This Privacy Notice (“Notice”) describes how the Rethink Autism, Inc. (“Rethink”) collects, uses, discloses, secures, and eventually disposes of (collectively “processes”) your personal information. Personal information is any information that does, or could, identify you.
This Notice applies to personal information collected on our websites (rethinkfirst.com), mobile apps, their associated technologies and communications media, and in the course of any offline contact with you (collectively the “services”). Our websites have public and subscription-only sections. Our mobile apps are part of our subscription-only services.
Our services may contain links to external websites. This Notice does not cover those sites.
In this Notice, “you” refers to anyone about whom we process personal information. You will usually be an employee of a corporate customer of Rethink or of a corporate customer of a channel partner of Rethink; a parent of a child in whose interests the services are used; a member of a child’s “support team” (for example, a family member or teacher) who is invited to participate in the services; or a visitor to our public websites. For parents and legal guardians, “your personal information” includes your child’s personal information. In this Notice, “primary user account holder” means the employee of a corporate customer of Rethink, or of a corporate customer of a channel partner of Rethink, who enrolls for the services.
Rethink channel partners are intermediaries, selected and/or approved by your organization, through which you may access our services. This Notice does not cover the personal information processing of our channel partners. If you are uncertain whether you access our services through a channel partner, please consult your organization.
Rethink is the data controller in relation to the services.
Rethink is part of the Rethink group of businesses. This Privacy Notice applies only to Rethinkfirst.com.
We will update this Notice from time to time and will communicate material changes to you through an appropriate channel (for example, via a notice in our services). The Notice was last updated on June 23rd, 2021.
We collect the following categories of personal information:
We collect the categories of personal information listed above from the following categories of sources:
When we collect personal information directly from you, you will know the details of that information.
For Rethink Benefits At Home, it may include:
For Rethink Benefits At Work, it may include:
For Whil, it may include:
On our public websites, you may provide personal information in “Contact Us” or other forms and via our Chat, “Email Us” or similar features.
We collect personal information from other users of the subscription-only parts of the services only in RethinkCare At Home. For example, a support team member may, during a consultation with a Rethink consultant, volunteer information about how you interact with your child. Note that which support team members (for example, a spouse or therapist) are invited to access the services is entirely under the control of the primary user account holder. The primary user account holder also determines their level of access to the services (for example, whether or not they can view consultation session notes).
When we receive information about you from your employer or our channel partner, it may include:
We collect personal information from observing your activity on our services:
Rethink Benefits will never sell your personal information.
Rethink Benefits may use your personal information for the following purposes:
The GDPR requires that we provide individuals in the European Union, European Economic Area, and UK (”UK GDPR”) with our legal bases for processing their personal data. Our legal basis depends on the purpose of processing:
Purpose of processing | Legal basis |
To provide our services | GDPR Article 6,1(a) – your consent. |
To respond to your requests or questions (on our public services) | GDPR Article 6,1(b) – in order to take steps at your request prior to entering into a contract. |
Market our services to you | GDPR Article 6,1(a) – your consent. |
To help us improve our services | GDPR Article 6,1(f) – our legitimate interests in improving our services and online media. |
Who we disclose your personal information to depends on the specific items of information and the purposes we use them for. Your personal information may be disclosed to the following categories of recipients:
We have in the preceding 12 months disclosed the following categories of personal information to “service providers” (defined above):
We will also disclose your personal information in the following exceptional circumstances:
We employ technical, physical, and administrative security measures appropriate to the categories of personal information processed in our services. These measures include, for example: encryption at rest and in transit, roles-based access, firewalls, and anti-virus software. For more details of our practices, please consult our Information Security Standards statement.
We protect information about individual’s diagnoses, treatments, and outcomes with particular care. Rethink is HITRUST CSF certified. HITRUST CSF is a security and privacy framework that covers, among others, HIPAA and National Institute for Standards and Technology (NIST) standards.
No matter how carefully we safeguard your information, it is unfortunately not possible to guarantee that it will never be accidentally or illegally breached.
We will retain your personal information as long as necessary to fulfil the purposes for which it was collected, and to satisfy legal, accounting, and reporting obligations, or to resolve disputes or enforce our Terms of Use.
Section 9 of this Notice below describes your rights to request deletion of your data outside of our normal data retention schedule and to withdraw your previously given consent to our processing of your data.
Rethink is based in the United States. Your personal information is stored on our systems in the US and is not transferred onward to other jurisdictions.
If you live in the European Union, European Economic Area, or UK, note that the European Commission has not issued an unlimited adequacy decision for the US. We obtain your explicit consent to transfer your information to the US, and cannot provide our services without that consent.
US and international laws give you various rights over your personal information and that of your child. These may include the right to:
When our processing of your data is based on your consent, you may withdraw that consent at any time.
Notice of withdrawal of consent and other requests to exercise privacy rights should be addressed to us using the contact information in Section 10 below.
If you believe that we have infringed your privacy rights, please contact us so that we can try to resolve the issue. However, if you are an EU/EEA/UK resident, you have the right to lodge a complaint with your EU/ EEA local supervisory authority or, in the UK, with the ICO.
You can opt out of our marketing communications at any time using, for example, the “unsubscribe” in an e-mail message or “STOP” reply in a text message.
When required by local law, we will obtain your prior consent for marketing communications. You may withdraw that consent at any time using the “unsubscribe” or similar functionality in a marketing message. Alternatively, please contact us using the contact information in Section 10 below.
Please note that, if you are a user of our subscription-only services, you may continue to receive service communications even after you have opted out of marketing communications. “Service” communications contain important information about the service for which you are a current user.
Data Protection Officer: privacy@rethinkfirst.com or +1 646 257 2919 ext. 800
Rethink Benefits
49 West 27th Street, 8th Floor
New York, NY 10001
USA
EU Representative:
MyEDPO Ltd,
Unit 3d North Point House,
North Point Business Park,
New Mallow Road,
Cork, Ireland
info@myedpo.com or +44 203 870 3376.
Join our newsletter to stay up to date on features and releases
©2022 Rethink. All rights reserved.
49 W 27th St, 8th floor, New York, NY 10001
Cookie | Duration | Description |
---|---|---|
__hstc | 5 months 27 days | This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). |
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_gat_gtag_UA_40561067_1 | 1 minute | Set by Google to distinguish users. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
ajs_anonymous_id | 1 year | This cookie is set by Segment to count the number of people who visit a certain site by tracking if they have visited before. |
ajs_group_id | never | This cookie is set by Segment to track visitor usage and events within the website. |
ajs_user_id | never | This cookie is set by Segment to help track visitor usage, events, target marketing, and also measure application performance and stability. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
hubspotutk | 5 months 27 days | HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. |
vuid | 2 years | Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
__hssc | 30 minutes | HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. |
sp_landing | 1 day | The sp_landing is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content. |
sp_t | 1 year | The sp_t cookie is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content. |
Cookie | Duration | Description |
---|---|---|
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
debug | never | No description available. |
loglevel | never | No description available. |
loom_anon_comment | session | No description available. |
loom_referral_video | session | No description |
mkjs_group_id | never | No description available. |
mkjs_user_id | never | No description available. |
vooplayerVideo233476 | session | No description |
vooplayerVideo262605 | session | No description |
vooplayerVideo299272 | session | No description |