Privacy
Notice

1. ABOUT US

1.1 Cybin Irl Limited (“Cybin”) is a company registered in Ireland under company number 694595 and we have our registered office at One Spencer Dock, North Wall Quay, Dublin 1, D01X9R7, Ireland. For the purpose of the data protection laws, we are the controller of the personal information processed for the purposes set out below and we are responsible for looking after it.

1.2 Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.

2. OUR COMMITMENT TO YOU

2.1 At Cybin, we take our obligations under data protection laws very seriously and we’re committed to keeping your personal data private and secure. This notice is designed to help you understand what personal data we hold, why it is required, and how it is used.

2.2 This privacy notice (“Privacy Notice”) explains how Cybin collects, shares, and uses your personal information. You’ll also find information about how you can exercise your privacy rights. By using our services, you acknowledge that Cybin will use your personal information as described in this Privacy Notice.

3. WHAT PERSONAL DATA DO WE USE?

3.1 We may collect, process, store and transfer the following kinds of personal data (hereafter referred to as “Data”) about you:

3.1.1 your first name, surname, maiden name, title or similar identifier, gender, marital status and date of birth;

3.1.2 your address, postcode, phone number and email address;

3.1.3 your bank account details (in the event that you participate in a paid study);

3.1.4 health insurance information;

3.1.5 photographs and videos of you;

3.1.6 your preferences in receiving marketing from us, your communication preferences and information you volunteer to us when you contact us, including by phone, email or post or when you speak with us through social media;

3.1.7 internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, platform, device identifiers and other technology on the devices you use to access this website; and

3.1.8 information about how you use our website, products and services including information about your online browsing behaviour.

4. SPECIAL CATEGORIES OF DATA

4.1 Certain categories of Data, such as that about race or ethnicity, sex life, sexual orientation, information about your health, and genetic and biometric data are considered to be “special categories of data” under data protection laws. Examples of special categories of Data that we may collect and process include:

4.1.1 information relating to your race and ethnicity; and

4.1.2 details of existing and previous physical or mental health conditions, blood type, health status, test results, medical diagnoses and treatment, details provided or obtained as part of your participation in our research or study.

5. WHERE DO WE GET THIS INFORMATION FROM?

Information that you give us

You may share Data about yourself and your circumstances by:

  • filling in forms such as application forms or forms on our website;
  • registering as a patient or study participant;
  • giving us information about yourself in any communications with us either by telephone, e-mail, post or otherwise, either in connection with your participation in a study or to report a complaint or issue;
  • signing in at reception on one of our sites.

 

You are not obliged to provide your Data to us. However, if you do not provide your Data to us, you may not be able to participate in our studies, and we may not be able to respond to your queries or allow you into our physical sites.

Information that we collect about you

We collect Data about you:

  • when you participate in our studies; and
  • when you visit our website, including details of your visits to our website including, but not limited to, the Internet Protocol (IP) address used to connect your computer to the internet, MAC addresses, traffic data, location data, time-zone setting browser type and version, browser plug-in types and versions, operating system and platform, and cookies.

Information that we receive from othersources

We may receive Data about you from other third parties, such as your medical provider.

6. WHY DO WE COLLECT YOUR INFORMATION?

6.1 The situations in which we will use your Data are listed below:

6.1.1 To run our website;

6.1.2 To provide you with information about us;

6.1.3 To send you our newsletter when you sign up to it;

6.1.4 To communicate with you and respond to your correspondence;

6.1.5 To register you as a study participant;

6.1.6 To carry out scientific research;

6.1.7 To run our studies;

6.1.8 To identify individuals who might be suitable for studies or trials;

6.1.9 To maintain and manage our research records;

6.1.10 In order to pay you for your participation in our studies;

6.1.11 To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data); and

6.1.12 To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.

7. LEGAL BASIS FOR USING YOUR DATA

7.1 We will only use your Data where we have a legal basis to do so. The legal basis will depend on the reason or reasons we have collected and need to use your information. Most commonly, the legal basis will be:

7.1.1 Performance of Contract – meaning processing your Data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;

7.1.2 Legitimate Interest – meaning the interest of conducting and managing our business. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we use your Data for our legitimate business interests. We do not use your Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us;

7.1.3 Complying with a legal obligation meaning using your Data where it is necessary for compliance with a legal obligation that we are subject to; and

7.1.4 Consent – meaning processing your Data based on consent. When we collect your consent, we will explain what we need it for and how you can change your mind in the future. If we process your Data based on consent, you have the right to withdraw that consent at any time. The opt-out methods will depend on how the consent was collected and will be explained when you give us your consent.

7.2 Where we process special categories of your Data relating to your health, when you participate in our studies, we do so on the basis that it is necessary and proportionate for scientific research purposes.

7.3 If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” section.

8. WHO WE SHARE YOUR DATA WITH

8.1 Depending on the circumstances, we may share your personal information with the following:

8.1.1 Companies within the Cybin group (which means our subsidiaries and affiliates) – these companies use your personal information for the purposes for the purposes of reviewing our clinical studies and providing us with services.

8.1.2 Third party service providers, including independent contractors, which assist us in analysing data relating to our studies and research.

8.1.3 If any part of our business enters into a joint venture, purchases another business or is sold to or merged with another business entity, your information may be disclosed or transferred to the third-party company, or new business partners or owners or their agents and advisors. In these circumstances we will always inform the relevant entities that they must only use your Data for the purposes disclosed in this privacy notice and all transfers of Data will be done in accordance with applicable data protection law.

8.1.4 Any law enforcement or regulatory body, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.

8.2 We will not sell, distribute or lease your personal information unless we have your permission or are required by law to do so.

9. SECURITY

9.1 We place great importance on keeping your Data safe and secure. As such, we have in place appropriate technical and organisational measures / industry standard technology to protect it from unauthorised access and unlawful processing, accidental loss, destruction and damage.

9.2 The security measures we use are designed to provide a level of protection security appropriate to the risk of processing your Data.

10. HOW LONG WE KEEP YOUR INFORMATION FOR

10.1 We will retain your Data as long as is reasonably necessary in order to fulfil the purposes outlined in the ‘Why do we collect your information?’ section above.

10.2 When determining the relevant retention periods, we consider guidelines issued by relevant data protection authorities, as well as the time periods needed to comply with applicable regulations, laws, to meet regulatory and financial reporting obligations, for tax, accounting and audit purposes, and to fulfil and protect our contractual and legal obligations and rights.

11. WHERE IS DATA STORED AND SENT?

11.1 Our research team is based in Ireland. If you are participating or applying to participate in a study and are based outside of Ireland, your Data is transferred to Ireland, for the purpose of carrying out scientific research.

11.2 Your Data may then be transferred from Ireland to other countries in the European Economic Area and to countries outside the European Economic Area for the purposes of reviewing our clinical studies and obtaining services from our group of companies. Specifically, your Data may be transferred to other Cybin group companies who are based in Canada, the UK and the USA. Canada has been deemed by the European Commission to have adequate data protection laws in place in certain circumstance but the USA is not a country that the European Commission has deemed to have adequate data protection laws in place. We have therefore incorporated the European Commission approved clauses into our agreement with group companies to which we transfer your Data to ensure the security of your Data. A copy of the European Commission approved model clauses is available here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en.

12. YOUR RIGHTS UNDER EU DATA PROTECTION LAWS
  NUMBER     DESCRIPTION OF RIGHT                                                                                                 
Right 1A right to access your Data held by us.
Right 2A right to require us to rectify any inaccurate Data held by us about you.
Right 3A right to require us to erase Data held by us about you. This right will only apply where, for example, we no longer need to use the Data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your Data based on your consent; or where you object to the way we use your information (in line with Right 6 below).
Right 4In certain circumstances, a right to restrict our use of Data held by us about you. This right will only apply where, for example, you dispute the accuracy of the Data held by us; or where you would have the right to require us to erase the Data but would prefer that our processing is restricted instead; or where we no longer need to use the Data to achieve the purpose we collected it for, but you require the information for the purposes of dealing with legal claims.
Right 5In certain circumstances, a right to receive personal information, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to require us to transfer this personal information to another organization, at your request.
Right 6A right to object to our use of personal information held by us about you.
Right 7A right to withdraw your consent, where we are relying on it to use your personal information.

12.1 If you have any concerns regarding our processing of your personal information, or are not satisfied with our handling of any request by you in relation to your rights, you also have the right to make a complaint to the Data Protection Commissioner in Ireland (https://www.dataprotection.ie/).

12.2 Please note that we may need to retain certain information for our own record-keeping and research purposes.

13. CHANGES TO OUR PRIVACY NOTICE

13.1 Any changes to this policy in the future will be posted on this page and, where appropriate, sent to you by email. We will also post a notice on the website landing page and on appropriate pages on the website. Please check back frequently to see any updates or changes to this policy.

14. HOW TO CONTACT US

14.1 If you need to contact us for any reason, including for any questions, comments or requests regarding this notice, including the collection and / or use of your Data, or as otherwise indicated in any section of this Privacy Notice, contact us at privacy@cybin.com.


Updated November 2021