We've built our careers and our business in the ethics and compliance community, where understanding the rules and doing the right thing is the price of entry. We believe compliance and privacy are not just a list of boxes to check; they represent a sincere commitment to doing business with integrity. That's why we will never sell your personal data, will always endeavor to handle your data with care, and will respect your rights.
Effective Date: October 12, 2020
• on or through the Site;
• in email, text, and other electronic messages between you and the Site or us;
• offline or through any other means, including on any other website operated by us or any third-party (including our affiliates and subsidiaries); and
• from any third-party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on the Site.
3. Contact Information
4. Children Under the Age of 18
Our Site is not intended for children under 18 years of age. No one under age 18 may provide any information to the Site. We do not knowingly collect information from children under 18 and do not direct our Site for use by individuals under the age of 18. If you are under 18, do not use or provide any information on the Site or on or through any of its features, use any of the interactive or public comment features of the Site or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at firstname.lastname@example.org and we will promptly remove the information.
5. Information We Collect About You and How We Collect It
As you use the Site, we may collect two types of information from you: (a) Personal Information (as described below); and (b) Non-Personal Information (as described below):
a. “Personal Information” is information that identifies you personally, such as your name, address, telephone number, email address, or company name. Here are some examples of the ways in which we may collect and store your personally identifiable information:
• We may collect your first and last names, email address, or other information if you fill out certain forms or online requests on the Site;
• We may collect your email address if you contact us with a question;
• If you apply to work for Rethink, provide us with products or services, or become a customer of ours, we may need to collect additional information, such as: your address, telephone number, driver’s license or state identification card number, education, employment, employment history, bank account number, credit card number, debit card number, social security number, or any other financial information.
• Log Information: When you use the Site or view content provided through the Site, we automatically collect and store certain information in our server logs. This type of information includes details of how you use the Site, IP address information, web pages which have been viewed by you, date and time, domain type, device event information such as crashes, system activity, hardware, settings, browser type, browser language, the date and time of your requests, and referral URL.
• Internet Protocol (IP) Address: Your “IP address” is a number that lets computers attached to the internet know where to send you data, such as screens and pages of our services that you view. We use this information to deliver our screens and pages to you upon request and to measure traffic to and within our services.
• Demographic Information: “Demographic Information” may be gender, age, zip code, and interests which are not personally identifiable. We may collect such information about you through our services and use it to provide you with personalized services and to analyze trends to ensure that our services and the information on them is targeted to meet your needs. Please note that we also consider aggregated information, which is not personally identifiable, to be Non-Personal Information.
• Location Information: When you use the Site, we may collect and process information about the general location of the device from which you access this Site, but we do not collect your specific address.
• Usage Information: When you use the Site, we may collect and process information about how you use the Site, including how you navigate through the Site.
• Feedback Information: From time to time, we may request that you provide us with feedback regarding the Site, as well as the products and services we offer. We may do this in the form of a survey or other feedback mechanism. We may collect and analyze this information.
The technologies we use for this automatic data collection may include:
• Flash Cookies: Certain features of our Site may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Site. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Section 8 below.
• Web Beacons: Pages of the Site and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). If you encounter a screen or page that requests information you do not want to share with us, do not enter the information and do not proceed with that screen or page.
You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Site or transmitted to other users of the Site or third-parties (collectively, “User Contributions”). Your User Contributions are provided, posted, and transmitted to others at your own risk. Please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Site with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons. Any User Contributions you post or otherwise provide are at your own risk.
6. How We Use Your Information
• Offering you the products and services you request;
• Helping us create or offer content which is relevant to you;
• Alerting you to special offers, updated information, and other new services offered by us or by third-parties;
• Improving your user experience and the experience of other users of the Site, including through the improvement and implementation of new security measures and protections;
• Understanding how you use the Site; or
• Contacting you in response to an email or other communication.
We will retain your Personal Information for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws, and your consent to such purposes(s) remains valid during such time.
c. Reports. We periodically prepare analyses and reports reflecting our visitor use of the Site and other services. In preparing these reports, we may combine and analyze the Personal Information you provide to us with information from other sources. However, these reports will only include aggregate information about visitors. The information in these reports will not identify you individually, and any business partner with whom such reports may be shared will not be able to contact you based on the information contained in the reports.
7. Disclosure of Your Information
a. Personal Information. We may share or disclose your Personal Information, and these recipients may process your Personal Information in the following instances:
• To fulfill a service to you (e.g., to provide you with compliance program content, or to conduct risk assessments)
• To send you information, including news, events, and related information that you have subscribed to receive;
• To provide analyses to our clients;
• To offer you products from us or our affiliates, strategic partners, or agents, or to assist such parties for research, administrative, and/or business purposes;
• To unaffiliated third-party service providers, agents, or independent contractors who help us maintain our products and services;
• To comply with law or, if in good faith we believe that such action is necessary to conform to the requirements of law, or comply with legal process served on us, and to protect and defend our rights or property, or act in urgent circumstances to protect the personal safety of you and our other visitors;
• To third parties as part of a corporate reorganization process including, but not limited to, a merger, acquisition, or sale of all or substantially all of our assets;
• To track and analyze non-identifying, aggregate usage and volume information from our visitors and provide such information to third parties; and
• To protect against fraud or potential fraud.
c. Legal Disclosure. We may disclose and share information about you and your use of the Site if we believe such disclosure is necessary to:
• Comply with the law and/or legal process where a formal request has been made;
• Protect or defend our rights and/or property and property of others;
• Respond to claims that the content(s) of a communication violates the rights of another.
8. Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your information:
• We may also use LinkedIn to provide advertisements to you about our products and services. Please visit LinkedIn’s opt-out choices at https://www.linkedin.com/psettings/guest-controls to see how you can control the advertisements you receive from LinkedIn.
b. Promotional Offers and Marketing from Us. Should you not wish to have your contact information used to promote our products or services, you can opt-out by either using the “unsubscribe” link located in the email or by sending us an email stating your request to email@example.com.
We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website, available here: http://optout.networkadvertising.org/?c=1#!/.
9. Data Security
We have implemented measures to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. However, this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of such firewalls or secure server software. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our reasonable best to protect your Personal Information, we cannot guarantee the security of your Personal Information when transmitted. Any transmission of Personal Information is done at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.
10. Accessing, Correcting, and Deleting your Personal Information
If you provide us with information in order to access the Site or receive our services, we may or may not be able to provide you with access to your Personal Information. If information that we control about you is incorrect, we strive to give you ways to update it quickly or to delete it (unless we have to keep that information for legitimate business or legal purposes). When updating your Personal Information, we may ask you to verify your identity before we can act on your request. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
11. Third-Party Links
The Site may contain links to webpages operated by parties other than us. We do not control such websites and are not responsible for their contents or the privacy policies or other practices of such websites. Our inclusion of links to such websites does not imply any endorsement of the material on such websites or any association with their operators. Further, it is up to you to take precautions to ensure that whatever links you select or software you download (whether by using the Site to access websites or otherwise) is free of such items as viruses, worms, trojan horses, defects and other items of a destructive nature. Other websites and services may have their own privacy policies, which the User will be subject to upon linking to the other third-party's website. We strongly recommend that you review the other third-party’s terms and conditions and privacy policies prior to visiting or using any other websites or downloading any software.
12. Do Not Track (DNT) Signals
Our Site does not respond to Do Not Track (DNT) signals. Some third-party websites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may include controls to block and delete cookies, web beacons and similar technologies, to allow you to opt out of data collection through those technologies.
13. Compliance and Cooperation with Regulatory Authorities
14. General Data Protection Regulations (“GDPR”)
Categories of Personal Information.
• We may collect the data elements described above in Section 5.1 “Personal Information.”
Legal Basis for Processing and Processing Purposes
• With your consent and pursuant to our legitimate interests, to offer you the products and services you request in order to fulfill our contractual obligations as a part of the services we provide to you when you decide to engage with us;
• Pursuant to our legitimate interests, to provide analyses to our clients;
• Subject to the execution of a data protection agreement, to unaffiliated third-party service providers, agents, or independent contractors who help us maintain our services and with other administrative services (including, but not limited to, order processing and fulfillment, providing customer service, maintaining and analyzing data, and sending customer communications on our behalf);
• With your consent, to help us create or offer content which is relevant to you;
• With your consent, alert you to special offers, updated information, and other new services offered by us or by third parties;
• With your consent, and pursuant to our legitimate interests, to improve your user experience and the experience of other users of the Site, including through the improvement and implementation of new security measures and protections;
• With your consent, and pursuant to our legitimate interests, to understand how you use the Site;
• With your consent, to contact you in response to an email or other communication;
• To third parties as part of a corporate reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets. To the extent permitted, we will inform Data Subjects before making such disclosure and provide them with a reasonable opportunity to object to such disclosure.
• Subject to your choices and your consent, to track and analyze non-identifying, aggregate usage and volume statistical information from our visitors and customers and provide such information to third parties; or
• To comply with legal obligations, if in good faith we believe that such action is necessary to conform to the requirements of law, or comply with legal process served on us, and, pursuant to our legitimate interests, to protect and defend our rights or property, or act in urgent circumstances to protect the personal safety of you and our other visitors.
We will not disclose Personal Information to a third party except as stated below:
We may disclose Personal Data to subcontractors and third-party agents. Before disclosing Personal Information to a subcontractor or third-party agent, we take reasonable steps to assure these parties take steps to: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the subcontractor or third-party agent is obligated to provide at least the same level of privacy protection as is required by the GDPR; (iii) take reasonable and appropriate steps to confirm that subcontractors and third-party agents effectively process the personal information transferred in a manner consistent with the organization’s obligations under the GDPR; (iv) require subcontractors and third-party agents to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the GDPR; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with subcontractors and third-party agents to supervisory authorities upon request.
We may also be required to disclose, and may disclose, Personal Information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements, or in the event of a merger or acquisition.
Data Subjects have the right to opt out of (a) disclosures of your Personal Information to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Information for purposes materially different from those disclosed at the time of collection or subsequently authorized. If you wish to limit the use or disclosure of your Personal Information, you should submit that request to our Data Protection Officer at firstname.lastname@example.org.
We are responsible for ensuring that (a) Personal Information collected is accurate, complete, current and reliable for its intended uses; and (b) Personal Information is retained only for as long as is necessary to accomplish the legitimate business purposes disclosed to the Data Subject and for any compatible purposes. We will cooperate with reasonable requests for assistance in meeting these obligations.
Personal Information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes or for compatible purposes, such as to provide additional services, to comply with legal requirements, or to preserve or defend our legal rights. We will retain your Personal Information for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws, and your consent to such purposes(s) remains valid during such time. Notwithstanding the other provisions of this section, we may retain your Personal Information where such retention is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.
Accessing, Correcting, and Deleting Your Information.
Data Subjects have the right to access the Personal Data an organization holds about them. If such Personal Information is inaccurate or processed in violation of the GDPR, a Data Subject may also request that Personal Information be corrected, amended, or deleted. To request access to, or correction, amendment, or deletion of, Personal Information, Data Subjects should contact our Data Protection Officer at email@example.com. We will cooperate with all reasonable requests to assist Data Subjects to exercise their rights under the GDPR.
Objection to Processing.
Data Subjects have the right at any time to object to our use of your Personal Information for any direct marketing purposes, including profiling to the extent it is used for direct marketing. If we are processing your Personal Information based on our business interests, you may contact us and object to such processing by asserting that our interests do not override your interests, rights, and freedoms. You may exercise the rights set out in this paragraph by contacting us as at address listed above.
Suspension of Processing.
Data Subjects have the right to request that we restrict the processing of your Personal Information, if:
• you believe that the Personal Information we maintain about you is inaccurate, and you have asked us to verify the accuracy of such information as provided above;
• you believe that your Personal Information has been unlawfully processed and you want us to restrict processing rather than erase your information;
• we no longer need your Personal Information, but you need us to retain it in order to establish, exercise or defend a legal claim; or
• you have objected to our processing of your Personal Information, as permitted under applicable law, and we are considering the grounds of your objection.
Identification of Data Controller:
For most purposes other than processing information through the site, we are not a data controller. We may, however, process personal information for our clients. We are located at 3795A West 104th Drive, Westminster, CO 80031. You may contact Rethink Compliance at firstname.lastname@example.org for questions related to this policy.
Data Protection Officer and Contact Details
Rethink’s Data Protection Officer can be contacted at email@example.com.
Identification of Primary Member State Supervisory/Data Protection Authority
You have the right to lodge a complaint regarding the processing of your Personal Information with us by contacting our Data Protection Officer listed above. If you are a resident of the European Union, you also may lodge a complaint with the Data Protection Authorities in the Member State where you habitually reside, work, or where an infringement occurred. You can find a list of Data Protection Authorities here.
Transfers outside the European Union
When we transfer Personal Information from the EU to entities within our organization located outside of the EU, we rely on GDPR rules that permit transfer in certain cases (e.g., to perform a contract) or rely on standard contractual clauses adopted by the European Commission to help establish adequate safeguards. If we transfer Personal Information from the EU to another party located outside the EU, where needed, we will rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses, binding corporate rules, or another framework deemed adequate by the European Commission.
15. Information for California Residents
A California resident who has provided Personal Information to a business with whom they have established a business relationship for personal, family, or household purposes (a "California Customer") may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of Personal Information, upon receipt of a request by a California Customer, the business is required to provide a list of all third parties to whom Personal Information was disclosed in the preceding calendar year, as well as a list of the categories of Personal Information that were disclosed. California Customers may request further information about our compliance with this law by mailing us at 3795A West 104th Drive, Westminster, CO 80031 or emailing us at firstname.lastname@example.org. Please note that we are only required to respond to two requests per California Customer each year under Code Section 1798.83.