Privacy
Policy

May 1, 2022

This privacy policy (the “Privacy Policy“) outlines important information regarding the collection, use, disclosure and other processing by Cybin Inc. and its subsidiaries (each and together, the “Company“, “us“, “we” or “our“) of the information of customers, potential customers and website users (“you” or “your“) collected via this website including any subsite or microsite (the “Website“) or any other website, application or email published/sent by us or any of our subsidiaries, affiliates or business partners or collected otherwise including through purchase of customer lists from third parties. We are providing you with this Privacy Policy to help you make an informed decision as to whether to use or continue using the Website. By using the Website, you consent to the processing of your information as set forth in this Privacy Policy to the extent permitted by applicable laws.

This Privacy Policy also contains certain information required by privacy laws in the U.S. and Canada, and the European Union (“EU”) Regulation No. 2016/679 of April 27, 2016, known as the General Data Protection Regulation (“GDPR”), and mirroring legislation (with the GDPR, the “European Data Privacy Laws”) of the other countries (Norway, Iceland and Liechtenstein) forming with the EU Member States the European Economic Area (the “EEA”), which apply when we process personal data about individuals located in the EEA in relation to (i) the offering of goods and services to these individuals or (ii) the monitoring of their behavior in the EU or EEA.

PLEASE NOTE: OUR PRIVACY POLICY CHANGES FROM TIME TO TIME AND CHANGES ARE EFFECTIVE UPON POSTING. We may change or supplement this Privacy Policy; we may also undergo a change of ownership. Changes to the Privacy Policy will apply to the information collected from the date we post the revised Privacy Policy on our Website, as well as to existing information held by us. If we decide to materially change our personal information handling policies or practices in a material way, and if we seek to collect, use or disclose personal information for purposes other than those for which consent has been obtained, we will obtain the necessary consents that might be required by law. You may contact us at privacy@cybin.com with respect to any questions you may have with respect to this Privacy Policy. Your continued use of the Website, or your continued interaction with us (in correspondence and the like) after we have posted an updated Privacy Policy on our Website will be deemed an acceptance of these new terms.

 

By reference, this Privacy Policy is incorporated into and is subject to the terms and policies on the Website. Your use of the Website and any personal information you provide via the Website or through other official contact with us remains subject to this Privacy Policy, as well as the terms and/or other stated policies via the Website.

1. Collection of Information and categories of personal data concerned.

1.1 Survey Information. We may collect information from you and other individuals by various methods, including, but not limited to, when you voluntarily complete our survey, order form, or a registration page either online or offline, or by means of online or offline surveys, order forms, or registration pages operated by us or an appointed third-party acting on our behalf (collectively, “Survey”). As used herein, “online” means using the Internet, including the Website, and related technologies, and “offline” means by methods other than online, including in person, in the postal mail, using telephones and cell phones, and other similar means.) In the Surveys, the Company or a third party (a “Third Party“) may ask an individual to provide various information to us, which may include your name, email address, street address, zip code/postal code, telephone numbers, SMS messaging details, birth date, gender, salary range, education and marital status, occupation, social security number, employment information, personal and online interests, and such other information as may be requested from time to time (together, “Survey Information“). We may also collect information concerning you from another source and use that information in combination with information provided from this Website. Completing the Survey(s) is completely voluntary, and individuals are under no obligation to provide Survey Information to us or a Third Party. An individual may receive compensation or incentives from us or a Third Party in exchange for providing Survey Information to us.

1.2 Cookies, Web Beacons, and Other Information Collected Using Technology. We currently use cookie and web beacon technology to associate certain Internet-related information about you. Additionally, we may use other new and evolving sources of information in the future (together, “Technology Information“).

(a) Cookies. A cookie is a small amount of data stored on the hard drive of your computer that allows us to identify you with your corresponding data that resides in our database. Individuals who use the Website need to accept cookies in order to use all of the features and functionality of the Website.

(b) Web Beacons. A web beacon is programming code that can be used to display an image on a webpage, but can also be used to transfer an individual’s unique user identification (often in the form of a cookie) to a database and associate the individual with previously acquired information about an individual in a database. This allows us to track certain websites/apps/emails you visit/use/view online.

(c) JavaScript. In order to determine the web browser you are using, to serve browser-appropriate content, and to optimize links depending on whether or not they have been visited by you, we may employ JavaScript which provides this information to us.

(d) New Technology. If you visit the Website (even if you do not fill out a Survey), we may automatically collect information about your computer, smart phone, tablet or similar device (“Device“), such as the type of Device, operating system version, unique Device identifier, browser type and version, language setting and mobile network information or log information (IP address, screen resolution, and referring domain) (collectively, “Device Information“). While an IP address does not identify an individual by name, it may, with the cooperation of an Internet Service Provider, identify an access point or a Device, which may in turn lead to the identification of a specific person. The use of technology on the Internet, including cookies and web beacons, is rapidly evolving, as is our use of new and evolving technology. As a result, we strongly encourage you to revisit this Privacy Policy for any updates regarding our use of technology.

1.3 No Information Collected from Children. We will never knowingly collect any personal information about children under the age of 16 (a “Minor“). The Website is not directed to Minors. If we obtain actual knowledge that we collected personal information about a Minor, that information will be automatically deleted from our database. Because we do not collect such information, we have no such information to use or to disclose to Third Parties. We have designed this policy in order to comply with the Children’s Online Privacy Protection Act (“COPPA”). You may read more about COPPA at http://www.coppa.org. If you become aware that your child, or any Minor, has provided us with personal information without (parental/representative) consent, you should contact us immediately. As regards the processing of personal data about children falling within the scope of European Data Privacy Laws which require the child’s representative’s consent, we assimilate to children under 16 permitted by the national law of the European country where the children reside.

1.4 Log File Information. Our servers may automatically record and archive certain information (“Log File Information“) that web-browsers send whenever visiting our Website. These server logs may include information vital to validating your authorization to access an account. Information, such as a web request, Internet Protocol (the “IP”) address, browser type, browser language, referring pages, exit pages and visited URLs, platform type, click counts, pages viewed and in what order, time spent, the date and time of the request, and other important data that is necessary to validate and authorize your entry and activity on our Website.

 

1.5 Your Individual Information. As used herein, your Individual Information means Survey Information, \ Other Information, Technology Information, Outside Information, Log File Information, and any other information we gather or receive about you such as usage data, file transfer and viewing data.

2. Use of Your Individual Information and purposes of their processing.

2.1 Discretion to Use Your Individual Information. WE MAY USE YOUR INDIVIDUAL INFORMATION FOR ANY LEGALLY PERMISSIBLE PURPOSE IN OUR SOLE DISCRETION TO THE EXTENT PERMITTED BY APPLICABLE LAWS. The following paragraphs in this Section 2 describe how we currently use your Individual Information, but we may change or broaden our use at any time to the extent permitted by applicable laws. As noted, we may update this Privacy Policy from time to time.

2.2 Email. We use your Individual Information to provide information about our company and products by email to you. We may maintain separate email lists for different purposes. If you wish to end your email subscription from a particular list, you need to follow the instructions at the end of each email message to unsubscribe from the particular list. We only send email to individuals who have agreed on the Website to receive email from us.

2.3 Storage of Your Individual Information. We store your Individual Information in a database on our computers. Our computers have security measures (such as a firewall) in place to protect against the loss, misuse, and alteration of Individual Information under our control. Notwithstanding such measures, we cannot guarantee that our security measures will prevent our computers from being illegally accessed, and your Individual Information on them stolen or altered.

2.4 Website Display. We use your Technology Information to ensure that content from the Website is presented in the most effective manner for you and for your computer.

2.5 Statistics. We anonymize your Individual Information in order to generate statistical data that, to the extent that anonymized data ceases to be personal data, we may use for a variety of purposes.

 

2.6 Compliance with legal obligation. We may use your Individual Information to comply with our legal obligations.

3. Legal basis of our personal data processing activities under U.S., Canada, and European Data Privacy Laws

When European Data Privacy Laws apply and you are an individual in the EEA, the attached policy will govern Cybin IRL Limited Privacy Notice.

3.1 Legitimate interests. We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

3.2 Legal obligation. We are also permitted to process your personal data every time it is necessary for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to make mandatory disclosures to government bodies and law enforcements.

4. Dissemination of Your Individual Information and categories of recipients of personal data.

‍4.1 Sale or Transfer to Third Parties. THE COMPANY MAY SELL OR TRANSFER YOUR INDIVIDUAL INFORMATION TO THIRD PARTIES FOR ANY LEGALLY PERMISSIBLE PURPOSE IN OUR SOLE DISCRETION TO THE EXTENT PERMITTED BY LAW.

4.2 Legal Process. We may disclose your Individual Information to respond to subpoenas, court orders, and other legal processes.

4.3 Access. You may request access to your Individual Information collected to provide an opportunity for you to correct, amend, or delete such information. Please contact us at privacy@cybin.com.

4.4 Other. We may also disclose your Individual Information: where the information is public; to protect our rights; to protect ourselves against liability or prevent fraudulent activity; to a person who needs the information because of an emergency that threatens the life, health or security of an identifiable person or group; or to our advisors, counsel, and similar trusted parties.

 

4.5 Transfer of data in other countries. Individuals in the EEA are hereby informed that we may use providers located in the EU, the EEA, Canada and other countries deemed to offer an adequate level protection according to the European Commission as well as the United States of America, provided that any recipient of personal data based in the United States of America adopted corporate binding rules or entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission or benefits from the U.S. “Privacy Shield” accreditation.

5. Data Transfer and Storage.

You acknowledge that personal information will be collected and stored by us in Canada. By using the Website, you consent to the transfer of information to and/or storage of information outside of your country of residence/domicile. Individuals in the EEA are hereby informed that we may store their personal data in the EU, the EEA, Canada and other countries deemed to offer an adequate level protection according to the European Commission as well as the United States of America, provided that any recipient of personal data based in the United States of America adopted corporate binding rules or entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission or benefits from the U.S. “Privacy Shield” accreditation.

6. Disputes.

‍If you have any concerns or claims with respect to our data handling practices, please contact us at privacy@cybin.com.

 

We will investigate and attempt to resolve any complaints and disputes regarding our use and disclosure of your Individual Information. If your complaint or dispute cannot be resolved through our internal process, or if we do not adequately respond to your question, you agree to resolve your dispute through arbitration unless you are an individual in the EEA and the dispute in relation to the processing of personal data falling with the scope of European Data Privacy Laws (in the latter case, see section 9 below). If arbitration is necessary, it will be conducted by telephone and/or email, and if it must be done in person, it will be conducted in Toronto, Canada. The arbitration will be conducted by one arbitrator member of the American Arbitration Association, and under the rules of commercial arbitration of the American Arbitration Association or as agreed between you and the Company. Both parties will bear equally the cost of arbitration (exclusive of legal fees and expenses). All decisions of the arbitrator will be final and binding on both parties and enforceable in any court of competent jurisdiction. For additional information you may contact www.ADR.org.

7. Limitation of Liability.

‍We exercise reasonable efforts to safeguard the security and confidentiality of your personal information; however, transmissions protected by industry standard technology and administered by humans cannot be guaranteed to be secure. We will not be liable for unauthorized disclosure of personal information that occurs through no fault of our own including, but not limited to, errors in transmission, access to your account by anyone, uses of your Individual Information, your failure to comply with your security obligations, and the unauthorized acts of our employees, to the greatest extent permitted by applicable law and subject to European Data Privacy Laws where applicable.

8. California User Consumer Rights.

‍In accordance with the California Civil Code, California resident users are entitled to know that they may file grievances and complaints with the California Department of Consumer Affairs, 400 R Street, STE 1080, Sacramento, CA 95814; or by phone at 916-445-1254 or 800-952-5210; or by email to dca@dca.ca.gov. Residents of the State of California have the right to request from a business with whom the California resident has an established business relationship, once a year, certain information with respect to the types of personal information that the business shares with third parties for those third parties’ direct marketing purposes and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To exercise your rights, you may make one request each year by contacting us.

 

The California law permits users who are California residents to request information regarding our disclosure of their Information to third parties including the categories of Information shared and a list of the names and addresses of third-parties with whom the Information was shared. If you are a California resident and would like a copy of this notice, please submit a request by contacting us.

9. Rights of individuals in the EEA.

‍When European Data Privacy Laws apply and you are an individual in the EEA, we inform you that you have the rights set out here Cybin IRL Limited Privacy Notice. You may exercise these rights by contacting us. We will respond to any rights that you exercise within a month of receiving your request. Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the European Data Protection Laws.

9.1 Right to object to processing of your personal data; You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing. If you object to us processing your personal data we must demonstrate legitimate interest for continuing to do so.

9.2 Right to access personal data relating to you; You may ask to see what personal data we hold about you and be provided with a copy of the personal data; details of the purpose for which the personal data is being or is to be processed; details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are outside the EEA and what protections are used for those transfers; the period for which the personal data is held (or the criteria we use to determine how long it is held); and any information available about the source of that data.

9.3 Right to correct any mistakes in your information; You can require us to correct any mistakes in your information which we hold. If you would like to do this, please contact us at privacy@cybin.com to let us know what information is incorrect and what it should be replaced with.

9.4 Right to restrict processing of personal data; You may request that we stop processing your personal data temporarily if you do not think that your data is accurate, or you have objected to processing because you believe that your interests should override our legitimate interests.

9.5 Right to data portability; You may ask for an electronic copy of your personal data which we hold electronically.

9.6 Right to withdraw consent; You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.

9.7 Right to erasure; You may require us to erase Data held by us about you if we no longer need to use the Data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your Data based on your consent; or where you object to the way we use your information.

9.9 Complaints to a European supervisory authority: If you have any concerns regarding our processing of your personal information, or are not satisfied with our handling of any request by you in relation to your rights, you also have the right to make a complaint to the Data Protection Commissioner in Ireland or to any European competent supervisory authority.

10. How to Contact Us

by email at: privacy@cybin.com

by mail at (EEA):

Cybin IRL Limited

One Spencer Dock, North Wall Quay

Dublin 1

D01 X9R7

Ireland

 

OR (non-EEA):

Cybin Inc.

5600 – 100 King Street West

Toronto, Ontario

M5X 1C9

Canada