Privacy Statement
Last Updated April 23, 2024
This Privacy Statement is an explanation of what information we collect and what we do with your information. As for why we do these things:
Scope
We at the American Heart Association (“AHA,” “we,” or “us”) respect your privacy and the confidentiality of your personal information. This Privacy Statement explains how and why the AHA collects, uses, and discloses your personal information safely and securely, and how you may exercise your rights with respect to your information. The information provided below summarizes our policy, procedures and practices as further described in this Privacy Statement.
This Privacy Statement applies to Personal Information collected or processed by or on behalf of AHA via its websites, social media pages (the “Site”), mobile apps (“App”) and other platforms that link to this Privacy Statement. For purposes of this Privacy Statement, “Personal Information” means any information from which, alone or in combination with other information, an individual may be identified.
Summary
Our primary goal in collecting information is to further our mission to be a relentless force for a world of longer, healthier lives. The information you provide allows us to help you on a more personal level. We can better respond to your requests, understand your needs, and provide you the information and resources you need. We can also compare your information with the information of others we connect with to identify important trends. Harnessing this information has the potential to lead to breakthroughs in research, product and program development, and more effective services. And these breakthroughs can help lead to healthier lives for all.
- Unless you tell us otherwise, when you provide your information, we will use your information as allowed by law and AHA policies to deliver the programs you are involved with and in furtherance of our mission.
- We recognize we must comply with all applicable U.S. laws and the laws of countries in which AHA has a business presence.
- When we ask for certain types of sensitive information—such as health and demographic information—we will tell you how we intend to use and disclose that information.
- Additional information about how we collect, protect, and use information in our research, fundraising, outreach, consumer education and other “offline” programs may be found at our Privacy Policy & Standards.
- We will use—and require our data management vendors to use—reasonable and appropriate security practices to safeguard your information.
- If you change your mind about allowing us to use your information or have questions about our privacy practices, please use the contact options on our Contact Preference Center page to let us know.
Information We Collect
Personal Information
“Personal Information” means information that we can use to identify or contact you. It can include health and other information you submit when you use our interactive tools and services.
Information You Provide to Us
We collect personal information that you provide when you visit or use our online donation and sales system or register for our interactive tools and services, including our mobile apps. We may also collect information from you when you sign up for our newsletters or other communications or participate in our online surveys and community forums. This information includes:
- Personal Information: For many of our interactive tools, donation system and other services, you may provide personal information, such as:
- Name
- Mailing Address
- Email Address
- Phone Number
- Date of Birth /Age
- Gender
- AHA Account Number
- User Name
- Device Information
- Education and Professional Certifications
- Other personal information you voluntarily disclose
- Sensitive Information: For some of our services, we collect the following sensitive information, with your consent, such as:
- Government issued Identification cards or numbers
- Ethnicity/Race
- Health Information
- Sexual Orientation
- Geolocation
- Children’s information
- Payment Information: If you decide to donate to us or purchase courses or other products or services from us, we may collect payment and identity verification information, including contact information and payment method. If you pay using credit card, we and our third-party payment processor may collect financial information such as credit card number and expiration date.
- Communications: We collect certain information provided in your communications with us. In some cases, we record your interactions with our support service team upon notifying you that a recording will be made. The information collected includes:
- Questions or concerns you submit via our customer service functions or in consultations with our personnel
- Service Call or online Chat recordings
- Video Conference Calls: interactions with our staff may be via video conferencing and, in such circumstance, the video may be recorded
- Screen sharing: We may also ask to share your screen for the purpose of resolving your inquiry, and in such cases, these screen share sessions may also be recorded.
- Marketing Communications: We collect personal information you may provide in connection with customer testimonials, surveys, promotions, marketing events, trade shows, webinars, conferences, customer research, feedback, or a similar event or occurrence.
- Social Media: We may monitor and collect information from interactions with our social media accounts, which are operated by third parties, posted on our accounts or linked to us on third-party operated social networks or other web offerings (such as Twitter, LinkedIn, Facebook, Instagram, TikTok, or Google). Our Services includes social media features, such as the Facebook Like button and widgets, the share this button, or interactive mini programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly through our Services. Your interactions with these features are governed by the privacy notice of the company providing it.
- Information and content you post: Our services may include community forums or other similar online spaces where you may be able to connect with other users. When you post or share comments or other content when using our services, we may collect information such as your name, username, email, comments, likes, interest, status, and pictures. We may also collect audio or visual content such as photos, videos, or recordings you choose to post when using our serves, or when granting us access to your camera or microphone while using interactive features of our services.
- Information you provide offline: You may also provide us with information in person and offline. For example, we may record you if you visit our offices (including by security surveillance of our premises, including CCTV), or attend a live event as a member of the audience.
- Information you provide when you do business with us: If you are a vendor, service provider, or business contractor of AHA, we may collect information about you and the services you provide, including your or your employees business contact information. We may also collect other information you or your employees provide as part of your services and our agreement with you.
Usage Information
We collect information about your browser or device as it interacts with the Services. Automatically collected information may be combined with other information we collect about you to improve the services we offer you, and our marketing, analytics, and site functionality. This information includes:
- Computer or mobile device information you use to access our Services, including:
- your IP address
- the hardware model
- operating system version
- mobile network information
- location information
- other information that identifies your computer or device
- User interaction information:
- We log information about your use of the Services, including, information such as:
- the type of browser you use
- loading and access times
- pages viewed and features accessed
- the page you visited before navigating to our Services
- whether you have started or completed use of an offering
- other events that occur while engaging with our Services
- Links: We also may keep track of how you interact with links on the Services, such as in emails, third-party services, and client applications
- Email read receipts: If we send you a communication, such as an electronic mail, we may collect available information regarding your receipt and review of such communication.
- We log information about your use of the Services, including, information such as:
- Cookies, etc.: We and our service providers may use cookies and similar technologies to automatically collect and store other information about your visit to, or use of, our online services. We may later associate the usage and other information we collect online with Personal Information about you (See also the Cookies, Tags & Remarketing Pixels Section below).
- Mobile Analytics: When you interact with us on your mobile device, our mobile analytic software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. This information allows us to better understand the functionality of our mobile software. We do not utilize the information we store within the analytics software in connection with personally identifiable information you submit within the mobile application.
- GeoLocation Data: If you have enabled background location services on your mobile device, we may collect the data about you in the background even when you do not have the AHA application open. You may turn off location services at any time by changing your mobile device settings. Independent of your device, the IP address we collect through your use of our Services, as described above, may itself indicate information about your location.
Information from Other Sources
We, or our service providers, and other companies we work with may deploy and use cookies, web beacons, local shared objects and other tracking technologies for various purposes, such as fraud prevention and monitoring of our advertising and marketing campaign performance. Some of these tracking tools may detect characteristics or settings of the specific device you use to access our online services.
We may also collect information about you from additional online and offline sources including from social media activities, other nonprofits, and commercially available third-party sources, and other publicly available sources. We may combine this information with the personal and other information we have collected about you.
Information We Derive
We may derive additional information or draw inferences about you based on the information we have collected from you directly, through your device, or through third parties, such as research agencies and data companies.
How We Use Information We Collect
We use the information discussed above in a number of ways, such as:
- Processing donations and purchase transactions;
- Verifying your identity (such as when you access your account information);
- Preventing fraud and enhancing the security of your account or our online services;
- Providing you the services you request;
- Responding to your requests and communicating with you;
- Managing your preferences;
- Performing analytics concerning your use of our online services, including your responses to our emails and the pages and advertisements you view;
- Providing you tailored content and marketing messages, including fundraising messages;
- Operating, evaluating, and improving our programs (including developing new products and services; improving existing products and services; performing data analytics; and performing accounting, auditing and other internal functions);
- Supporting the growth of our volunteer diversity and ensuring that the composition of our Boards and Committees reflect the communities that they serve
- Complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations, and our policies;
- Helping you understand your personal health information;
- Performing any of our contractual obligations; and
- For any other purposes that we may specifically disclose at the time you provide or we collect your information.
We may also use data that we collect on an aggregate or anonymous basis (meaning it does not identify any individuals) for various purposes, where permissible under applicable laws and regulations, to help deliver products, services, and content that are better tailored to the users of our services and for other purposes.
Consent
When required by applicable law or regulation, we will ask for your consent before processing your personal information.
What We Disclose to Others
We may share the information we collect from and about you within our organization and with certain third parties. For example, we may share your information with:
- Credit card processing companies, to process your payments and donations;
- Service providers that provide us with certain services or perform services on our behalf, such as professional advisors, business support, web hosting providers, information technology providers, payment processors, event service providers, direct mail and email distribution providers; analytics and market research services. These service providers are only permitted to use your personal information to help us offer our services to you and not for any other purpose;
- Our other Sites in an effort to bring you improved service across our large range of products and services, when permissible under relevant laws and regulations;
- Other organizations we work with to provide services, research, products or programs;
- Other similar charities;
- Other third parties to comply with legal requirements such as the demands of applicable subpoenas and court orders; to verify or enforce our terms of use, our other rights, or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise to protect the rights, property or security of our customers or third parties;
- Any third party entity that acquires or is merged with as part of a merger, acquisition, consolidation, restructuring, the sale of substantially all of our shares and/or assets, in connection with bankruptcy proceedings, reorganization, or any other change of control.
Donor Privacy
- From time to time, and where required under applicable law, with your consent, we exchange or share our donor names and mailing addresses with other reputable organizations, predominantly other non-profit organizations, in order to maintain an active donor list to support our mission to be a relentless force for a world of longer, healthier lives. We have found this to be a cost-effective method of reaching additional potential donors. These other organizations are carefully screened and will not have continued access to your name and address unless you choose to respond to them directly. We do not share email addresses and health-related data. As a donor, you may at any time request that your information not be shared with these other organizations. To request that your information be deleted, not be shared, or otherwise change your preferences on how we contact you, please send a request using our Contact Preference Center page.
Children's Privacy
- We encourage children to participate in age-appropriate activities to promote healthier lives free of cardiovascular diseases and stroke. Although some AHA sites allow children, with parental consent, to register and participate in certain activities through their schools and communities, we do not collect more information than is necessary to enable children to participate in these activities.
- With parental consent, we may collect information from children under the age of 13 such as: name, address, email address, account information, school, messages sent to us through our chat interface, and content they create themselves. That information allows us to fulfill requested transactions, respond to questions about our website and programs, facilitate their participation in activities and other programs, keep records, or to otherwise customize or enhance the website experience for children. Children under the age of 13 may be able to make certain content such as content they create themselves visible to others or the public. This might include, for example, a webpage or parts of webpages operated by children that have been designed for group or public viewing, or photos of themselves involved in our programs or other activities.
- In addition to information children provide us directly, we use cookies and similar tools on our web sites. Such tools store unique identification numbers or codes (i.e., “persistent identifiers”) that enable us to provide a personalized web experience to users, among other benefits. We use such persistent identifiers to support the internal operations of our web sites as described in more detail in the Section of this Privacy Statement on “Cookies, Tags & Remarketing Pixels.”
- We engage third-party service providers to help us develop and operate our web sites and Apps and to help us provide age-appropriate prizes and other rewards for children who participate in our activities. If you have questions about the involvement of third parties in providing our services, including their privacy practices, please use the information at the bottom of this page to contact our offices by phone or email.
- Regardless of what is displayed or submitted, parents can revoke their consent, request that information about their children be hidden or, in some cases, deleted, by contacting our offices via our Contact Preference Center page. When a parent revokes consent, we will stop collecting, using or disclosing information relating to that child. To comply with such a request, we must verify the identity of the requesting parent. To respect the privacy of parents, we dispose of information that is collected and used solely for obtaining verifiable parental consent or providing notice after a reasonable time after parental consent is declined or revoked.
- We do not knowingly collect personal information of any children under the age of 13 outside the United States. We will delete it if we learn that we have that data.
Links to Third-Party Websites
AHA may provide links to websites that are owned or operated by others ("third-party websites"). When you use a link online to visit a third-party website, you will be subject to that website’s privacy and security practices, which may differ from ours. You should familiarize yourself with the privacy policy, terms of use and security practices of the linked third-party website before providing any information on that website.
Updating Your Information and Contacting Us with Questions
Keeping your account information and preferences up-to-date is very important. You may review your information, request that we exclude your information from any donor list exchange activity, request that we stop using it, or update certain account information by logging in and accessing the account profile section of each online service for which you have registered. If you cannot locate, access or make changes to the information or permissions online, you may send a request using our Contact Preference Center page. Of course, we cannot track down “de-identified” information to change it or undo any prior use of data we already used with your actual or implied consent.
To the extent that we provide you with direct marketing communications, you have control regarding our use of your Personal Information for such reasons. If you no longer wish to receive any direct marketing communications, you can opt-out at any time. To do so you may use the unsubscribe link within a marketing email received from us or send a send a request using our Contact Preference Center page.
Please note that depending on where you live, you may also have the right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information. We encourage you to first reach out to us via our Contact Preference Center page so that we have an opportunity to address your concerns directly before you do so.
Changes to This Privacy Statement
We may change this Privacy Statement from time to time. When we make material changes to this Privacy Statement, we will let you know by appropriate means such as by posting the revised policy on this page with a new “Last Updated” date. We encourage you to periodically review this page for the latest information on our privacy practices. In some cases, you may be asked to agree again to our Privacy Statement or other terms, even if you have already agreed to accept them, because there were changes. Any changes to this Privacy Statement will become immediately effective when posted unless indicated otherwise. If the updated Privacy Policy is not acceptable to you, your sole recourse is to stop using and accessing our services.
Other Privacy Policies and Practices
This Privacy Statement describes our practices related to our most common data collection activities. We have other policies, procedures and statements that apply to other activities and programs. If you have a question about privacy protections related to “offline” programs, please contact the program staff or use the contact options on our Contact Preference Center page.
Information Security
We take the security of your personal, financial and medical information that you provide to us very seriously and we take reasonable measures to safeguard your information consistent with our Privacy Statement. We comply with the Payment Card Industry Data Security Standards ("PCI DSS") for financial transactions, and other laws and regulations applicable to the information we collect from you.
Our network is composed of access-controlled measures, security monitoring tools, vulnerability management program, SSL encryption, scheduled network scans, and internal and external penetration tests. When it is necessary for our service providers to have access to your information, we expect the same level of data security, integrity and confidentiality standards as the AHA itself provides. Additionally, we conduct security awareness training for our staff and volunteers.
While the AHA uses its commercially reasonable efforts to maintain this level of security across all of our systems we cannot guarantee or warrant that our systems or our service providers are not vulnerable to viruses, hacking or other security threats.
Cookies, Tags & Remarketing Pixels
A cookie, tag, or pixel (collectively, "cookie") is a small piece of text or technology sent to your browser by a website you visit or stored on your device. It helps the website to remember information about your visit, like your preferred language and other settings. Cookies are also used by web sites for authenticating users, tracking a user’s session, and/or for storing other essential textual information. AHA tracks your interests on our sites so that we can provide you with additional content that might be of importance to you. Providing you with fresh and engaging content is important to us, as we know it is important to you.
We use tools, cookies and services such as AdWords, DoubleClick and Google Analytics, and Hotjar for tracking, reporting and analyzing our Site and App activity. Some cookies are used to measure conversion events. Pixel tags might be used together with some of the advertising cookies described above, to operate, evaluate, and improve our programs, and to perform data analytics, accounting, auditing, and other internal functions.
We also use AddThis, a service provided by Oracle America, Inc., to help add social networking and content sharing features to our Sites.
We do not run interest-based advertising campaigns that collect Personal Information including, but not limited to, email addresses, telephone numbers, and credit card numbers, nor do we use or associate Personal Information with remarketing lists, cookies, data feeds, or other anonymous identifiers. We do not use or associate targeting information, such as demographics or location, with any Personal Information collected from the ad or its landing page. AHA does not share Personal Information with Google through our remarketing tag or our product data feeds that might be associated with our ads. AHA will not send Google precise location information without obtaining your consent.
To see how Google may use information collected through your use of Google's search services visit Google’s Ads Help Center.
If you want to opt out of Google's use of cookies visit Google's Ad Setting Site.
If you want to opt out of Hotjar’s creating of a user profile, Hotjar’s storing of data about your usage of our site, and Hotjar’s use of tracking cookies on other websites by following Hotjar's opt-out link.
To learn more about other cookies used for interest-based advertising, including through cross-device tracking, and to exercise choices regarding such cookies, please visit the following websites (or your device settings for mobile applications):
- Digital Advertising Alliance (http://optout.aboutads.info/)
- Network Advertising Initiative (https://www.networkadvertising.org)
- European Union Interactive Digital Advertising Alliance (https://www.youronlinechoices.eu)
- Digital Advertising Alliance-Canada (https://youradchoices.ca/choices/)
Other Issues
What is the legal basis of processing?
Some jurisdictions require an explanation of the legal basis for the collection and processing of Personal Information. We have several different legal grounds on which we collect and process Personal Information, including: (a) as necessary to perform a transaction (such as when we respond to your requests); (b) as necessary to comply with a legal obligation (such as when we use Personal Information for recordkeeping to [e.g., substantiate tax liability or eligibility for a course completion credential]); (c) consent (where you have provided consent as appropriate under applicable law, such as for marketing or certain cookies); and (d) where necessary for legitimate interests (such as when we act to maintain our business generally). With respect to legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of Personal Information, such legitimate interests are the fulfilment of the processing purposes described in this Privacy Statement that are not necessary for the performance of a contract or for our compliance with a legal obligation to which we are subject.
What are the consequences of not providing Personal Information?
You are not required to provide all Personal Information identified in this Privacy Statement, but certain services will not be available if you do not provide Personal Information. For instance, if you refuse to provide proof of identification you may not receive certain products you purchase.
Do we engage in automated decision-making without human intervention?
We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.
Does AHA honor do-not-track ("DNT") signals sent via browsers?
Certain web browsers allow users to opt-out of tracking by websites and online services by enabling an opt-out preference signal such as Do Not Track (“DNT”) or Global Privacy Control (“GPC”) If you choose to enable an opt-out request preference signal you will only be opted out of online sales or sharing of your information and will need to turn it on for each browser you use.
How long does AHA retain your Personal Information?
We retain your Personal Information only for so long as is necessary to fulfill the purposes for which your Personal Information was collected unless a longer retention period is required by applicable law. We will take all reasonable steps to destroy, or erase from our systems, all Personal Information that is no longer required for the purposes for which the Personal Information was collected.
What are my privacy rights?
In certain countries and in certain states, you have specific rights regarding your Personal Information. Subject to certain limitations, you may have the right to:
- Request access to Personal Information about you.
- Request correction of the Personal Information that we hold about you.
- Request erasure of Personal Information about you. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of Personal Information about you where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
- Request restriction of processing of Personal Information about you. You can ask us to suspend the processing of Personal Information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of Personal Information to you or to a third party.
- Withdraw consent at any time where we are relying on consent to process Personal Information about you.
If you need more information or would like to exercise your rights, you may send a request using our Contact Preference Center page.
International Transfers
AHA is headquartered in the United States and has service providers in other countries. Your personal information may be transferred to the United States or other locations outside of your state, province, country, or other location where privacy laws may not be as protective as those in your jurisdiction. Where required, data transfers will be made subject to the terms of the applicable Standard Contractual Clauses or with your consent. If you would like more information regarding safeguards AHA puts in place for such transfers, please contact us via our Contact Preference Center page.