Privacy Notice

1. Introduction

This Privacy Notice (“Notice”) applies only to the website www.rethinkfirst.com (the “Site”). This Notice describes how personal information collected on the Site is sourced, used, disclosed to others, secured, and eventually disposed of (collectively “processed”). Personal information is any information that does, or could, identify you.

The Site is operated by Rethink Autism, Inc. and/or its subsidiaries and affiliates (“Rethink”, “we”, “us”, “our”). In this Notice, “you” means a visitor to, or user of, the Site. The Site is not intended for visitors under 18 years of age.

Rethink is the “controller” (or equivalent term under privacy law) of all personal information collected on the Site.

2. Changes to this Notice

We will update this Notice from time to time and will communicate any material changes to you through an appropriate channel (for example, via a notice on the Site). This Notice was last updated on November 15th, 2022.

3. Personal information we collect

We collect personal information directly from you, for example, your name, work email address, phone number, job title, and organization on our Contact Us form (plus any personal information you choose to include in the text section of the form).

We will also collect personal information by observing your activity on our Site via, for example, cookies, other standard online technologies and our monitoring and recording of your usage of the Site. Such information may include, for example, your IP address, imprecise geolocation, and which pages you visit and how long you stay on them. When required by local law, we obtain your consent to place any cookies on your device that are not strictly necessary for our Site to function, for example analytics or marketing cookies.

4. How we use your personal information

Rethink will never (1) sell your personal information, nor (2) share your personal information with third parties for cross-context behavioral advertising.

We may use your personal information for the following purposes:

  • To respond to your inquiries, for example, when you ask for information about our services.
  • To send you marketing communications for Rethink services that we think may interest you (see Section 9 for information about opting out of such messages). When required by local law, we will obtain your prior consent for marketing messages.
  •  To help us improve our Site, for example by identifying which information you find interesting and useful.
  • To maintain the security of the Site and monitor compliance with our Terms of Use.

4.1 Lawfulness of processing

The European Union (EU) General Data Protection Regulation (GDPR) requires that we provide EU individuals with our legal bases for processing their personal data. A similar requirement applies in some other jurisdictions. Our legal bases depend on the purpose of processing:

Purpose of processingLegal basis
To respond to your inquiriesOur legitimate interests in providing you with information about our business and services.
To send you marketing communicationsYour consent
To help us improve our SiteOur legitimate interests in improving the Site.
To maintain Site security and monitor compliance with our Terms of UseOur legitimate interests in ensuring security and proper use of the Site.

5. Disclosure of your personal information

We may disclose your personal information to the following categories of recipients:

  • Employees and contractors of Rethink: These personnel have roles that require access to your information (a “need to know”). They are bound by employment or similar terms that cover their obligation to keep personal information confidential and secure.
  • Service providers (“processors”): We use service providers to help us with certain tasks, for example for providing Site analytics. Service providers process your information on our behalf and according to our instructions. They are contractually bound to protect your information and are prohibited from using it for their own purposes. We have in the preceding 12 months disclosed the types of personal information described in Section 3 to service providers.

We will also disclose your personal information in the following exceptional circumstances:

  • Corporate event: Your data may be transferred to third parties as a result of a merger, acquisition, or similar corporate event involving Rethink.
  • Legal necessity: We will disclose your information to government agencies, law enforcement, courts, and other authorities and parties if required to by applicable law.
  • Protection of Rethink’s interests: Where permitted by applicable law, we may disclose personal information to our professional advisors and other qualified parties when we reasonably believe it to be necessary to protect our essential business interests.

6. Information security

We have implemented appropriate physical, technical, and managerial procedures and safeguards designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. However, no matter how carefully we safeguard your information, it is unfortunately not possible to guarantee that it will never be accidentally or illegally breached.

7. Retention

We will retain your personal information as long as necessary to fulfil the purposes for which it was collected, and to satisfy legal, accounting, and reporting obligations, or to resolve disputes or enforce our Terms of Use.

Section 9 of this Notice below describes your rights to request deletion of your data outside of our normal data retention schedule.

8. International transfer

Our Site is hosted in the United States and personal information collected on the Site is processed and stored on our systems in the US. US privacy laws may be different from those of your own country. If you reside in the EU, European Economic Area, or UK, note that the European Commission has not issued an “adequacy decision” for the US. As set out in this Notice, we strive to protect your data and your rights regardless of any international transfer.

9. Your rights

US and international laws give you various rights over your personal information. These may include the right to:

  • Access personal information held about you
  • Correct inaccurate or out-of-date personal information
  • Request deletion of your personal information
  • Restrict processing of your personal information
  • Data portability: Receive your personal information in a readily useable format
  • Object to processing for which the legal basis is our legitimate interests

Please address requests to exercise privacy rights to the email address provided in Section 10 below.

You can opt out of our marketing communications at any time using the “unsubscribe” mechanism available in the message. If you provided your consent for the marketing communications, unsubscribing constitutes your withdrawal of that consent.

If you believe that we have infringed your privacy rights, please contact us so that we can try to resolve the issue. However, if you are an EU/EEA/UK resident, you have the right to lodge a complaint with your EU/ EEA local supervisory authority or, in the UK, with the ICO.

10. Contact us

Data Protection Officer: [email protected] or (800) 708-2154

Rethink Autism, Inc.
49 West 27th Street, 8th Floor
New York, NY 10001
USA

EU Representative:

MyEDPO Ltd,
Unit 3d North Point House,
North Point Business Park,
New Mallow Road,
Cork, Ireland
[email protected] or +44 203 870 3376.