PsychMeter Privacy Policy

2513436 Ontario Inc. ("PsychMeter", "us", "we" or "our") values and respects the privacy of individuals. This Privacy Policy sets out how we comply with data protection laws, including Canada’s Personal Information Protection and Electronic Documents Act (the "Data Protection Legislation").

This Privacy Policy outlines our policies and procedures for collecting, using, storing and disclosing personal information of individuals. In this Privacy Policy, "Personal Information" refers to information about identifiable individuals and information which can be used, on its own or in combination with other information, to identify an individual.

PsychMeter service offering involves providing organizations and individuals within those organizations (our "Customers") with access to and use of the PsychMeter Services, which allows our Customers and their clients or patients to send, fill, and analyze questionnaires (the "Services") through their devices (any computer used to access the PsychMeter Service, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device (each a "Device")).

This Privacy Policy explains what we do with Personal Information when:

• You use the PsychMeter Website at https://www.psychmeter.com
• You use the PsychMeter SaaS Service as a Customer, patient, or client

PsychMeter may amend this Privacy Policy from time to time. Please visit this page if you want to stay up to date, as we will post any changes here. PsychMeter will also notify affected Customers of any material changes in the way we process data. We do not retain information to contact clients and patients and Customers are responsible for ensuring their Privacy Policy continues to be updated as needed based on PsychMeter's Privacy Policy.

1. OUR COLLECTION AND USE OF PERSONAL INFORMATION

Our primary purpose for collecting and using Personal Information is to provide the SaaS Service. When we collect, use, and disclose Personal Information on the instructions of our Customers, we are a service provider/data processor to that Customer, processing personal information on their behalf and we refer to this data as "Customer Data." We may also use Customer Data on an aggregated and non-identifiable basis to improve and enhance our product and service offerings.

We rely on our Customers to comply with all applicable privacy laws when collecting, using, or disclosing Personal Information through the Services, including by obtaining appropriate consent (such as from their employees, clients, and patients) prior to collecting, using, and disclosing personal information through the SaaS Service.

If you have any questions regarding the Personal Information we process on behalf of a Customer, please contact the Customer directly and/or review their applicable privacy policy.

2. WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT AND USE?

We collect and use Personal Information in the course of providing the Services to you, your organization, and your clients/patients.

For all visitors of the PsychMeter Website we collect the following:

• IP address
• Browser type
• The language settings of your browser
• Visit behaviour (how you use the website and when)
• Traffic source (how you found the website)
• Any information you willingly provide through the Contact page/form

For Customers and their employees who sign-in to use PsychMeter we collect the following:

• Professional name (e.g. Dr. Smith)
• Clinic or Practice name (e.g. Dr. Smith Psychology)
• Professional email address
• Credit card details or other billing information

For patients and clients who fill in questionnaires without signing-in to use PsychMeter we collect the following:

• Questionnaire answers

Note 1: Customers, patients, and clients are also visitor of the PsychMeter Website.

Note 2: We have consciously designed PsychMeter collect as little information as possible about patients and clients. We ask our Customers to do the same when using PsychMeter and avoid collecting any identifiable information.

Note 3: we only use cookies to log you in, keep you authenticated, and understand your usage of PsychMeter. We do not use 3rd party cookie tracking or sell your information to advertisers or data brokers.

3. MARKETING

This section does not apply to clients or patients. We do not knowingly market to clients and patients.

We collect contact information for the purpose of sending marketing communication, administering contests, promotions, or surveys.

With your consent where required by applicable law, we use Personal Information of Users in order to send you email, SMS, and in-app communications to let you know about, and invite you to participate in, our products and service offerings. You can unsubscribe from receiving marketing materials from us by clicking the unsubscribe link included at the bottom of each email, texting STOP in reply to an SMS text message or by contacting us at the "contact" page. You may also be able to adjust some of your communication preferences through our app. Please note that if you unsubscribe from marketing communications, you may continue to receive transactional and account-related email and other communications from us.

Our Website may contain links to other Websites. We do not control or endorse those websites. You should read those website's Terms and Privacy Policy before using them

4. INFORMATION SHARING & DISCLOSURE

We make every effort to minimize information sharing. However, it's a reality that PsychMeter must rely upon 3rd party service providers and comply with its legal obligations.

With respect to 3rd party services providers, we'll share information with them in order to provide the services such as:

• Website hosting
• Data storage
• DNS and traffic proxying
• Email delivery and processing
• Payment processing

We utilize commercially reasonable efforts whenever possible to provide the least amount of data, encrypt data in transit, and encrypt data at rest.

With respect to compliance and legal obligation, we share information in the following ways:

• With the Customer, on demand, with respect to their client and patient data
• If required by a lawful order

We can not produce or share information directly with clients or patients since we have no data to allow us to verify the identity of the client or patient in our systems. If you're a client or patient, please talk to your clinician (our Customer) if you require access to your information.

5. HOW DO WE SAFEGUARD YOUR PERSONAL INFORMATION?

We are committed to taking all reasonable and appropriate steps to protect the Personal Information that we hold from misuse, loss, destruction or unauthorized access and disclosure. We do this by having in place a range of appropriate technical and organizational measures. These include measures to deal with any suspected data breach. We encrypt the transmission of information and encrypt data at rest when possible.

We restrict access to Personal Information on a need-to-know basis to employees and authorized service providers who require access to fulfill their job requirements.

6. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR?

We will not keep your Personal Information for longer than we are permitted to do so under our agreement with our Customers or as is necessary for the purposes for which we have collected it unless we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements.

When we are no longer permitted under our agreement with our Customer or it is otherwise no longer necessary to retain your Personal Information for the purpose(s) for which it was collected, we will delete or anonymize the Personal Information that we hold about you from our systems. While we will endeavor to permanently erase your Personal Information once it reaches the end of its retention period, some of your Personal Information may still exist within our systems for a limited period of time, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.

Our Customers may store your information or other Personal Information for longer periods in accordance with its own retention policies.

7. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL INFORMATION AND CONTACT INFORMATION

If you would like further information about how we handle your Personal Information, if you have any concerns regarding this Privacy Policy, or the manner in which we or our service providers treat your personal information, or if you wish to exercise your legal rights or unsubscribe from our marketing communications, please contact us through our "Contact" page. Please outline to us your concerns and we will be in touch to discuss the matter.