We respect your privacy rights and value your trust. This Privacy Notice (“Notice”) describes how the Aris4Autism Inc. (“Aris4Autism”, “we”, “us”, “our”) collects, uses, discloses, shares, transfers, and eventually disposes of (collectively “processes”) your personal data as well as your rights in determining what we do with the information that we collect or hold about you. Personal data is any information that does, or could, identify you, or your child or client.
This Notice applies to personal data collected on our website (Aris4Autism.com), sales funnels, mobile app, and in the course of any offline contact with you (collectively the “services”). Our website and mobile app have public and subscription-only sections. Our sales funnels are public.
Our services may contain links to external websites or other resources. This Notice does not cover these sites and you are recommended review the privacy notices available on those sites by yourself.
In this Notice, “you” refers to anyone about whom we collect, process and use personal data. You can be a parent or a caregiver of a learner, or an employee or contractor of a school, ABA company (such as a teacher, administrator, RBT, BCBA), or a visitor to our public website. For parents and legal guardians, “your personal data” includes your learner’s personal data.
Aris4Autism provides online tools and content that assist you in assessing learners developmental level, functions of the challenging behaviors, building intervention plan, and implementing this plan. If You are a company, school or other such entity this Notice that does cover how you process client information outside of our platform.
This Privacy Notice applies only to Aris4Autism. Our services are directed to non-European customers.
2. PERSONAL DATA COLLECTED AND PROCESSED
2.1. We may collect and process the following categories of personal data on the basis of contract and, where applicable, your consent:
- Identifiers such as your name, email address, username, and IP address for the purpose of identifying you while you are using our services, client relationship management and our services and business development and as we may further defined under Sections 2.4 and 4 of this Notice (IP address is processed on the basis of your consent)
- Additional personal data defined by certain applicable laws of Finland and European Union including such as address, telephone number, payment card number for the purpose of processing and carrying out payments and as we may further defined under Section 2.4 and 4 of this Notice.
- Protected classification characteristics, such as gender, and possible medical condition for the purpose of identifying the necessary background information of your learner and as we may further defined under Section 2.4 and 4 of this Notice on the basis of your consent.
- Commercial information, such as your purchases from us or your communication with us for the purpose of client relationship management and our services and business development and as we may further defined under Section 2.4 and 4 of this Notice.
- Internet activity/usage on our services, websites, sales funnels, and apps for the purpose of client relationship management and our services and business development and as we may further defined under Section 2.4 and 4 of this Notice.
- Employment-related information, such as your role in a company, where applicable, for the purpose of client relationship management and our services and business development and as we may further defined under Section 2.4 and 4 of this Notice.
- Education information – learner’s data on our site such as frequency of challenging behaviors, or how quickly they have learned a certain skill for the purpose of providing our services to you and as we may further defined under Section 2.4 and 4 of this Notice on the basis of your consent.
We may also use educational information together with age and medical diagnosis are used in scientific research that aims to develop our program but connected to any identification of you or your learner.
2.2. We collect Personal data when you:
- Register to use our Services,
- Post it to the Services, including when you make purchases, and
- Communicate with us.
We also collect the information you submit while you use the Services, such as information about online program participation.
Further, we collect information, such as anonymous usage statistics, by using cookies, server logs, and other similar technology as you use the Services. This information can be connected to you or your learner’s identification data.
Registration. You may browse some of the content of our websites without registering or providing any Personal data to us. To create an account with us, you may need to provide Personal data, such as your name, email address, physical address, and telephone number, as well as the name, physical address, and telephone number of your company. You may also provide other optional information.
Making Purchases. If you make payments, you may need to provide Personal data to us or our third-party credit card processing providers, such as your credit or debit card number. You may also need to provide your shipping address and other information if you purchase a physical product to ensure the proper delivery of your purchase.
Identification Numbers. We may issue you or your entity identification numbers, such as Org ID, Site ID, or CN. We may collect these identification numbers from you to provide our services.
Using the Services. We may collect information, including Personal data, you post to the Services, such as when you post it to chat rooms or in survey responses.
Customer Support. We may collect Personal data through your communications with our customer-support, marketing, and sales teams.
2.3. We collect the categories of personal data listed above from the following categories of sources:
- Directly from you, for example when you complete an online form during our Services.
- From other users of the subscription-only parts of the Services, for example when a parent records learners’ progress in acquiring a skill.
- From observing your activity on our services, for example via cookies and other standard online technologies if you have provided your consent to do so.
2.4. Items of Personal Data collected and process
2.4.1 When we collect personal data directly from you, you will know, or have the ability to know, the details of that information. It may, on the basis of contract or your consent, include:
- Name and contact information
- Payment card information
- Login credentials (username and password)
- Any details about yourself that you reveal as you use free-form features of the subscription-only service, for example you might mention your favorite pastime or the name of a relative
- Information from tests and assessments you take in the subscription-only service, for example educator professional development test scores, student input to social and emotional learning (SEL) self-assessments, and student performance levels at assigned tasks in the Student Center on the basis of your consent.
- Testimonials for the Aris4Autism service that you may provide.
- Your responses to polls and surveys that we may conduct.
We use Personal data collected directly from you to
- provide and improve our website, apps, and our Services
- communicate with you
- our own marketing purposes, if you have consented so.
All our processing of your personal data is based on a contract with you and to a consent provided by you if so required.
We do not rent, sell, or share Personal data about you with other people or nonaffiliated companies for their direct marketing purposes without your explicit consent.
2.4.2 Our subscription services facilitate the utilization of personal data for example for the purpose of assisting companies in their efforts to develop learner’s skills and behaviors. When we collect personal data about you or learners from other users of the subscription-only parts of the services. Which users can access the personal data of which other users is determined and configured by you, the company administrator or parent (if a private client). The personal data collected in this way, on the basis of your consent, may include:
- Information provided by the company such as school or ABA company (administration, BCBA, RBT educators, and specialists) about learners
- Login credentials
- Name, address, date of birth, gender, ethnicity, photograph, diagnosis, referral, health insurance information, scores in certain assessment tests
- Any information contained in free-form documents or fields, for example educator’s or RBTs notes comments in a student progress report. Many free-form document types, including video, may be uploaded by educators to a student’s “File Cabinet”. We may in future develop other free-form capabilities, such as messaging and student journaling.
Note: Our service does not require all of this information. For example, ethnicity, photograph, and educational classification are collected at the school’s discretion.
Information provided by schools about their employees, for example teachers’ names and which classes and students they teach.
2.4.3 We collect personal data from observing your activity on our services in two ways:
- We track your use of the subscription-only parts of our services, for example we record when you log in and which areas of the service you visit and what you do there. This information is available to Your company (if company client).
2.4.4. Tracking technologies
We may also use tracking technologies to collect information and infer your interests for interest-based advertising purposes. If you would prefer to not receive personalized ads based on your browser or device usage, you may generally express your opt-out preference to no longer receive tailored advertisements. Please note that you will continue to see advertisements, but they will no longer be tailored to your interests.
To opt-out of interest-based advertising by participating companies in the following consumer choice mechanisms, please visit:
- Digital Advertising Alliance (DAA)’s self-regulatory opt-out page (https://optout.aboutads.info/) and mobile application-based “AppChoices” download page (https://youradchoices.com/appchoices)
- European Interactive Digital Advertising Alliance (EDAA)’s consumer opt-out page (http://youronlinechoices.eu)
- Network Advertising Initiative (NAI)’s self-regulatory opt-out page (http://optout.networkadvertising.org/)
Our websites, sales funnels, and apps may contain electronic images known as Web Beacons (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our Website is used and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns.
3. COLLECTION OF CHILDREN’S PERSONAL INFROMATION
As described in this Notice, we process personal data about children, including children under the age of 13. This personal data is collected from organizations such as schools, or ABA companies, parents, and caregivers. A child can only access our services with a parent, caretaker, or a company employer or independent contractor. Services that are built for children include assessment tests, various exercises, games, quizzes, and other activities and tasks. We will never require or encourage children to reveal personal data beyond that revealed by the activity itself (for example, quiz scores or progress in mastering skills). Access to these services is always controlled by an adult such as parent or a company employer.
The Children’s Online Privacy Protection Act (COPPA) requires that parents consent to the collection, use, and disclosure of their child’s information when the child is under 13 years of age. Under COPPA, schools or other organizations may act as the parents’ agent, consenting on their behalf to personal data processing in the educational context. As the operator of a website providing services to schools, and other organizations such as ABA companies Aris4AutismEd obtains consent through the child’s school or other organization. We will only ever use children’s information for the benefit of the child, and never for our own commercial purposes.
Although we are currently not offering services for European clients, do note that the EU’s General Data Protection Regulation and EU Member State laws may require parental approval may require a consent from a child’s guarding even for children over 13 years of age. In case your address is in a EU country, we may contact you for such consent if needed.
4. HOW WE USE YOUR PERSONAL DATA
This section describes how Aris4AutismEd uses your personal data. Remember that the school (our customer) has a high degree of control over the personal data processed in our subscription-only services. This Privacy Notice does not cover how schools use your data, which will be determined by their own policies and legal obligations.
Aris4AutismEd will never sell your personal data.
When we receive your personal data under contract with our customers, we use the information only as specified or permitted by the contract or consented by you where needed. In particular, we will never:
- Use student personal data for marketing or advertising purposes.
- Disclose student personal data except as described in this Notice under Section 5.
Aris4AutismEd may use your personal data for the following purposes:
- We may send non-student users of our services marketing messages for Aris4Autismproducts that we think may interest them (see Section 8 for information about opting out of such messages).
- To respond to your requests or questions, including through website forms and chat features.
- To help us improve our services and user experience, for example by identifying which parts of our services you find useful or difficult to use. Usually, the information used for this purpose does not directly identify you as an individual.
5. DISCLOSURE OF YOUR PERSONAL DATA
Who we disclose your personal data to depends on the specific items of information and the purposes we use them for. When we disclose your personal data, the disclosure is made in accordance with this Notice and applicable privacy laws and regulations including, where needed, agreements ensuring data confidentiality.
Your personal data may be disclosed to the following categories of recipients:
- Other users of the subscription-only services: As described above, our subscription services facilitate the utilization of personal data for the purpose of assisting schools in their efforts to develop students’ social and emotional skills and behaviors. As such, your information is disclosed to other authorized users of the service. Which users can access the personal data of which other users is determined and configured by school administrators.
- Employees and contractors: These personnel have roles that require access to your information (a “need to know”). They are bound by employment terms that cover their obligation to keep personal data confidential and secure and have been trained in federal and state law governing confidentiality of student and educator data.
- Service providers: We use service providers to perform certain tasks for us, for example hosting our services on a Cloud computing platform or operating our online user support chat feature. Service providers process your data on our behalf and according to our instructions. They are contractually bound to protect your data and are prohibited from using it for their own purposes.
- Other third parties: We may disclose de-identified (anonymized) information to third parties, for example business partners or research organizations. “De-identified” information is stripped of attributes that tie it to a particular individual and which cannot reasonably be reconnected to that individual.
- Schools’ service providers: We may transfer your information, or facilitate its transfer, to a service provider of your school. For example, student information may be transferred to an Individualized Education Program (IEP) software provider. We make these transfers only when instructed to do so by a school.
We have in the preceding 12 months disclosed the following categories of personal data to service providers:
- Identifiers such as your name, email address, username, and IP address.
- Additional personal data defined by certain applicable state laws: address, telephone number, payment card number.
- Internet activity/usage on our websites and applications.
We will also disclose your personal data in the following exceptional circumstances:
- Corporate event: Your data may be transferred to third parties as a result of a merger, acquisition, or similar corporate event involving Rethink.
- Legal necessity: We will disclose your information to government agencies, law enforcement, courts, and other authorities and parties if required to by applicable law.
- Individual’s vital interests: If we reasonably believe based on information posted on or provided in relation to our services that the safety or vital interests of an individual are at risk, we will disclose personal data to relevant parties as necessary to assist the individual.
- Protection of Rethink’s interests: Where permitted by applicable law, we may disclose personal data to our professional advisors and other qualified parties when we reasonably believe it to be necessary to protect our essential business interests.
- Nondisclosure of Student Information: Any personal data received under contract with our customers will only be disclosed as specified or permitted by the contract. More specifically, we do not disclose identifiable student data to our service providers or other third parties.
6. INFORMATION SECURITY
We employ technical, physical, and administrative security measures appropriate to the categories of personal data processed in our services. These measures include, for example: encryption at rest and in transit, roles-based access, firewalls, and anti-virus software. For more details of our practices, please consult our Information Security Standards statement.
We protect information about learner’s diagnoses, treatments, and outcomes with particular care.
No matter how carefully we safeguard your information, it is unfortunately not possible to guarantee that it will never be accidentally or illegally breached.
By using the Services or providing Personal data to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our website or app or sending an email to you. You may have a legal right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), please notify us at info@Aris4Autism.com
7. INTERNATIONAL USERS AND DATA TRANSFER
By using the Sites, you are informed that your data will be transferred to a country belonging to European Union and we will follow data protection laws and regulations of the European Union.
If you are visiting from outside the European Union with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the European Union and processing globally. By providing your information you consent to any transfer and processing in accordance with this Policy.
We may transfer or disclose your data outside the European Union or European Economic Area (EU/EEA) in the cases referred in Section 6 of this Notice and where applicable to such disclosure, we will ensure the EU’s General Data Protection Regulation and its requirements for data transfer are met. Namely, if personal data will be transferred to a country outside the EU/EEA, the Data Processor shall ensure that the EU Standard Contractual Clauses will be part of the agreement entered into with the receiving party or shall ensure that such transfer otherwise will be permitted under the applicable laws.
8. DATA RETENTION
When we receive your personal data under contract with our customers, we will retain it for the duration of the contract and then, according to our customer’s instructions, return it to them, delete it, or transfer it to another service provider.
Section 9 of this Notice below describes your right to request deletion of your data outside of our normal data retention schedule together with your other rights regarding personal data processing.
9. YOUR RIGHTS
Finland and European Union laws give you various rights over your personal data and that of your child. These may include the right to
- Access personal data held about you
- Correct inaccurate or out-of-date personal data
- Request deletion of your personal data
- Opt out of disclosure of your child’s information to third parties
- Object processing your personal data
- File a complaint to data protection authorities
In order to facilitate your request, we may need to request you to provide proof of identity and will then instruct you how to that.
If you are receiving our subscription-only services via a company, you should contact this company that is providing services to your child and request to exercise privacy rights. This would include, for example, a request to access the information about your child that the company processes in our service. If you are our client instead of an organization, please contact Aris4Autism using the contact information in this Notice, and we will endeavor to facilitate your request.
Rights requests concerning personal data collected or used outside our subscription-only services (for example, on our public website or in our marketing communications) should be addressed to Aris4Autism using the contact information in this Notice.
You can opt out of our marketing communications at any time using, for example, the “unsubscribe” in an e-mail message to info@Aris4Autism.com or similar functionality in other communication formats.
Please note that, if you are a user of our subscription-only services, you may continue to receive service communications even after you have opted out of marketing communications. “Service” communications contain important information about the service for which you are a current user.
11. CHANGES TO THIS NOTICE
We will update this Notice from time to time and will communicate material changes to you through an appropriate channel (for example, via a notice in our services). The Notice was last updated on December 19th, 2020.
12. CONTACT US
Kuusitie 3, Kannus 69100, Finland
How to Complain About Our Privacy Practices
If you think we may have violated your privacy rights, or you disagree with a decision we made about access to your PHI, you may file a complaint with us at infor@Aris4Autims.com or via mail at Kuusitie 3, 69100 Kannus, Finland