Privacy Statement

The Heart and Stroke Foundation of India wants you to know how we use and protect the important information you provide to us. This information summarizes our policy, procedures and practices.

  • We collect information as a way to further our mission of building healthier lives free of cardiovascular diseases and stroke. The information you provide allows us to help you on a more personal level. We can better respond to your requests, understand your needs, and provide you the information and resources you need. We can also compare your information with the information of others we connect with to identify important trends. Harnessing this information has the potential to lead to breakthroughs in research, product and program development, and more effective services. And these breakthroughs can help lead to healthier lives for all.
  • Unless you tell us otherwise, when you provide your information we assume you are agreeing to allow us to use and disclose it as allowed by law and HSFI policies to deliver the programs you are involved with and in furtherance of our mission.
    • We will comply with all U.S. laws and the laws of countries in which HSFI has a business presence
    • When we ask for certain types of sensitive information—such as health information—we will tell you how we intend to use and disclose that information.
    • Additional information about how we collect, protect, and use information in our research, fundraising, outreach, consumer education and other “offline” programs may be found at our Privacy Policy & Standards.
  • We will use—and require our data management vendors to use—reasonable and appropriate security practices to safeguard your information.
  • If you change your mind about allowing us to use your information or have questions about our privacy practices, please use the contact options on our Contact Us page to let us know.

This privacy statement is an explanation of what we do with your information. As for why we do these things:

Information We Collect

Personal Information

Personal Information” means information that we can use to identify or contact you. It can also include health and other information you submit when you use our interactive tools and services. We may collect Personal Information in the following ways:

  • When you visit or use our online donation and sales systems, whether web-based or mobile, we may collect your name, email address, mailing address, telephone number(s), account numbers, limited location information (for example, to help a mobile app determine the best means of connecting to the database or for shipping something you purchased), user name and password (so you can log in) and personal health information (such as within our health improvement apps);
  • We may collect payment card or similar information when you provide it to us as part of a purchase;
  • We may capture the IP address and ID of the device you use to connect to the online service, the type of operating system and browser you use, and information about the site you came from, the parts of our online service you access, the type of mobile device you use and the site you visit next (see also the Cookies, Tags & Remarketing Pixels information at right);
  • We or our service providers may also use cookies, web beacons or other technologies to collect and store other information about your visit to, or use of, our online services. We may later associate the usage and other information we collect online with personal information about you;
  • When you register for or use certain interactive tools and services, many of our mobile Apps, or tools inside many of our Apps;
  • When you sign-up for newsletters or other communications from us;
  • When you participate in an online survey; or
  • When you provide personal information in a community area or other public forum.

Children’s Privacy

HSFI provides additional privacy protection information for those HSFI Sites that are directed at children under the age of 13 or where we knowingly collect information from children under the age of 13. Information practices concerning children are found on each website or online service where personal information is collected from children under 13, or used or shared in ways not otherwise covered by the rest of this Privacy Statement.

We will not knowingly request personally identifiable information from anyone under the age of 13 without prior verifiable parental consent. With parental consent, we may collect information from children under the age of 13 such as: name, address, email address, account information, and content they create themselves. That information allows us to fulfill requested transactions, facilitate their participation in activities and other programs, keep records, undertake certain marketing activities, or to otherwise customize or enhance the web site experience for children.

Children under the age of 13 may be able to make certain content such as content they create themselves visible to others or the public. This might include, for example, a webpage or parts of webpages operated by children that have been designed for group or public viewing, or photos of themselves involved in our programs or other activities.

Regardless of what is displayed or submitted, parents can revoke their consent and ask that information about their children be hidden or, in some cases, deleted, by contacting our offices by phone at the number at the bottom of this page or via email. To comply with such a request, we must verify the identity of the requesting parent. When a parent revokes consent, we will stop knowingly collecting, using or disclosing information from that child. To respect the privacy of parents, information that is collected and used for the sole purpose of obtaining verifiable parental consent or providing notice is not maintained in retrievable form by the site if parental consent is not obtained after a reasonable time.

Information from Other Sources

We, or our service providers, and other companies we work with may deploy and use cookies, web beacons, local shared objects and other tracking technologies for various purposes, such as fraud prevention and monitoring of our advertising and marketing campaign performance. Some of these tracking tools may detect characteristics or settings of the specific device you use to access our online services.

We may also collect information about you from additional online and offline sources including from social media activities, other nonprofits, and commercially available third-party sources. We may combine this information with the personal and other information we have collected about you.

How We Use Information We Collect

We use the information discussed above in a number of ways, such as:

  • Processing donations and purchase transactions;
  • Verifying your identity (such as when you access your account information);
  • Preventing fraud and enhancing the security of your account or our online services;
  • Responding to your requests and communicating with you;
  • Managing your preferences;
  • Performing analytics concerning your use of our online services, including your responses to our emails and the pages and advertisements you view;
  • Providing you tailored content and marketing messages;
  • Operating, evaluating and improving our programs (including developing new products and services; improving existing products and services; performing data analytics; and performing accounting, auditing and other internal functions);
  • Complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies;
  • Helping you understand your personal health information; and
  • For any other purposes that we may specifically disclose at the time you provide, or we collect your information.

We may also use data that we collect on an aggregate or anonymous basis (meaning it does not identify any individuals) for various purposes, where permissible under applicable laws and regulations, to help deliver products, services, and content that are better tailored to the users of our services and for other purposes.

What We Disclose to Others

We may share the information we collect from and about you within our organization and with certain third parties. For example, we may share your information with:

  • Credit card processing companies, to process your payments and donations;
  • Our other websites in an effort to bring you improved service across our large range of products and services, when permissible under relevant laws and regulations;
  • Other organizations we work with to provide services, research, products or programs;
  • Other similar charities; and
  • Other third parties to comply with legal requirements such as the demands of applicable subpoenas and court orders; to verify or enforce our terms of use, our other rights, or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise to protect the rights, property or security of our customers or third parties.

Links to Third-Party Websites

HSFI may provide links to websites that are owned or operated by others (“third-party websites”). When you use a link online to visit a third-party website, you will be subject to that website’s privacy and security practices, which may differ from ours. You should familiarize yourself with the privacy policy, terms of use and security practices of the linked third-party website before providing any information on that website.

Updating Your Information and Contacting Us with Questions

Keeping your account information and preferences up-to-date is very important. You may review your information, request that we exclude your information from any donor list exchange activity, request that we stop using it, or update certain account information by logging in and accessing the account profile section of each online service for which you have registered. If you cannot locate, access or make changes to the information or permissions online, you may send a request using the Contact Us options on our site. Of course, we cannot track down “de-identified” information to change it or undo any prior use of data we already used with your actual or implied consent.

Changes to This Privacy Statement

We may change this Privacy Statement from time to time. When we do, we will let you know by appropriate means such as by posting the revised policy on this page with a new “Last Updated” date. In some cases, you may be asked to agree again to our Privacy Policy or other terms, even if you have already agreed to accept them, because there were changes. Any changes to this Privacy Statement will become effective when posted unless indicated otherwise.

Other Privacy Policies and Practices

This Privacy Statement describes our practices related to our most common data collection activities. We have other policies, procedures and statements that apply to other activities and programs. If you have a question about privacy protections related to “offline” programs, please contact the program staff or use the contact options on our Contact Us page.

Privacy Policy

The Heart and Stroke Foundation of India (HSFI) believes that data it collects from its programs, products and services is an essential resource to furthering our mission of building healthier lives free from cardiovascular disease and stroke. Because of the potential of this significant resource to deepen our understanding of the risks, consequences and future cures for these diseases, HSFI seeks to obtain data in a manner that allows the HSFI to use the data it collects in the most ways beneficial to the advancement of its mission and the benefit of the public. At the same time, HSFI respects the rights of individuals to understand and direct how their private information can be used.

In pursuing these goals, all programs and activities of the Heart and Stroke Foundation of India that collect personally identifiable information (PII), and other information at least as sensitive as PII, shall be designed and conducted to ensure that such PII is collected, stored, used, disclosed, and destroyed: (a) in full compliance with any applicable privacy laws and regulations; (b) only within the permissions granted, where permission is required; (c) with commercially reasonable security protection based on the type of information; and (d) consistent with the HSFI’s mission to build healthier lives free from heart disease and stroke and commitment to respecting individuals’ desire to protect their privacy. All staff and volunteers designing and conducting programs that collect, store, use, disclose, or destroy PII must do so in accordance with this Privacy Policy, the Privacy Standards below, and applicable HSFI Privacy & Security Procedures.

Privacy Standards

All programs and activities of the Heart and Stroke Foundation of India that collect personally identifiable information, or any information at least as sensitive as PII, shall be designed and conducted using current industry standard practices intended to ensure that such PII is collected, stored, used, disclosed, and destroyed in accordance with the Privacy Policy and these Privacy Standards. Prior to any collection or use of PII by or for any HSFI program or activity, the business unit responsible for the program or activity shall develop and document specific Privacy & Security Procedures in the required format to ensure compliance with the Privacy Policy and these Standards. The Privacy & Security Procedures, in addition to other requirements, shall outline:

  • how PII is collected by the HSFI program or activity;
  • what type of PII is collected;
  • where it will be collected from;
  • how it will be used and shared;
  • how access to PII by HSFI personnel will be controlled;
  • how PII is kept accurate, complete and secure;
  • how long the PII will be kept and how it will be destroyed; and
  • how an individual can obtain, confirm, correct, or request permanent deletion–to the extent deletion is required by law–of any PII under HSFI control.

The Privacy & Security Procedures for each program or activity must be approved by Business Technology, Legal and the appropriate chief executive for that business unit before collection or use of PII begins, whether or not the PII is collected electronically or in hard copy form.

Standard 1- Compliance with Laws & Accountability:

The HSFI will comply with all applicable privacy and security laws and regulations. HSFI will require its vendors, volunteers, and staff to comply with applicable laws and regulations, the HSFI Privacy Policy, these HSFI Privacy Standards and any applicable Privacy & Security Procedures.

Standard 2 – Transparency:

The HSFI will make the Privacy Policy and Privacy Standards readily available to individuals providing their own PII to HSFI and will post a statement summarizing its Privacy Policy and Privacy Standards on its website. When requesting consent from individuals, whether online or offline, HSFI will describe what information is to be collected, what permissions the HSFI is requesting from them, and how that individual may opt out of the collection of such PII or withdraw consent later. When consent is requested from an individual to collect or use PII, the HSFI will document the consent in a way that is reasonable under the circumstances.

Standard 3 – Limitations on Disclosure:

Because HSFI values and respects an individual’s desire to keep certain personal information private, HSFI will not disclose PII to third parties, other than: 1) when consent is required by law, only for purposes included within the consent of the individual providing his or her PII; 2) purposes that are consistent with or are necessary to carry out the original express purpose for which the consent was granted and related to HSFI’s overall mission; or 3) as otherwise authorized by law. When individual consent is required, such individual consent shall be obtained at or before the time the information is collected, or before the time the information is used in a way not covered by an individual’s prior consent.

Standard 4 – Security Measures:

The HSFI will use reasonable and appropriate security measures to protect PII against unauthorized access, use, modification or disclosure, and shall ensure that all PII for which it has responsibility is maintained in a secure environment at least at the levels required by any applicable law. The HSFI will use applicable reasonable industry standards when destroying PII to protect against unauthorized disclosure.

Accessibility Statement

The Heart and Stroke Foundation of India strives to make our websites accessible. The Heart and Stroke Foundation of India is committed to diversity, inclusion, and meeting the needs of all our constituents, including those with disabilities. We are continually improving our digital assets to comply with the accessibility guidelines for levels A and AA in accordance with WCAG 2.0.

Further accessibility efforts are under way and we continue to update our websites to improve accessibility. In the meantime, if the format of any material on our web pages interferes with your ability to access the information, please contact us to request assistance or if you have questions or comments about our web sites’ accessibility.

For questions, please submit an inquiry

Information Security

The Heart and Stroke Foundation of India takes the security of your personal, financial and medical information that you provide to us very seriously and we take reasonable measures to safeguard your information consistent with our Privacy Policy. We comply with the Payment Card Industry Data Security Standards (“PCI DSS”) for financial transactions, and other laws and regulations applicable to the information we collect from you.

Our network is composed of access-controlled measures, security monitoring tools, vulnerability management program, SSL encryption, scheduled network scans, and internal and external penetration tests. When it is necessary for our service providers to have access to your information, we expect the same level of data security, integrity and confidentiality standards as the HSFI itself provides. Additionally, we conduct security awareness training for our staff and volunteers.

While the HSFI uses its best efforts to maintain this level of security across all of our systems we cannot guarantee or warrant that our systems or our service providers are not vulnerable to viruses, hacking or other security threats.

Cookies, Tags & Remarketing Pixels

A cookie is a small piece of text sent to your browser by a website you visit. It helps the website to remember information about your visit, like your preferred language and other settings. Cookies are also used by web sites for authenticating users, tracking a user’s session, and/or for storing other essential textual information. HSFI tracks your interests on our sites so that we can provide you with additional content that might be of importance to you. Providing you with fresh and engaging content is important to us, as we know it is important to you.

We use tools, cookies and services such as AdWords, DoubleClick and Google Analytics for tracking, reporting and analyzing web site activity. Some cookies are used to measure conversion events. Pixel tags might be used together with some of the advertising cookies described above, to operate, evaluate, and improve our programs, and to perform data analytics, accounting, auditing, and other internal functions.

We do not run interest-based advertising campaigns that collect personally identifiable information including, but not limited to, email addresses, telephone numbers, and credit card numbers, nor do we use or associate personally identifiable information (PII) with remarketing lists, cookies, data feeds, or other anonymous identifiers. We do not use or associate targeting information, such as demographics or location, with any PII collected from the ad or its landing page. HSFI does not share PII with Google through our remarketing tag or our product data feeds that might be associated with our ads. HSFI will not send Google precise location information without obtaining your consent.

To see how Google may use information collected through your use of Google’s search services visit Google’s Ads Help Center.

If you want to opt out of Google’s use of cookies visit Google’s Ads Setting Site.

To opt out of cookies or remarketing pixels by Network Advertising Initiative member companies (not all members support cookie preferences for all browsers), please visit the Network Advertising Initiative opt-out page.