The Centers for Disease Control and Prevention (CDC) is committed to maintaining your privacy and protecting your personal information when you visit CDC websites, use CDC’s mobile applications. With respect to the collection, use, and disclosure of personally identifiable information (PII), CDC complies with all applicable federal laws.
- CDC does not collect any personally identifiable information (PII) when you visit any of CDC’s digital medial channels unless you choose to provide that information to us.
- Any PII that you choose to provide is fully protected.
- Non-PII information related to your visit to our websites may be automatically collected and temporarily stored.
Here is how we handle information about your visit to our website:
Information You Give Us
You do not have to provide any personal information to visit any of the CDC digital media channels with limited exception such as external SharePoint site, special partnership collaboration site, data collection surveillance etc. If you choose to provide us with additional information about yourself, as in an e-mail message, questionnaire, form, online survey, or other tool, submitted through our website, we only use that information to respond to your message. We will maintain any information you provide in accordance with applicable federal laws. CDC will not disclose, give, sell, or transfer any personal information about visitors to our websites, unless required by law enforcement or by statute.
Visits to CDC.gov or CDC content
When browsing any website, certain information about your visit can be collected. When browsing, reading pages or downloading information from the CDC website directly or via APIs on other websites, specific information is gathered and stored automatically. This information does not identify you personally. We automatically collect and temporarily store only the following information about your visit:
- the Internet domain (for example, “xcompany.com” if a private Internet access account is used, or “yourschool.edu” if connecting from a university’s domain) and IP address (an IP address is a number that is automatically assigned to your computer when surfing the Web);
- Operating System and information about the Web browser used when accessing the site;
- the visit date and time;
- the specific pages visited;
- the amount of data (measured in number of bytes) transmitted from CDC.gov to your computer
Using CDC’s Mobile Application
When you use CDC’s Mobile Applications (Apps), certain information will be gathered and stored about your usage of the App. This information does not identify you personally. We collect and store information as follows:
- CDC receives aggregate data about the use of our Apps, such as the number of times the applications have been opened or the interactions or actions completed in the application. This is gathered via a third party provider (please refer to the third-party tools list). We also receive aggregate data from the platforms that distribute our Apps (currently the iTunes Store, Google Play Store, and the Windows Store), such as the number of people who download the App and mobile set-up information (e.g., device model, App version, country, language, and mobile carrier). Please consult the privacy policies of these third parties for further information.
- You may sign up to receive “push notification” messages via a third party provider (please refer to the third-party tools list). To make sure messages reach the correct devices, our third party provider relies on a device token unique to your mobile device. A device token is a unique identifier issued to the app by the operating system of the mobile device. While we may be able to access a list of the tokens, the App and tokens do not reveal your identity, unique device ID, or contact information to us. The third party provider may collect the following: the time of an event, how a User came to our site, what search engine and search keywords users may have used to get to our site, information about the device our user is on such as their Operating System and browser, as well as the city, region and country location of users. This location information enables CDC to send public health push notification messages that are relevant to certain geographic locations. If, at any time, you wish to stop receiving push notifications, simply adjust your phone settings or remove the App.
CDC does not disclose, share, sell, or transfer any information about CDC digital media visitors or users unless required by law enforcement or by statute.
For site security purposes and to ensure that this service remains available to all users, CDC employs software programs to identify unauthorized attempts to upload or change information, or otherwise cause damage.
CDC’s digital media are maintained by the U.S. Government and is protected by various provisions of Title 18, U.S. Code. Violations of Title 18 are subject to criminal prosecution in Federal court.
Email and text message subscription services are offered by CDC as a convenience to users who choose to receive information via these channels. All information published via email subscriptions and text messaging services is available on CDC.gov without the requirement to provide email address or phone number.
In order to manage CDC email subscription lists, we retain the names and email addresses of our email subscribers, as well as other information they may have shared with us (e.g., addresses and phone numbers), logs of emails we send, and automatically generated email data used to improve our email communications. Email subscriber service providers may collect and provide non-identifying information about the number of messages sent, clicks and open rates.
Invitations to CDC surveys are sent via a pop up or external links to a random sampling of visitor. Your acceptance of a survey is completely optional. If you decline any survey, you will still have the same access to the information and resources provided in all of the CDC’s digital media channels, as those who opt to take a survey.
CDC uses online surveys to collect opinions and feedback from visitors on all type of digital media channels. Please refer to the current third-party tools/pages list for the current survey service providers. These survey service providers obtain feedback and data on visitor’s satisfaction on behalf of the CDC. Surveys conducted on behalf of the CDC do not collect any Personally Identifiable Information (PII), and the aggregate results are only available to CDC staff (e.g., subject matter experts, health communication staff, and other designated staff) who require this information to perform their duties.
Official CDC Presence on Third-Party Websites
All official CDC information available on third-party websites is also available on CDC.gov site. The CDC maintains official pages or accounts on third-party websites in order to better engage and communicate with the general public (a current third-party tools/pages list is here). Your activity on those sites is governed by the third-party website’s security and privacy policies. Users of third-party sites often share information with the general public, user communities, and/or the third-party operating the site. Consequently, you should review the privacy policies of third-party sites before using them and ensure that you understand how your information may be shared and used. You should also adjust privacy settings on your account on any third-party site to match your preferences.
For the sole purpose of complying with the Presidential Records ActExternal, the CDC archives some information that users submit or publish when engaging with the CDC through official CDC pages or accounts on third-party websites (e.g., by sending a message, posting a comment, “following,” “friending,” or taking similar actions). This information may contain personal information, such as an individual’s username and other public account information, when such information is available based on the user’s privacy settings and the terms of the site. For example:
- On Twitter, the CDC automatically archives “tweets” from official CDC accounts, “direct messages” sent to or from official CDC accounts, and “mentions” (tweets from other users to official CDC accounts; these tweets contain an @ and the username of an official CDC account (e.g., @CDCgov). The CDC also automatically archives any status that official accounts have “favorited.”
- On Facebook, the CDC archives all content created by official CDC pages, content that tags an official CDC page, and any content posted on official CDC pages (for example, the number of likes to the page and comments posted).
- On Google+, the CDC archives all content posted by official CDC accounts, as well as the number of likes/comments/shares on each of those posts (including the comments themselves). The CDC also automatically archives the total number of Google+ users that have added our page to a “Circle,” and the list of users that CDC accounts have added to “Circles.”
For aggregate statistical analysis and to improve the quality of our services, we may integrate web measurement tools with our social media pages. To see current list of web measurement tools, please refer to the current third-party tools/pages list. These tools enable basic analysis of social media traffic (such as the number of people visiting a certain page) and do not collect personally identifiable information.
The Speakers Bureau collects information from users so that requests for speakers can be reviewed and managed.
The Speakers Bureau collects information from users so that requests for a speaker can be matched with appropriate internal staff available for speaking engagements. Information collected from users include full name, mailing address, telephone number, e-mail address, company name, address and contact information, and requested topic of information. This information collected is core to the function of Speakers Bureau requests so that speaking requests can appropriately be matched with CDC subject matter experts.
The information collected will only be utilized by the Speakers Bureau manager and staff working on requests. The speakers bureau manager will review the policy bi-annually to ensure system access only by appropriate staff and through technical security with user name log-in and passwords. Records are retained in a secure location and purged in accordance with records management policy at CDC.
If you choose to provide us with information, we may use that information to contact you, respond to your message, or provide you the information or services you requested. In order to serve you better, we may analyze multiple sources of data you have provided (for example, to look up whether you previously contacted the CDC about the same topic so that we do not send you a duplicative response). We may also use messages or comments collected through CDC.gov sites, Apps, or official social media pages for our own purposes, such as to inform policy decisions or in public advocacy.
We may use data you provide and automatically generated data for statistical analysis to assess, for example, what information is of interest to users, technical design specifications, and system performance. This allows us to make general improvements to our site as well as to offer tailored content to email subscribers (e.g., a follow-up message to subscribers interested in a specific topic based on information they have provided or automatically generated data).
Information you choose to share with the CDC (directly and via third party sites) may be treated as public information. We may, for example, publish compilations of messages or comments collected through CDC.gov or official social media pages and provide them to national leaders, members of the press, or other individuals outside of the Federal Government. However, we exercise discretion to limit such disclosures to protect your privacy (for example, we generally do not publish last names of commenters).
The CDC uses a third-party analytics provider (for current provider please see current third-party tools/pages list) to collect and summarize this information in conjunction with cookies. The third-party analytics provider does not receive personally identifiable information through these cookies and is prohibited from combining, matching or cross-referencing CDC.gov information with any other information.
Within the CDC, we restrict access to personally identifiable information to only those employees, contractors, and/or vendors who require access to this information in order to perform their official duties and exercise controls to limit what data they can view based on the specific needs of their position. If you choose to share information with us, we may in some cases share that information (or automatically generated information) with other government agencies in response to lawful law enforcement requests or to protect CDC.gov from security threats.
We do not use or share your information for commercial purposes and, except as described above, we do not exchange or otherwise disclose this information.
Submitting personal information (name, address, telephone number, email address, etc.) is voluntary and is not required to access information on our website. However, if you choose to provide CDC with personally identifiable information — for example by completing a “Contact Us” form, leaving a comment, sending email, or completing a survey — we may use that information to respond to your message and/or help us get you the information or services you requested.
We retain the information only for as long as necessary to respond to your question or request. Information submitted electronically is maintained and destroyed as required by the Federal Records Act and records schedules of the National Archives and Records Administration. It may be subject to disclosure in certain cases (for example, if required by a Freedom of Information Act request, court order, or Congressional access request, or if authorized by a Privacy Act System of Records Notice (SORN)). It is subject to the Privacy Act if maintained in a Privacy Act system of record.
For more information, see:
As data retention policies vary from system to system, please check that system’s policy or their individual SORN for more detailed information.
CDC content gets published on third-party sites as a convenience to users who prefer to use these channels. All information published on these third-party sites is also available on CDC.gov site.
Links to External Sites
CDC.gov pages and other CDC digital media platforms may link to websites created and maintained by other public and/or private organizations and individuals. When you follow a link to an external site, you are leaving CDC.gov and are subject to the external site‘s privacy and security policies. We do not control or guarantee the accuracy, relevance, timeliness, or completeness of information contained on an external site. We also do not endorse the site’s sponsor, any views they express, or any products or services they offer.
CDC Pages on Third-Party Websites
Your activity on third-party sites (a current list is here) is governed by the third-party website’s security and privacy policies. Please contact third-party site’s Privacy Office if you have any questions or need further information.
CDC Content Embedded in Third-Party Sites
Interaction with Children on CDC Digital Media Channels
We believe in the importance of protecting the privacy of children online. As such, we will take all reasonable steps to protect the privacy and safety of any child from whom information is collected as required by the Children’s Online Privacy Protection Act (COPPA)External. A child’s parent or guardian is required to provide consent before CDC collects, uses, or shares personal information from a child under age 13.
When a CDC Web site needs to collect information about a child under 13 years old, COPPA required information and instructions will be provided by the specific Web page that collects information about the child. The Web page will specify exactly what the information will be used for, who will see it, and how long it will be kept.
Personal information about children under 13 years of age may be needed to respond to his/her communication to us. Personal information about your child will be destroyed immediately upon completion of its intended purpose. On rare occasions, it may be determined that a communication from a child under 13 years old should be maintained for historical purposes. Should such an occasion occur, CDC will obtain the necessary consent from the child’s parent.
Finally, we provide many on-line tools and services in support of CDC’s mission. A child under 13 years old may inadvertently provide personal information to one of these services. If this should happen, the information about the child will be deleted immediately upon discovery.
Our digital media channels are not intended to solicit information of any kind from children under age 13. If you believe that we have received information from or about children under age 13, please contact the CDC Privacy Office (see Contact information here).
All CDC digital media offerings, including the CDC.gov site, are maintained by the U.S. Government and protected by various provisions of Title 18 of the U.S. Code. Violations of Title 18 are subject to criminal prosecution in Federal court.
At CDC, reasonable precautions are taken to protect CDC’s digital platforms, including information automatically collected by or voluntarily submitted to CDC.gov or an official CDC page on a third-party site. For example, we restrict access to personally identifiable information to employees, contractors, and vendors who require access to this information in order to perform their official duties, and exercise controls to limit what data they can view based on the specific needs of their position. Access to official CDC accounts on third-party sites is limited to the individuals who administer those accounts, and all official CDC accounts are clearly labeled.
Also, commonly used practices and technical controls are utilized to protect the information in our possession or control, along with CDC.gov itself. These practices and controls include, but are not limited to: encrypting the transfer of personal information over the internet via secure sockets protocols such as Transport Layer Security (TLS), Secure Sockets Layer (SSL) etc., using high-strength firewalls and intrusion detection systems (IDS) to safeguard personal information, and maintaining strict technical controls and procedures to ensure the integrity of all data on CDC.gov.
We periodically review our processes and systems to verify compliance with industry best practices and to ensure the highest level of security for CDC’s all digital platforms.
We will revise or update this policy from time to time. If we make significant changes to how we handle personal information, we will post changes to the policy on our site and change the date at the bottom. We will provide additional notice in advance (e.g., a disclaimer on our website or an email to subscribers) if material changes are being made.