You may review your personal information, request that we delete your information from any donor list exchange activity, or request that we stop using it, by submitting your request using our online Contact Preference form, calling our toll-free line, or providing us your name, address, phone number and email address via mail.
We engage TrueDepth Camera to map users faces for the Augmented Reality features. This is how the app is able to map users faces to know where to place the virtual mask filters and how it finds recognized coloring pages to make them come to life. In terms of data capture:
Last Updated June 2019
The American Heart Association wants you to know how we use and protect the important information you provide to us. The information provided below summarizes our policy, procedures and practices as further described in this Privacy Statement.
This Privacy Statement is an explanation of what we do with your information. As for why we do these things:
From time to time, we exchange or share our donor names and mailing addresses with other reputable organizations, predominantly other non-profit organizations, in order to maintain an active donor list to support our mission to be a relentless force for a world of longer, healthier lives. We have found this to be a cost-effective method of reaching additional potential donors. These other organizations are carefully screened and will not have continued access to your name and address unless you choose to respond to them directly. We do not share email addresses and health-related data. As a donor, you may at any time request that your information not be shared with these other organizations. To request that your information not be shared or otherwise change your preferences on how we contact you, please send a request using our online form or use the contact options on our Contact Us page.
We encourage children to participate in age-appropriate activities to promote healthier lives free of cardiovascular diseases and stroke. Although some AHA sites allow children, with parental consent, to register and participate in certain activities through their schools and communities, we do not collect more information than is necessary to enable children to participate in these activities.
With parental consent, we may collect information from children under the age of 13 such as: name, address, email address, account information, school, messages sent to us through our chat interface, and content they create themselves. That information allows us to fulfill requested transactions, respond to questions about our website and programs, facilitate their participation in activities and other programs, keep records, or to otherwise customize or enhance the website experience for children. Children under the age of 13 may be able to make certain content such as content they create themselves visible to others or the public. This might include, for example, a webpage or parts of webpages operated by children that have been designed for group or public viewing, or photos of themselves involved in our programs or other activities.
In addition to information children provide us directly, we use cookies and similar tools on our web sites. Such tools store unique identification numbers or codes (i.e., “persistent identifiers”) that enable us to provide a personalized web experience to users, among other benefits. We use such persistent identifiers to support the internal operations of our web sites as described in more detail in the Section of this Privacy Statement on “Cookies, Tags & Remarketing Pixels.”
We engage third-party service providers to help us develop and operate our web sites and Apps and to help us provide age-appropriate prizes and other rewards for children who participate in our activities. Our service providers include Blackbaud, Inc., Boundless Network, Inc., Charity Dynamics, Inc., Google LLC, Zuri, Mitek Systems, Inc., Ensenta Corporation, PMX Agency, and JotForm, Inc. If you have questions about the involvement of third parties in providing our services, including their privacy practices, please use the information at the bottom of this page to contact our offices by phone or email.
Regardless of what is displayed or submitted, parents can revoke their consent, request that information about their children be hidden or, in some cases, deleted, by contacting our offices by phone at the number at the bottom of this page or via email. When a parent revokes consent, we will stop collecting, using or disclosing information from that child. To comply with such a request, we must verify the identity of the requesting parent. To respect the privacy of parents, we dispose of information that is collected and used solely for obtaining verifiable parental consent or providing notice after a reasonable time after parental consent is declined or revoked.
We, or our service providers, and other companies we work with may deploy and use cookies, web beacons, local shared objects and other tracking technologies for various purposes, such as fraud prevention and monitoring of our advertising and marketing campaign performance. Some of these tracking tools may detect characteristics or settings of the specific device you use to access our online services.
We may also collect information about you from additional online and offline sources including from social media activities, other nonprofits, and commercially available third-party sources. We may combine this information with the personal and other information we have collected about you.
We may also use data that we collect on an aggregate or anonymous basis (meaning it does not identify any individuals) for various purposes, where permissible under applicable laws and regulations, to help deliver products, services, and content that are better tailored to the users of our services and for other purposes.
Keeping your account information and preferences up-to-date is very important. You may review your information, request that we exclude your information from any donor list exchange activity, request that we stop using it, or update certain account information by logging in and accessing the account profile section of each online service for which you have registered. If you cannot locate, access or make changes to the information or permissions online, you may send a request using our online form or use the Contact Us options on our site. Of course, we cannot track down “de-identified” information to change it or undo any prior use of data we already used with your actual or implied consent.
To the extent that we provide you with direct marketing communications, you have control regarding our use of your Personal Information for such reasons. If you no longer wish to receive any direct marketing communications, you can opt-out at any time. To do so you may use the unsubscribe link within a marketing email received from us or send a send a request using our online form.
Please note that you also have the right to lodge a complaint with a supervisory authority.
We may change this Privacy Statement from time to time. When we do, we will let you know by appropriate means such as by posting the revised policy on this page with a new “Last Updated” date. In some cases, you may be asked to agree again to our Privacy Statement or other terms, even if you have already agreed to accept them, because there were changes. Any changes to this Privacy Statement will become effective when posted unless indicated otherwise.
This Privacy Statement describes our practices related to our most common data collection activities. We have other policies, procedures and statements that apply to other activities and programs. If you have a question about privacy protections related to “offline” programs, please contact the program staff or use the contact options on our Contact Us page.
The American Heart Association takes the security of your personal, financial and medical information that you provide to us very seriously and we take reasonable measures to safeguard your information consistent with our Privacy Statement. We comply with the Payment Card Industry Data Security Standards ("PCI DSS") for financial transactions, and other laws and regulations applicable to the information we collect from you.
Our network is composed of access-controlled measures, security monitoring tools, vulnerability management program, SSL encryption, scheduled network scans, and internal and external penetration tests. When it is necessary for our service providers to have access to your information, we expect the same level of data security, integrity and confidentiality standards as the AHA itself provides. Additionally, we conduct security awareness training for our staff and volunteers.
While the AHA uses its best efforts to maintain this level of security across all of our systems we cannot guarantee or warrant that our systems or our service providers are not vulnerable to viruses, hacking or other security threats.
A cookie, tag, or pixel (collectively, "cookie") is a small piece of text or technology sent to your browser by a website you visit or stored on your device. It helps the website to remember information about your visit, like your preferred language and other settings. Cookies are also used by web sites for authenticating users, tracking a user’s session, and/or for storing other essential textual information. AHA tracks your interests on our sites so that we can provide you with additional content that might be of importance to you. Providing you with fresh and engaging content is important to us, as we know it is important to you.
We use tools, cookies and services such as AdWords, DoubleClick and Google Analytics, and Hotjar for tracking, reporting and analyzing website activity. Some cookies are used to measure conversion events. Pixel tags might be used together with some of the advertising cookies described above, to operate, evaluate, and improve our programs, and to perform data analytics, accounting, auditing, and other internal functions.
We also use AddThis, a service provided by Oracle America, Inc., to help add social networking and content sharing features to our web sites.
We do not run interest-based advertising campaigns that collect Personal Information including, but not limited to, email addresses, telephone numbers, and credit card numbers, nor do we use or associate Personal Information with remarketing lists, cookies, data feeds, or other anonymous identifiers. We do not use or associate targeting information, such as demographics or location, with any Personal Information collected from the ad or its landing page. AHA does not share Personal Information with Google through our remarketing tag or our product data feeds that might be associated with our ads. AHA will not send Google precise location information without obtaining your consent.
To see how Google may use information collected through your use of Google's search services visit Google’s Ads Help Center.
If you want to opt out of Google's use of cookies visit Google’s Ads Setting Site.
If you want to opt out of Hotjar’s creating of a user profile, Hotjar’s storing of data about your usage of our site, and Hotjar’s use of tracking cookies on other websites by following Hotjar's opt-out link.
To learn more about other cookies used for interest-based advertising, including through cross-device tracking, and to exercise choices regarding such cookies, please visit the following websites (or your device settings for mobile applications):
Some jurisdictions require an explanation of the legal basis for the collection and processing of Personal Information. We have several different legal grounds on which we collect and process Personal Information, including: (a) as necessary to perform a transaction (such as when we respond to your requests); (b) as necessary to comply with a legal obligation (such as when we use Personal Information for recordkeeping to [e.g., substantiate tax liability or eligibility for a course completion credential]); (c) consent (where you have provided consent as appropriate under applicable law, such as for marketing or certain cookies); and (d) where necessary for legitimate interests (such as when we act to maintain our business generally). With respect to legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of Personal Information, such legitimate interests are the fulfilment of the processing purposes described in this Privacy Statement that are not necessary for the performance of a contract or for our compliance with a legal obligation to which we are subject.
You are not required to provide all Personal Information identified in this Privacy Statement, but certain services will not be available if you do not provide Personal Information. For instance, if you refuse to provide proof of identification you may not receive certain products you purchase.
We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.
Given the divergent practices of organizations that offer browsers and the lack of a standard in the marketplace, we generally do not respond to DNT signals at this time.