Privacy Notice

1. Introduction

This Privacy Notice (“Notice”) applies only to the website www.rethinkfirst.com (the “Site”). This Notice describes how personal information collected on the Site is sourced, used, disclosed to others, secured, and eventually disposed of (collectively “processed”). Personal information is any information that does, or could, identify you.

The Site is operated by Rethink Autism, Inc. and/or its subsidiaries and affiliates (“Rethink”, “we”, “us”, “our”). In this Notice, “you” means a visitor to, or user of, the Site. The Site is not intended for visitors under 18 years of age.

Rethink is the “controller” (or equivalent term under privacy law) of all personal information collected on the Site.

2. Changes to this Notice

We will update this Notice from time to time and will communicate any material changes to you through an appropriate channel (for example, via a notice on the Site). This Notice was last updated on November 15th, 2022.

3. Personal information we collect

We collect personal information directly from you, for example, your name, work email address, phone number, job title, and organization on our Contact Us form (plus any personal information you choose to include in the text section of the form).

We will also collect personal information by observing your activity on our Site via, for example, cookies, other standard online technologies and our monitoring and recording of your usage of the Site. Such information may include, for example, your IP address, imprecise geolocation, and which pages you visit and how long you stay on them. When required by local law, we obtain your consent to place any cookies on your device that are not strictly necessary for our Site to function, for example analytics or marketing cookies.

4. How we use your personal information

Rethink will never (1) sell your personal information, nor (2) share your personal information with third parties for cross-context behavioral advertising.

We may use your personal information for the following purposes:

To respond to your inquiries, for example, when you ask for information about our services.
To send you marketing communications for Rethink services that we think may interest you (see Section 9 for information about opting out of such messages). When required by local law, we will obtain your prior consent for marketing messages.
To help us improve our Site, for example by identifying which information you find interesting and useful.
To maintain the security of the Site and monitor compliance with our Terms of Use.

4.1 Lawfulness of processing

The European Union (EU) General Data Protection Regulation (GDPR) requires that we provide EU individuals with our legal bases for processing their personal data. A similar requirement applies in some other jurisdictions. Our legal bases depend on the purpose of processing:

Purpose of processing	Legal basis
To respond to your inquiries	Our legitimate interests in providing you with information about our business and services.
To send you marketing communications	Your consent
To help us improve our Site	Our legitimate interests in improving the Site.
To maintain Site security and monitor compliance with our Terms of Use	Our legitimate interests in ensuring security and proper use of the Site.

5. Disclosure of your personal information

We may disclose your personal information to the following categories of recipients:

Employees and contractors of Rethink: These personnel have roles that require access to your information (a “need to know”). They are bound by employment or similar terms that cover their obligation to keep personal information confidential and secure.
Service providers (“processors”): We use service providers to help us with certain tasks, for example for providing Site analytics. Service providers process your information on our behalf and according to our instructions. They are contractually bound to protect your information and are prohibited from using it for their own purposes. We have in the preceding 12 months disclosed the types of personal information described in Section 3 to service providers.

We will also disclose your personal information in the following exceptional circumstances:

Corporate event: Your data may be transferred to third parties as a result of a merger, acquisition, or similar corporate event involving Rethink.
Legal necessity: We will disclose your information to government agencies, law enforcement, courts, and other authorities and parties if required to by applicable law.
Protection of Rethink’s interests: Where permitted by applicable law, we may disclose personal information to our professional advisors and other qualified parties when we reasonably believe it to be necessary to protect our essential business interests.

6. Information security

We have implemented appropriate physical, technical, and managerial procedures and safeguards designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. However, no matter how carefully we safeguard your information, it is unfortunately not possible to guarantee that it will never be accidentally or illegally breached.

7. Retention

We will retain your personal information as long as necessary to fulfil the purposes for which it was collected, and to satisfy legal, accounting, and reporting obligations, or to resolve disputes or enforce our Terms of Use.

Section 9 of this Notice below describes your rights to request deletion of your data outside of our normal data retention schedule.

8. International transfer

Our Site is hosted in the United States and personal information collected on the Site is processed and stored on our systems in the US. US privacy laws may be different from those of your own country. If you reside in the EU, European Economic Area, or UK, note that the European Commission has not issued an “adequacy decision” for the US. As set out in this Notice, we strive to protect your data and your rights regardless of any international transfer.

9. Your rights

US and international laws give you various rights over your personal information. These may include the right to:

Access personal information held about you
Correct inaccurate or out-of-date personal information
Request deletion of your personal information
Restrict processing of your personal information
Data portability: Receive your personal information in a readily useable format
Object to processing for which the legal basis is our legitimate interests

Please address requests to exercise privacy rights to the email address provided in Section 10 below.

You can opt out of our marketing communications at any time using the “unsubscribe” mechanism available in the message. If you provided your consent for the marketing communications, unsubscribing constitutes your withdrawal of that consent.

If you believe that we have infringed your privacy rights, please contact us so that we can try to resolve the issue. However, if you are an EU/EEA/UK resident, you have the right to lodge a complaint with your EU/ EEA local supervisory authority or, in the UK, with the ICO.

10. Contact us

Data Protection Officer: privacy@rethinkfirst.com or +1 646 257 2919 ext. 800

Rethink Autism, Inc.
49 West 27th Street, 8th Floor
New York, NY 10001
USA

EU Representative:

MyEDPO Ltd,
Unit 3d North Point House,
North Point Business Park,
New Mallow Road,
Cork, Ireland
info@myedpo.com or +44 203 870 3376.

Cookie	Duration	Description
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_40561067_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
ajs_anonymous_id	1 year	This cookie is set by Segment to count the number of people who visit a certain site by tracking if they have visited before.
ajs_group_id	never	This cookie is set by Segment to track visitor usage and events within the website.
ajs_user_id	never	This cookie is set by Segment to help track visitor usage, events, target marketing, and also measure application performance and stability.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
sp_landing	1 day	The sp_landing is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
sp_t	1 year	The sp_t cookie is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
debug	never	No description available.
loglevel	never	No description available.
loom_anon_comment	session	No description available.
loom_referral_video	session	No description
mkjs_group_id	never	No description available.
mkjs_user_id	never	No description available.
vooplayerVideo233476	session	No description
vooplayerVideo262605	session	No description
vooplayerVideo299272	session	No description