Cybin’s Privacy Policy

Date: 06 Nov, 2020

This privacy policy (the “Privacy Policy“) outlines important information regarding the collection, use, disclosure and other processing by Cybin Inc. (the “Company“, “us“, “we” or “our“) of the information of customers, potential customers and website users, customers, suppliers, journalists and social influencers  (“you” or “your“) collected via this website including any subsite or microsite (the “Website“) or any other website, application or email published/sent by us or any of our affiliates or business partners  or collected otherwise including through purchase of customer lists from third parties. We are providing you with this Privacy Policy to help you make an informed decision as to whether to use or continue using the Website. By using the Website, you consent to the processing of your information as set forth in this Privacy Policy to the greatest extent permitted by applicable laws.

This Privacy Policy also contains certain information required by privacy laws in the U.S. and Canada, and the European Union (“EU”) Regulation No. 2016/679 of April 27, 2016, known as the General Data Protection Regulation (“GDPR”), and mirroring legislation (with the GDPR, the “European Data Privacy Laws”) of the other countries (Norway, Iceland and Liechtenstein) forming with the EU Member States the European Economic Area (the “EEA”), which apply when we process personal data about individuals located in the EEA in relation to (i) the offering of goods and services to these individuals or (ii) the monitoring of their behaviour in the EU or EEA.

PLEASE NOTE: OUR PRIVACY POLICY CHANGES FROM TIME TO TIME AND CHANGES ARE EFFECTIVE UPON POSTING. We may change or supplement this Privacy Policy; we may also undergo a change of ownership. Changes to the Privacy Policy will apply to the information collected from the date we post the revised Privacy Policy on our Website, as well as to existing information held by us. If we decide to materially change our personal information handling policies or practices in a material way, and if we seek to collect, use or disclose personal information for purposes other than those for which consent has been obtained, we will obtain the necessary consents that might be required by law. We will also notify you by means of a notice on our Website before the material change becomes effective. If any proposed change is unacceptable to you, you may request that we close your account, as described in the How to Contact Us section. Your continued use of the Website, or your continued interaction with us (in correspondence and the like) after we have notified you of a material change to this Privacy Policy will be deemed an acceptance of these new terms.

By reference, this Privacy Policy is incorporated into and is subject to the terms and policies on the Website. Your use of the Website and any personal information you provide via the Website or through other official contact with us remains subject to this Privacy Policy, as well as the terms and/or other stated policies via the Website.

1. Collection of Information and categories of personal data concerned.

1.1 Survey Information. We collect information from you and other individuals by various methods, including, but not limited to, when you voluntarily complete our survey, order form, or a registration page either online or offline, or by means of online or offline surveys, order forms, or registration pages operated by third parties (collectively, “Survey”). (As used herein, “online” means using the Internet, including the Website, and related technologies, and “offline” means by methods other than online, including in person, in the postal mail, using telephones and cell phones, and other similar means.) In the Surveys, the Company or a third party (a “Third Party“) may ask an individual to provide various information to us, which may include your name, email address, street address, zip code/postal code, telephone numbers (including wireless phone numbers and wireless carriers), SMS messaging details (e.g. date, time and content of the SMS message), birth date, gender, salary range, education and marital status, occupation, social security number, employment information, personal and online interests, and such other information as may be requested from time to time (together, “Survey Information“). We may also collect information concerning you from another source and use that information in combination with information provided from this Website. Completing the Survey(s) is completely voluntary, and individuals are under no obligation to provide Survey Information to us or a Third Party, but an individual may receive incentives from us or a Third Party in exchange for providing Survey Information to us.

1.2 Cookies, Web Beacons, and Other Information Collected Using Technology. We currently use cookie and web beacon technology to associate certain Internet-related information about you with information about you in our database. Additionally, we may use other new and evolving sources of information in the future (together, “Technology Information“).

(a) Cookies. A cookie is a small amount of data stored on the hard drive of your computer that allows us to identify you with your corresponding data that resides in our database. You may read more about cookies at http://cookiecentral.com. Individuals who use the Website need to accept cookies in order to use all of the features and functionality of the Website.

(b) Web Beacons. A web beacon is programming code that can be used to display an image on a web page, but can also be used to transfer an individual’s unique user identification (often in the form of a cookie) to a database and associate the individual with previously acquired information about an individual in a database. This allows us to track certain websites/apps/emails you visit/use/view online: ours and those of third parties with whom we are directly or indirectly in a contractual relationship.

(c) JavaScript. In order to determine the web browser you are using, to serve browser-appropriate content, and to optimize links depending on whether or not they have been visited by you, we may employ JavaScript which provides this information to us.

(d) New Technology. If you visit the Website (even if you do not fill out a Survey), we may automatically collect information about your computer, smart phone, tablet or similar device (“Device“), such as the type of Device, operating system version, unique Device identifier, browser type and version, language setting and mobile network information or log information (IP address, screen resolution, and referring domain) (collectively, “Device Information“). While an IP address does not identify an individual by name, it may, with the cooperation of an Internet Service Provider, identify an access point or a Device, which may in turn lead to the identification of a specific person. The use of technology on the Internet, including cookies and web beacons, is rapidly evolving, as is our use of new and evolving technology. As a result, we strongly encourage you to revisit this Privacy Policy for any updates regarding our use of technology.

1.3 No Information Collected from Children. We will never knowingly collect any personal information about children under the age of 13 (a “Minor“). The Website is not directed to Minors. If we obtain actual knowledge that we collected personal information about a Minor, that information will be automatically deleted from our database. Because we do not collect such information, we have no such information to use or to disclose to Third Parties. We have designed this policy in order to comply with the Children’s Online Privacy Protection Act (“COPPA”). You may read more about COPPA at http://www.coppa.org. If you become aware that your child, a Minor, has provided us with personal information without your consent, you should contact us immediately. As regards the processing of personal data about children falling within the scope of European Data Privacy Laws which require the child’s representative’s consent, we assimilate to children under 16 permitted by the national law of the European country where the children reside.

1.4 Log File Information. When you log-in to access your account, our servers may automatically record and archive certain information (“Log File Information“) that web-browsers send whenever visiting our Website. These server logs may include information vital to validating your authorization to access an account. Information, such as a web request, Internet Protocol (the “IP”) address, browser type, browser language, referring pages, exit pages and visited URLs, platform type, click counts, pages viewed and in what order, time spent, the date and time of the request, and other important data that is necessary to validate and authorize your entry and activity on our Website.

1.5 Your Individual Information. As used herein, your Individual Information means Survey Information, \ Other Information, Technology Information, Outside Information, Log File Information, and any other information we gather or receive about you such as usage data, file transfer and viewing data.

2. Use of Your Individual Information and purposes of their processing.

2.1 Discretion to Use Your Individual Information. WE MAY USE YOUR INDIVIDUAL INFORMATION FOR ANY LEGALLY PERMISSIBLE PURPOSE IN OUR SOLE DISCRETION TO THE GREATEST EXTENT PERMITTED BY APPLICABLE LAWS. The following paragraphs in this Section 2 describe how we currently use your Individual Information, but we may change or broaden our use at any time to the greatest extent permitted by applicable laws. As noted, we may update this Privacy Policy from time to time. When European Data Privacy Laws apply, these uses (and their legal basis) will be notified to you in advance.

2.2 Email. We use your Individual Information to provide information about our company and products by email to you. We may maintain separate email lists for different purposes. If you wish to end your email subscription from a particular list, you need to follow the instructions at the end of each email message to unsubscribe from the particular list.  We only send email to individuals who have agreed on the Website to receive email from us.

2.3 Storage of Your Individual Information. We store your Individual Information in a database on our computers. Our computers have security measures (such as a firewall) in place to protect against the loss, misuse, and alteration of Individual Information under our control. Notwithstanding such measures, we cannot guarantee that our security measures will prevent our computers from being illegally accessed, and your Individual Information on them stolen or altered.

2.4 Website Display. We use your Technology Information to ensure that content from the Website is presented in the most effective manner for you and for your computer. 

2.5 Statistics. We anonymise your Individual Information in order to generate statistical data that, to the extent that anonymized data ceases to be personal data, we may use for a variety of purposes. 

2.6 Compliance with legal obligation. We may use your Individual Information to comply with our legal obligations. 

2.7 Investors. We may use your Individual Information on a confidential basis to debt or equity investors envisaging investing or who have invested, directly or indirectly, in any of our entities, businesses or asset.

3. Legal basis of our personal data processing activities under U.S., Canada, and European Data Privacy Laws

When European Data Privacy Laws apply and you are an individual in the EEA, we inform you that we are allowed to process your personal data on the following legal bases.

3.1 Legitimate interests. We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. 

3.2 Legal obligation. We are also permitted to process your personal data every time it is necessary for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to make mandatory disclosures to government bodies and law enforcements.

3.3 Consent. Your consent may be asked for the uses described above. You can withdraw this consent at any time.

4. Dissemination of Your Individual Information and categories of recipients of personal data.

4.1 Sale or Transfer to Third Parties. THE COMPANY MAY SELL OR TRANSFER YOUR INDIVIDUAL INFORMATION TO THIRD PARTIES FOR ANY LEGALLY PERMISSIBLE PURPOSE IN OUR SOLE DISCRETION TO THE GREATEST EXTENT PERMITTED BY LAW.

4.2 Legal Process. We may disclose your Individual Information to respond to subpoenas, court orders, and other legal processes.

4.3 Access. You have access to your Individual Information collected to provide an opportunity for you to correct, amend, or delete such information. Access can be obtained by contacting Company.

4.4 Other. We may also disclose your Individual Information:

  • Where the information is public; or
  • To protect the Website and our rights;
  • To protect ourselves against liability or prevent fraudulent activity;
  • To a person who needs the information because of an emergency that threatens the life, health or security of an identifiable person or group;
  • To our advisors, counsels, and similar trusted parties; or
  • To debt or equity investors envisaging investing or having invested, directly or indirectly, in any of our entities, businesses or assets.

4.5 Transfer of data in other countries. Individuals in the EEA are hereby informed that we may use providers located in the EU, the EEA, Canada (private sector) and other countries deemed to offer an adequate level protection according to the European Commission as well as the United States of America, provided that any recipient of personal data based in the United States of America adopted corporate binding rules or entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission or benefits from the U.S. “Privacy Shield” accreditation.

5. Data Transfer and Storage.

You acknowledge that personal information will be collected and stored by us in Canada. By using the Website, you consent to the transfer of information to and/or storage of information outside of your country and in Canada to the greatest extent permitted by law. Individuals in the EEA are hereby informed that we may store their personal data in the EU, the EEA, Canada  and other countries deemed to offer an adequate level protection according to the European Commission as well as the United States of America, provided that any recipient of personal data based in the United States of America adopted corporate binding rules or entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission or benefits from the U.S. “Privacy Shield” accreditation.

6. Disputes.

If you have any concerns or claims with respect to our data handling practices, please contact us first. We will investigate and attempt to resolve any complaints and disputes regarding our use and disclosure of your Individual Information. If your complaint or dispute cannot be resolved through our internal process, or if we do not adequately respond to your question, you agree to resolve your dispute through arbitration unless you are an individual in the EEA and the dispute in relation to the processing of personal data falling with the scope of European Data Privacy Laws (in the latter case, see below). If arbitration is necessary, it will be conducted by telephone and email, and if it must be done in person, it will be conducted in Toronto, Canada. The arbitration will be conducted by one arbitrator member of the American Arbitration Association, and under the rules of commercial arbitration of the American Arbitration Association or as agreed between you and the Company. Both parties will bear equally the cost of arbitration (exclusive of legal fees and expenses). All decisions of the arbitrator will be final and binding on both parties and enforceable in any court of competent jurisdiction. For additional information you may contact www.ADR.org.

7. Limitation of Liability.

We exercise reasonable efforts to safeguard the security and confidentiality of your personal information; however, transmissions protected by industry standard technology and administered by humans cannot be guaranteed to be secure. We will not be liable for unauthorized disclosure of personal information that occurs through no fault of our own including, but not limited to, errors in transmission, access to your account by anyone, uses of your Individual Information, your failure to comply with your security obligations, and the unauthorized acts of our employees, to the greatest extent permitted by applicable law and subject to European Data Privacy Laws where applicable.

8. California User Consumer Rights.

In accordance with the California Civil Code, California resident users are entitled to know that they may file grievances and complaints with the California Department of Consumer Affairs, 400 R Street, STE 1080, Sacramento, CA 95814; or by phone at 916-445-1254 or 800-952-5210; or by email to dca@dca.ca.gov. Residents of the State of California have the right to request from a business with whom the California resident has an established business relationship, once a year, certain information with respect to the types of personal information that the business shares with third parties for those third parties’ direct marketing purposes and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To exercise your rights, you may make one request each year by contacting us.

The California law permits users who are California residents to request information regarding our disclosure of their Information to third-parties including the categories of Information shared and a list of the names and addresses of third-parties with whom the Information was shared.  If you are a California resident and would like a copy of this notice, please submit a request by contacting us.

9. Rights of individuals in the EEA.

When European Data Privacy Laws apply and you are an individual in the EEA, we inform you that you have the rights set out below.

You may exercise these rights by contacting us. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the European Data Protection Laws.

9.1 Right to object to processing of your personal data

You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing. If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so.

9.2 Right to access personal data relating to you

You may ask to see what personal data we hold about you and be provided with:

  • a copy of the personal data;
  • details of the purpose for which the personal data is being or is to be processed;
  • details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are outside the EEA and what protections are used for those transfers;
  • the period for which the personal data is held (or the criteria we use to determine how long it is held); and
  • any information available about the source of that data;

To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.

9.3 Right to correct any mistakes in your information

You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.

9.4 Right to restrict processing of personal data

You may request that we stop processing your personal data temporarily if:

  • you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
  • the processing is unlawful but you do not want us to erase your data;
  • we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
  • you have objected to processing because you believe that your interests should override our legitimate interests.

9.5 Right to data portability

You may ask for an electronic copy of your personal data which we hold electronically and which we process on the basis of a contract with you or with your consent.

9.6 Right to withdraw consent

You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.

9.7 Right to erasure

You can ask us to erase your personal data:

  • should we not need your data anymore in order to process it for the purposes set out herein;
  • if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
  • if you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
  • if your data has been processed unlawfully or have not been erased when it should have been.

9.8 Rights in relation to automated decision making

You have the right to have any decision that has been made by automated means and which produces legal effects or has a similar significant effect on you reviewed by a member of staff, it being noted that our processing activities do not fall in that category.

9.9 Complaints to a European supervisory authority

It is important that you ensure you have read this Privacy Policy and, if you do not think that we have processed your data in accordance therewith, you should let us know as soon as possible. You may also complain to any European competent supervisory authority.

10. How to Contact Us

You may reach us by email at info@cybin.com .