We want to help you understand how data is processed so that you may make informed decisions on your personal data.
Personally Identifiable Information (“PII”) is any information relating to an identified or identifiable individual; this includes any information that could be used on its own or in combination with other pieces of information to identify a person. PII is not just a person’s name or email address, it can include information related to your location, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of an individual.
Think Research may store PII provided to us by our clients and business partners who use our products and services. PII may also be directly collected by you when you register and use certain products and services, and when you visit our website and request information.
As part use of our products and services, we store individuals’ PII, which may include medical information such as treatments, symptoms, and healthcare provider notes. This information may come directly from you when you register and use specific products and services, to which we request your explicit consent. This information may also be obtained indirectly from your healthcare provider who is using our products and services, and it is the responsibility of your healthcare provider to obtain your consent.
We store and/or use the following categories of data:
Personal Identifier Details
To communicate with you and provide our products and services, you will be asked to provide basic contact information about yourself, such as name, email address, telephone number and physical address when registering with us. Individuals are responsible for the accuracy and completeness of the information they provide.
Some PII is automatically collected (e.g. the type of web browser and operating system used by the website visitor) when you visit our website. Other PII is not collected unless you choose to provide such PII or indicate your consent to any cookies that our website may employ. On our website, you can request information, subscribe to marketing or support materials or apply for jobs at Think Research. The types of personal information you provide to us on these pages may include name, address, phone number, e-mail address, contact preferences, education and employment background and job interest data.
User Login Data
When creating a user profile with our products, you will be asked to provide your username and password, contact and demographic information about yourself, such as email address, gender, date of birth. This request is for identity purposes and to manage your individual user account.
As part use of our products and services, we store individuals’ personal health information, which may include treatments, symptoms, and healthcare provider notes. This information may come directly from you when you register and use specific products, to which we request your explicit consent. This information may also be obtained indirectly from your healthcare provider who is using our products and services, and it is the responsibility of your healthcare provider to obtain your consent.
We use financial information for payment purposes. However, we do not store credit card or debit card details.
When you visit our site, each time we may automatically collect the following information:
- Technical information, including the Internet protocol (IP) address, internet domain names, the web browser and operating system used to access the Think Research website, client support and to collect aggregate information for internal reporting purposes.
- Information about your visit to the site, including the full URL, any products you viewed or searched for, the files visited, the time spent in each file and the time and date of each visit.
This is required in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.
Human Resources Information
Think Research also collects PII of its employees (human resources data) in connection with the administration of its Human Resources programs and functions. These programs and functions include compensation programs, performance appraisals, training, business travel, expense reimbursement, access to Think Research computer facilities and computer networks, employee profiles, internal employee directories, Human Resource record keeping and other employment related purposes. In addition, we may collect PII that you provide us when applying for jobs at Think Research, such as name, address, phone number, e-mail address, contact preferences, education and employment background and job interest data.
Does Think Research use or disclose PII and non-personal information?
Think Research is committed to protecting the privacy, confidentiality and security of all personal data that has been entrusted to us.
We do not use or disclose PII except as may be necessary in the course of providing its product and service to its clients and business partners. When use or disclosure of personal information is necessary, it is used or disclosed strictly in accordance with applicable laws, including the Personal Information Protection and Electronic Documents Act, and applicable provincial health legislation.
PII may be used for the following reasons:
- To provide our products and/or services; to perform or fulfil a contract we have with you;
- To provide you with a user account for the products or services;
- To contact clients to discuss their experience with the products and/or services, their needs and interests, and/or to communicate future promotions or events which might benefit them
- Contact a prospective client;
- Providing notifications about unscheduled downtimes or new features, functionalities, terms or other aspects of the services;
- To monitor and analyze the use of the services;
- To improve our level of service;
- Responding to inquiries and other communications;
- To provide to third party vendors, service providers or agents that we have contracted with to provide services on our behalf (e.g., our Cloud Service Provider). These third party vendors are bound by strict privacy and security provisions.
- If we have a legal obligation in response to a court order, subpoena, search warrant, law or regulation;
- To consider your application for employment;
- Human Resources data may be shared with third party vendors for the exclusive purpose of enabling the vendor to provide service and/or support to Think Research in connection with these Human Resource programs and functions. Personal information is not shared with those third parties for non-employment related purposes
Non-personal information or de-identified data may be used for the following reasons:
- To conduct audits, measurement and analyses functions in an effort to maintain, administer, support, enhance and protect the services including determining usage trends and patterns and measuring the effectiveness of content, features or services;
- To monitor and analyze the use of the services;
- To track adoption and usage of the products and services for internal quality improvement, internal research and internal product development purposes;
- To contribute to certain health and medical research (only non-personal information will be used)*
- To provide benchmarking and performance tracking solutions*
* We may track and analyze non-identifying, aggregate usage, and volume statistical information from our visitors and clients and may provide such information to third parties. For example, we may provide de-identified information to a governmental body as part of a provincial healthcare program or project we are a part of, supporting provincial health planning or delivering healthcare programs or services, in accordance with applicable privacy laws. We are committed to ensuring privacy and protecting PII entrusted to us. We also are committed to providing valuable insights and analytics to enable better performance and quality of healthcare services.
TRC de-identifies the data for the purposes as mentioned above, and more generally, improving the services through understanding usage patterns by end users. TRC will not use data to re-identify individuals.
We may use PII to detect, investigate, address and prevent fraudulent or illegal activities. We reserve the right to disclose your PII as required by law, when we believe that disclosure is necessary to comply with a judicial proceeding, court order, or legal process served on us and to defend against legal claims.
We may disclose and share your PII to explore and/or undertake a corporate transaction, including a merger, acquisition, amalgamation, IPO, reorganization or sale of the organization. Your PII relevant to the transaction, such as billing information, can be used and disclosed solely for the purposes related to the transaction and will be protected by security safeguards appropriate to the sensitivity of the information. Your personal health information will not be disclosed and will remain confidential.
Except as provided in this Policy, Think Research does not use or process your PII for a purpose other in a way that is incompatible with the purposes for which it has been collected or subsequently authorised by the individual, as required by law.
We will not sell, trade or lease your personal data to others.
Think Research is committed to taking reasonable efforts to secure the PII you choose to provide us. To protect the privacy of any PII you have provided, we employ industry-standard controls including physical access controls, internet firewalls, intrusion detection and network monitoring.
Where you communicate with us via our site, we cannot guarantee or warrant the security of any information that you transmit, as is the nature of the internet, no data transmission over the internet can be guaranteed to be 100% secure. While we have implemented reasonable safeguards to prevent unauthorized use or disclosure of the information, we cannot guarantee the security of any information transmitted via our site.
Links to Non-Patient Websites and Third Parties
The Think Research website may provide links to third-party web sites for your convenience and information. If you access those links, you will leave the Think Research website.
Storage and Transfer
Think Research provides its products and services from its head office in Toronto, Ontario, Canada, unless otherwise specified. We store Canadian client data on secure servers located in Canada and U.S. client data on secure servers located in the US. Think Research may also store, process or access clients’ data from Canada for purposes of, for example: responding to client support and technical requests; fixing software issues; or, providing services to a client on the back end of the platform (e.g. performing simulation testing of our disaster recovery plan). However, regardless of location, PII will be protected in accordance with applicable privacy laws, including having stringent privacy and security safeguards and appropriate mechanisms in place.
For our products and services that we provide to healthcare providers, we will retain data in accordance with our client’s data retention policy and will destroy and/or return data at the end of the provision of services. After such time, data may be stored in an aggregated and anonymized format.
Where we have collected your PII directly (e.g. via the website or use of our VirtualCare product) and not from your healthcare provider, it shall not be kept for longer than is necessary for that purpose or those purposes. You may notify us at any time should you choose to deactivate your account and have your personal data deleted. We will delete or destroy your PII in a manner designed to ensure that it cannot be reconstructed or read.
Openness, Transparency and Access to PII
Under privacy laws, you have specific rights and we work with you and your healthcare provider to honour this.
PII collected by healthcare provider
Where your healthcare provider (e.g. hospital, clinic, physician, long term care home) has collected PII directly from you, and has provided it to us as the result of the product or service with the appropriate consents (e.g., ProgressNotes, eForms, Care Pathways, Order Sets), we encourage you to contact your healthcare provider directly regarding your request. These may include requests related to:
- Access to information
- Rectification or corrections
- Restriction of processing
- Inquiries or complaints
We will provide the data custodian with all the information necessary to respond to your request(s) and work with them to assist them fulfill their obligations as custodians and address your rights under the law.
PII collected by us
Consent and Choice
As indicated in this Policy, whenever we rely on your explicit consent to process your PII, you have the right to opt-out and withdraw your consent at any time.
If you do not wish to provide the PII requested, however, you may not be able to proceed with the activity or receive the benefit for which the personal information is being requested. Similarly, if you choose to unsubscribe from receiving notifications or messages from us, your client experience in using the products and/or services may be compromised. If complying with your request would result in termination of the services, we will make that clear to you and confirm this with you before proceeding.
If we have obtained your PII directly with your express consent, in addition to the right to withdraw your consent, you may:
- Ask us to restrict our processing of your personal data or object to our processing;
- Request a copy of information we hold about you;
- Make an inquiry and/or complaint
In the event that you wish to make an inquiry, complaint or withdraw your consent, please contact us at firstname.lastname@example.org and we will employ best efforts to deal with your request as soon as possible.
Access to and accuracy of your information
Think Research strives to keep your PII accurate. We have implemented technology, management processes and policies to maintain data accuracy. We will provide you with access to your information and the opportunity to change your information.
Any personal information you provide to us it is your responsibility to provide true, accurate, current and complete information about yourself, and notify us if there are any updates or changes to ensure it remains true, accurate, current and complete.
Changes to this Policy
Privacy and security practices
Think Research’s privacy and security practices are available here.
VirtualCare Privacy Impact Assessment Summary is available here.
How to Contact the Think Research Privacy Office
For more information about the Think Research privacy practices or to raise a concern you have with our practices, contact us:
Chief Privacy Officer
351 King St E #500, Toronto, ON, M5A 0L6
Tel: (416) 479-5428