U.S. State Privacy Notice
Last Updated: April 23, 2024
This U.S. State Privacy Notice (“State Privacy Supplement”) supplements the information contained in the Privacy Statement, located on our Website (the “Site”), of the American Heart Association (“AHA,” “we,” “us,” or “our”), and applies solely to consumers as defined under state specific privacy laws that are applicable to the AHA, a U.S. non-profit organization. In the event of any conflict between this notice and our Privacy Statement, this supplemental privacy notice will govern. We adopt this notice to comply with U.S. State Privacy Laws.
This State Privacy Supplement is designed to provide you with notice of our practices over the prior twelve (12) months, as required under some U.S. State Privacy Laws.
Information We Collect
The information we collect is identified in the “Information We Collect” section of our Privacy Statement American Heart Association Privacy Statement | American Heart Association. The information we collect includes Personal Data, which is information that identifies, relates to, describes, references, is capable of being associated with, or reasonably could be linked, directly or indirectly, with a specific individual, consumer, or personal device (“Personal Data”); and for limited purposes we also collect Sensitive Personal Data.
Not included in the definition of Personal Data is information that is publicly available, information that has been de-identified or aggregated.
Use and Disclosure of Personal Data
We may use or disclose your Personal Data as described in the “How We Use Your Information” and “How and Why We Disclose Your Information” sections of our Privacy Statement.
The table below describes the categories of Personal Data we collect as well as examples of the type of data that fit within such categories, the purpose for which such data is processed, and the categories of recipients for each category of data as part of disclosures for business purposes, as well as disclosures that may be considered a sale or share under certain U.S. State Privacy Laws.
| Categories | Purpose | Categories of Recipients |
|---|---|---|
|
Identifiers. Examples include: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
|
|
Personal Records. Examples include: A name, signature, , physical characteristics or description, address, associated telephone numbers, , education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health information. |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
|
|
Personal Characteristics. Examples include: Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
|
|
Commercial information. Examples include: Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
|
|
Biometric information. Examples include: physiological, behavioral, or activity patterns used to extract a template or other identifier or identifying information, gait, or other physical patterns, and sleep, health, or exercise data. |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
|
|
Internet or other similar network activity. |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
Sharing with other third parties
|
|
Geolocation data. Examples include: Physical location or movements. |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
|
|
Professional or employment-related information. Examples include: Current or past job history |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
Sharing with other third parties
|
|
Inferences drawn from other Personal Information. Examples Include: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
Sharing with other third parties
|
Sensitive Data
| Categories | Purpose | Categories of Recipients |
|---|---|---|
|
Children’s Information. Examples include: Information of a known child age 13 or younger and teens aged 13-17 |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. We obtain verifiable parental consent to collect and disclose any information about a child as required by law. |
Business purpose
|
|
Financial information. Examples include: bank account number, credit card number, debit card number, or any other financial information, information, Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account. |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
|
|
Demographic. Examples Include: Racial information, Ethnic origin, religious, or philosophical beliefs. |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
|
|
Biometric. Examples include: biometric information for the purpose of uniquely identifying a consumer. |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
|
|
Health. Examples Include: medical information, or information concerning a consumer’s health; concerning a consumer’s sex life or sexual orientation. |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
|
|
Precise Geolocation. Examples include: location within a radius of 1,850 feet |
We use this information as stated in our Privacy Statement and in accordance with applicable laws, such as to provide you with the products and services you specifically request or consent to and other uses or disclosures as you expressly consent to from time to time; or as required by law. |
Business purpose
|
Rights and Choices
Consumers may be provided with certain rights regarding their Personal Information under their state privacy law. For requests received directly from a consumer, this section describes your rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your Personal Data over the past 12 months. Once we receive and confirm your authenticated consumer request, you may request we disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we disclose that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
Deletion Request Rights
You have the right to request that we delete your Personal Data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your authenticated consumer request, we will delete your Personal Data from our records, unless an exception applies.
Rectification Request Rights
You have the right to request correction of inaccurate or incomplete Personal Data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your authenticated consumer request, we will provide a response that may include self-service tools that enable you to update your Personal Data, unless an exception applies.
Opt-out Rights
You have the right to opt out of the following uses of your Personal Data: (a) targeted advertising; (b) the sharing of Personal Data with non-service provider third parties.
You will be able to opt-out of the share of your personal information as well as opt-out of the share of your cookies for marketing purposes, including targeted advertising by visiting our privacy preference center.
However, note that if you provide your information to a third party for their own use, or if said third party otherwise collects your information as part of your interactions with them, then their use of your information will be subject to the limits of their privacy statement or notice, rather than ours.
Request Submissions
To exercise consumer privacy rights under state law, please submit an authenticated consumer request by completing the online form by visiting our privacy preference center.
Authenticated Requests
- An authenticated request may be submitted by a consumer. These requests must:
- Detail sufficient information that allows us to reasonably authenticate you are the person about whom we collected Personal Data; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Data if we cannot authenticate your identity or authority to make the request and confirm the Personal Data relates to you. We will only use personal information provided in an authenticated consumer request to verify the requestor's identity or authority to make the request.
Timeframe for Responding to Requests and Format
We will confirm receipt of a consumer’s request within ten (10) days of receipt. We will respond to the request within forty-five (45) days of receipt of the request.
The period of response may be extended to ninety (90) days if more time is required. In that event, we will inform you of the reason for the extension in writing. You may only make a verifiable consumer request for access or data portability twice within a 12-month period.
Appeal Process
After receiving a response to an authenticated request, consumers may make an appeal by contacting [email protected] with the subject “appeal” and state the reasons for their appeal. Consumers must send an appeal request within twenty (20) days of receipt of AHA’s response to an authenticated request.
Fee
We do not charge a fee to process or respond to your authenticated consumer request unless it is excessive, repetitive, or manifestly unfounded.
No Discrimination
Unless permitted by law, we will not discriminate against you for exercising the rights by:
- Denying goods or services to you;
- Charging different prices or rates for goods or services, including through the use of discounts, benefits, or other penalties;
- Providing a different level or quality of goods or services; and
- Suggesting a different price or quality of goods or services will apply if rights are exercised.
Please note, that certain information is required to effectively use our Services. For example, if you exercise the right to delete your information your account will be deactivated, which prevents the use of our goods and services. This in no way prevents you from creating a new account in the future.
No Financial Incentive
We do not offer any financial incentives or price or service difference in an attempt to influence a consumer’s decision whether or not to exercise a right afforded to the consumer under their state consumer privacy laws.
Changes to Privacy Notice
From time to time, we may change this State Privacy Notice Supplement and will notify you of changes by posting the changed or modified State Privacy Notice Supplement on our Site. If the changes are material, we will provide you with additional notice (such as sending you an email notification or posting a banner notice on our web page). Any changes will be effective immediately upon the posting of the revised State Privacy Notice Supplement unless otherwise specified. Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.
Contact Information
If you have any questions about the Privacy Notice, this State Privacy Notice Supplement, or our privacy practices, please contact us at:
Our postal address:
7272 Greenville Ave
Dallas, Texas 75231
Other ways to reach us:
1-800-242-8721