Privacy Policy & Standards

Updated:Nov 16,2015


The American Heart Association believes that data it collects from its programs, products and services is an essential resource to furthering our mission of building healthier lives free from cardiovascular disease and stroke. Because of the potential of this significant resource to deepen our understanding of the risks, consequences and future cures for these diseases, AHA seeks to obtain data in a manner that allows the AHA to use the data it collects in the most ways beneficial to the advancement of its mission and the benefit of the public. At the same time, AHA respects the rights of individuals to understand and direct how their private information can be used.

In pursuing these goals, all programs and activities of the American Heart Association that collect personally identifiable information (PII), and other information at least as sensitive as PII, shall be designed and conducted to ensure that such PII is collected, stored, used, disclosed, and destroyed: (a) in full compliance with any applicable privacy laws and regulations; (b) only within the permissions granted, where permission is required; (c) with commercially reasonable security protection based on the type of information; and (d) consistent with the AHA’s mission to build healthier lives free from heart disease and stroke and commitment to respecting individuals’ desire to protect their privacy. All staff and volunteers designing and conducting programs that collect, store, use, disclose, or destroy PII must do so in accordance with this Privacy Policy, the Privacy Standards below, and applicable AHA Privacy & Security Procedures.


All programs and activities of the American Heart Association that collect personally identifiable information, or any information at least as sensitive as PII, shall be designed and conducted using current industry standard practices intended to ensure that such PII is collected, stored, used, disclosed, and destroyed in accordance with the Privacy Policy and these Privacy Standards. Prior to any collection or use of PII by or for any AHA program or activity, the business unit responsible for the program or activity shall develop and document specific Privacy & Security Procedures in the required format to ensure compliance with the Privacy Policy and these Standards. The Privacy & Security Procedures, in addition to other requirements, shall outline:
  • how PII is collected by the AHA program or activity;
  • what type of PII is collected;
  • where it will be collected from;
  • how it will be used and shared;
  • how access to PII by AHA personnel will be controlled;
  • how PII is kept accurate, complete and secure;
  • how long the PII will be kept and how it will be destroyed; and
  • how an individual can obtain, confirm, correct, or request permanent deletion--to the extent deletion is required by law--of any PII under AHA control.

The Privacy & Security Procedures for each program or activity must be approved by Business Technology, Legal and the appropriate chief executive for that business unit before collection or use of PII begins, whether or not the PII is collected electronically or in hard copy form.

Standard 1- Compliance with Laws & Accountability:

The AHA will comply with all applicable privacy and security laws and regulations.  AHA will require its vendors, volunteers, and staff to comply with applicable laws and regulations, the AHA Privacy Policy, these AHA Privacy Standards and any applicable Privacy & Security Procedures.

Standard 2 – Transparency:

The AHA will make the Privacy Policy and Privacy Standards readily available to individuals providing their own PII to AHA and will post a statement summarizing its Privacy Policy and Privacy Standards on its website.  When requesting consent from individuals, whether online or offline, AHA will describe what information is to be collected, what permissions the AHA is requesting from them, and how that individual may opt out of the collection of such PII or withdraw consent later.  When consent is requested from an individual to collect or use PII, the AHA will document the consent in a way that is reasonable under the circumstances.

Standard 3 - Limitations on Disclosure:

Because AHA values and respects an individual’s desire to keep certain personal information private, AHA will not disclose PII to third parties, other than: 1) when consent is required by law, only for purposes included within the consent of the individual providing his or her PII; 2) purposes that are consistent with or are necessary to carry out the original express purpose for which the consent was granted and related to AHA’s overall mission; or 3) as otherwise authorized by law. When individual consent is required, such individual consent shall be obtained at or before the time the information is collected, or before the time the information is used in a way not covered by an individual’s prior consent.

Standard 4 - Security Measures:

The AHA will use reasonable and appropriate security measures to protect PII against unauthorized access, use, modification or disclosure, and shall ensure that all PII for which it has responsibility is maintained in a secure environment at least at the levels required by any applicable law.  The AHA will use applicable reasonable industry standards when destroying PII to protect against unauthorized disclosure.

Information Security

The American Heart Association takes the security of your personal, financial and medical information that you provide to us very seriously and we take reasonable measures to safeguard your information consistent with our Privacy Policy.  We comply with the Payment Card Industry Data Security Standards ("PCI DSS") for financial transactions, and other laws and regulations applicable to the information we collect from you.

Our network is composed of access controlled measures, security monitoring tools, vulnerability management program, SSL encryption, scheduled network scans, and internal and external penetration tests.  When it is necessary for our service providers to have access to your information, we expect the same level of data security, integrity and confidentiality standards as the AHA itself provides. Additionally, we conduct security awareness training for our staff and volunteers.

While the AHA uses its best efforts to maintain this level of security across all of our systems we cannot guarantee or warrant that our systems or our service providers are not vulnerable to viruses, hacking or other security threats. 

Cookies, Tags & Remarketing Pixels

A cookie is a small piece of text sent to your browser by a website you visit. It helps the website to remember information about your visit, like your preferred language and other settings. Cookies are also used by web sites for authenticating users, tracking a user’s session, and/or for storing other essential textual information. AHA tracks your interests on our sites so that we can provide you with additional content that might be of importance to you. Providing you with fresh and engaging content is important to us, as we know it is important to you.

We use tools, cookies and services such as AdWords, DoubleClick and Google Analytics for tracking, reporting and analyzing web site activity. Some cookies are used to measure conversion events.  Pixel tags might be used together with some of the advertising cookies described above, to operate, evaluate, and improve our programs, and to perform data analytics, accounting, auditing, and other internal functions.

We do not run interest-based advertising campaigns that collect personally identifiable information including, but not limited to, email addresses, telephone numbers, and credit card numbers, nor do we use or associate personally identifiable information (PII) with remarketing lists, cookies, data feeds, or other anonymous identifiers. We do not use or associate targeting information, such as demographics or location, with any PII collected from the ad or its landing page. AHA does not share PII with Google through our remarketing tag or our product data feeds that might be associated with our ads. AHA will not send Google precise location information without obtaining your consent.

To see how Google may use information collected through your use of Google's search services visit Google’s Ads Help Center.

If you want to opt out of Google's use of cookies visit Google’s Ads Setting Site.

To opt out of cookies or remarketing pixels by Network Advertising Initiative member companies (not all members support cookie preferences for all browsers), please visit the Network Advertising Initiative opt-out page.