This Privacy Notice is effective as of December 19, 2019.
BY INTERACTING WITH THE WEBSITE METAGENOM.COM,
EITHER AS A VISITOR OR AS A CUSTOMER, YOU AGREE TO BE BOUND BY THE TERMS OF THIS PRIVACY NOTICE
AND TO OUR TERMS OF SERVICE.
Metagenom Bio Inc.(“MBI”) provides
certain products and services.
The website metagenom.com (the “Site”), including all of its subdomains, is
operated by Metagenom Bio Inc.
In this Privacy Notice the terms “we”, “our” and “us” mean MBI and
the terms “you” and
“your” refer to the users of the Site, including visitors and customers who purchase
“Affiliate” means, with respect to MBI, any person that directly or indirectly
controls MBI, or which MBI directly or indirectly controls, or which together
with MBI is a member of a group under direct or indirect common control, as applicable,
at any time, but only for so long as such control exists. For the purpose of this definition,
“control” means (a) in the case of a person that is a corporate entity, direct or
ownership of fifty percent (50%) or more of the voting securities having the right to elect
directors of such Person, and (b) in the case of a person that is not a corporate entity, the
possession, directly or indirectly, of the power to direct, or cause the direction of, the
management or policies of such person, whether through the ownership of voting securities, by
contract or otherwise.
“Personal Information” means information that identifies you or could be combined by us or
our service providers and Affiliates with other information to identify you. This information
includes your personal e-mail address, home mailing address, home telephone number, personal
cellphone number, your internet provider (IP) address and other similar information when
associated with you. Personal information may also include information about how you have used
our Site and Services, if we can associate that personal information with you. If you interact
with our Site on behalf of a business, personal information does not include your title,
business e-mail and mailing address, or your business telephone number when we use that
information to contact you in your business capacity. For EU residents, your business contact
information is considered personal data.
If you have any questions about the Sites, please contact us at firstname.lastname@example.org.
This Privacy Notice helps our Site visitors and customers who purchase products or services to
better understand how we collect, use and store your Personal Information.
We take the privacy of your Personal Information very seriously and are committed to safeguarding
it. To that end, we developed and implemented policies, practices, and procedures to protect
Personal Information and we train our staff in our Personal Information handling practices.
We commit not to rent or sell any of your Personal Information that we collect from you and to
comply with applicable privacy legislation including the Personal Information Protection and
Electronic Documents Act (“PIPEDA”) and the European Union’s General Data Protection
If you have a question or complaint about our Personal Information handling practices, please
contact us at email@example.com
4. Limiting Collection: What Information Do We Collect?
We only collect the Personal Information that enables us or our service providers to identify you
to provide the services you ordered, and to ship you the products you purchased.
The ways we collect Personal Information can be broadly categorized into the following:
(a) Information you provide to us directly: When you visit or use some parts of our Site,
might ask you to provide Personal Information to us. For example, we may ask for your name and
email address on our Contact Us page so that we can reply to a message you post there. We may
also receive your contact information when you contact us directly at the contact email provided
on the Site. If your order a Product, we will ask for your mailing address so that we can
invoice you and have our shipping provider ship your purchase to you. We will also share your
name, address, email address, and phone number with our shipping provider so it can deliver your
order and contact you about the shipment if needed.
When you place an order for a Product or Service, our credit card payment processor will request
credit card and other identifying information about you to process a credit card transaction.
If you created an account with us, we will collect identification and contact information, such
as name, email address, and mailing address to properly identify you and to contact you when
If you do not wish to provide us with all or some of the Personal Information required to place
an order for products or services you do not have to, but it might mean that you cannot use some
parts of our Site, or order products or services.
Information we collect automatically: We may automatically collect some technical
information when you visit our Site that platforms like Google Analytics may collect about your
interaction with our Site. This includes the geographic location of your IP address, the IP
address itself, device type, what pages you looked at, what links you clicked on, your browser
type and configuration, the date and time of use, language preferences, and cookie data.
We use this information to detect problems, improve the navigation of our Site so they are easier
to use, and to determine which products or services we believe may be of interest to you.
Our Site may store cookies on your computer when you visit them. Cookies are little pieces of
information that can help identify your browser and that can store information for future
to operate the shopping cart on our online store.
Most internet browsers automatically accept cookies. You may however, configure your browser at
time not to save cookies or to notify you when you receive a new cookie.
Our Site may be used without accepting cookies, although some functions may be limited.
We may also use other automated tracking methods on our Site, in our communications with you, and
our products and services, to measure performance and engagement.
elsewhere on the Internet in order to serve you targeted ads. For more information about
behavioral advertising, please visit
Opting out: You can opt out of targeted ads served via specific third party vendors by visiting
Digital Advertising Alliance’s Opt-Out page.
Please note that because there is no consistent industry understanding of how to respond to “Do
Track” signals, we do not alter our data collection and usage practices when we detect such a
from your browser.
5. Limiting Use: How Do We Use Your Personal Information?
We collect and use Personal Information and non-personal information for the following purposes:
- To communicate with you. This may include: providing you with information that you
requested from us or information we are required to send to you; operational communications,
like information regarding your account, or order for a Product or Service, changes to our
Site, changes to this Privacy Notice, or our changes to our Terms of
Service; to provide the
Services and to ship the Products you ordered, to provide ongoing customer assistance and
technical support with the Products and Services you purchased, troubleshoot problems with
your account; to resolve a dispute, and to collect fees or monies you owe us.
- To improve our Site, Products and Services and develop new ones: We track and monitor
how you use the Site and what Products and Services you buy so we can improve our offerings,
user experience, and design new features, Products and Services.
- To detect and prevent any fraudulent or malicious activity and to make sure that
everyone is using our Site fairly and according to our Terms of Service.
- With your consent, to send you general or personalized notices and promotional messages,
or to send news about us;
- With your permission, to conduct research based on aggregated statistical data and
other aggregated and/or inferred non-Personal Information, which we or our business partners
may use to provide and improve our respective products or services;
- To comply with any applicable laws and regulations.
6. Disclosure: When We Disclose Your Personal Information to Others?
We do not share your Personal Information without your explicit consent EXCEPT under the
following limited circumstances:
- To collect a debt from you or to prevent or investigate fraudulent or illegal activity on
your account on our Site.
- To prevent, investigate, or take action regarding illegal activities, suspected fraud,
situations involving potential threats to the physical safety of any person, violations of
our Terms of Service, this Privacy Notice, any contract
related to our products and
services, or as otherwise required by law.
- To comply with an order, subpoena, warrant or other legal requirement issued by a court,
tribunal, regulator or other person with jurisdiction to compel disclosure of your Personal
Information (including to meet national security or law enforcement requirements).
- To comply with a written request from a police officer or other law enforcement agency with
authority to request access to your Personal Information in the course of an actual or
potential investigation into a breach of a law, if a warrant is issued by a court of
- To establish or defend our legal rights. Where possible and appropriate, we will notify you
of this type of disclosure.
- To an actual or potential buyer of MBI (and its agents and advisers) in connection
with an actual or proposed purchase, merger or acquisition of any part of our business.
- To other companies who assist us to process your payment for the products or services you
purchased, ship the products you ordered, or any service providers on whom we rely to
conduct our business with you.
- To protect the security of the Site or the security of your account.
- We are responsible for all onward transfers of Personal Information to third parties in
accordance with the EU-U.S. Privacy Shield Framework, and the Swiss-U.S. Privacy Shield
7. Safeguards: How Do We Protect Your Personal Information?
We take administrative, technical and physical measures to safeguard your Personal Information
against unauthorized access, unauthorized disclosure, theft and misuse. This includes limiting
employees and contractor access to, and use of, your Personal Information though passwords and
graduated levels of clearance. We do not publish all of our security measures online because
this may reduce their effectiveness. We store your Personal Information on the servers of
reputable cloud service providers and we take precautions to ensure that access to such servers
is protected. We educate our employees with respect to their obligations to protect your
Personal Information and we expect our Affiliates and any third-party service providers to take
comparable steps to ensure the protection of any of your Personal Information that is shared
We use industry-standard encryption to protect your data in transit. This is commonly referred to
as transport layer security (“TLS”) or secure socket layer (“SSL”) technology.
We do not store your credit card information. Payments are handled by reputable direct payment
gateway providers. The data they collect is encrypted according to the Payment Card Industry
Data Security Standard (PCI-DSS). Although no method of transmission over the Internet or
electronic storage is 100% secure, direct payment gateway providers follow PCI-DSS requirements
and implement additional generally accepted industry standards.
No method of transmission over the Internet, or method of electronic storage, is 100% secure.
Therefore, we cannot guarantee the absolute security of your Personal Information and you
provide it to us at your own risk.
8. Data Breach
We take precautions against breaches of our security systems, but no company can fully eliminate
the risks of unauthorized access to your Personal Information and no website or platform is
completely secure. Although we cannot guarantee that unauthorized access, hacking, data loss or
breaches of our security systems will never occur, we try to minimize these risks by: (1)
: monitoring access to your Personal Information though activity logs and regular
audits to ensure that no unauthorized access attempts have been made, (2) secure storage:
store all Personal Information and PHI in data centers in Canada that are ISO 27001 certified
and adhere to global privacy and data protection best practices, (3) >network security:
implemented controls to protect against unauthorized access, including segregating our internal
systems from our publicly-accessible systems, (4) end-to-end encryption: we encrypt all
transmissions and communications on the Platform from end-to-end, and (4) training: we
implemented policies and procedures that specifically address Personal Information and we
provide privacy training to our staff on how to safeguard Personal Information and how to
mitigate operational risks. All our staff members and contractors are legally bound to
9. Data Retention: How Long Do We Keep your Personal Information?
In general, we keep your Personal Information as long as we have a legal or legitimate business
need to keep it (for example, to provide you with the products or service you ordered or to
comply with applicable legal requirements).
Once our relationship ends, we generally will continue to store archived copies of your Personal
Information for legitimate business purposes, such as to defend a contractual claim, for audit
purposes, and to comply with the law. We maintain a records retention and destruction program to
destroy information when we no longer needed it and are not required by applicable law to need
Personal Information collected by our direct payment gateway provider to process a transaction on
the Site is stored only as long as it is necessary to complete your purchase transaction. After
that is complete, your purchase transaction information is deleted.
We will continue to store anonymous or anonymized information, such as website visits, without
identifiers, in order to improve our Services.
10. Data Storage And Transfer
The Personal Information we collect will be stored in Canada by default, however these data may
be used or stored by our service providers outside of Canada. We require that our service
providers and safeguard your Personal Information. However, if your Personal Information is used
or stored outside of Canada, these data will be subject to the laws of the country in which they
are used or stored, which may be different from and be less protective of Personal Information
than Canadian privacy law.
11. Residents of the European Economic Area (“EEA”)
If you (a “Data Subject”) are located in the EEA, the Personal Information (or Personal
provide to us in Canada may be transferred to other regions, including to the United States. To
ensure that your Personal Information or Personal Data is protected when transferred out of the
EEA, we rely on Canada’s PIPEDA requirements, which are deemed equivalent to those of the GDPR.
If we, or our service providers, transfer your Personal Data to service providers in the United
States, we expect those service providers to comply with the EU-U.S. Privacy Shield Framework,
regarding the collection, use, and retention of Personal Data from data subjects in the EEA, and
with the Swiss-U.S. Privacy Shield Framework regarding the collection, use and retention of
personal information from data subjects in Switzerland.
Additionally, if you are located in the EEA, we note that we are generally processing your
information in order to fulfill contracts we might have with you (for example if you place an
order through the Site), or otherwise to pursue our legitimate business interests as outlined in
Section 6, unless we are required by law to obtain your consent for a particular processing
When we process Personal Information to pursue these legitimate interests, we do so where we
believe the nature of the processing, the information being processed, and the technical and
organisational measures employed to protect that information can help mitigate the risks to you,
the data subject.
If you are located in the EEA or in Switzerland and believe that your Personal Information /
Personal Data has been used in a manner that is not consistent with this Privacy Notice, please
contact us using the information listed in Section 17.
If your complaint or dispute about Personal Data by one of our service providers located in the
United States remains unresolved, you may also contact the International Centre for Dispute
Resolution. This organization provides independent dispute resolution services, at no charge to
you. ICDR can be contacted at http://go.adr.org/privacyshield.html.
If, after attempting to resolve a dispute through ICDR, you feel that your concerns about the use
of your Personal Data by service provider located in the United States have not been resolved,
please visit http://privacyshield.gov.
We do not knowingly collect Personal Information from children under the age of 18. If we
determine we have collected Personal Information from a child younger than 18 years of age, we
will take reasonable measures to remove that information from our systems. If you are under the
age of 18, please do not submit any Personal Information through the Site.
When you provide us with Personal Information to place an order, complete a transaction by
card, arrange for a delivery or return a purchase, you consent to our collecting your
Information required to complete these activities only.
If we ask for or use your Personal Information for any other reason, like sending you
information or other promotional emails, contest, etc. we will ask you directly for your
You can object to our continued processing of your Personal Information and you can withdraw your
consent from our further use or disclosure of your Personal Information to which you consented;
however, you will not be able to withdraw your consent that you gave us for studies or campaigns
that are already in progress at the time you withdrew your consent. You can only withdraw
consent for our use of your Personal Information for purposes that would begin after the date on
which you withdrew your consent. You will also not be able to withdraw your consent where the
use or disclosure of your Personal Information is authorized or required by law.
Please contact us at firstname.lastname@example.org if you wish to
withdraw your consent. You will be required
to complete a consent withdrawal form once we authenticate you.
13. Third-Party Services and Links
You may be able to access third-party websites through links available on our Site. These links
are provided for your convenience only. Once you leave our Site or are redirected to a
third-party website or application, you are no longer governed by this Privacy Notice or our
website’s Terms of Service.
We do not have any control over those third-party website and you access them at your own risk.
We recommend that you read the privacy policies of these third-party providers so you can
understand how they handle your personal information.
You acknowledge that direct payment gateway providers and other providers may be located in or
have facilities that are located in a different jurisdiction than either you or us. If you elect
to proceed with a transaction that involves the services of a third-party service provider, then
your information may become subject to the laws of the jurisdiction(s) in which that service
provider or its facilities are located.
14. Accuracy: How Do You Modify Your Information?
We want to ensure that the information we collect from you is accurate, complete, and up-to-date
for the purpose for which it is to be used. We will destroy information that is out-of-date or
is no longer required for the purpose for which it was collected, or which we are required to
keep so that we comply with applicable law. We use reasonable means to ensure that information
in your account record is accurate.
You may be able to update certain Personal Information directly in your account. If you have
questions or concerns about other Personal Information we collected from you and you would like
to access that information, please contact us at email@example.com.
Before we grant you access to that information, we will authenticate you to ensure that access is
only given to the correct individual. Once you receive access, if you identify any inaccuracies
in any Personal Information you can request that the information be updated. We will strive to
address any correction requests promptly. If we dispute a correction request, we will log the
reason for the disagreement.
15. Access: Right to your data
You have the right to access your account records. EU residents (or data subjects) have the right
to move their records from one entity to another.
If you request a copy of your account record, we will provide it to you at no charge. You can
request access to your account record by contacting us at firstname.lastname@example.org.
Before we grant you access to your account records we will first authenticate you to confirm your
identity. We will handle all access requests promptly and in accordance with applicable privacy
laws. We will provide you the legends for any special codes, acronyms or other similar
information in the disclosed material so that your right of access is meaningful.
16. Account Closure: Data Deletion
EU residents (or data subjects) have the right in certain circumstances to have their personal
data erased (the “right to be forgotten”)
To close your account or to request that the Personal Information or Personal Data we have about
you be deleted, please email us at to email@example.com. Once we receive your request, we
remove your account information from active use. If you do not re-activate your account within 3
months, we will delete your account information, but we will keep your Personal Information as
described in Section 9 as long as we are required to keep it under any applicable laws.
17. Challenge Compliance
Please notify our Chief Privacy Officer of your complaint by sending an email at firstname.lastname@example.org.
13.2 We have no control over third party websites and accept no responsibility for any content,
material or information contained on them.
You can also reach us at:
- Metagenom Bio Inc.
- 550 Parkside Dr.
- Unit A9
- Waterloo, Ontario
- N2L 5V4
We pledge to address your complaint promptly. If we are unable to resolve your complaint to your
satisfaction you can file a complaint to the Office of the Privacy Commissioner of Canada or the
Office of the Privacy Commissioner of Ontario, as applicable.
If you are unhappy with the response that you receive from us, we hope that you would contact us
to resolve the issue, but you also have the right to lodge a complaint with the relevant data
protection authority in your jurisdiction at any time. They will be able to advise you how to
submit a complaint.
18. Changes to This Privacy Notice
We may change or update the terms of this Privacy Notice from time to time. All changes and
updates are logged in the CHANGE LOG section below.
When the terms of our Privacy Notice change, the Site will display an alert prompting you to
review the changes.
Minor changes and clarifications will take effect immediately after being posted on the Site.
If we make significant changes to this Privacy Notice, in addition to displaying an alert on the
website prompting you to review the changes, we may send you an e-mail at the e-mail address in
The changes to the Privacy Notice will take effect on the date on which they were made or on the
date provided in the notice to you about such changes.
By continuing to use the site after you receive such notice you implicitly consent to be bound by
the terms in effect on that date.
LAST UPDATED on December 19, 2019.