This Privacy Notice (“Notice”) describes how the Rethink Behavioral Health division of Rethink Autism, Inc. (“Rethink”, “RethinkBH”, “we”, “us”, “our”) collects, uses, discloses, secures, and eventually disposes of (collectively “processes”) your personal information. Personal information is any information that does, or could, identify you.
This Notice applies to personal information collected on our website (rethinkbehavioralhealth.com), mobile app (RethinkBH), and in the course of other interactions with you or your behavioral health practice (collectively the “services”). Our website has public and subscription-only sections. Our mobile app is part of our subscription-only services.
Our services may contain links to external websites. This Notice does not cover those sites.
In this Notice, “you” refers to anyone about whom we process personal information. You will usually be a behavioral health practitioner or other employee or contractor of a behavioral health practice; a parent or other caregiver of a child receiving treatment; or a visitor to our public website. For parents and legal guardians, “your personal information” includes your child’s personal information.
RethinkBH provides online tools, content, and related services to behavioral health practices. For personal information that is processed in our subscription-only services, these practices are the “controllers” of your information and Rethink is a “processor” (also called a “service provider”). As a processor, we handle your information only on the controller’s behalf and according to its instructions. In this situation, this Notice describes how we process your information on behalf of the controller. Further, this Notice does not cover the practice’s processing of your information outside our services.
This Notice will identify those situations where Rethink is the controller of your information. This applies, for example, to information collected on the public sections of our website.
RethinkBH is part of the Rethink group of businesses. This Privacy Notice applies only to RethinkBH.
We will update this Notice from time to time and will communicate material changes to you through an appropriate channel (for example, via a notice in our services). The Notice was last updated on March 7, 2024.
We collect the following categories of personal information:
We collect the categories of personal information listed above from the following categories of sources:
When we collect personal information directly from you, you will know the details of that information. It may include:
Our subscription-only services facilitate the utilization of personal information for the purpose of assisting behavioral health practices (Rethink’s customers) to provide behavioral health solutions. When we collect personal information about you or your child from other users of the subscription-only services, we do so solely for this purpose. The data collected in our subscription-only services reflects the range of personal information typically collected by a behavioral health practice. Which users of our services can access the information of which other users is determined and configured by your practice. The personal information collected in this way may include:
Information provided by your practice about your child patient:
Information provided by your practice about you as a parent or caregiver:
Information provided by your practice about you as its employee:
We collect personal information from observing your activity on our services through the use of cookies and other standard online technologies in our public and subscription-only services. Cookies allow us to recognize your device. We use them to collect information about your device and how you use our services, for example which pages you visit and how long you stay on them. Cookies also facilitate, for example, logging into and navigating our services. For our subscription-only services, we use tools that allow us to record a video of your screen while using the services to help us identify and fix problems with the services, provide better support to you or your practice and to improve the services. These tools are provided by a third party and may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-sensitive fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, IP address, location (city/country), language, website performance, JavaScript errors, and similar meta data. These tools do not collect Information on pages where they are not installed, nor do they track or collect information outside of your web browser. If you would like to opt-out of these tools, you can do so by contacting your administrator. If you have difficulty contacting your administrator, please contact Rethink’s customer service at [email protected].
This section describes how RethinkBH uses your personal information. Remember that your behavioral health practice is the “controller” of the personal information processed in our subscription-only services. This Privacy Notice does not cover how the practice uses your information, which will be determined by its own legal obligations and policies.
RethinkBH will never sell your personal information.
When we receive your personal information as a data processor, we use it solely on the data controller’s behalf and according to its instructions. When your behavioral health practice is a Covered Entity under the US Health Insurance Portability and Accountability Act (HIPAA), our relationship with it is that of Business Associate.
RethinkBH may use your personal information for the following purposes:
EU General Data Protection Regulation (GDPR) Lawfulness of Processing
When we process your personal information as a controller, the GDPR requires that we provide individuals in the European Union and European Economic Area with our legal bases for doing so. Our legal basis depends on the purpose of processing:
Purpose of processing | Legal basis |
Market our services to you | GDPR Article 6,1(a) – your consent. |
To respond to your requests or questions (on our public services) | GDPR Article 6,1(b) – in order to take steps at your request prior to entering into a contract. |
Who we disclose your personal information to depends on the specific items of information and the purposes we use them for. Your personal information may be disclosed to the following categories of recipients:
We have in the preceding 12 months disclosed the following categories of personal information to service providers:
We will also disclose your personal information in the following exceptional circumstances:
We employ technical, physical, and administrative security measures appropriate to the categories of personal information processed in our services. These measures include, for example: encryption at rest and in transit, roles-based access, firewalls, and anti-virus software. For more details of our practices, please consult our Information Security Standards statement.
We protect information about patient’s diagnoses, treatments, and outcomes with particular care. Rethink is HITRUST CSF certified. HITRUST CSF is a security and privacy framework that covers, among others, HIPAA and National Institute for Standards and Technology (NIST) standards.
No matter how carefully we safeguard your information, it is unfortunately not possible to guarantee that it will never be accidentally or illegally breached.
When we receive your personal information as a processor, we will retain it for the duration of the processing contract and then, according to the controller’s instructions, return it to them, delete it, or transfer it to another service provider.
When we collect your personal information as the data controller, we will retain it as long as necessary to fulfil the purposes for which it was collected, and to satisfy legal, accounting, and reporting obligations, or to resolve disputes or enforce our Terms of Use.
Section 9 of this Notice below describes your right to request deletion of your data outside of our normal data retention schedule.
Rethink is based in the United States. Your personal information is stored on our systems in the US.
If you live in the European Union, European Economic Area, or UK, note that the European Commission has not issued an unlimited adequacy decision for the US.
Privacy safeguards for international data transfers are the responsibility of the data controller. Rethink collaborates with our customers to put in place recognized safeguards for international transfer (for example, standard contractual clauses).
Should we disclose your personal information to a Rethink service provider (see Section 5 of this Notice) located outside the US, we will put in place appropriate legal safeguards designed to protect your personal information in the new jurisdiction.
US and international laws give you various rights over your personal information and that of your child. These may include the right to:
In most cases relating to our subscription-only services, you should contact your behavioral health practice (the controller) with any request to exercise privacy rights. This would include, for example, requesting access to your child’s information that the practice processes in our services. If necessary, however, please contact RethinkBH using the contact information in Section 10 of this Notice. We will endeavor to facilitate your request.
Rights requests concerning personal information that we collect as a data controller (for example, on our public website or in our marketing communications) should be addressed to RethinkBH using the contact information in Section 10 below.
If you believe that we have infringed your privacy rights, please contact us so that we can try to resolve the issue. However, if you are an EU/EEA resident, you have the right to lodge a complaint with your local supervisory authority.
9.1 Marketing
You can opt out of our marketing communications at any time using, for example, the “unsubscribe” in an e-mail message or similar functionality in other communication formats.
When required by local law, we will obtain your prior consent for marketing communications. You may withdraw that consent at any time using the “unsubscribe” or similar functionality in a marketing message. Alternatively, please contact us using the contact information in Section 10 below.
Please note that, if you are a user of our subscription-only services, you may continue to receive service communications even after you have opted out of marketing communications. “Service” communications contain important information about the service for which you are a current user.
Data Protection Officer: [email protected] or (800) 708-2154
Rethink Behavioral Health
49 West 27th Street, 8th Floor
New York, NY 10001
USA
EU Representative:
MyEDPO Ltd,
Unit 3d North Point House,
North Point Business Park,
New Mallow Road,
Cork, Ireland
[email protected] or +44 203 870 3376.
©2024 Rethink. All rights reserved.
49 W 27th St, 8th floor, New York, NY 10001
Cookie | Duration | Description |
---|---|---|
__hssrc | session | This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session. |
elementor | never | This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time. |
viewed_cookie_policy | 1 year | The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__hstc | 5 months 27 days | This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). |
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_3HH529JMSZ | 2 years | This cookie is installed by Google Analytics. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
hubspotutk | 5 months 27 days | HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. |
Cookie | Duration | Description |
---|---|---|
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
__hssc | 30 minutes | HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. |
__lc_cid | 2 years | This is an essential cookie for the website live chat box to function properly. |
__lc_cst | 2 years | This cookie is used for the website live chat box to function properly. |
__oauth_redirect_detector | past | This cookie is used to recognize the visitors using live chat at different times inorder to optimize the chat-box functionality. |