Effective December 15, 2017
We collect and use personal data from or about you to help us support our non-profit mission and serve our membership. We collect such data in various ways, including data you provide to us, data we collect by automated means, and data we collect from other sources.
We use administrative, technical, and physical security measures designed to protect personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use.
We strive to provide you reasonable choices regarding our collection, use, and sharing of your personal data. We provide you access to review and correct your personal data, provide you options regarding how we share personal data with AARP Licensed Service Providers and unaffiliated non-profit organizations, and provide you control over how we communicate with you, among other choices.
You may contact us at any time regarding these choices as follows:
The collection and use of personal data (along with other kinds of data) is critical to the successful operation of most modern organizations – including AARP. We collect and use personal data from or about you to support our non-profit mission and serve our membership, including to:
We collect your personal data when you choose to provide it as you interact with us in person, through correspondence, by phone, by social media, or through our websites or apps. For instance, when you join AARP or register for an account on our websites or apps, you will be asked to provide basic personal data as part of your enrollment. Similarly, you may be asked to provide certain personal data when you participate in AARP events or meetings, submit a contest or sweepstakes entry, respond to a survey, volunteer, request a program service, or apply for employment. For example, the personal data you provide might include:
• Contact and identification information, such as your name, address, telephone numbers, and email address;
• Payment information, such as your payment card number and expiration date;
• Demographic information, such as your age, date of birth, gender, and employment and occupation information;
• Login and access credentials for your AARP website and app registrations, such as your username, password, password reminders and answers;
• Content you create or submit, such as correspondence, photographs, survey responses, public forum or message board postings, social network information;
• Communication preferences, such as which emails and newsletters you wish to receive, whether you wish to receive text messages or phone calls, and whether you wish to receive push notifications in our apps;
• Information needed as part of a service program offering you request (e.g., Tax-Aide services)
• Employment application information, including the types of information described above, plus other employment-related data like social security number, employment status, employment history, education information, references, résumé, immigration status and ability to work legally in the United States, personal or family employment affiliation with AARP, and, on a voluntary basis, for our Equal Employment Opportunity compliance purposes for jobs located in the US, gender, race and ethnic background.
We collect data (some of which may be personal data) by automated means when you interact with us through our websites and apps, and when we communicate with you by email or text message. We use standard technologies, including browser cookies, Web beacons, and third-party analytics services to collect this behavioral and operational data, which may be recorded and retained in web logs and other AARP systems.
The collection of such data is a common practice that supports digital services, and is used to provide customized digital experiences, as well as for market research, marketing, analytics, and system administration purposes. For example, we may use this data to determine whether you’ve previously visited our website, to store your preferences and settings, and to provide authentication processes so you can more easily access your account. We also may use this data to target custom content and ads to you on our websites, in our apps, and through other digital communications, as well as on third-party websites and apps as described in the Targeted Advertising section below.
Examples of the data we may automatically collect as part of our website, app, and digital communication experiences include:
• Your device and browser type, your operating system version, and your language settings
• Your Internet service provider (ISP)
• Your internet protocol (IP) address, Mobile Advertising ID, media access control (MAC) address, or similar identifiers
• The website that referred you to our website, or that you visit upon leaving our website via a link from our site
• The times and dates that you visit our websites or use our apps, and the duration of such use
• Information about areas of our websites or apps that you visited or used, as well as specific content or advertisements you viewed or links you clicked
• Information that identifies the precise physical location of your mobile device, based on your specific consent (we may use your IP address to generally estimate your location without seeking your specific consent – but such data does not provide a precise location)
• Information collected through cookies, Web beacons, analytics tools, and other similar technologies
º A “cookie” is a small data file that a website sends to and stores on your device that allows the site to recognize your browser or store information or settings. The cookie itself does not contain personal data, but can be read by the entity that placed the cookie and may allow it to associate your device to personal data. We may use “persistent” and/or “session” cookies. Persistent cookies are stored on your computer and used for various purposes by your browser on subsequent website visits (such as to avoid having to reenter your log-on credentials). Session cookies are temporarily held in your computer’s memory and erased after you end a browser session or shut off your computer.
º A Web beacon (sometimes called transparent or single pixel “GIFs”) is an invisible digital object embedded in a webpage or email. Web beacons are typically used to monitor your interaction with the webpage or email. Web beacons can help us count visitors, determine whether emails are opened, how long a webpage is viewed, and perform similar functions. Our webpages may contain Web beacons from third parties, which help us compile aggregated statistics regarding the effectiveness of our ad campaigns and assess website operations.
º Analytics tools allow us to measure and assess how users interact with our websites, apps, and digital communications. These services are typically provided by third-parties with whom we contract – primarily Adobe and Google Analytics. These providers may use many of the same technologies discussed above (such as cookies and Web beacons) to collect various data points associated with your visits to our websites and use of our apps.
We may also collect data (some of which may be personal data) by automated means when you call our customer service center. For instance, we may record audio of these calls for quality control, training, security, and analytics purposes.
We may collect personal data about you from unaffiliated sources with whom we contract, such as product and service providers and data aggregators, as well as from public sources or databases. We may obtain data such as your name, postal address, telephone number, demographic data (such as age, gender, income level, and purchasing profiles), and publicly observed data (such as activity on blogs, videos, and other online postings). We generally use such data to identify potential members or other individuals we try to reach as part of our non-profit mission, to update personal data we already have about current members and other individuals (such as an address update), or to enhance our data models.
We may also purchase or license personal data lists from unaffiliated sources and provide access to those lists to other entities. Although we may enhance such lists by applying our data models (e.g., to predict behaviors or interests of 50+ consumers), we do not contribute personal data related to AARP members, volunteers, etc., to such lists.
We sometimes offer opportunities for our website or app users to forward information about or from AARP to a family member or friend through “refer a friend” mechanisms. When an individual uses such a mechanism, we may ask that they provide us the friend’s name and email address – as well as the individual’s own name and email address. We will only use the friend’s personal data to send the requested email or other information, and we may identify that we are doing so at the other individual’s request.
We may combine personal data from various sources, and may combine non-personal data with personal data. When we do so, the combined information is treated as personal data under this policy unless it is later de-identified or otherwise disassociated from your personal data.
Except as described below, we do not share your personal data with unaffiliated entities (entities that are not owned or controlled by AARP) without your consent. We may, however, share anonymous, de-identified, or aggregate data, which cannot reasonably be used to identify you – even where it has been derived from personal data. Similarly, we may share personal data lists that we purchase or rent from unaffiliated sources after we apply our data models as previously described. You may limit certain sharing of your personal data as described below in Your Personal Data Choices.
AARP may also share your personal data with other third parties as follows:
We use commercially reasonable administrative, technical, and physical security measures designed to protect personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. Despite our safeguards, however, no website, app, or information system can ever be completely secure so we cannot guarantee that the use of our systems, websites, or apps will be completely safe or secure. For additional information on privacy, identity theft, and online security, please visit the U.S. Federal Trade Commission's website.
If you wish to review and/or request changes to certain personal data we have collected about you (such as your current contact information, username and password, or date of birth), you may do so by logging into your AARP account on AARP.org or the AARP Now app, or by contacting us as identified above. In some cases, you may also have a right to (i) request deletion of certain personal data or (ii) obtain a copy of such data in an accessible format. We will make reasonable attempts to comply with such requests where applicable, but may refuse requests where we are otherwise legally required to retain the data, or the requests are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, or are impractical.
If you would like to request that we no longer share personal data with AARP Licensed Service Providers and/or unaffiliated non-profit organizations, you may do so by completing our Privacy Opt-Out Form or by contacting us as identified above. If you make such a request, it will not prevent such third-parties from using any personal data we shared with them prior to completing the opt-out process, or any data they have collected directly from you or others.
You may choose to opt-out of some or all future communications (mail, email, phone) from AARP. You can do so by completing our Privacy Opt-Out Form or by contacting us as identified above. For email, you can also opt-out by clicking on the “unsubscribe” links in the footer of our emails. (Please note that when opting-out of emails, you may still receive “transactional” emails, which contain information you specifically request or information related to your membership purchase or renewal.) For phone or text messages, you can also opt-out by following the contact instructions we provide in the phone call or replying “STOP” to any text message to which you’ve previously consented. We will honor your opt-out requests as soon as practical and as required by applicable law.
Most web browsers can be set to reject cookies or provide notice when cookies are placed on your device. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences. Although it is up to you whether to accept cookies from our websites, if you reject cookies, certain functions on our sites may not work properly, and your ability to use some areas of the sites may be limited. It is also important to note that the opt-out mechanisms described in the Targeted Advertising section below generally rely on cookies to retain your opt-out preferences. So if you reject or erase cookies, your opt-out choices may not function properly.
Our analytics providers for websites and apps, primarily Adobe and Google Analytics, may collect data points associated with your visits to our websites and use of our apps in order to assist us with analyzing and assessing our digital properties. You can, however, opt-out of certain data collection by these analytics providers. To learn more about Adobe Analytics and how to opt-out of their data collection, click here. To learn more about Google Analytics and how to opt-out of their data collection, click here.
We collect data (both directly and through third-parties) about your activities on our websites and apps and may combine it with other personal data we have about you for use in providing more customized experiences, including advertising tailored to your individual interests. We may also share data about activities on our websites with advertising networks administered by third parties, which may use many of the same technologies previously discussed (such as cookies, web beacons, and analytics tools) to track your online activities over time and across websites. This collection and ad targeting takes place both on our websites and apps and on third-party digital properties that participate in those ad networks. As a result, you may see certain ads on other websites based on prior activity on our websites and apps, and vice versa.
The Digital Advertising Alliance (DAA) has created guidance for online advertisers and provided the “AdChoices” mechanism for such advertisers to comply with users’ choices regarding the placement of interest-based ads. By clicking on the AdChoices icon presented in the corner of each ad served by participants in the AdChoices program, you will be directed to a webpage to allow opt-outs from that ad network and/or for all ad networks participating in the AdChoices program. To learn more about ad networks, including how to opt out of interest-based ads, click here.
It is important to note that your choice to stop targeted advertising is specific to the browser you are using. If you make a choice to opt-out from one computer browser and you want your opt-out to apply to a different computer and/or browser, you must also opt-out from that computer. It is also important to note that most of these choices are cookie-based. If you delete cookies after making an opt-out choice, you will need to perform the opt-out again.
You can manage targeted ads in our apps through your device operating system settings. For iOS apps, visit the “advertising” controls in your privacy settings. For Android apps, use the Settings App. Both operating systems allow you to opt-out of targeted ads and/or reset your device advertising ID.
We may also work with certain social media websites or platforms (such as Facebook or Twitter) to serve ads to you as part of a customized social media campaign. You can opt-out of receiving customized ads by changing your ad preferences on those platforms, which we do not control.
We will request your permission before our apps access precise location data for your mobile device, generally when you first launch our apps. If you have previously consented to our app accessing precise location information, you may revoke that permission at any time through your device’s operating system location preference controls. You may also stop our access to precise location data by following the standard uninstall process to remove our apps from your device.
We do not currently process or respond to “Do Not Track” signals from your browser. As previously described, we do participate in online advertising networks administered by third parties, which may track your online activities over time and across third-party websites. You may opt-out of interest-based and other targeted advertising as set forth above in the Targeted Advertising section. However, even if you opt out of such ads, AARP may continue to collect and use online activity data on our websites and in our apps for other purposes.
AARP is headquartered in the United States and all of our data processing activities occur in the United States. Any personal data you provide to us, including through our websites and apps, will be transferred to, processed, and stored in the United States. By providing us your personal data or using our websites and apps, you acknowledge that the United States has standards for the processing and storage of personal data that may not be equivalent to (and may be less comprehensive than) those in the country where you reside and/or are a citizen, and you consent to our collection, transfer, processing, and storage of your personal data in the United States.
Our websites and apps are not intended for use by children under the age of 13 and we do not knowingly collect personal data from such children. If a child under the age of 13 has provided us with personal data, we ask that a parent or guardian contact us so that the personal data can be deleted.