Privacy

Privacy Policy

Last Updated November 2022

APHE Minnesota LLC (“APHE”) believes that data it collects from its programs, products and services is an essential resource to furthering our mission to provide all students in all courses with high-quality, engaging, informative, science-based medical training. APHE uses the data it collects to advance its mission and benefit the public. At the same time, APHE respects the rights of individuals to understand and direct how their private information can be used.

          In pursuing these goals, all APHE programs and activities that collect Personally Identifiable Information (“PII”) shall be designed and conducted to ensure that such PII is collected, stored, used, disclosed, and destroyed: 

• in full compliance with any applicable privacy laws and regulations; 
• only within the permissions granted, where permission is required; 
• with commercially reasonable security protection based on the type of information;
• consistent with the APHE mission; and 
• with commitment to respecting individuals’ desires to protect their privacy. 

All staff conducting programs that collect, store, use, disclose, or destroy PII must do so in accordance with this Privacy Policy, the Privacy Standards (below), and the Privacy Statement (below).

Privacy Standards

All APHE programs and activities that collect PII, or any information at least as sensitive as PII, shall be designed and conducted using current industry standard practices intended to ensure that such PII is collected, stored, used, disclosed, and destroyed in accordance with these Privacy Standards. Prior to any collection or use of PII by or for any APHE program or activity, the staff responsible for the program or activity shall review and understand the Privacy Policy, Standards and Statement to ensure compliance.

          The Privacy Policy, Privacy Standards and Privacy Statement have been approved by APHE before collection or use of PII began, whether or not the PII is collected electronically or in hard copy form.

Compliance with Laws & Accountability

APHE will comply with all applicable privacy and security laws and regulations.  APHE will require its vendors and staff to comply with applicable laws and regulations, the APHE Privacy Policy, these APHE Privacy Standards and the APHE Privacy Statement.

Transparency

APHE has made its Privacy Policy, Privacy Standards and Privacy Statement readily available to individuals providing their own PII to APHE and has posted a statement summarizing its Privacy Policy and Privacy Standards on its website.  When requesting consent from individuals, whether online or offline, APHE will describe what information is to be collected, what permissions APHE is requesting from them, and how that individual may opt out of the collection of such PII or withdraw consent later.  When consent is requested from an individual to collect or use PII, APHE will document the consent in a way that is reasonable under the circumstances.

Limitations on Disclosure

Because APHE values and respects an individual’s desire to keep certain personal information private, APHE will not disclose PII to third parties, other than: 

• when consent is required by law, only for purposes included within the consent of the individual providing his or her PII; 
• purposes that are consistent with or are necessary to carry out the original express purpose for which the consent was granted and related to APHE’s mission; or 
• as otherwise authorized by law. 

When individual consent is required, such individual consent shall be obtained at or before the time the information is collected, or before the time the information is used in a way not covered by an individual’s prior consent.

Security Measures

APHE will use reasonable and appropriate security measures to protect PII against unauthorized access, use, modification or disclosure, and shall ensure that all PII for which it has responsibility is maintained in a secure environment at least at the levels required by any applicable law.  APHE will use applicable reasonable industry standards when destroying PII to protect against unauthorized disclosure.

Privacy Statement

APHE wants you to know how we use and protect the important information you provide to us. The information provided below summarizes our policy, procedures and practices as further described in this Privacy Statement.

• We collect information as a way to further our mission to provide all students in all courses with high-quality, engaging, informative, science-based medical training. The information you provide allows us to help you on a more personal level. We can better respond to your requests, understand your needs, and provide you the information and resources you need.
• Unless you tell us otherwise, when you provide your information, we will use your information as allowed by law and APHE policies to deliver the programs you are involved with and in furtherance of our mission. We will comply with all applicable U.S. laws and the laws of each state in which APHE has a business presence.
• We will use—and require our data management vendors to use—reasonable and appropriate security practices to safeguard your information.
• If you change your mind about allowing us to use your information or have questions about our privacy practices, please contact us.

This Privacy Statement is an explanation of what we do with your information. 

Information We Collect

Personal Information

“Personal Information” means information that we can use to identify or contact you. It can include information you submit when you use our interactive tools and services. We may collect Personal Information in the following ways:

• When you visit or use our online sales systems or register or sign in for a course, whether web-based or mobile, we may collect your name, email address, mailing address, telephone number(s), account numbers, limited location information (for example, to help a mobile app determine the best means of connecting to the database or for shipping something you purchased), username and password (so you can log in);
• We may collect payment card or similar information when you provide it to us as part of a purchase;
• We may capture the IP address and ID of the device you use to connect to the online service, the type of operating system and browser you use, and information about the site you came from, the parts of our online service you access, the type of mobile device you use and the site you visit next (see also “Cookies, Tags & Remarketing Pixels” below);
• We or our service providers may also use cookies, web beacons or other technologies to collect and store other information about your visit to, or use of, our online services. We may later associate the usage and other information we collect online with Personal Information about you (see also “Cookies, Tags & Remarketing Pixels” below);
• When you register for or use certain interactive tools and services, we may collect your email address, username, password and device information;
• When you sign-up for newsletters or other communications from us, we may collect your name and general contact information;
• When you participate in an online survey, we may collect your name and general contact information; or
• When you provide Personal Information in a community area or other public forum, we may collect your name, contact information and additional Personal Information you voluntarily disclose.

Student Privacy

As an American Heart Association (“AHA”) Training Center and American Red Cross (“ARC”) Licensed Training Provider, we exchange or share our student names, mailing addresses, telephone numbers and email addresses with other reputable organizations who provide instructors and equipment for the certification classes. These other organizations are carefully screened and will not have continued access to your information unless you choose to respond to them directly. To change your preferences on how we contact you, please contact us.

Children's Privacy

We encourage children to participate in age-appropriate certification classes. We allow children, with parental consent, to register and participate in certain activities through their schools and communities. We do not collect more information than is necessary to enable children to participate in these activities.

          With parental consent, we may collect information from children under the age of 13 such as: name, address, telephone number and email address. That information allows us to issue certification cards, respond to questions about our website and programs, facilitate student participation in activities and other programs and keep records. 

          In addition to information children provide us directly, we use cookies and similar tools on our websites. Such tools store unique identification numbers or codes (i.e., “persistent identifiers”) that enable us to provide a personalized web experience to users, among other benefits. We use such persistent identifiers to support the internal operations of our website as described in more detail in the “Cookies, Tags & Remarketing Pixels” section below.

          We engage third-party service providers to help us develop and operate our website and collection registrations for our classes. Our service providers include Google LLC and JotForm, Inc. If you have questions about the involvement of third parties in providing our services, including their privacy practices, please contact our offices by phone or email.

          Regardless of what is submitted, parents can revoke their consent, request that information about their children be hidden or, in some cases, deleted, by contacting us by telephone or via email. When a parent revokes consent, we will stop collecting, using or disclosing information from that child. To comply with such a request, we must verify the identity of the requesting parent. To respect the privacy of parents, we dispose of information that is collected and used solely for obtaining verifiable parental consent or providing notice after a reasonable time after parental consent is declined or revoked.

Information from Other Sources

We, or our service providers, and other companies we work with may deploy and use cookies, web beacons, local shared objects and other tracking technologies for various purposes, such as fraud prevention and monitoring of our advertising and marketing campaign performance. Some of these tracking tools may detect characteristics or settings of the specific device you use to access our online services.

          We may also collect information about you from additional online and offline sources including from social media activities and commercially available third-party sources. We may combine this information with the personal and other information we have collected about you.

How We Use Information We Collect

We use the information discussed above in a number of ways, such as:

• Processing purchase transactions;
• Verifying your identity (such as when you access your account information);
• Preventing fraud and enhancing the security of your account or our online services;
• Responding to your requests and communicating with you;
• Managing your preferences;
• Performing analytics concerning your use of our online services, including your responses to our emails and the pages and advertisements you view;
• Providing you tailored content and marketing messages;
• Operating, evaluating and improving our programs (including developing new products and services; improving existing products and services; performing data analytics; and performing accounting, auditing and other internal functions);
• Complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies; and
• For any other purposes that we may specifically disclose at the time you provide or we collect your information.

We may also use data that we collect on an aggregate or anonymous basis (meaning it does not identify any individuals) for various purposes, where permissible under applicable laws and regulations, to help deliver products, services, and content that are better tailored to the users of our services and for other purposes.

What We Disclose to Others

We may share the information we collect from and about you within our organization and with certain third parties. For example, we may share your information with:

• Credit card processing companies, to process your payments;
• Other organizations we work with to provide services, products or programs;
• Other third parties to comply with legal requirements such as the demands of applicable subpoenas and court orders; to verify or enforce our terms of use, our other rights, or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise to protect the rights, property or security of our customers or third parties.

Links to Third-Party Websites

APHE may provide links to websites that are owned or operated by others ("third-party websites").  When you use a link online to visit a third-party website, you will be subject to that website’s privacy and security practices, which may differ from ours. You should familiarize yourself with the privacy policy, terms of use and security practices of the linked third-party website before providing any information on that website.

Updating Your Information and Contacting Us with Questions

Keeping your account information and preferences up-to-date is very important. You may review your information, request that we exclude your information from any donor list exchange activity, request that we stop using it, or update certain account information by logging in and accessing the account profile section. If you cannot locate, access or make changes to the information or permissions online, please contact  us. We cannot track down “de-identified” information to change it or undo any prior use of data we already used with your actual or implied consent.

          To the extent that we provide you with direct marketing communications, you have control regarding our use of your Personal Information for such reasons. If you no longer wish to receive any direct marketing communications, you can opt-out at any time. To do so, you may use the unsubscribe link within a marketing email received from us or contact us.

          Please note that you also have the right to lodge a complaint with a supervisory authority.

Changes to This Privacy Statement

We may change this Privacy Statement from time to time. When we do, we will let you know by appropriate means such as by posting the revised policy on this page with a new “Last Updated” date. In some cases, you may be asked to agree again to our Privacy Statement or other terms, even if you have already agreed to accept them, because there were changes. Any changes to this Privacy Statement will become effective when posted unless indicated otherwise.

Other Privacy Policies and Practices

This Privacy Statement describes our practices related to our most common data collection activities. If you have a question about privacy protections related to “offline” programs, please contact us.

Information Security

APHE takes the security of your personal and financial information that you provide to us very seriously. We take reasonable measures to safeguard your information consistent with our Privacy Statement. We comply with the Payment Card Industry Data Security Standards ("PCI DSS") for financial transactions and other laws and regulations applicable to the information we collect from you.

          Our network is composed of access-controlled measures, security monitoring tools, vulnerability management program, SSL encryption, scheduled network scans, and internal and external penetration tests. When it is necessary for our service providers to have access to your information, we expect the same level of data security, integrity and confidentiality standards as APHE itself provides. Additionally, we conduct security awareness training for our staff.

          While APHE uses its best efforts to maintain this level of security across all of our systems we cannot guarantee or warrant that our systems or our service providers are not vulnerable to viruses, hacking or other security threats.

Cookies, Tags & Remarketing Pixels

A cookie, tag, or pixel (collectively, "cookie") is a small piece of text or technology sent to your browser by a website you visit or stored on your device. It helps the website to remember information about your visit, like your preferred language and other settings. Cookies are also used by websites for authenticating users, tracking a user’s session, and/or for storing other essential textual information. APHE tracks your interests on our sites so that we can provide you with additional content that might be of importance to you. Providing you with fresh and engaging content is important to us, as we know it is important to you.

          We use tools, cookies and services such as AdWords and Google Analytics, for tracking, reporting and analyzing website activity. Some cookies are used to measure conversion events. Pixel tags might be used together with some of the advertising cookies described above, to operate, evaluate, and improve our programs, and to perform data analytics, accounting, auditing, and other internal functions.

          We do not run interest-based advertising campaigns that collect Personal Information including, but not limited to, email addresses, telephone numbers, and credit card numbers, nor do we use or associate Personal Information with remarketing lists, cookies, data feeds, or other anonymous identifiers. We do not use or associate targeting information, such as demographics or location, with any Personal Information collected from the ad or its landing page. APHE does not share Personal Information with Google through our remarketing tag or our product data feeds that might be associated with our ads. APHE will not send Google precise location information without obtaining your consent.

          To see how Google may use information collected through your use of Google's search services visit Google’s Ads Help Center. If you want to opt out of Google's use of cookies visit Google’s Ads Setting Site.

          To learn more about other cookies used for interest-based advertising, including through cross-device tracking, and to exercise choices regarding such cookies, please visit the following websites (or your device settings for mobile applications):

- Digital Advertising Alliance

- Network Advertising Initiative

Other Issues

What is the legal basis of processing?

Some jurisdictions require an explanation of the legal basis for the collection and processing of Personal Information. We have several different legal grounds on which we collect and process Personal Information, including: 

- as necessary to perform a transaction (such as when we respond to your requests); 

- as necessary to comply with a legal obligation (such as when we use Personal Information for recordkeeping to [e.g., substantiate tax liability or eligibility for a course completion credential]); 

- consent (where you have provided consent as appropriate under applicable law, such as for marketing or certain cookies); and 

- where necessary for legitimate interests (such as when we act to maintain our business generally).  

          With respect to legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of Personal Information, such legitimate interests are the fulfillment of the processing purposes described in this Privacy Statement that are not necessary for the performance of a contract or for our compliance with a legal obligation to which we are subject.

What are the consequences of not providing Personal Information?

You are not required to provide all Personal Information identified in this Privacy Statement, but certain services will not be available if you do not provide Personal Information. For instance, if you refuse to provide proof of identification you may not receive certain products you purchase.

Do we engage in automated decision-making without human intervention?

We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.

Does APHE honor do-not-track ("DNT") signals sent via browsers?

Given the divergent practices of organizations that offer browsers and the lack of a standard in the marketplace, we generally do not respond to DNT signals at this time.