RETHINK BEHAVIORAL HEALTH PRIVACY NOTICE—EUROPE

Effective: August 31, 2018

1. Scope

This Privacy Notice describes how Rethink Behavioral Health (“Rethink”, “we”, “us” and “our”) collects, uses, shares, secures, and eventually disposes of (collectively “processes”) your personal data. The notice applies only to individuals in the European Union (EU) or European Economic Area (EEA).

This Privacy Notice applies to personal data we collect in the course of providing our services to you on this website (www.rethinkbehavioralhealth.com) and any associated applications and communications media. The Notice is addressed primarily to those of our corporate customers’ employees who choose to sign up for Rethink services, and to individuals (for example, caregivers) who are invited by the employees to participate in the services.

“Rethink Behavioral Health” includes our affiliates Rethink First, Rethink Autism, Rethink Benefits, and Rethink Ed.

2. Personal data collected

We collect your personal data in two ways:

(1) Data that you knowingly give to us, for example when you provide contact details for account creation, or information about your child’s diagnosis, behaviors, and treatment that you disclose in the course of using our services. We recognize that some of this data is highly sensitive, and it is important to understand that providing it to Rethink is entirely voluntary.

(2) Data collected by standard online technologies, like cookies, server logs, and Google Analytics or similar web analysis services. For more information on our use of these technologies, please consult Section II of our global Privacy Policy. You can decline our use of cookies on the service website, but this will render our service inoperable.

3. Purposes and legal bases of processing

We process your personal data only for the purposes listed below.

To provide the service to you, including to deliver our treatment solutions; to provide user and technical support; to allow you to log in; to enforce our Terms of Use; to keep you informed about the services and ask your opinion of them; and other standard service administration purposes. We do not use your data to market other products and services to you.

To improve and develop the services using data and statistics from standard online technologies, for example by tracking which parts of the service are popular and how users move around our site. Data used for this purpose is nearly always aggregated and does not identify individual users.

We process your personal data on the following legal bases:

To provide the service: When you create an account, we ask for your consent to process your data for this purpose. We cannot provide the service without your consent for yourself and your child(ren). Once given, you may withdraw your consent at any time, and we will cease to process your data.

To improve and develop the services: We have legitimate interests in understanding how our services are used and how we can improve them. This processing does not present a risk to your privacy rights that might outweigh our legitimate interests.

4. Recipients of the data

Your personal data will may be disclosed to different individuals and organizations:

Rethink employees and contractors whose roles require access to your data. These personnel are bound to strict confidentiality terms covering your data.

Rethink suppliers who process personal data on our behalf (“processors”); for example Cloud computing providers. Such vendors are contractually bound to protect your data to the same standard as set out in this Notice.

Your data may be transferred to a third party as a result of a merger, acquisition, or similar corporate event involving Rethink.

We will disclose your personal data when required by law.

We will not share any personal data you provide to us with your employer.

5. Information Security

We employ technical and organizational information security measures appropriate to the types of personal data we process about you to protect it from unauthorized access, use, or destruction. Special categories of personal data (such as data concerning health) is protected by TLS encryption when it is exchanged between your web browser and our site. However, we cannot warrant that information you provide to us may not be accidentally or illegally breached.

Please note that e-mails, messaging features, and similar means of communication with other users are not encrypted, and we strongly advise you not to communicate highly confidential information via these means.

6. Data Retention

We will retain personal data that you provide to us, including information about your child’s condition and treatment, until one of the following applies:

We may retain your data for longer if it is reasonably required for the purposes of satisfying legal obligations or to resolve disputes.

7. International Transfer

Rethink is a United States company, and your data will be stored on our secure systems in the US. We obtain your explicit consent to this transfer and cannot provide our services without it.

8. Your Rights

You may at any time request access to the data that we hold about you, and ask for its correction, erasure, or that we cease to process it. You can make such requests via our customer inquiry page, or using the contact information provided in Section 9. In most cases, you can access, correct, and erase your data yourself through your Rethink account.

You may also contact us to ask about data portability.

If you believe that Rethink has infringed your privacy rights, please contact us so that we can try to resolve the issue. However, you have the right to lodge a complaint with an EU supervisory authority.

9. Contact us

Data Protection Officer: privacy@rethinkfirst.com

Rethink Behavioral Health
19 West 21st Street, Suite 403,
New York, NY 10010,
USA



© Rethink. All rights reserved | Rethink 19 W 21st Street, Suite 403 New York, NY 10010 | P (877) 988.8871 F (646) 257.2926 | info@rethinkbehavioralhealth.com