Privacy Policy

Effective as of: 1 September 2024

Mindstate Design Labs, Inc (“Mindstate”) isa psychedelic drug development company designing altered states of consciousness for mental health therapeutics.

We will at all times ensure that we meet our obligations as a Data Controller of your personal data. Our registered business address is 470 Noor Ave, STE B #1108, South San Francisco, CA 94080.

This data privacy notice is addressed to all customers, vendors, contractors, contact persons, and other individuals ("Data Subjects", "you") of or in contact with Mindstate ("us", "we").It is meant to help you understand what personal data we collect, why we collect it, and how you can exercise your data protection rights."Personal Data" in this document is any information relating to an identified or identifiable natural person by direct or indirect means. In some countries, this may be called “personally identifiable information.”

You might have received a privacy notice or contract for a specific purpose. If that is the case, the terms of the notice or contract will control your interaction with Mindstate to the extent that such notice or contract conflicts with this privacy notice.

We take your data privacy and the protection of your personal data seriously, and our data privacy principles provide fundamental guidance to all our businesses worldwide. We comply with applicable national regulations and will process your personal data in compliance with all applicable national and/or state privacy laws to meet our obligations.

·      We process personal data lawfully, fairly, and in a transparent manner in relation to you, the data subject

·      We only collect personal data for a specific, explicit, and legitimate purpose

·      We ensure that the personal data we process is adequate, relevant, and limited to what is necessary in relation to the processing purpose

·      We take every reasonable step to update or remove data that is inaccurate or incomplete and guarantee to do so within the time frames set by any applicable laws

·      We delete personal data when we no longer need it for the purposes for which it was collected or to meet applicable legal requirements

·      We keep personal data safe and protected against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical and organizational measures

Processing of your Personal Data

We usually process your personal data for contractual purposes and to communicate with you for commercial reasons when you or we purchase any goods or services from the other. For this purpose, we only process such data, which is needed to fulfill the contract itself and to comply with additional obligations we are subject to, such as tax payments. If you are an employee or contractor, we will process your personal data to fulfill our contract with you.

In addition, we might use some of your personal data, based on our legitimate interest, to develop and offer our products and services, learn more about your interests, conduct marketing activities under local market rules, and continuously improve our offerings.

We also process personal data for our scientific research based on our legal obligation, your consent, or as permitted for such research.

Please refer to the individual data privacy notices which we provide in the context of our business communication with you, for further details about the corresponding processing of your personal data in this context. Examples of this include an Informed Consent Form.

We collect your personal information through disclosure directly from you or, in some cases, someone you have nominated.This might be via our website, email, post, telephone, or face-to-face engagement.

Categories, Type of Personal Data Collected and Purposes

The personal data we collect from you will be the minimum required for us to achieve the intended purpose of its collection. This may be to respond to your requests to us for information or in seeking employment with us, working on our behalf within our clinical development activities or participating in a clinical study as a trial subject.

The categories and types of personal data collected will range from names and basic contact details to more sensitive medical and health-related information. All personal data collected will be treated as confidential and protected.

We will not collect or process your personal data without ensuring that we do so on a basis that meets any applicable state or national laws. In general, we will collect and process your personal data based on the following:

•               You have formally given us your expressed consent

•               In meeting requirements of a contract between us

•               It is in our or your legitimate interests

•               It is in your vital interests

•               To perform a public task

•               We have a legal obligation to do so

Securing and Processing Your Personal Data

We take appropriate technical and organizational security measures to protect your personal data in compliance with applicable data protection and privacy laws, which includes protection against accidental or unlawful destruction, loss, alteration, unauthorized access to, or disclosure of your personal data.

When Mindstate retains a service provider, that provider will be carefully selected and required to use appropriate measures in accordance with applicable law to protect the confidentiality and security of personal data. That provider will only be permitted to process your data on the written instruction of Mindstate.

In the unlikely event that we lose your data or a device on which your data resides, or it is accessed by someone unauthorized, we will inform you if the loss or unauthorized access of your data has the potential to cause you harm.

Sharing of Personal Data

Your personal data will only be shared with our own staff, associates, or contractors when it is necessary for them to have access to complete their assigned responsibilities or provide their contracted services. Sharing of your data will be relative to the nature of our engagement with you.

During our contract with you, we may share your data with other companies who are critical for the provision of our contract with you or supply other services to us. Their access is restricted, and they are contractually bound to strict confidentiality and the protection of your personal data. These companies will be viewed as Data Processors. A full list of processors is available from ourData Protection Officer. 

There may also be legal obligations under which we have to share data as requested by nationally recognized regulators or authorities and when we process your personal data as part of our clinical research and development activities. 

We may also pass information to external agencies and organizations, including the police, to prevent and detect fraud and criminal activity. Should any claim be made, we may pass your personal information to our insurers, and if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.

Sharing your personal data as described above may involve transferring it to other countries, whose data protection and privacy laws may not be equivalent to, or as protective as, those that exist in your country of residence. To ensure an adequate level of data protection is provided, transfers will be done in compliance with the international data transfer restrictions that apply under data protection laws, including, where appropriate, through the use of standard contractual clauses for international transfers.

How long do we keep your personal data for

Personal data will not be kept for longer than is necessary to fulfill its purpose. As an exception, we may be required to retain your Personal Data for longer periods as required or permitted bylaw, or as necessary to protect our rights and interests. In such a case, you will be informed of the intended retention period in the applicable PrivacyNotice, Informed Consent Form, or Patient Information Sheet.

If you are an employee, we only keep your data for as long as we need it, which will be at least the duration of your employment, though in some cases we will keep for a period after your employment has ended. Some data retention periods are set by law.

Your rights in relation to your personal data

You have a number of rights related to the Personal Data that we Process about you (this will depend on the jurisdiction where you reside and the legal basis that we use). Most often, exercising your rights is free of charge. We may also have to clarify your request and explain if we can comply with it or if this is restricted in your situation.

Below we have listed individual rights that may apply depending on your jurisdiction.

You may have the right to:

·      Receive a copy of the Personal Data we hold about you - Right of Access

·      Correct the Personal Data we hold about you - Right to Rectification

·      Ask us to delete your Personal Data or restrict how it is used in certain circumstances- Right
to Erasure

·      Request that we cease processing your data in certain conditions - Right to Restrict Processing

·       You have the right to object to our processing in certain circumstances - Right to Object

·       Information related to Automated decision-making or profiling. (We do not use automated
decision-making or profiling)

·      Lodge a complaint to your designated supervisory authority- Right to lodge a complaint

Exercising your rights, making an inquiry or complaint

If you took part in a clinical trial as a study subject, you should ideally contact the institute where your trial took place (as we will not be able to identify you from the study data). Contact details will be given on your Informed Consent Form or Patient Information Sheet. Failing this you can contact us directly using the details below.

Amicis Data Ltd t/a Clinical DPO:

Phone Number                         (+44)0203 411 2848

Email:                                       MindstateDPO@clinicaldpo.com  

Representatives 

GeneralData Protection Regulation (GDPR) – European Representative
Under Article 27 of the General Data Protection Regulation (GDPR), we have appointed Amicis Data Europe Ltd as our GDPR Representative in the EU. You can contact Amicis Data Europe Ltd regarding matters pertaining to the GDPR via MindstateEURep@clinicaldpo.com

Information We Collect Through Automatic Data Collection Technologies (Cookies)

As you navigate through and interact with our website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

·      Details of your visits to our Service, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Service.

·      Information about your computer and internet connection, including your IP address, operating system, and browser type.

The information we collect automatically is only statistical data and does not include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our website and to deliver a better and more personalized service, including by enabling us to:

·      Estimate our audience size and usage patterns.

·      Store information about your preferences, allowing us to customize our Service according to your individual interests.

·      Speed up your searches.

·      Recognize you when you return to our Service.

The technologies we use for this automatic data collection may include:

·      Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser or our cookie banner. However, if you select this setting, you may be unable to access certain parts of our website. Unless you have adjusted your browser setting to refuse cookies or declined cookies using our cookie banner, our system will issue cookies when you direct your browser to our website.

·      Web Beacons. Pages of our Service may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

·      Flash Cookies. Certain Service features may use locally stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Service. Flash cookies are not managed by the same browser settings as are used for browser cookies.

 How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information:

·      To present our website and its contents to you

·      To provide you with information, products, or services that you request from us

·      To fulfill any other purpose for which you provide it

·      To carry out our obligations and enforce our rights arising from any contracts entered between you and us, including for billing and collection

·      To notify you about changes to our website or any products or services we offer or provide through it

·      To allow you to participate in interactive features on our website

·      In any other way, we may describe when you provide the information

·      For any other purpose, with your consent

 

Mindstate Design Labs Logo
611 Gateway Blvd
Suite 120
South San Francisco, California, 94080
© 2023 Mindstate Design Labs. All right reserved.