for statistical purposes that is in a form that cannot be used to identify any particular person; or

  5. required for employees' agencies to verify participation in training or other programs offered by GOER.

Further, the disclosure of information, including personal information, collected through this web site is subject to the provisions of the Freedom of Information Law and the Personal Privacy Protection Law.

GOER may disclose personal information to federal or state law enforcement authorities to enforce GOER's rights against unauthorized access or attempted unauthorized access to GOER's information technology assets.

Retention of Information Collected Through this Web Site

The information collected through this web site is retained by GOER in accordance with the records retention and disposition requirements of the New York State Arts & Cultural Affairs Law. Information on the requirements of the Arts & Cultural Affairs Law may be found at In general, the Internet services logs of GOER, comprising electronic files or automated logs created to monitor access and use of Agency services provided through this web site, are retained by our hosting company for one calendar month and then destroyed. Information, including personal information, that you submit in an e-mail or when you initiate an online transaction such as a survey, registration form, or order form is retained in accordance with the records retention and disposition schedule established for the records of the program unit to which you submitted the information. Information concerning these records retention and disposition schedules may be obtained through the Internet privacy policy contact listed in this policy.

Access to and Correction of Personal Information Collected Through this Web Site

Any user may submit a request to GOER privacy compliance officer to determine whether personal information pertaining to that user has been collected through this web site. Any such request shall be made in writing to the address below and must be accompanied by reasonable proof of identity of the user. Reasonable proof of identity may include verification of a signature, inclusion of an identifier generally known only to the user, or similar appropriate identification. The address of the privacy compliance officer is:

Attention: Agency Web Site Compliance Officer
NYS Governor's Office of Employee Relations
2 Empire State Plaza 8th Floor
Albany NY 12223

The privacy compliance officer shall, within five (5) business days of the date of the receipt of a proper request:

  1. provide access to the personal information;

  2. deny access in writing, explaining the reasons therefore; or

  3. acknowledge the receipt of the request in writing, stating the approximate date when the request will be granted or denied, which date shall not be more than thirty (30) days from the date of the acknowledgment.

In the event that GOER has collected personal information pertaining to a user through the state agency web site and that information is to be provided to the user pursuant to the user's request, the privacy compliance officer shall inform the user of his or her right to request that the personal information be amended or corrected under the procedures set forth in section 95 of the Public Officers Law.

Confidentiality and Integrity of Personal Information Collected Through this Web Site

GOER is strongly committed to protecting personal information collected through this web site against unauthorized access, use, or disclosure. Consequently, GOER limits employee access to personal information collected through this web site to only those employees who need access to the information in the performance of their official duties. Employees who have access to this information are required to follow appropriate procedures in connection with any disclosures of personal information.

In addition, GOER has implemented procedures to safeguard the integrity of its information technology assets, including, but not limited to, authentication, monitoring, auditing, and encryption. These security procedures have been integrated into the design, implementation, and day-to-day operations of this web site as part of our continuing commitment to the security of electronic content as well as the electronic transmission of information.

For web site security purposes and to maintain the availability of the web site for all users, the hosting company used by GOER employs software to monitor traffic to identify unauthorized attempts to upload or change information or otherwise damage this web site.


The information provided in this privacy policy should not be construed as giving business, legal, or other advice, or warranting as fail proof, the security of information provided through this web site.

Contact Information

For questions regarding this Internet privacy policy, please contact:
(via e-mail)

- OR -

Attention: Agency Website Compliance Officer
NYS Governor's Office of Employee Relations
2 Empire State Plaza 8th Floor
Albany NY 12223
(via regular mail)


Consistent with the provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), this Notice describes the Flex Spending Account's Privacy Policy regarding the protection and use of personal information collected from enrollees of this Plan. The Flex Spending Account takes your privacy very seriously, and protecting the confidentiality of the personal information you provide to the Plan has been, and will continue to be, a top priority. Please note that the information that is collected and the extent to which it is used will vary depending on the service involved. In some cases, the Plan may not collect all of the types of information noted below.

For purposes of this Privacy Policy, the words "you" and "enrollee" are used to mean any individual who has been or is currently enrolled in the Flex Spending Account for personal or family purposes.

The Flex Spending Account's Privacy Policy is as follows:

I.  We collect only the enrollee information necessary to consistently deliver responsive services.

The Flex Spending Account collects information that helps to serve your needs, provide a high standard of customer service, and fulfill legal and regulatory requirements. The sources and types of information collected may include:

  • Information provided on enrollment and related forms -- for example, name, address, Social Security Number, and e-mail address.

  • Responses from you and others such as information relating to your employment and insurance coverage.

  • Information about your relationship with us, such as transaction history, claims history, and premiums.

  • Information from hospitals, doctors, laboratories and other companies about your health condition, used to process claims and prevent fraud.

II.  Under HIPAA you have certain rights with respect to your protected health information.

You have the right to see and copy the information, receive an accounting of certain disclosures of the information and, under certain circumstances, amend the information. You also have the right to file a complaint with the Plan in care of Fringe Benefits Management Company's Privacy Officer or with the Secretary of the U.S. Department of Health and Human Services if you believe your rights under HIPAA have been violated.

III.  We maintain safeguards to ensure information security.

We are committed to preventing unauthorized access to personal information. We maintain physical, electronic, and procedural safeguards for protecting personal information. We restrict access to personal information to those employees and contractors who need to know that information to provide services to you. Any employee or contractor who violates the Flex Spending Account Privacy Policy is subject to disciplinary action or administrative sanctions, respectively.

IV.  We limit how and with whom we share enrollee information.

We do not sell lists of our enrollees, and under no circumstances do we share personal health information for marketing purposes. With the following exceptions, we will not disclose your personal information without your written authorization. We may share your personal information with the contractor that administers the Flex Spending Account Plan. We may also disclose personal information as permitted or required by law or regulation. For example, we may disclose information to comply with an inquiry by a government agency or regulator, in response to a subpoena, or to prevent fraud. We will provide our Privacy Notice to current enrollees annually and whenever it is amended. If you no longer have a relationship with us, we will still treat your information under our Privacy Policy, but we will no longer send notices to you.

Contact Information

For questions regarding this HIPAA Privacy Policy, please email us at:

If you believe your privacy rights have been violated and you wish to file a complaint with the Plan, send your complaint in writing to:

FBMC Privacy Officer
P.O. Box 1878
Tallahassee, Florida 32302-1878

Andrew M. Cuomo, Governor