PRIVACY NOTICE
EFFECTIVE DATE: January 5, 2022
By interacting with the website at www.healthyhydroponics.ca (the “Site”), the web application at clients.metagenom.com (“WebPortal”), either as a visitor to the Site or a User of the Services, you agree to be bound by this Privacy Notice and by the Terms and Conditions (the “Terms”) of which this Privacy Notice is a part.
This Privacy Notice helps visitors to our Site and Users of the WebPortal and our Services who are individuals (not businesses or representatives of businesses) better understand how we collect, use, and store Personally-Identifiable Information (see definition in the Detailed Privacy Notice).
The Site and the WebPortal are owned and operated by Metagenom Bio Life Science Inc. or its subsidiary, Healthy Hydroponics InnoTech Inc.
Below are highlights of our Personally-Identifiable Information handling practices. Please refer to our Detailed Privacy Notice for a full description of our privacy and data security practices.
All capitalized words not defined in the Privacy Notice Highlights or the Detailed Privacy Notice have the meaning assigned to them in the Terms.
Privacy Notice Highlights
The terms “we“, “our“, and “us” mean Metagenom Bio Life Science Inc. (“MBLS”) and/or Healthy Hydroponics InnoTech Inc. (“HHIT”) and the terms “you” and “your” mean the visitors to the Site and Users of the WebPortal and the Services.
-
Information We Collect
We will collect your Personally-Identifiable Information(“PII”) from the following sources:
-
- information you give us when you contact us through the Contact Us Page on our Site, open an Account or subscribe for Services, when you submit customer service inquiries, or when you submit customer feedback or reviews;
- the information you provide to us when you open your Account setup;
- information we collect automatically when you visit our Site, your Account, and the WebPortal, such as information about your browser settings, operating system, and other information collected through cookies; and
- information that you provide in the course of receiving the Services or that we collect from third parties whom you authorized to share your information with us;
-
-
How We Use and Disclose Your Information
-
- We use your PII that our Agents or we collect from you to provide the Services and to manage our business operations, such as to authenticate you when you sign into your Account, to prevent loss of data and fraud, process your subscription payment, and monitor and improve the performance of our Site, the WebPortal, and our Services;
- Our Agents and we may combine or aggregate your de-identified and pseudonymized PII so that it will be unlikely to re-identify you from it, to monitor trends and provide and improve our respective products and services;
- We may share with or transfer your PII to Agents who help us run our business who may be outside of Canada, and that information may be subject to privacy laws that differ from Canadian laws. Those Agents can only use the PII we transfer to them to help us provide the Services. If an Agent’s privacy and data security practices are inferior to ours, we may enter into a Data Protection Agreement to protect your information.
- We may also disclose your PII if a court order requires us to do so.
- We may use your PII to contact you for marketing, promotional, or other purposes with your consent.
- We may disclose, transfer or sell your PII without your consent in certain circumstances. If we merge or sell our business to another entity, or in the event of our insolvency or bankruptcy, your PII and Account Record may be transferred to the new owner without your consent. Please refer to Sections 6 and 7 of the Detailed Terms for further details.
-
-
Your Choices and Consent
-
- You can change your communication preferences for marketing and advertising e-mails, participation in surveys and provide or withdraw consent for specific requests our Agents or we may make to collect and use your information in the Settings tab of your Account.
- You may withdraw your consent from our further use of your PII, and you may close your Account. If you do so, we may still use your PII for the purposes to which you consented before you withdrew consent. We may keep information about you and your previous transactions with us for audit purposes, ensure the integrity of our data, and fulfill legal requirements.
-
-
How to Contact Us
If you have a privacy question or concern, please get in touch with us at: [email protected].
Please review our Detailed Privacy Notice for more information about our practices.
DETAILED PRIVACY NOTICE:
-
- Background
- Definitions
- Scope and Services
- Accountability
- Limiting Collection: What Information Do We Collect?
- Limiting Use: How Do We Use Your PII?
- Disclosure: When Do We Disclose Your PII to Others?
- Consent
- Safeguards: How Do We Protect Your PII?
- Data Breach
- Data Storage and Transfer
- Data Retention: How Long Do We Keep your PII?
- Accounts and Credentials
- Accuracy: How Do You Modify Your Information?
- Access: Right to your data
- Account Closure: Data Deletion
- Governing Law
- Third-Party Services and Links
- Challenge Compliance
- Changes to This Privacy Notice
1. Background
By interacting with the website at www.healthyhydroponics.ca (the “Site”), the web application at clients.metagenom.com (“WebPortal”), either as a visitor to the Site or a User of the Services, you agree to be bound by this Privacy Notice and by the Terms and Conditions (the “Terms”) of which this Privacy Notice is a part.
The Site and the WebPortal are owned and operated by Metagenom Bio Life Science Inc. or its subsidiary, Healthy Hydroponics InnoTech Inc.
2. Definitions
All capitalized words not defined in this Privacy Notice have the meaning assigned to them in the Terms.
“Personally-Identifiable Information” or “PII” means information that identifies you or that our Agents or we could combine with other information to identify you. This information includes your government-issued identification documents, date of birth, personal e-mail address, home mailing address, home telephone number, personal cellphone number, your internet provider (IP) address and other similar information when associated with you. PII may also include information about how you use the Site and the WebPortal and the Services if we can associate that PII with you. PII does not include your business title, your business e-mail and mailing address, or your business telephone number when we use that information to contact you in your business capacity.
“we“, “us” or “our” mean Metagenom Bio Life Science Inc. (“MBLS”) and/or Healthy Hydroponics InnoTech Inc. (“HHIT”).
“you” or “your” means visitors to and Users of the Site and Users of the WebPortal and the Services.
3. Scope and Services
This Privacy Notice helps visitors to our Site and Users of the WebPortal and our Services who are individuals (not businesses or representatives of businesses) better understand how we collect, use, and store Personal Information and it is part of our Terms.
4. Accountability
We take the privacy of your PII seriously and are committed to safeguarding it. We developed and implemented policies, practices, and procedures to protect PII, and we trained our staff in our PII handling practices.
We comply with privacy and data security legislation, including the Personally-Identifiable Information Protection and Electronic Documents Act (“PIPEDA”).
We have appointed a Chief Privacy and Security Officer (“CPSO”) who is responsible for enforcing compliance with our privacy program. If you have a question or complaint about our information handling practices, please contact us at [email protected], attention Privacy Officer.
5. Limiting Collection: What Information Do We Collect?
Our policy is to collect only PII necessary to allow visitors to the Site to interact with us and provide Users with access to the WebPortal and the Services.
The ways we collect PII can be broadly categorized into:
-
- Information you provide to us directly: When you visit or use parts of our Site or the WebPortal, we might ask you to provide PII to us. For example, we may ask for your first and last name, email address and phone number on our Contact Us page so we can reply to a message you post there or to contact you by phone. We may also receive your contact information when you contact us directly at the contact email provided on the Site.We collect your PII when you open an Account and Use the Services. For example, we will collect identification and contact information, such as your name, mailing address, and demographic data, to correctly identify you, contact you, and process a credit card payment for your subscription to our Services.If you do not wish to provide us with all or some of the PII required to open an Account and receive the Services, you do not have to, but it might mean you cannot receive our Services.
- Information from other Sources: We may receive PII about you from other sources. For example, we will receive PII from credit card processors regarding whether the credit card details you entered for your subscription to our Services have been accepted or declined. We may also receive PII from sources you authorized to provide such information to us.
- Information we collect automatically: We may automatically collect some technical information when you visit our Site, the WebPortal, and your Account that platforms like Google Analytics may collect about your interaction with those platforms. This includes the geographic location of your IP address, the IP address itself, device type, what pages you looked at, what links you clicked on, number of messages sent or received your browser type and configuration, the date and time of use, language preferences, and cookie data. We use this information to detect problems, improve the navigation of our Site, the WebPortal, and your Account so they are easier to use and determine which aspects of our Services may interest you. If you consented to receive these types of communications from us, we might track whether you opened certain types of promotional e-mails. whether you looked for information about a particular topic or service or make inferences about other products and services, you might be interested in.You may choose to set your web browser to refuse cookies or alert you when cookies are being sent. If you place your web browser to disable cookies, some parts of the Site, WebPortal, or Account may not be accessible to you.For details about our cookie practices, please refer to our Cookie Policy.
6. Limiting Use: How Do We Use Your PII?
We use PII and non-personal information for the following purposes:
-
- To communicate with you. This may include: (i) providing you with information you requested from us or information we must send to you; (ii) operational communications, like information regarding your Account or your subscription to our Services; (iii) changes to our Site, WebPortal, this Privacy Notice, our Terms or our Cookie Policy; (iv) any questions, reminders, notifications related to your Account or your use of your Account or addressing customer service issues and troubleshooting problems with your Account; (v) to notify and alert you about data breaches, actual or potential fraud, identity theft and other fraud or security-related activities; and (vi) legal disclosures, communications about and related to any legal action, or otherwise required under our legal obligations; and any other reason notifications and alerts may be required by law.
- To provide Services. We use your PII to provide the Services and manage our business operations, such as registering your Account, authenticating you when you log into your Account, and delivering the Services.
- To improve our Site, WebPortal, and Services and develop new ones: We monitor how you use the Site, the WebPortal, the Account, and the Services so we can improve our offerings, user experience, and design new features.
- To detect and prevent any fraudulent or malicious activity and make sure that our Site, WebPortal, Content, Account, and Services are used according to our Terms and to protect the security or integrity of the Site, WebPortal, Account, Content, Services, and our business.
- With your consent, to send you targeted advertisements such as general or personalized notices and promotional messages, or to send news about us;
- To monitor trends, we may use aggregated de-identified and pseudonymized PII (which makes it is unlikely to identify you) and non-personal information to monitor trends, administer, troubleshoot, and improve our Services, including the information we collect automatically (specified in Section 5).
- To comply with any laws and regulations.
7. Disclosure: When Do We Disclose Your PII to Others?
We do not disclose or share your PII or PHI except as allowed by law and as outlined in this Privacy Notice.
We run our business with the assistance of Agents who help us provide the Services and other business operations such as marketing and promotional services. We engage our Agents on separate terms, either their terms of service or separate agreements, as further detailed in Section 9. Those terms ensure the security of your PII and limit the Agents’ use and disclosure of that information to assist us in delivering the Services or other aspects of our business unless they or we obtain your explicit consent to use it for any other purpose.
If you consented to receive marketing and promotional emails from us, we might share select PII with Agents who help us with marketing and promotional services.
We will not rent your PII we collect directly from you or as part of our Services.
We may use and sell aggregated de-identified and pseudonymized PII (which makes it is unlikely to identify you) and non-personal information related to usage data such as ____.
Other than as identified in this Privacy Notice, we will not disclose, transfer, or sell your PII; however, you acknowledge and agree that we may disclose, transfer or sell (as applicable) your PII and your Account Record without your explicit consent under the following limited circumstances:
-
- Transfer and/or disclose PII to our Agents who assist us in providing the Services and running our business.
- Disclose PII to collect a debt from you or prevent or investigate fraudulent or illegal activity on your Account.
- Disclose PII to comply with an order, subpoena, warrant or other legal requirement issued by a court, tribunal, regulator or government body with competent jurisdiction to compel disclosure of your PII, including to meet national security or law enforcement requirements, to prevent, investigate, or take action against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms, this Privacy Notice, to protect the security of the Site, WebPortal, your Account, our Services, and our business, or as otherwise required by law.
- Disclose PII to establish or defend our legal rights. Where possible and appropriate, we will notify you.
- Disclose and transfer PII to an actual or potential buyer of MBLS or HHIT (and its agents and advisers) in connection with an actual or proposed corporate reorganization, assignment, merger, or sale of any part of our business, including as part of insolvency or bankruptcy proceedings. In such case, your PII will be disclosed solely for the purposes related to the transaction, including during due diligence or to fulfill any audit requirements, and will be protected by security safeguards appropriate to the sensitivity of the information and contractual confidentiality obligations, including the return or destruction of confidential information (including PII) if the transaction fails to close. Your Account Record may be transferred upon a change of corporate control.If you do not wish to continue to receive services through the entity that acquires or with whom we may merge our business, you may close your Account and end your subscription to the Services.
8. Consent
When you provide PII to open an Account and receive Services or provide PII to complete a transaction by credit card, you consent to our collecting your PII required to complete these activities only.
You acknowledge and agree that by opening an Account, we may contact you by email without your explicit consent for any purpose directly related to our legal rights, our obligations, and our ability to provide our Services to you, such as (i) providing you with information you requested from us or information we must send to you; (ii) operational communications about your Account or your subscription to the Services; (iii) changes to our Site, WebPortal, this Privacy Notice or the Terms; (iv) any questions, reminders, notifications related to your account or your use of your Account or addressing customer service issues and troubleshooting problems with your account; (v) to notify and alert you about data breaches, and other fraud or security-related activities; and (vi) legal disclosures, communications about and arising from any manner of legal action; and any other reason notifications and alerts may be required by law.
We comply with Canada’s Anti-Spam Legislation (“CASL”). When you register your Account, you can consent to receive marketing and promotional e-mails or other outlined purposes. We will ask for your explicit consent before we send you any marketing or promotional emails, newsletters, invitations to participate in surveys, or other reasons not central to providing the Services. You may provide your consent for such email communications in the “My Account” tab and under the “Settings” section, and you may withdraw your consent through the Consent Center by using the “Unsubscribe” link available in any of our emails to you, or by contacting us at [email protected].
YOU CAN WITHDRAW CONSENT FOR OUR USE OF YOUR PII IN FUTURE USES WITHIN THE SCOPE OF YOUR CONSENT, BUT YOU CANNOT WITHDRAW YOUR CONSENT FOR OUR USE OF YOUR PII FOR USES THAT BEGAN BEFORE THE DATE ON WHICH YOU WITHDREW YOUR CONSENT. YOU WILL ALSO NOT BE ABLE TO WITHDRAW YOUR CONSENT WHERE OUR USE OR DISCLOSURE OF YOUR PII IS AUTHORIZED OR REQUIRED BY LAW.
9. Safeguards: How Do We Protect Your PII?
We are committed to protecting your PII. Our staff understand the importance of keeping your information confidential and are expected to maintain the confidentiality of your information.
We take administrative, technical, and physical measures to safeguard your PII against unauthorized access, unauthorized disclosure, theft and misuse. This includes limiting staff access to your PII with passwords and graduated levels of clearance. We do not publish all our security measures online because this may reduce their effectiveness. We take reasonable precautions against breaches of our security systems; however, no company can eliminate the risks of unauthorized access to your information, and no website or platform is entirely secure.
Although we cannot guarantee that unauthorized access, hacking, data loss or breaches of our security systems will never occur, we try to minimize these risks by: (1) active monitoring: monitoring access to your PII through activity logs and regular audits to ensure that no unauthorized access attempts have been made, (2) secure storage: we store your PII over which we have custody and control in Canada in reputable data centers that are ISO 27001 and ISO Standard 27018:2019 (Code of Practice for personal identifiable information (PII) protection in public clouds acting as PII processors) certified and adhere to global privacy and data protection best practices, (3) network security: we implemented controls to protect against unauthorized access, including segregating our internal systems from our publicly-accessible systems, (4) end-to-end encryption: we encrypt all data transmissions and communications on the Site, WebPortal, and Account from end-to-end using industry-standard transport layer security (“TLS”) or secure socket layer (“SSL”) encryption technology, and (4) training: we implemented policies, procedures that address and train our staff on the handling of PII . All our staff members and Agents are legally bound to confidentiality.
We expect our Agents to protect your PII that they collect from you directly. If our service provider’s data collection and security practices are inferior to ours, we may enter into separate Data Collection and Sharing Agreements to ensure that any PII we need to share with them is protected.
We do not store your credit card information. Payments are handled by Stripe, a reputable direct payment gateway provider. The data they collect is encrypted according to the Payment Card Industry Data Security Standard (PCI-DSS) and implement additional generally accepted industry standards.
10. Data Breach
We take precautions against breaches of our security systems, but you acknowledge and agree that no company can eliminate the risks of unauthorized access to your PII, and no transmission over the internet is 100% secure. Therefore, you provide your PII to our Agents and us at your own risk.
Despite our rigorous precautions against data breaches, the risk of a data breach remains. In a data breach, we will comply with the breach notification requirements outlined in PIPEDA.
IN THE EVENT OF A BREACH OF YOUR PII THAT IS IN THE CUSTODY OR CONTROL OF ONE OF OUR AGENTS, THEN THAT SERVICE PROVIDER’S BREACH POLICIES APPLY.
11. Data Storage and Transfer
While, as custodians, we remain responsible for the security and privacy of your PII at all times, our Agents may use or store that information outside of Canada, in which case your PII will be subject to the laws of the country in which they are used or stored. The rigour of those laws may differ from Canadian laws.
We expect our Agents who are not bound by the same laws we are to provide comparable levels of data protection and security. We may enter into Data Protection Agreements with Agents whose data protection and security practices are inferior to those outlined in this Privacy Notice.
12. Data Retention: How Long Do We Keep your PII?
We collect only PII for which we have a legitimate business need to provide the Services.
We maintain a records retention and destruction policy to destroy the information when we no longer have a business need for it and are not required by law to keep it. PII collected with your consent by our Agents that is under their custody and control is subject to their data destruction policies and the data retention laws applicable in that provider’s jurisdiction. PII collected by our direct payment gateway provider to process a transaction is stored only as long as it is necessary to complete your transaction, then it is deleted. We do not collect or store any information related to your payment transactions.
We retain your Account Record in active use until you close your Account. We employ an automatic data backup and archiving system and a data retention and destruction schedule to ensure data security.
Once you close your Account, your PHI in active use will be deleted within 30 days, but PHI in rolling automatic backups will be stored until it is overwritten in accordance with our data retention and destruction schedule. We will keep limited PII for as long as we have a legal or legitimate business need to keep it, such as complying with data retention laws, enforcing our Terms, complying with audit requirements, and taking other actions permitted by law.
Our Agents and we may continue to store and use aggregated de-identified PII to improve our respective products and services.
13. Accounts and Credentials
The security of your Account depends on you keeping your Account login credential safe and not sharing them with anyone else. If you believe that your log-in credentials have been compromised or misused, you must contact us immediately.
14. Accuracy: How Do You Modify Your Information?
We want to ensure that the PII we collect from you and that it is in our custody and control is accurate, complete, and up-to-date to provide the Services and will destroy any out-of-date information.
We use reasonable means to ensure that the information in your Account record is accurate. You may update certain PII directly in your Account. If you have questions or identify any errors in your Account Record, please contact us at [email protected]. We will strive to address any correction requests promptly. If we dispute a correction request, we will log the reason for the disagreement.
15. Access: Right to your data
You may access your Account Record and port the information from us for your own use or another entity. If you request a copy of your Account Record, we will provide it at no charge. You can request access to your Account Record by contacting us at [email protected].
Before granting you access to your Account Records, we will first authenticate you to confirm your identity. We will handle all access requests promptly, subject to applicable privacy laws. We will provide you with the legends for any special codes, acronyms or other similar information in the disclosed material, so your right of access is meaningful.
16. Account Closure: Data Deletion
To close your Account or request that the PII we have about you be deleted, please email us at [email protected]. Once we receive your request and authenticate your identity, we will remove your Account from active use and delete your Account Record within 30 days, but we will keep some PII as described in Section 12.
17. Governing Law
This Privacy Notice shall in all respects be governed by and interpreted, construed and enforced under the laws of the Province of Ontario and the laws of Canada applicable therein.
18. Third-Party Services and Links
We may provide links to third-party websites on our Site or WebPortal. These links are provided for convenience only. We do not have control over those third-party websites, and they are not subject to this Privacy Notice or our Terms.
Your use of hyperlinked websites is at your own risk and subject to the privacy notices of those websites. You acknowledge that these links may lead you to third parties operating in a different jurisdiction than yours or ours. If you provide your PII to these entities, then your information may become subject to the laws of the jurisdiction(s) in which that site operates or where its facilities are located.
19. Challenge Compliance
If you believe that we have not adhered to this Privacy Notice, you may challenge our compliance with this Privacy Notice and our compliance with applicable privacy laws.
We are not responsible for the PII handling practices of third-party Agents to whom you consented to access your information, whether on our behalf or otherwise. If your complaint concerns the privacy practice of those providers, we will direct you to them.
Please notify our Chief Privacy and Security Officer of your complaint by email.
You can also reach us at:
Metagenom Bio Life Science
550 Parkside Drive, Unit A9
Waterloo, ON, N2L 5V4
Canada
We pledge to address your complaint promptly. If you are unsatisfied with the response you receive from us, we hope you will contact us to resolve the issue. If we cannot resolve your complaint to your satisfaction, you can file a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Privacy Commissioner of Ontario.
20. Changes to This Privacy Notice
We reserve the right to update or change this Privacy Notice. All updates to this Privacy Notice will be highlighted in the Change Log below. A banner on the Site will notify Visitors of updates or changes to the Privacy Notice. Account-holders will be notified by e-mail, using the email associated with their Account.
Changes to the Privacy Notice take effect on the date they were made or on the effective date indicated in the notice we sent you about such changes.
By continuing to use the Site, the WebPortal, or subscribe to the Services after receiving the notice, you IMPLICITLY CONSENT TO BE BOUND BY THE PRIVACY NOTICE TERMS IN EFFECT ON THE DATE ON WHICH YOU VISIT THE SITE OR USE THE SERVICES.