Privacy Policy

美国心脏协会认为,他们从项目中收集的数据, 产品和服务是促进我们建立远离心血管疾病和中风的更欧洲杯压球的使命的重要资源. 因为这个重要的资源有可能加深我们对风险的理解, consequences and future cures for these diseases, 美国心脏协会寻求以一种方式获取数据,这种方式允许美国心脏协会以最有利于推进其使命和公众利益的方式使用它收集的数据. At the same time, 美国心脏协会尊重个人了解和指导如何使用其私人信息的权利.

In pursuing these goals, 美国心脏协会所有收集个人身份信息(PII)的项目和活动, and other information at least as sensitive as PII, ,以确保收集该等个人资料, stored, used, disclosed, and destroyed: (a) in full compliance with any applicable privacy laws and regulations; (b) only within the permissions granted, where permission is required; (c) with commercially reasonable security protection based on the type of information; and (d) consistent with the AHA’s mission to build healthier lives free from heart disease and stroke and commitment to respecting individuals’ desire to protect their privacy. 所有工作人员和志愿者设计和执行收集项目, store, use, disclose, or destroy PII must do so in accordance with this Privacy Policy, the Privacy Standards below, and applicable AHA Privacy & Security Procedures.

Privacy Standards

美国心脏协会所有收集个人身份信息的项目和活动, or any information at least as sensitive as PII, 应使用旨在确保收集此类PII的当前行业标准实践来设计和实施, stored, used, disclosed, 并按照隐私政策和本隐私标准销毁. 在任何AHA计划或活动收集或使用PII之前, 负责项目或活动的业务单位应制定并记录具体的隐私 & 必要格式的安全程序,以确保遵守隐私政策和本标准. The Privacy & 保安程序,除其他要求外,应概述:

  • how PII is collected by the AHA program or activity;
  • what type of PII is collected;
  • where it will be collected from;
  • how it will be used and shared;
  • how access to PII by AHA personnel will be controlled;
  • how PII is kept accurate, complete and secure;
  • how long the PII will be kept and how it will be destroyed; and
  • how an individual can obtain, confirm, correct, 或要求永久删除在AHA控制下的任何PII(在法律要求的范围内).

The Privacy & 每个项目或活动的安全程序必须得到业务技术部门的批准, 在开始收集或使用PII之前,通知该业务单位的合法和适当的首席执行官, 个人资料是以电子方式或以硬拷贝形式收集.

Standard 1- Compliance with Laws & Accountability:

美国协会将遵守所有适用的隐私和安全法律法规.  AHA will require its vendors, volunteers, and staff to comply with applicable laws and regulations, the AHA Privacy Policy, these AHA Privacy Standards and any applicable Privacy & Security Procedures.

Standard 2 – Transparency:

美国心脏协会将向向美国心脏协会提供个人个人信息的个人提供隐私政策和隐私标准,并将在其网站上发布隐私政策和隐私标准总结声明.  When requesting consent from individuals, whether online or offline, AHA will describe what information is to be collected, what permissions the AHA is requesting from them, 以及该个人如何选择不收集此类PII或随后撤回同意.  征得个人同意收集或使用个人身份信息时, 美国心脏协会将以合理的方式记录同意.

Standard 3 - Limitations on Disclosure:

因为AHA重视并尊重个人对某些个人信息保密的愿望, AHA will not disclose PII to third parties, other than: 1) when consent is required by law, only for purposes included within the consent of the individual providing his or her PII; 2) purposes that are consistent with or are necessary to carry out the original express purpose for which the consent was granted and related to AHA’s overall mission; or 3) as otherwise authorized by law. When individual consent is required, 此类个人同意应在收集信息时或之前获得, 或者在信息被以未经个人事先同意的方式使用之前.

Standard 4 - Security Measures:

美国心脏协会将使用合理和适当的安全措施,以保护个人资料免遭未经授权的访问, use, modification or disclosure, 并应确保其负责的所有个人身份信息保存在至少符合任何适用法律要求的安全环境中.  在销毁个人身份信息时,AHA将使用适用的合理行业标准,以防止未经授权的披露.