Articles in this section

GDPR and Privacy

Avatar
Annie Dean
  • Updated
Follow

 

Of all the things professionals have to stress about, we aim to ensure Whil’s treatment of the data is not one! 

What's changing with RethinkCare's Privacy Policy?

RethinkCare has released an update to our Privacy Policy which comes into effect starting on May 25th, 2018. Our new policy is more user-friendly and addresses new data regulations (including GDPR). The most significant changes in the new policy are explained below:

  • More control over your information. We make it easy for you to control the information you provide to us. Our policy explains how you can make choices about your information, and the measures we’ve put in place to keep your information secure.
  • Using our solutions at work. Many users have access to our services through their sponsors (e.g., their employers), who control their accounts or use of our services. The updated policy clarifies our relationship to these users and explains the tools available to administrators of these users.

What is GDPR, and what is RethinkCare doing to comply?

GDPR stands for the General Data Protection Regulation and is effective as of May 25th, 2018. GDPR replaces national privacy and security laws that previously existed within the EU with a single, comprehensive EU-wide law that governs the use, sharing, transfer and processing of any personal data that originates from the EU. Our policy is to respect all laws that apply to our business and this includes GDPR.

  • RethinkCare has updated our terms and conditions, registration, and contracting processes to give you greater visibility into what data is collected, how it is used, and the ability to modify or erase information to the full extent legally allowed.
  • RethinkCare commits to follow appropriate security measures and precautions in accordance with GDPR to keep your data safe.
  • In the event of a data breach, RethinkCare notifies regulators of breaches and promptly communicates to customers and users.
  • We will ensure that employees authorized to process personal data have committed to confidentiality.
  • We will hold any sub-processors that handle personal data, including our data center partners, to the same data management, security, and privacy practices and standards to which we hold ourselves.
  • RethinkCare has provided a seamless request portal for individuals to access any data we may currently process or store.
  • RethinkCare carries out regular data impact assessments and consults with EU regulators to minimize threats of data breaches. 
  • Where appropriate, we will offer contractual language documenting our commitments to our customers to support their GDPR obligations.

 

How does RethinkCare Respond to Data Processing Requests from a customer or user?

RethinkCare has established a portal to facilitate all requests related to data subject's individual rights specified in the EU's General Data Protection Regulation (GDPR). An individual with an established relationship with RethinkCare will have the ability to submit the following requests:

  • Data Access Request - access any of your personal data RethinkCare currently processes or stores.
  • Data Correction Request - correct any of your personal data that RethinkCare currently processes or stores.
  • Data Portability Request - export your personal data from RethinkCare
  • Data Processing Restriction Request - withdraw your consent for RethinkCare to continue processing your personal data.
    Data Removal Request - erase or permanently delete any of your personally identifiable data RethinkCare currently processes or stores.

Please select the here to submit a data processing request to RethinkCare.

 

Do you offer your customers a Data Processing Addendum?

Yes! The RethinkCare Data Processing Addendum is available upon request. To obtain a copy of our DPA please reach out to support@whil.com

How does RethinkCare secure my data?

We have implemented additional organizational and technical safeguards to secure our users' data, in readiness with GDPR requirements. Our users' personal data is pseudonymized when stored, and further encrypted if it is being transferred.

What personally identifiable (PII) data does RethinkCare collect and process? 

If you login directly at a RethinkCare sign in page: 

We process personal data to provide our products and services and for the purposes as outlined in our Privacy Policy.

In short: 

  • RethinkCare collects, stores and processes
    • Name
    • Email

In order to provide access to your account, account related support, password resets, and notifications for major product change and service interruptions

  • RethinkCare collects, stores, and processes
    • Age
    • Gender

In order to provide aggregated anonymized reporting to your employer, and analyze satisfaction and utilization by demographic in aggregate in order to improve our offering.

 

If you login through single sign-on (SSO) from another site:

  • RethinkCare does not collect or store your PII. Your account is managed by another party and RethinkCare stores only a unique identifier code. 

What if I have more questions? 

If you have additional questions, please submit an inquiry by signing into your RethinkCare account and requesting help from the link in your account settings. If you do not have a RethinkCare account, please submit questions below. 

 

Comments

0 comments

Article is closed for comments.