Brightsquid Application Privacy Policy

At Brightsquid Secure Communications Corp. ("Brightsquid") we are committed to maintaining the privacy, confidentiality, and security of your personal information.  This Privacy Policy describes the personal information that Brightsquid collects from or about you, how we use it, and to whom we disclose that information when you use or register for Brightsquid services (the “Solution”).  

Your private information will not be sold by Brightsquid to any third party for any use.

This Privacy Policy applies to the identifiable information of all organizations and individuals using the Solution.  For more information about Brightsquid’s other privacy practices please contact our Privacy Officer (contact details provided below).    

BY USING THE SOLUTION, YOU ARE CONSENTING TO THE COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY AND, WHERE YOU INTERACT WITH THE PERSONAL INFORMATION OF OTHERS IN THE SOLUTION (SUCH AS THE PERSONAL INFORMATION OF A FAMILY MEMBER OR PATIENT), YOU REPRESENT THAT YOU HAVE THEIR CONSENT TO DO SO. IF YOU DO NOT CONSENT OR DO NOT HAVE SUCH CONSENT, PLEASE DO NOT USE THE SOLUTION.

Applicable Privacy Legislation

It is Brightsquid's policy to comply with the privacy legislation within each jurisdiction in which we operate.  Sometimes the privacy legislation and / or an individual's right to privacy are different from one jurisdiction to another.  This Privacy Policy generally covers only those activities that are subject to the provisions of Canada's federal and provincial privacy laws and the United States federal and state privacy laws,as applicable.

This Privacy Policy has a limited scope and application.  Consequently, the rights and obligations contained in this Privacy Policy may not be available to all individuals or in all jurisdictions.  If you are unsure if or how this Privacy Policy applies to you, please contact our Privacy Officer for more information.  

What is Personal Information?

For the purposes of this Privacy Policy, personal information is any information about an identifiable individual as detailed below.  

What Personal Information do we Collect?

We collect personal information when people use our services. 

For patient users this may include:

  • personal contact and identification information, such as name, address, telephone number, date of birth, gender, and email address
  • health information submitted through forms, questionnaires, and other means;
  • information provided by professionals who use Brightsquid services to interact with you.

For professional users this may include:

  • business contact and identification information, including name, address, telephone number, email address, role, and job title;
  • financial and payment information relating to subscriptions;

As a general rule, Brightsquid collects personal information directly from you. In most circumstances where the personal information that we collect about you is held by a third party, we will obtain your permission before we seek out this information from such sources (such permission may be given directly by you or implied from your actions). 

When acting as an Information Manager for healthcare clinics, Brightsquid may receive your personal information from healthcare providers for the purpose of inviting you to the Solution, creating an account so you can communicate with the provider or clinic, and for identity validation.

With respect to health information shared with your healthcare practitioner through the Solution, we note that each healthcare practitioner is independent of Brightsquid and is responsible for obtaining and managing your consent in relation to their collection and use of your information.

From time to time, we may utilize the services of third parties in our business and may also receive personal information collected by those third parties in the course of the performance of their services for us or otherwise.  Where this is the case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information to us.  

When required by applicable law or regulatory requirements, we may collect, use, or disclose information about you without your knowledge or consent.

Why Do We Collect Personal Information? 

The Solution (and its related services) generally enables the exchange of sensitive information between users. Brightsquid collects personal information to enable us to manage, maintain, and develop the Solution, our business and operations, including:

  • to operate the Solution, including the support, maintenance and development of same; 
  • to support recipient identity verification and the safe and compliant delivery of personal information through the Solution;   
  • to establish, maintain and manage our relationship with you so that we may provide you with services related to your use of the Solution;
  • to be able to review the products and services that we provide to you so that we may understand your requirements for our products and services and work to make improvements; 
  • to be able to comply with your requests (for example, if you prefer to be contacted at a business or personal email address or telephone number and advise us of your preference, we will use this information to contact you through those means);
  • to protect us against error, fraud, and inappropriate access;
  • to enable us to comply with applicable law or regulatory requirements; and 
  • any other reasonable purpose to which you consent.

A more detailed description of the data usage and sharing associated with the specific features, modules, applications and/or services of or related to the Solution for which you may subscribe or use are available on request. 

How Do We Use and Disclose Your Personal Information?

We may use and disclose your personal information: 

  • for the purposes described in this Privacy Policy; or 
  • to perform our contracted duties as a provider of the Solution; or
  • to support recipient identity validation (name and general location); or
  • for any additional purposes for which we have obtained your consent to the use or disclosure of your personal information.

We may use or disclose your personal information without your knowledge or consent when we are required by applicable law or regulatory requirements to do so.  

We may use de-identified aggregated information, as needed, to monitor and improve the Solution.

When do we Disclose Your Personal Information?

We may share your personal information with our employees, contractors, consultants and other parties who require such information to assist us with managing our relationship with you.

This may include third parties that provide services to us or on our behalf; third parties that assist Brightsquid in the provision of services to you; and third parties whose services we use to conduct our business. In these cases, your information will not be used for purposes unrelated to your use of the Solution. All third parties are vetted and are contractually obligated to uphold the terms of this policy.

For example, Amazon Web Services may provide certain information technology and data processing services to us from time to time so that we may operate our business, and as result, your personal information may be collected, used, processed, stored, or disclosed in Canada. 

In addition, personal information may be disclosed or transferred to another party during the course of, or completion of, a change in ownership of or the grant of a security interest in, all or a part of Brightsquid through, for example, an asset or share sale, or some other form of business combination, merger or joint venture, provided that such party is bound by appropriate agreements or obligations and required to use or disclose your personal information in a manner consistent with the use and disclosure provisions of this Privacy Policy, unless you consent otherwise.

To support necessary recipient identity verification, we will display the following basic personal information to professionals who want to message you so that they know they are delivering information to the correct person:

  • Full Name
  • email address
  • province/state
  • country

Health Professionals will only see the above information if:

  1. they are paying users of Brightsquid and have gone through an identity verification process and;
  2. they have correctly entered your COMPLETE full email address.

Expanded personal information including:

  • Full Name
  • email address
  • province/state
  • country

plus

  • Date of Birth
  • Gender

 is visible to identity verified Health Professional users if:

  • the Date of Birth was first entered by the professional or a member of their associated organization for the purpose of inviting you to use a Brightsquid service; or
  • you reply from your existing account to an initial message from a Health Professional or member of their organization.

The Solution is used by a wide variety of Health Professionals. As such, health providers within your circle of care may need to send communications to your existing Brightsquid Account. In these cases, Professional users can see your basic personal information only after entering your COMPLETE email address into the Patient Directory search. The Patient Directory is only available to verified professional users and will only display patient contacts that have either:

  • accepted an invitation to connect from the professional’s organization; or
  • if a professional within the organization has sent the patient a message using the associated COMPLETE email address.

For professional users, Name, Job Title, and associated Organization contact information (Organization name, phone number, and address) will be displayed in the professional directory to validate recipient identity and expedite delivery to the most appropriate recipient.

Further, your personal information may be disclosed:

  • as required by applicable law or regulatory requirements;
  • to comply with valid legal processes such as search warrants, subpoenas, or court orders;
  • to protect the rights and property of Brightsquid;
  • during emergency situations or where necessary to protect the safety of a person or group of persons;
  • where the personal information is publicly available; or
  • with your consent.

Your Consent is Important to Us

Brightsquid practices privacy by design and privacy by default in the design, development and operation of the Solution and our services. We strive to collect the minimum amount of personal information necessary and to retain it no longer than necessary to meet our contractual obligations or as required by law.

Accordingly, it is important to us that we collect, use, or disclose your personal information where we have your consent to do so.  Depending on the sensitivity of the personal information, your consent may be express, deemed (using an opt-out mechanism), or implied.  Express consent will generally be through an overt opt-in process, and can be given orally, electronically or in writing.  Implied consent is consent that can reasonably be inferred from your action or inaction.  For example, when you enter into an agreement with us for services, we will assume your consent to the collection, use and disclosure of your personal information for purposes related to the performance of those services and for any other purposes identified to you at the relevant time.

In certain circumstances, your consent may be obtained after collection but prior to our use or disclosure of your personal information.  If we plan to use or disclose your personal information for a purpose not previously identified (either in this Privacy Policy or separately), we will endeavor to advise you of that purpose before such use or disclosure.

As we have described above, we may collect, use, or disclose your personal information without your knowledge or consent where we are permitted or required to do so by applicable law or regulatory requirements.  

You may change or withdraw your consent at any time, subject to legal or contractual obligations and reasonable notice, by contacting our Privacy Officer using the contact information set out below.  All communications with respect to such withdrawal or variation of consent should be in writing and addressed to our Privacy Officer.

How is Your Personal Information Protected?

Brightsquid endeavors to maintain physical, technical, and procedural safeguards that are appropriate to the sensitivity of the personal information in question.  These safeguards are designed to prevent your personal information from loss and unauthorized access, copying, use, modification, or disclosure.

The protection of personal information is of paramount concern to Brightsquid, and Brightsquid is prepared to take appropriate and timely steps in the event of any incidents involving personal information in accordance with applicable privacy laws. Correspondingly, please advise our Privacy Officer immediately of any incident involving the loss of or unauthorized access to or disclosure of personal information that is in our custody or control.  

Updating Your Personal Information

It is important that the information contained in our records is both accurate and current.  If your personal information happens to change during the course of our relationship, please keep us informed of such changes. 

In some circumstances we may not agree with your request to change your personal information and will instead append an alternative text to the record in question. 

Access to Your Personal Information

You can ask to see your personal information.  If you want to review, verify or correct your personal information, please contact our Privacy Officer in writing.  

When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you.  We may charge you a fee to access your personal information; however, we will advise you of any fee in advance.  If you require assistance in preparing your request, please contact our Privacy Officer. 

Your right to access the personal information that we hold about you is not absolute.  There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you.  In addition, the personal information may have been destroyed, erased, or made anonymous in accordance with our record retention obligations and practices. We generally retain your information as long as reasonably necessary to provide you with the Solution and related services or to comply with applicable law.

In the event that we cannot provide you with access to your personal information, we will endeavor to inform you of the reasons why, subject to any legal or regulatory restrictions.

Inquiries or Concerns?  

If you have any questions about this Privacy Policy or concerns about how we manage your personal information, please contact our Privacy Officer, in writing or by e-mail.  We will endeavor to answer your questions and advise you of any steps taken to address the issues raised by you.  If you are dissatisfied with our response, you may be entitled to make a written submission to the Privacy Commissioner in your jurisdiction.

Privacy Officer

We have appointed a Privacy Officer to oversee compliance with this Privacy Policy.  The contact information for our Privacy Officer is as follows:  

Brightsquid Privacy Officer

Brightsquid Secure Communications Corp

3655 36 St. NW Calgary AB

T2L 1Y8 CANADA

privacy@brightsquid.com

(800)238-6503x301

Revisions to this Privacy Policy

From time to time, we may make changes to this Privacy Policy to reflect changes in its legal or regulatory obligations or in the manner in which we deal with your personal information.  We will post any revised version of this Privacy Policy on our website https://brightsquid.com/ and we encourage you to refer back to it on a regular basis.  This Privacy Policy was last updated on January 5, 2024. 

Interpretation of this Privacy Policy

Any interpretation associated with this Privacy Policy will be made by our Privacy Officer.  This Privacy Policy includes examples but is not intended to be restricted in its application to such examples, therefore where the word 'including' is used, it shall mean 'including without limitation'.

This Privacy Policy does not create or confer upon any individual any rights, or impose upon Brightsquid any obligations outside of, or in addition to, any rights or obligations imposed by Canada's federal and provincial privacy laws, as applicable.  Should there be, in a specific case, any inconsistency between this Privacy Policy and Canada's federal and provincial privacy laws, as applicable, this Privacy Policy shall be interpreted, in respect of that case, to give effect to, and comply with, such privacy laws.