EFFECTIVE DATE

This Privacy Notice is effective as of December 19, 2019.

BY INTERACTING WITH THE WEBSITE METAGENOM.COM, EITHER AS A VISITOR OR AS A CUSTOMER, YOU AGREE TO BE BOUND BY THE TERMS OF THIS PRIVACY NOTICE AND TO OUR TERMS OF SERVICE.

1. Background

Metagenom Bio Life Science Inc.(“MBLS”) provides certain products and services.

The website metagenom.com (the “Site”), including all of its subdomains, is owned and operated by Metagenom Bio Life Science Inc.

In this Privacy Notice the terms “we”, “our” and “us” mean MBLS and the terms “you” and “your” refer to the users of the Site, including visitors and customers who purchase products and services.

“Affiliate” means, with respect to MBLS, any person that directly or indirectly controls MBLS, or which MBLS directly or indirectly controls, or which together with MBLS is a member of a group under direct or indirect common control, as applicable, at any time, but only for so long as such control exists. For the purpose of this definition, “control” means (a) in the case of a person that is a corporate entity, direct or indirect ownership of fifty percent (50%) or more of the voting securities having the right to elect directors of such Person, and (b) in the case of a person that is not a corporate entity, the possession, directly or indirectly, of the power to direct, or cause the direction of, the management or policies of such person, whether through the ownership of voting securities, by contract or otherwise.

“Personal Information” means information that identifies you or could be coMBLSned by us or our service providers and Affiliates with other information to identify you. This information includes your personal e-mail address, home mailing address, home telephone number, personal cellphone number, your internet provider (IP) address and other similar information when associated with you. Personal information may also include information about how you have used our Site and Services, if we can associate that personal information with you. If you interact with our Site on behalf of a business, personal information does not include your title, your business e-mail and mailing address, or your business telephone number when we use that information to contact you in your business capacity. For EU residents, your business contact information is considered personal data.

If you have any questions about the Sites, please contact us at info@metagenom.com.

2. Scope

This Privacy Notice helps our Site visitors and customers who purchase products or services to better understand how we collect, use and store your Personal Information.

3. Accountability

We take the privacy of your Personal Information very seriously and are committed to safeguarding it. To that end, we developed and implemented policies, practices, and procedures to protect Personal Information and we train our staff in our Personal Information handling practices.

We commit not to rent or sell any of your Personal Information that we collect from you and to comply with applicable privacy legislation including the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the European Union’s General Data Protection Regulation (“GDPR”).

If you have a question or complaint about our Personal Information handling practices, please contact us at info@metagenom.com

4. Limiting Collection: What Information Do We Collect?

We only collect the Personal Information that enables us or our service providers to identify you to provide the services you ordered, and to ship you the products you purchased.

The ways we collect Personal Information can be broadly categorized into the following:

(a) Information you provide to us directly: When you visit or use some parts of our Site, we might ask you to provide Personal Information to us. For example, we may ask for your name and email address on our Contact Us page so that we can reply to a message you post there. We may also receive your contact information when you contact us directly at the contact email provided on the Site. If your order a Product, we will ask for your mailing address so that we can invoice you and have our shipping provider ship your purchase to you. We will also share your name, address, email address, and phone number with our shipping provider so it can deliver your order and contact you about the shipment if needed.

When you place an order for a Product or Service, our credit card payment processor will request credit card and other identifying information about you to process a credit card transaction.

If you created an account with us, we will collect identification and contact information, such as name, email address, and mailing address to properly identify you and to contact you when needed.

If you do not wish to provide us with all or some of the Personal Information required to place an order for products or services you do not have to, but it might mean that you cannot use some parts of our Site, or order products or services.

Information we collect automatically: We may automatically collect some technical information when you visit our Site that platforms like Google Analytics may collect about your interaction with our Site. This includes the geographic location of your IP address, the IP address itself, device type, what pages you looked at, what links you clicked on, your browser type and configuration, the date and time of use, language preferences, and cookie data.

We use this information to detect problems, improve the navigation of our Site so they are easier to use, and to determine which products or services we believe may be of interest to you.

Cookies

Our Site may store cookies on your computer when you visit them. Cookies are little pieces of information that can help identify your browser and that can store information for future visits. We use cookies to recognize your device and provide you with a personalized experience on our Site or to operate the shopping cart on our online store.

Most internet browsers automatically accept cookies. You may however, configure your browser at any time not to save cookies or to notify you when you receive a new cookie.

Our Site may be used without accepting cookies, although some functions may be limited.

We may also use other automated tracking methods on our Site, in our communications with you, and in our products and services, to measure performance and engagement.

Targeted Advertising

We may use third-party advertising partners use cookies to track your prior visits to our Site and elsewhere on the Internet in order to serve you targeted ads. For more information about targeted or behavioral advertising, please visit networkadvertising.org/understanding-online-advertising.

Opting out: You can opt out of targeted ads served via specific third party vendors by visiting the Digital Advertising Alliance’s Opt-Out page.

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

5. Limiting Use: How Do We Use Your Personal Information?

We collect and use Personal Information and non-personal information for the following purposes:

• To communicate with you. This may include: providing you with information that you requested from us or information we are required to send to you; operational communications, like information regarding your account, or order for a Product or Service, changes to our Site, changes to this Privacy Notice, or our changes to our Terms of Service; to provide the Services and to ship the Products you ordered, to provide ongoing customer assistance and technical support with the Products and Services you purchased, troubleshoot problems with your account; to resolve a dispute, and to collect fees or monies you owe us.
• To improve our Site, Products and Services and develop new ones: We track and monitor how you use the Site and what Products and Services you buy so we can improve our offerings, user experience, and design new features, Products and Services.
• To detect and prevent any fraudulent or malicious activity and to make sure that everyone is using our Site fairly and according to our Terms of Service.
• With your consent, to send you general or personalized notices and promotional messages, or to send news about us;
• With your permission, to conduct research based on aggregated statistical data and other aggregated and/or inferred non-Personal Information, which we or our business partners may use to provide and improve our respective products or services;
• To comply with any applicable laws and regulations.

6. Disclosure: When We Disclose Your Personal Information to Others?

We do not share your Personal Information without your explicit consent EXCEPT under the following limited circumstances:

• To collect a debt from you or to prevent or investigate fraudulent or illegal activity on your account on our Site.
• To prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, this Privacy Notice, any contract related to our products and services, or as otherwise required by law.
• To comply with an order, subpoena, warrant or other legal requirement issued by a court, tribunal, regulator or other person with jurisdiction to compel disclosure of your Personal Information (including to meet national security or law enforcement requirements).
• To comply with a written request from a police officer or other law enforcement agency with authority to request access to your Personal Information in the course of an actual or potential investigation into a breach of a law, if a warrant is issued by a court of competent jurisdiction.
• To establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure.
• To an actual or potential buyer of MBLS (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business.
• To other companies who assist us to process your payment for the products or services you purchased, ship the products you ordered, or any service providers on whom we rely to conduct our business with you.
• To protect the security of the Site or the security of your account.
• We are responsible for all onward transfers of Personal Information to third parties in accordance with the EU-U.S. Privacy Shield Framework, and the Swiss-U.S. Privacy Shield Framework.

7. Safeguards: How Do We Protect Your Personal Information?

We take administrative, technical and physical measures to safeguard your Personal Information against unauthorized access, unauthorized disclosure, theft and misuse. This includes limiting employees and contractor access to, and use of, your Personal Information though passwords and graduated levels of clearance. We do not publish all of our security measures online because this may reduce their effectiveness. We store your Personal Information on the servers of reputable cloud service providers and we take precautions to ensure that access to such servers is protected. We educate our employees with respect to their obligations to protect your Personal Information and we expect our Affiliates and any third-party service providers to take comparable steps to ensure the protection of any of your Personal Information that is shared with them.

We use industry-standard encryption to protect your data in transit. This is commonly referred to as transport layer security (“TLS”) or secure socket layer (“SSL”) technology.

We do not store your credit card information. Payments are handled by reputable direct payment gateway providers. The data they collect is encrypted according to the Payment Card Industry Data Security Standard (PCI-DSS). Although no method of transmission over the Internet or electronic storage is 100% secure, direct payment gateway providers follow PCI-DSS requirements and implement additional generally accepted industry standards.

No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your Personal Information and you provide it to us at your own risk.

8. Data Breach

We take precautions against breaches of our security systems, but no company can fully eliminate the risks of unauthorized access to your Personal Information and no website or platform is completely secure. Although we cannot guarantee that unauthorized access, hacking, data loss or breaches of our security systems will never occur, we try to minimize these risks by: (1) active monitoring : monitoring access to your Personal Information though activity logs and regular audits to ensure that no unauthorized access attempts have been made, (2) secure storage: we store all Personal Information and PHI in data centers in Canada that are ISO 27001 certified and adhere to global privacy and data protection best practices, (3) >network security: we implemented controls to protect against unauthorized access, including segregating our internal systems from our publicly-accessible systems, (4) end-to-end encryption: we encrypt all data transmissions and communications on the Platform from end-to-end, and (4) training: we implemented policies and procedures that specifically address Personal Information and we provide privacy training to our staff on how to safeguard Personal Information and how to mitigate operational risks. All our staff members and contractors are legally bound to confidentiality.

9. Data Retention: How Long Do We Keep your Personal Information?

In general, we keep your Personal Information as long as we have a legal or legitimate business need to keep it (for example, to provide you with the products or service you ordered or to comply with applicable legal requirements).

Once our relationship ends, we generally will continue to store archived copies of your Personal Information for legitimate business purposes, such as to defend a contractual claim, for audit purposes, and to comply with the law. We maintain a records retention and destruction program to destroy information when we no longer needed it and are not required by applicable law to need it.

Personal Information collected by our direct payment gateway provider to process a transaction on the Site is stored only as long as it is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

We will continue to store anonymous or anonymized information, such as website visits, without identifiers, in order to improve our Services.

10. Data Storage And Transfer

The Personal Information we collect will be stored in Canada by default, however these data may be used or stored by our service providers outside of Canada. We require that our service providers and safeguard your Personal Information. However, if your Personal Information is used or stored outside of Canada, these data will be subject to the laws of the country in which they are used or stored, which may be different from and be less protective of Personal Information than Canadian privacy law.

11. Residents of the European Economic Area (“EEA”)

If you (a “Data Subject”) are located in the EEA, the Personal Information (or Personal Data) you provide to us in Canada may be transferred to other regions, including to the United States. To ensure that your Personal Information or Personal Data is protected when transferred out of the EEA, we rely on Canada’s PIPEDA requirements, which are deemed equivalent to those of the GDPR. If we, or our service providers, transfer your Personal Data to service providers in the United States, we expect those service providers to comply with the EU-U.S. Privacy Shield Framework, regarding the collection, use, and retention of Personal Data from data subjects in the EEA, and with the Swiss-U.S. Privacy Shield Framework regarding the collection, use and retention of personal information from data subjects in Switzerland.

Additionally, if you are located in the EEA, we note that we are generally processing your information in order to fulfill contracts we might have with you (for example if you place an order through the Site), or otherwise to pursue our legitimate business interests as outlined in Section 6, unless we are required by law to obtain your consent for a particular processing operation.

When we process Personal Information to pursue these legitimate interests, we do so where we believe the nature of the processing, the information being processed, and the technical and organisational measures employed to protect that information can help mitigate the risks to you, the data subject.

If you are located in the EEA or in Switzerland and believe that your Personal Information / Personal Data has been used in a manner that is not consistent with this Privacy Notice, please contact us using the information listed in Section 17.

If your complaint or dispute about Personal Data by one of our service providers located in the United States remains unresolved, you may also contact the International Centre for Dispute Resolution. This organization provides independent dispute resolution services, at no charge to you. ICDR can be contacted at http://go.adr.org/privacyshield.html.

If, after attempting to resolve a dispute through ICDR, you feel that your concerns about the use of your Personal Data by service provider located in the United States have not been resolved, please visit http://privacyshield.gov.

12. Consent

We do not knowingly collect Personal Information from children under the age of 18. If we determine we have collected Personal Information from a child younger than 18 years of age, we will take reasonable measures to remove that information from our systems. If you are under the age of 18, please do not submit any Personal Information through the Site.

When you provide us with Personal Information to place an order, complete a transaction by credit card, arrange for a delivery or return a purchase, you consent to our collecting your Personal Information required to complete these activities only.

If we ask for or use your Personal Information for any other reason, like sending you marketing information or other promotional emails, contest, etc. we will ask you directly for your expressed consent.

You can object to our continued processing of your Personal Information and you can withdraw your consent from our further use or disclosure of your Personal Information to which you consented; however, you will not be able to withdraw your consent that you gave us for studies or campaigns that are already in progress at the time you withdrew your consent. You can only withdraw consent for our use of your Personal Information for purposes that would begin after the date on which you withdrew your consent. You will also not be able to withdraw your consent where the use or disclosure of your Personal Information is authorized or required by law.

Please contact us at info@metagenom.com if you wish to withdraw your consent. You will be required to complete a consent withdrawal form once we authenticate you.

13. Third-Party Services and Links

You may be able to access third-party websites through links available on our Site. These links are provided for your convenience only. Once you leave our Site or are redirected to a third-party website or application, you are no longer governed by this Privacy Notice or our website’s Terms of Service.

We do not have any control over those third-party website and you access them at your own risk. We recommend that you read the privacy policies of these third-party providers so you can understand how they handle your personal information.

You acknowledge that direct payment gateway providers and other providers may be located in or have facilities that are located in a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

14. Accuracy: How Do You Modify Your Information?

We want to ensure that the information we collect from you is accurate, complete, and up-to-date for the purpose for which it is to be used. We will destroy information that is out-of-date or is no longer required for the purpose for which it was collected, or which we are required to keep so that we comply with applicable law. We use reasonable means to ensure that information in your account record is accurate.

You may be able to update certain Personal Information directly in your account. If you have questions or concerns about other Personal Information we collected from you and you would like to access that information, please contact us at info@metagenom.com.

Before we grant you access to that information, we will authenticate you to ensure that access is only given to the correct individual. Once you receive access, if you identify any inaccuracies in any Personal Information you can request that the information be updated. We will strive to address any correction requests promptly. If we dispute a correction request, we will log the reason for the disagreement.

15. Access: Right to your data

You have the right to access your account records. EU residents (or data subjects) have the right to move their records from one entity to another.

If you request a copy of your account record, we will provide it to you at no charge. You can request access to your account record by contacting us at info@metagenom.com.

Before we grant you access to your account records we will first authenticate you to confirm your identity. We will handle all access requests promptly and in accordance with applicable privacy laws. We will provide you the legends for any special codes, acronyms or other similar information in the disclosed material so that your right of access is meaningful.

16. Account Closure: Data Deletion

EU residents (or data subjects) have the right in certain circumstances to have their personal data erased (the “right to be forgotten”)

To close your account or to request that the Personal Information or Personal Data we have about you be deleted, please email us at to info@metagenom.com. Once we receive your request, we will remove your account information from active use. If you do not re-activate your account within 3 months, we will delete your account information, but we will keep your Personal Information as described in Section 9 as long as we are required to keep it under any applicable laws.

17. Challenge Compliance

Please notify our Chief Privacy Officer of your complaint by sending an email at info@metagenom.com.

13.2 We have no control over third party websites and accept no responsibility for any content, material or information contained on them.

You can also reach us at:

• Metagenom Bio Life Science Inc.
• 550 Parkside Dr.
• Unit A9
• Waterloo, Ontario
• N2L 5V4
• Canada

We pledge to address your complaint promptly. If we are unable to resolve your complaint to your satisfaction you can file a complaint to the Office of the Privacy Commissioner of Canada or the Office of the Privacy Commissioner of Ontario, as applicable.

If you are unhappy with the response that you receive from us, we hope that you would contact us to resolve the issue, but you also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction at any time. They will be able to advise you how to submit a complaint.

18. Changes to This Privacy Notice

We may change or update the terms of this Privacy Notice from time to time. All changes and updates are logged in the CHANGE LOG section below.

When the terms of our Privacy Notice change, the Site will display an alert prompting you to review the changes.

Minor changes and clarifications will take effect immediately after being posted on the Site.

If we make significant changes to this Privacy Notice, in addition to displaying an alert on the website prompting you to review the changes, we may send you an e-mail at the e-mail address in our records.

The changes to the Privacy Notice will take effect on the date on which they were made or on the date provided in the notice to you about such changes.

By continuing to use the site after you receive such notice you implicitly consent to be bound by the terms in effect on that date.

LAST UPDATED on December 19, 2019.