Updated: November 9, 2018
This Privacy Notice describes how Rethink Benefits (“Rethink”, “we”, “us” and “our”) collects, uses, shares, secures, and eventually disposes of (collectively “processes”) your personal data. The notice applies only to individuals in the European Union (EU) or European Economic Area (EEA).
This Privacy Notice applies to personal data we collect in the course of providing our services to you on this website (www.rethinkbenefits.com) and any associated applications and communications media. The Notice is addressed primarily to those of our corporate customers’ employees who choose to sign up for Rethink services, and to individuals (for example, caregivers) who are invited by the employees to participate in the services.
Rethink Benefits is the data controller in relation to the services. Our contact information, and that of our representative in the EU, are provided in Section 9 of this Notice.
“Rethink Benefits” includes our affiliates Rethink First, Rethink Autism, Rethink Behavioral Health, and Rethink Ed.
2. Personal data collected
We collect your personal data in two ways:
(1) Data that you knowingly give to us, for example when you provide contact details for account creation, or information about your child’s diagnosis, behaviors, and treatment that you disclose in the course of using our services. We recognize that some of this data is highly sensitive, and it is important to understand that providing it to Rethink is entirely voluntary.
3. Purposes and legal bases of processing
We process your personal data only for the purposes listed below.
To improve and develop the services using data and statistics from standard online technologies, for example by tracking which parts of the service are popular and how users move around our site. Data used for this purpose is nearly always aggregated and does not identify individual users.
We process your personal data on the following legal bases:
To provide the service: When you create an account, we ask for your consent to process your data for this purpose. We cannot provide the service without your consent for yourself and your child(ren). Once given, you may withdraw your consent at any time, and we will cease to process your data.
To improve and develop the services: We have legitimate interests in understanding how our services are used and how we can improve them. This processing does not present a risk to your privacy rights that might outweigh our legitimate interests.
4. Recipients of the data
Your personal data will may be disclosed to different individuals and organizations:
Rethink employees and contractors whose roles require access to your data. These personnel are bound to strict confidentiality terms covering your data.
Rethink suppliers who process personal data on our behalf (“processors”); for example Cloud computing providers. Such vendors are contractually bound to protect your data to the same standard as set out in this Notice.
Your data may be transferred to a third party as a result of a merger, acquisition, or similar corporate event involving Rethink.
We will disclose your personal data when required by law.
We will not share any personal data you provide to us with your employer.
5. Information Security
We employ technical and organizational information security measures appropriate to the types of personal data we process about you to protect it from unauthorized access, use, or destruction. Special categories of personal data (such as data concerning health) is protected by TLS encryption when it is exchanged between your web browser and our site. However, we cannot warrant that information you provide to us may not be accidentally or illegally breached.
Please note that e-mails, messaging features, and similar means of communication with other users are not encrypted, and we strongly advise you not to communicate highly confidential information via these means.
6. Data Retention
We will retain personal data that you provide to us, including information about your child’s condition and treatment, until one of the following applies:
We may retain your data for longer if it is reasonably required for the purposes of satisfying legal obligations or to resolve disputes.
7. International Transfer
Rethink is based in the United States, a country for which the European Commission has not issued an unlimited adequacy decision. Your data will be stored on our secure systems in the US. We obtain your explicit consent to this transfer, and cannot provide our services without it. You can request from us or your employer copies of the data protection-related terms in the applicable contracts, which contain appropriate safeguards for your personal data.
8. Your Rights
You may at any time request access to the data that we hold about you, and ask for its correction, erasure, or that we cease to process it. You can make such requests via our customer inquiry page, or using the contact information provided in Section 9. In most cases, you can access, correct, and erase your data yourself through your Rethink account.
You may also contact us to ask about data portability.
If you believe that Rethink has infringed your privacy rights, please contact us so that we can try to resolve the issue. However, you have the right to lodge a complaint with an EU supervisory authority.
9. Contact us
Data Protection Officer: firstname.lastname@example.org or +1 917 699 0729.
19 West 21st Street, Suite 403,
New York, NY 10010,
Unit 3d North Point House,
North Point Business Park,
New Mallow Road,
email@example.com or +44 203 870 3376.