May 1, 2022
1. Collection of Information and categories of personal data concerned.
1.1 Survey Information. We may collect information from you and other individuals by various methods, including, but not limited to, when you voluntarily complete our survey, order form, or a registration page either online or offline, or by means of online or offline surveys, order forms, or registration pages operated by us or an appointed third-party acting on our behalf (collectively, “Survey”). As used herein, “online” means using the Internet, including the Website, and related technologies, and “offline” means by methods other than online, including in person, in the postal mail, using telephones and cell phones, and other similar means.) In the Surveys, the Company or a third party (a “Third Party“) may ask an individual to provide various information to us, which may include your name, email address, street address, zip code/postal code, telephone numbers, SMS messaging details, birth date, gender, salary range, education and marital status, occupation, social security number, employment information, personal and online interests, and such other information as may be requested from time to time (together, “Survey Information“). We may also collect information concerning you from another source and use that information in combination with information provided from this Website. Completing the Survey(s) is completely voluntary, and individuals are under no obligation to provide Survey Information to us or a Third Party. An individual may receive compensation or incentives from us or a Third Party in exchange for providing Survey Information to us.
1.2 Cookies, Web Beacons, and Other Information Collected Using Technology. We currently use cookie and web beacon technology to associate certain Internet-related information about you. Additionally, we may use other new and evolving sources of information in the future (together, “Technology Information“).
(a) Cookies. A cookie is a small amount of data stored on the hard drive of your computer that allows us to identify you with your corresponding data that resides in our database. Individuals who use the Website need to accept cookies in order to use all of the features and functionality of the Website.
(b) Web Beacons. A web beacon is programming code that can be used to display an image on a webpage, but can also be used to transfer an individual’s unique user identification (often in the form of a cookie) to a database and associate the individual with previously acquired information about an individual in a database. This allows us to track certain websites/apps/emails you visit/use/view online.
1.3 No Information Collected from Children. We will never knowingly collect any personal information about children under the age of 16 (a “Minor“). The Website is not directed to Minors. If we obtain actual knowledge that we collected personal information about a Minor, that information will be automatically deleted from our database. Because we do not collect such information, we have no such information to use or to disclose to Third Parties. We have designed this policy in order to comply with the Children’s Online Privacy Protection Act (“COPPA”). You may read more about COPPA at http://www.coppa.org. If you become aware that your child, or any Minor, has provided us with personal information without (parental/representative) consent, you should contact us immediately. As regards the processing of personal data about children falling within the scope of European Data Privacy Laws which require the child’s representative’s consent, we assimilate to children under 16 permitted by the national law of the European country where the children reside.
1.4 Log File Information. Our servers may automatically record and archive certain information (“Log File Information“) that web-browsers send whenever visiting our Website. These server logs may include information vital to validating your authorization to access an account. Information, such as a web request, Internet Protocol (the “IP”) address, browser type, browser language, referring pages, exit pages and visited URLs, platform type, click counts, pages viewed and in what order, time spent, the date and time of the request, and other important data that is necessary to validate and authorize your entry and activity on our Website.
1.5 Your Individual Information. As used herein, your Individual Information means Survey Information, \ Other Information, Technology Information, Outside Information, Log File Information, and any other information we gather or receive about you such as usage data, file transfer and viewing data.
2. Use of Your Individual Information and purposes of their processing.
2.2 Email. We use your Individual Information to provide information about our company and products by email to you. We may maintain separate email lists for different purposes. If you wish to end your email subscription from a particular list, you need to follow the instructions at the end of each email message to unsubscribe from the particular list. We only send email to individuals who have agreed on the Website to receive email from us.
2.3 Storage of Your Individual Information. We store your Individual Information in a database on our computers. Our computers have security measures (such as a firewall) in place to protect against the loss, misuse, and alteration of Individual Information under our control. Notwithstanding such measures, we cannot guarantee that our security measures will prevent our computers from being illegally accessed, and your Individual Information on them stolen or altered.
2.4 Website Display. We use your Technology Information to ensure that content from the Website is presented in the most effective manner for you and for your computer.
2.5 Statistics. We anonymize your Individual Information in order to generate statistical data that, to the extent that anonymized data ceases to be personal data, we may use for a variety of purposes.
2.6 Compliance with legal obligation. We may use your Individual Information to comply with our legal obligations.
3. Legal basis of our personal data processing activities under U.S., Canada, and European Data Privacy Laws
When European Data Privacy Laws apply and you are an individual in the EEA, the attached policy will govern Cybin IRL Limited Privacy Notice.
3.1 Legitimate interests. We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.
3.2 Legal obligation. We are also permitted to process your personal data every time it is necessary for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to make mandatory disclosures to government bodies and law enforcements.
4. Dissemination of Your Individual Information and categories of recipients of personal data.
4.1 Sale or Transfer to Third Parties. THE COMPANY MAY SELL OR TRANSFER YOUR INDIVIDUAL INFORMATION TO THIRD PARTIES FOR ANY LEGALLY PERMISSIBLE PURPOSE IN OUR SOLE DISCRETION TO THE EXTENT PERMITTED BY LAW.
4.2 Legal Process. We may disclose your Individual Information to respond to subpoenas, court orders, and other legal processes.
4.3 Access. You may request access to your Individual Information collected to provide an opportunity for you to correct, amend, or delete such information. Please contact us at firstname.lastname@example.org.
4.4 Other. We may also disclose your Individual Information: where the information is public; to protect our rights; to protect ourselves against liability or prevent fraudulent activity; to a person who needs the information because of an emergency that threatens the life, health or security of an identifiable person or group; or to our advisors, counsel, and similar trusted parties.
4.5 Transfer of data in other countries. Individuals in the EEA are hereby informed that we may use providers located in the EU, the EEA, Canada and other countries deemed to offer an adequate level protection according to the European Commission as well as the United States of America, provided that any recipient of personal data based in the United States of America adopted corporate binding rules or entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission or benefits from the U.S. “Privacy Shield” accreditation.
5. Data Transfer and Storage.
You acknowledge that personal information will be collected and stored by us in Canada. By using the Website, you consent to the transfer of information to and/or storage of information outside of your country of residence/domicile. Individuals in the EEA are hereby informed that we may store their personal data in the EU, the EEA, Canada and other countries deemed to offer an adequate level protection according to the European Commission as well as the United States of America, provided that any recipient of personal data based in the United States of America adopted corporate binding rules or entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission or benefits from the U.S. “Privacy Shield” accreditation.
If you have any concerns or claims with respect to our data handling practices, please contact us at email@example.com.
We will investigate and attempt to resolve any complaints and disputes regarding our use and disclosure of your Individual Information. If your complaint or dispute cannot be resolved through our internal process, or if we do not adequately respond to your question, you agree to resolve your dispute through arbitration unless you are an individual in the EEA and the dispute in relation to the processing of personal data falling with the scope of European Data Privacy Laws (in the latter case, see section 9 below). If arbitration is necessary, it will be conducted by telephone and/or email, and if it must be done in person, it will be conducted in Toronto, Canada. The arbitration will be conducted by one arbitrator member of the American Arbitration Association, and under the rules of commercial arbitration of the American Arbitration Association or as agreed between you and the Company. Both parties will bear equally the cost of arbitration (exclusive of legal fees and expenses). All decisions of the arbitrator will be final and binding on both parties and enforceable in any court of competent jurisdiction. For additional information you may contact www.ADR.org.
7. Limitation of Liability.
We exercise reasonable efforts to safeguard the security and confidentiality of your personal information; however, transmissions protected by industry standard technology and administered by humans cannot be guaranteed to be secure. We will not be liable for unauthorized disclosure of personal information that occurs through no fault of our own including, but not limited to, errors in transmission, access to your account by anyone, uses of your Individual Information, your failure to comply with your security obligations, and the unauthorized acts of our employees, to the greatest extent permitted by applicable law and subject to European Data Privacy Laws where applicable.
8. California User Consumer Rights.
In accordance with the California Civil Code, California resident users are entitled to know that they may file grievances and complaints with the California Department of Consumer Affairs, 400 R Street, STE 1080, Sacramento, CA 95814; or by phone at 916-445-1254 or 800-952-5210; or by email to firstname.lastname@example.org. Residents of the State of California have the right to request from a business with whom the California resident has an established business relationship, once a year, certain information with respect to the types of personal information that the business shares with third parties for those third parties’ direct marketing purposes and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To exercise your rights, you may make one request each year by contacting us.
The California law permits users who are California residents to request information regarding our disclosure of their Information to third parties including the categories of Information shared and a list of the names and addresses of third-parties with whom the Information was shared. If you are a California resident and would like a copy of this notice, please submit a request by contacting us.
9. Rights of individuals in the EEA.
When European Data Privacy Laws apply and you are an individual in the EEA, we inform you that you have the rights set out here Cybin IRL Limited Privacy Notice.You may exercise these rights by contacting us. We will respond to any rights that you exercise within a month of receiving your request. Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the European Data Protection Laws.
9.1 Right to object to processing of your personal data; You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing. If you object to us processing your personal data we must demonstrate legitimate interest for continuing to do so.
9.2 Right to access personal data relating to you; You may ask to see what personal data we hold about you and be provided with a copy of the personal data; details of the purpose for which the personal data is being or is to be processed; details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are outside the EEA and what protections are used for those transfers; the period for which the personal data is held (or the criteria we use to determine how long it is held); and any information available about the source of that data.
9.3 Right to correct any mistakes in your information; You can require us to correct any mistakes in your information which we hold. If you would like to do this, please contact us at email@example.com to let us know what information is incorrect and what it should be replaced with.
9.4 Right to restrict processing of personal data; You may request that we stop processing your personal data temporarily if you do not think that your data is accurate, or you have objected to processing because you believe that your interests should override our legitimate interests.
9.5 Right to data portability; You may ask for an electronic copy of your personal data which we hold electronically.
9.6 Right to withdraw consent; You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.
9.7 Right to erasure; You may require us to erase Data held by us about you if we no longer need to use the Data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your Data based on your consent; or where you object to the way we use your information.
9.9 Complaints to a European supervisory authority: If you have any concerns regarding our processing of your personal information, or are not satisfied with our handling of any request by you in relation to your rights, you also have the right to make a complaint to the Data Protection Commissioner in Ireland or to any European competent supervisory authority.
10. How to Contact Us
by email at: firstname.lastname@example.org
by mail at (EEA):
Cybin IRL Limited
One Spencer Dock, North Wall Quay
5600 – 100 King Street West