Privacy Policy

Think Tank Innovations Ltd. (“ShareSmart”, “we”, “our”, “us”) recognizes and respects the privacy of its customers and users’ (“you”, “your”) personal information (“Personal Information”). ShareSmart provides this Privacy Policy to help you make an informed decision about whether to use or continue using our website (“ShareSmart Site”), software (“ShareSmart Software”) and/or services through the ShareSmart Site and/or ShareSmart Software (“ShareSmart Service”). If you do not agree to our practices, please do not use the ShareSmart Site, ShareSmart Software, or ShareSmart Service or otherwise provide your Personal Information to us. This Privacy Policy is incorporated into and is subject to the ShareSmart Terms of Service. Your use of the ShareSmart Site, ShareSmart Software and the ShareSmart Service and any personal information (as defined herein) you provide on the ShareSmart Site or ShareSmart Software remains subject to the terms of this Privacy Policy and our Terms of Service. Please note that any status submissions or other content posted at the direction or discretion of users of the ShareSmart Site, ShareSmart Software or ShareSmart Service becomes published content and is not considered personally information subject to this Privacy Policy.

What Does This Privacy Policy Cover?

For the purposes of this Privacy Policy, Personal Information means any information about an identifiable individual with the exception of any other information otherwise exempted pursuant to the applicable laws of Canada and other jurisdictions that the Personal Information is subject to.  For greater clarity, our use of anonymized and de-identified data is not subject to this Privacy Policy.

This Privacy Policy is part of ShareSmart’s Terms of Service and covers any Personal Information collected, used, disclosed, retained or otherwise processed (collectively, “process”) by us, including without limitation the treatment of third party health information and user information through your use of ShareSmart Service or your access or use of the ShareSmart Site, ShareSmart Software or any other software provided by ShareSmart. This Privacy Policy does not apply to the practices of companies that ShareSmart does not own or control, or to individuals whom ShareSmart does not employ or manage, including any of the third parties to which ShareSmart may disclose user information as set forth in this Privacy Policy (collectively, “Other Parties”).  You are recommended to review the privacy policy and terms and conditions of the Other Parties.

Personal Information that ShareSmart Collects

ShareSmart may collect the following types of personal information (“Personal Information”) from or concerning you or your mobile phone device, which may include:

User-Provided Information: This includes your mobile phone number, push notification name (if applicable), billing information (if applicable) and mobile device information to ShareSmart when choosing to participate in various uses of the ShareSmart Service, such as registering as a user, updating your status or requesting status for your contacts. In order to provide the ShareSmart Service, ShareSmart will periodically access your address book or contact list on your mobile phone to locate the mobile phone numbers of other ShareSmart users (“in-network” numbers), or otherwise categorize other mobile phone numbers as “out-network” numbers, which are stored as one-way irreversibly hashed values.

Cookies Information:

When you visit the ShareSmart Site, we may send one or more cookies – a small text file containing a string of alphanumeric characters – to your computer that uniquely identifies your browser. ShareSmart uses both session cookies and persistent cookies. A persistent cookie remains after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser help file directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, the ShareSmart Site may not function properly if the ability to accept cookies is disabled.

Log File Information:

When you use the ShareSmart Site, our servers may automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, browser language, referring / exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time of your request, one or more cookies that may uniquely identify your browser, your phone number, phone number you are requesting the status of and various status information. When you use the ShareSmart Service, our servers log certain general information that our application sends whenever a message is sent or received, or if you update or request any status information, including time and date stamps and the mobile phone numbers the messages were sent from and to.

For greater certainty, we do not collect location data, but users may voluntarily share their location with other users via the ShareSmart Service through ShareSmart Software. The contents of messages that have been delivered by the ShareSmart Service are copied, kept or archived by ShareSmart in the normal course of business pursuant to applicable health information and privacy laws. Users will have full control and use over the contents of their messages. The ShareSmart Service is meant to be an SMS replacement, using data service through a user’s phone (either via cell network or wifi). Users type their messages, which are sent via data service to our servers, and routed to the intended recipient (who must also be a ShareSmart user), if that recipient is online. If the recipient is not online, the undelivered message is held in ShareSmart’s server until it can be delivered. If the message is undelivered for thirty (30) days, the undelivered message is deleted from our servers. Once a message has been delivered, it resides on our servers – NorthCloud (and which may be deleted at the user’s option). The contents of any delivered messages are kept or retained by ShareSmart — the no records of the content of any delivered messages reside directly on the sender’s and recipient’s mobile devices. Notwithstanding the above, ShareSmart may retain date and time stamp information associated with successfully delivered messages and the mobile phone numbers involved in the messages, as well as any other information which ShareSmart is legally compelled to collect. Files that are sent through the ShareSmart Service will reside on our servers after delivery for a period of time, but are deleted and stripped of any identifiable information within a period of time in accordance with our general retention policies.

How ShareSmart Collects and Uses Personal Information

We collect and use your Personal Information for various purposes (“Purposes”), including:
To operate, maintain, and provide to you the features and functionality of the ShareSmart Site and ShareSmart Service, where:your mobile phone number is essential to your use of the ShareSmart Service and will be retained; any billing information that may be collected from you will be deleted thirty (30) days after the termination of your account with ShareSmart; any Personal Information that you voluntarily disclose on the ShareSmart Service becomes publicly available and may be collected and used by other users of the ShareSmart Service (unless such user is blocked by you); your name (as it is saved in other user’s mobile phone address book or contact list) may be displayed to other users when you update your status messages through the ShareSmart Service and other users may contact you through the ShareSmart Service; To provide non-marketing or administrative services (such as notifying you of major ShareSmart Site or ShareSmart Service changes or for customer service purposes);To improve the quality and design of the ShareSmart Site and ShareSmart Service through creating new features, promotions, functionality, and services by storing, tracking, and analyzing user preferences and trends; Through cookies and log information, to: remember information so that you will not have to re-enter it during your visit or the next time you use the ShareSmart Service or ShareSmart Site; provide custom, personalized content and information; monitor individual and aggregate metrics such as total number of visitors, pages viewed, etc.; and track your entries, submissions, views and such.

How ShareSmart Discloses Personal Information

We may disclose your Personal Information for the Purposes in the following ways:
To other users of the ShareSmart ServiceOther users may see your status submissions in a way that is consistent with the use of the ShareSmart Service. For example, a status of “Can’t talk, please SMS instead” set by phone number +1 (604) 888-8888 will be available to every user of the ShareSmart Service who has that mobile phone number in their mobile phone’s address book or contact list. In other words: If another user has your mobile phone number stored in their mobile phone address book or contact list, they will be able to see your status information unless you have chosen to block such user. “Last Seen” information is available and displayed to each user who has your mobile phone number in their mobile phone address book or contact book (and which you have not blocked), and reflects the last approximate time the ShareSmart mobile application has been used or brought to the foreground on your mobile phone. “Last Seen” information is reported to ShareSmart when a user brings the mobile application to the foreground. To other non-user third parties, we do not sell or share your Personal Information with other third-party companies for their commercial or marketing use without your consent or except as part of a specific program or feature for which you will have the ability to opt-in or opt-out. We may share your Personal Information with third party service providers to the extent that it is reasonably necessary to perform, improve or maintain the ShareSmart Service. To law enforcement, government authorities and other authorized entities we may collect and release your Personal Information if required to do so by law, or in the good-faith belief that such action is necessary to comply with state and federal laws (such as Canadian Copyright Law), international law or respond to a court order, subpoena, or search warrant or equivalent, or where in our reasonable belief, an individual’s physical safety may be at risk or threatened. ShareSmart also reserves the right to disclose your Personal Information that ShareSmart believes, in good faith, is appropriate or necessary to enforce our Terms of Service, take precautions against liability, to investigate and defend itself against any third-party claims or allegations, to assist government enforcement agencies, to protect the security or integrity of the ShareSmart Site or our servers, and to protect the rights, property, or personal safety of ShareSmart, our users or others.

Legal Basis for Processing Your Personal Information

We will process your Personal Information only with your knowledge and consent, except where exempted, required or permitted by applicable laws. The form of consent may vary depending on the circumstances and the type of information being requested.  Your consent may be express with clear options to say “yes” or “no”, such as by being asked to check a box to indicate your consent, or implied, such as when you provide us with your address through a form or email seeking information and we use those means to respond to your request.  Taking into account the sensitivity of your Personal Information, purposes of collection, and your reasonable expectations, we will obtain the form of consent that is appropriate to the Personal Information being processed.  By using ShareSmart Site, ShareSmart Software or the ShareSmart Service, or otherwise by choosing to provide us with your Personal Information, you acknowledge and consent to the processing of your Personal Information in accordance with this Privacy Policy and as may be further identified when the Personal Information is collected.    


Duties – Users of ShareSmart

The data collected by you may concern third party individuals (“Patients”) that may not have the capacity to provide legal consent for the use of their Personal Information. You as a user of ShareSmart must collect and provide Patient’s Personal Information with the utmost care and respect and will only use ShareSmart as a tool to enable medical professionals to send images to approved recipients in order to aid in the professional medical assessment of the Patients. You are solely responsible for assessing and complying with all laws, policies and other requirements applicable to your use of ShareSmart, including health records, privacy and freedom of information laws and any applicable institution policies. In particular, as a user of the ShareSmart, you are responsible for ensuring that:

You have fully explained to the patient, or their authorized representative/guardian, how data and images relating to the patient will be used, including complying with all applicable laws and institution policies regarding consent and written collection statements. As such, the explanation should include making the patient generally aware of: the identity of the organization and how to contact it; the fact that the patient is able to gain access to the information; the purposes for which the information is collected; to whom (or the types of individuals or organizations to which) the organization usually discloses information of that kind, including to ShareSmart and to third party services for the purpose of the secure hosting and communication of the information; any law that requires the particular information to be collected; and the main consequences (if any) for the patient if all or part of the information is not provided. Fully informed consent is obtained from the patient or their authorized representative/guardian, or a medical professional has assessed that consent is not required in the specific situation, before capturing data and images. In particular, you are responsible for: ensuring that the patient has consented to the transfer and/or communication of patient information to ShareSmart and secure third party hosting and exchange services; or determining that patient consent for the above activities is not legally required in the circumstances and in providing ShareSmart, ShareSmart is reliant upon you obtaining such consents and making such determinations. You only grant access to a patient’s data and images to appropriate medical professionals who are authorized and have consent to access such data and images in accordance with the uses specifically stipulated within that patient’s consent; and Patient data and images are stored and retained in accordance with all applicable privacy and health records requirements. If you use the data for anything other than to enable medical professionals to send images to approved recipients in order to aid in the professional medical assessment of patients, or in a manner that breaches your duties under this Privacy Policy, then ShareSmart, in addition to any other legal rights it may claim against you, has a right to claim against you for breach of the contractual rights you accepted by installing ShareSmart and agreeing to be bound by the App terms which include this Privacy Policy.

Patient’s Rights

Photographic images and other data relating to a Patient may be requested, at any time, by that Patient through relevant laws and our privacy policy presented to the Patient at the time of collection of their Personal Information (“Patient’s Privacy Policy”). A Patient has the right to object to the use or transfer of patient records relating to them (including photographic images and data) other than in accordance with their consent or as authorized by law.  For more information regarding Patient’s rights to their Personal Information and how we process and safeguard their Personal Information, please read further here.

Requests for Access to and Correction of Personal Information

Applicable privacy laws allow, to varying degrees, users the right to access and/or request the correction of errors or omissions in his or her Personal Information that is in our custody or under our control. Our Privacy Officer will assist you with such an access request. This includes: Personal information under our custody or control; How this personal information under our control may be or has been used by us; and Names of any individuals and organizations to which the individual’s personal information has been disclosed. We will respond to requests within the time allowed by applicable privacy laws and will make every effort to respond as accurately and completely as possible. Any corrections made to Personal Information will be promptly sent to any organization it was disclosed to.

In certain exceptional circumstances, we may not be able to provide access to certain personal information it holds about an individual. If access cannot be provided, we will notify the individual making the request within 30 days, in writing, of the reasons for the refusal.

Our Commitment to Data Security

ShareSmart uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. We cannot, however, ensure or warrant the security of any information you transmit to ShareSmart and you do so at your own risk. Using unsecured wifi or other unprotected networks to submit messages through the ShareSmart Service is never recommended. Once we receive your transmission of information, ShareSmart makes commercially reasonable efforts to ensure the security of our systems. For example, to protect your privacy and security, we take commercially reasonable steps (such as SMS authentication in certain cases) to verify your identity before registering your mobile phone number and granting you access to the ShareSmart Service.  However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If ShareSmart learns of a security systems breach, then we will notify you electronically or post a notice on the ShareSmart Site or through the ShareSmart Service regarding the breach as required by the applicable laws.  The content and delivery of the breach notification will follow the applicable laws.

Special Note to International Users

The ShareSmart Site and Service are hosted in Canada and are intended for and directed to users in Canada. If you are a user accessing the ShareSmart Site and Service from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure, that differ from the laws of Canada, please be advised that through your continued use of the ShareSmart Site and Service, which are governed by the law of the Province of British Columbia, this Privacy Policy, and our Terms of Service, you are transferring your personal information to Canada and you expressly consent to that transfer and consent to be governed by the law of the Province of British Columbia for these purposes. If you are a user accessing the ShareSmart Site and Service from the European Union, please see here for further European Union specific disclosures regarding our processing of your Personal Information.

In the Event of Merger, Sale, or Bankruptcy

In the event that ShareSmart is acquired by or merged with a third party entity, we reserve the right to transfer or assign the information we have collected from our users as part of such merger, acquisition, sale, or other change of control. In the (hopefully) unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your personal information is treated, transferred, or used.

Contact Information for Privacy Officer

You can direct any questions or concerns regarding our compliance with this Policy and our processing of your Personal Information to our Privacy Officer by emailing [*]. If you are not satisfied with our Privacy Officer’s response to your question or concern, you may be able to file a complaint under applicable privacy laws.  Our Privacy Officer will provide you with the contact information to do so if requested. We strive to offer an accessible and simple complaint procedure. We will promptly investigate all complaints received, and if a complaint is justified, we will take the necessary steps to resolve the issue in question. If you are located or residing in European Union, please see here for appropriate contact information.

Changes and updates to this Privacy Notice

This Privacy Policy may be revised periodically and this will be reflected by the “effective date” below. Please revisit this page to stay aware of any changes. Your continued use of the ShareSmart Site and ShareSmart Service constitutes your agreement to this Privacy Policy and any amendments. Date Last Modified: This Privacy Notice was last modified July 6, 2019. This section only applies to users of our ShareSmart Site, ShareSmart Software or ShareSmart Services who are located in the European Union (EU). This section describes our practices in addition to the Privacy Policy with respect to the processing of Personal Information for the Purposes in compliance with the EU General Data Protection Regulation (GDPR).

Election to not provide your Personal Information

You may choose not to provide us with your personal information. However, if you choose not to provide your Personal Information, you may not be able to enjoy the full range of ShareSmart Services.

Legal Bases

In addition to obtaining your consent as per our Privacy Policy, we may also process your Personal Information: for performing the ShareSmart Services you have ordered or, upon your request, to take the steps necessary to provide you with such ShareSmart Services;

  • for compliance with a legal obligation pursuant to the law of EU or Member State of EU to which we are subject; or
  • in the furtherance of our legitimate interests in maintaining business relationships and communicating with you as a business contact, about our activities and Services.

We consider that our legitimate interests are in compliance with the GDPR and your legal rights and freedoms. Legitimate interests include fraud prevention, credit checks, network security and direct marketing. You have the right to object to any of this processing and, if you want to object, please contact our EU privacy representative at.

Additional Rights

Depending on the legal basis used to process your Personal Information, you may have one or more of the following rights to your personal information:

  • You can access your Personal Information, request us to correct your Personal Information, or request us to complete the Personal Information you believe is incomplete as permitted by GDPR, subject to applicable fees.
  • You may also have a right to restrict or limit the ways in which we use your Personal Information.  In certain circumstances, such as those described in the ‘legitimate interests’ paragraph above in Section 2 of the Appendix, you also have the right to object to the processing of your data by us for purposes such as profiling and direct marketing.
  • You can request that we erase your Personal Information under certain conditions, and we will carry out this request unless GDPR allows us to keep certain information about you.
  • You can request for a copy of your Personal Information in an easily accessible, structured, commonly used and machine-readable format which we may charge a small fee for such service.

In certain circumstances, you can also request that we transfer some of your information to third parties in such format where technically feasible. Upon your request, we will respond within 30 days, unless otherwise permitted by GDPR.  Please contact our EU representative should you need any assistance in exercising any of the above rights.