Effective: August 31, 2018
This Privacy Notice describes how Rethink Behavioral Health (“Rethink”, “we”, “us” and “our”) collects, uses, shares, secures, and eventually disposes of (collectively “processes”) your personal data. The notice applies only to individuals in the European Union (EU) or European Economic Area (EEA).
This Privacy Notice applies to personal data we collect in the course of providing our services to you on this website (www.rethinkbehavioralhealth.com) and any associated applications and communications media. The Notice is addressed primarily to those of our corporate customers’ employees who choose to sign up for Rethink services, and to individuals (for example, caregivers) who are invited by the employees to participate in the services.
“Rethink Behavioral Health” includes our affiliates Rethink First, Rethink Autism, Rethink Benefits, and Rethink Ed.
We collect your personal data in two ways:
(1) Data that you knowingly give to us, for example when you provide contact details for account creation, or information about your child’s diagnosis, behaviors, and treatment that you disclose in the course of using our services. We recognize that some of this data is highly sensitive, and it is important to understand that providing it to Rethink is entirely voluntary.
We process your personal data only for the purposes listed below.
To improve and develop the services using data and statistics from standard online technologies, for example by tracking which parts of the service are popular and how users move around our site. Data used for this purpose is nearly always aggregated and does not identify individual users.
We process your personal data on the following legal bases:
To provide the service: When you create an account, we ask for your consent to process your data for this purpose. We cannot provide the service without your consent for yourself and your child(ren). Once given, you may withdraw your consent at any time, and we will cease to process your data.
To improve and develop the services: We have legitimate interests in understanding how our services are used and how we can improve them. This processing does not present a risk to your privacy rights that might outweigh our legitimate interests.
Your personal data will may be disclosed to different individuals and organizations:
Rethink employees and contractors whose roles require access to your data. These personnel are bound to strict confidentiality terms covering your data.
Rethink suppliers who process personal data on our behalf (“processors”); for example Cloud computing providers. Such vendors are contractually bound to protect your data to the same standard as set out in this Notice.
Your data may be transferred to a third party as a result of a merger, acquisition, or similar corporate event involving Rethink.
We will disclose your personal data when required by law.
We will not share any personal data you provide to us with your employer.
We employ technical and organizational information security measures appropriate to the types of personal data we process about you to protect it from unauthorized access, use, or destruction. Special categories of personal data (such as data concerning health) is protected by TLS encryption when it is exchanged between your web browser and our site. However, we cannot warrant that information you provide to us may not be accidentally or illegally breached.
Please note that e-mails, messaging features, and similar means of communication with other users are not encrypted, and we strongly advise you not to communicate highly confidential information via these means.
We will retain personal data that you provide to us, including information about your child’s condition and treatment, until one of the following applies:
We may retain your data for longer if it is reasonably required for the purposes of satisfying legal obligations or to resolve disputes.
Rethink is a United States company, and your data will be stored on our secure systems in the US. We obtain your explicit consent to this transfer and cannot provide our services without it.
You may at any time request access to the data that we hold about you, and ask for its correction, erasure, or that we cease to process it. You can make such requests via our customer inquiry page, or using the contact information provided in Section 9. In most cases, you can access, correct, and erase your data yourself through your Rethink account.
You may also contact us to ask about data portability.
If you believe that Rethink has infringed your privacy rights, please contact us so that we can try to resolve the issue. However, you have the right to lodge a complaint with an EU supervisory authority.
Data Protection Officer: firstname.lastname@example.org
Rethink Behavioral Health
19 West 21st Street, Suite 403,
New York, NY 10010,