Privacy Policy

Updated:Jun 21,2011

Collection, Use and Security of Personal Information

The American Heart Association values and respects an individual's right to keep certain Personal Information private.  Likewise, the AHA values the need to collect and use Personal Information which will enable the AHA to effectively deliver products and services leading to a reduction in disability and death from heart diseases and stroke.  This Privacy Policy applies to activities of the AHA and additionally to persons visiting AHA Web sites, signing up for AHA publications and mailings, or entering into transactions with the AHA, and covers the collection, use, storage and disclosure of information and data as described in this Privacy Policy. The Privacy Policy does not apply to information that the AHA collects on contractors, vendors or other entities with which the AHA does business, although the AHA will contractually require them to comply with relevant provisions of the Privacy Policy.

A.  AHA Collection of Personal Information

1.  The AHA will collect Personal Information on an individual only if the individual provides the information to the AHA.  The AHA also may collect information about a person who has been referred to the website to send them emails regarding AHA’s efforts or a person to whom the AHA has been asked to send emails regarding AHA’s programs or efforts.  If a person donates to the AHA, the AHA may collect sensitive Personal Information such as the donor’s credit card number, card type, expiration date and keep a record of the financial transaction.

The AHA may collect Demographic Information it obtains from individuals and third parties for fund raising purposes and to notify persons of AHA programs, events, educational opportunities and upcoming meetings.

The AHA may collect Aggregate and Transactional Information and add to its database every time a person visits an AHA Web Site. Also, the AHA collects Aggregate Information for research purposes.

2.  Types of information: "Personal Information" is "Demographic Information" and/or "Medical Information" which identifies a specific individual with a minimal degree of effort. Demographic Information includes name, address, city and other similar information. Medical Information includes diseases, treatments, lifestyle behaviors, family history, genotype, phenotype and other similar information. Transactional Information is data collected on an individual based on the individuals' interactions with the AHA, which may include sensitive information such as credit card information and Medical Information. Aggregate Information is information presented  in summary or statistical form which does not contain data that would permit the identification of a specific individual without extraordinary effort.

B.  AHA Use of Personal Information

1.  When an individual provides Personal Information to the AHA, the AHA may use the Personal Information for its programs, research and fund raising.

2.  The AHA uses Transactional Information for research purposes for the development or implementation of its programs, products and services.  The presumption is that, since Transactional Information is highly proprietary, it will not be disclosed to third parties.

3.  The AHA will disclose all information as required by law.

4.  The AHA will make every effort to discontinue the use of an individual's Personal Information as soon as practicable if requested by that individual.  The AHA may need to retain Information in its archives and records to comply with law, resolve disputes, analyze problems, assist with any investigations, enforce AHA’s User Agreement and other policies, and take other actions otherwise permitted or required by law.

C.  Specific Requirements

1.  Administrative

a.  The AHA will take reasonable and appropriate measures to keep Personal Information confidential and in a secure environment, including taking appropriate action in the event of unauthorized disclosure.

b.  Access to Personal Information will be restricted to only those personnel with a legitimate business purpose.

c.  The AHA owns all Personal Information provided to it by individuals and collected in accordance with this Policy.  When an individual provides Medical Information to the AHA, the AHA will ensure that the individual acknowledges their assignment of the right to use the data to the AHA.

2.  Scientific Research

Any research funded by the AHA that involves human subjects (e.g., information collected on individuals) must be endorsed by the sponsoring institution's committee on clinical investigation or other appropriate body, and conform ethically to the guidelines prescribed by the National Institutes of Health, which includes obtaining informed consent from each individual.

3.Third Party Disclosure

Permission is required before the AHA discloses Personal Information to a third party.  No permission is necessary for Aggregate Information, since Aggregate Information does not identify a specific individual.

a.  For disclosure of Demographic Information (e.g., rentals or exchanges of donor lists), the AHA as a minimum will use the "Opt Out" approach.  An "opt-out" is obtained when the AHA through some correspondence gives an individual the opportunity to decline or "opt-out" of disclosures to third parties.  If the individual does not opt out, permission is deemed granted.  Depending upon the nature of an activity or project, a higher standard than "opt-out" may be used, such as "opt-in" whereby an individual must affirmatively give consent before information is disclosed.

b.  For research awardees, permission is deemed granted upon submission of an application for a grant to the AHA.  Therefore, the AHA may disclose Personal Information, including funding and project summary information, on research program awardees to third parties.

c.  For disclosure of Medical Information, Informed Consent is required before the AHA discloses Medical Information to a third party.  Informed Consent occurs when an individual has sufficient facts about the disclosure, comprehends those facts, and voluntarily consents to the disclosure.  Where a third party such as the employer or healthcare provider of an individual requires the individual to participate in an AHA program which collects Medical Information, the AHA will require the employer or healthcare provider to procure Informed Consent before the AHA will  release Medical Information to that employer or healthcare provider.

d.  From time to time, there is a benefit in allowing a third party to use collected Personal Information on individuals.   However, unless an individual gives permission, the AHA will not disclose Personal Information collected by the AHA to any third party. The AHA sometimes engages third parties to provide certain operational services to the AHA or on its behalf.   The AHA may disclose Personal  Information to those third parties on a “need to know” basis under a written contract.

e.  The AHA uses and allows third parties to use Aggregate Information for research purposes for the development or implementation of its programs, products and services.


Information Security

The American Heart Association takes the security of your personal, financial and medical information that you provide to us very seriously and we take reasonable measures to safeguard your information consistent with our Privacy Policy.  We comply with the Payment Card Industry Data Security Standards ("PCI DSS") for financial transactions, and other laws and regulations applicable to the information we collect from you.

Our network is composed of access controlled measures, security monitoring tools, vulnerability management program, SSL encryption, scheduled network scans, and internal and external penetration tests.  When it is necessary for our service providers to have access to your information, we expect the same level of data security, integrity and confidentiality standards as the AHA itself provides. Additionally, we conduct security awareness training for our staff and volunteers.

While the AHA uses its best efforts to maintain this level of security across all of our systems we cannot guarantee or warrant that our systems or our service providers are not vulnerable to viruses, hacking or other security threats. 

Cookies, Tags & Remarketing Pixels

A cookie is a small piece of text sent to your browser by a website you visit. It helps the website to remember information about your visit, like your preferred language and other settings. Cookies are also used by web sites for authenticating users, tracking a user’s session, and/or for storing other essential textual information. AHA tracks your interests on our sites so that we can provide you with additional content that might be of importance to you. Providing you with fresh and engaging content is important to us, as we know it is important to you.

We use tools, cookies and services such as AdWords, DoubleClick and Google Analytics for tracking, reporting and analyzing web site activity. Some cookies are used to measure conversion events.  Pixel tags might be used together with some of the advertising cookies described above, to operate, evaluate, and improve our programs, and to perform data analytics, accounting, auditing, and other internal functions.

We do not run interest-based advertising campaigns that collect personally identifiable information including, but not limited to, email addresses, telephone numbers, and credit card numbers, nor do we use or associate personally identifiable information (PII) with remarketing lists, cookies, data feeds, or other anonymous identifiers. We do not use or associate targeting information, such as demographics or location, with any PII collected from the ad or its landing page. AHA does not share PII with Google through our remarketing tag or our product data feeds that might be associated with our ads. AHA will not send Google precise location information without obtaining your consent.

To see how Google may use information collected through your use of Google's search services visit Google’s Ads Help Center.

If you want to opt out of Google's use of cookies visit Google’s Ads Setting Site.

To opt out of cookies or remarketing pixels by Network Advertising Initiative member companies (not all members support cookie preferences for all browsers), please visit the Network Advertising Initiative opt-out page.