Privacy Policy – NeuroTechX Network

Hello there, we are Société BCI Montréal (d.b.a. NeuroTechX) (“we”, “us”, “our”)!

 

We are a non-profit organization with a mission to facilitate the advancement of neurotechnology through our community, educational resources, as well as professional development and opportunities. This Privacy Policy covers how we process personal data as part of this mission, and what your rights regarding your personal data are when they are processed by or on behalf of the NeuroTechX Network. (Let’s just make this simple to read, and call it the “Network”).

 

This is the last update date of our Privacy Policy: October 2020

 

If this date changes, this means we have updated our Privacy Policy. We will attempt to send a notice to all our members and friends when we make material changes, but we encourage you to keep an eye on the latest update date either way! If you need to reach out to us for any questions or concerns regarding this Privacy Policy, you can do so by using the following contact details information:

 

Attention: Privacy Officer

 

privacy@neurotechx.com

 

  1. When does this Privacy Policy apply?

    This Privacy Policy applies to your access and use of our non-profit services, which include when you:

     

    • navigate our general public website, available at https://neurotechx.com/, https://learn.neurotechx.com/ and https://neurotechx.github.io/  (the “Website”);
    • use the Network, including our forums, events, job boards, communications, social media, website, forms, e-mails, online courses and, really, all our activities in connection with the Network that are mainly available on our Website; and
    • exchange with us by e-mail, social media or otherwise, in connection with the above

     

    (collectively, our “Network Services”).

     

    However, it does not apply directly to the activities that are performed in connection with NeuroTechX Services Inc., our for-profit recruiting and consulting partner – you can consult NeuroTechX Services Inc.’s Privacy Policy here , which describe the processing of your personal data while using the FP Services (as defined therein). We do share your personal data with NeuroTechX Services Inc., you can read more about this here .

     

    Our Network Services may contain third-party material or content, including social media handles, allowing for content sharing and links towards third parties’ websites, content or material. In some cases, these third-parties may process your personal data, and such processing is subject to their respective privacy policies. It is your responsibility to review such privacy policies prior to using third-party material or content. This Privacy Policy does not extend to any websites, products or services provided by such third parties.

  2. What do you mean when you refer to personal data?

    “Personal data” is a legal term. It can mean different things depending on where you are located. Since we are an international Network, this Privacy Policy uses an all-encompassing definition of personal data, as set forth below. It’s important that you understand that, when it comes to exercising your legal rights, you may not be able to do so on some personal data covered in this Privacy Policy if the personal data that you want to exercise your rights on is not covered by the law. But you know what? We will try to help you either way, so just reach out and we’ll try our best!

    Here’s our definition of personal data:

    Personal data is any data which can allow us to identify you directly or indirectly, including any data associated with personal data that would not otherwise be personal data on their own.

    For instance, the color of your dress is not personal data, however, if you are alone in a room with this color on your dress and we are describing people in the room, we will be able to identify you.

    We include “cookies” in our definition of “personal data”. Cookies are small files or record-keeping devices that websites often store on your device. They are useful for many reasons, especially since servers have no memory. We include in our definition of cookies other technologies with similar purposes, such as pixels, tags, web beacons and device identifiers.

  3. What personal data do you collect about me, and why?

    We collect personal data, such as electronic data, usage data, identification data, consent data, competition data, credential data, professional data, communication data, identification data, consent data, professional data, event data, image data and social media data, to provide you with our Network Services, for the purpose of obtaining analytics on your use of our Network Services, or in connection with our marketing activities.

    This section does not cover the cookies that we use. Our use of cookies is covered in the next section of this Privacy Policy.

    Under the European General Data Protection Regulation (“GDPR”), we use different legal basis to justify our processing of your personal data, such as consent, the performance of a contract and our legitimate interests. However, these legal basis may not be valid under all jurisdictions and are indicative. For instance, in Canada, where such legal basis are not applicable except for consent, we collect, use and disclose such personal data with your consent, which may be explicit or implied. You can withdraw your consent at any time; click here to learn how to do so.

    Category of Personal Data

    Examples

    Purposes and examples of use

    Legal basis under the GDPR

    Electronic Data

    IP address, mobile identifier, device type, operating system and Internet browser type.

    This data is collected automatically through our Network Services in order for them to function effectively, to fix bugs or to improve the security of such Network Services. These may be collected as part of cookies (click here  to learn about the cookies we use as part of the Network Services).

    Legitimate interests; compliance with legal obligations.

    Usage Data

    Time spent on the Network Services, pages visited, links clicked, language preferences, pages that led or referred you to the Website.

    We collect this information for analytics purposes, to help us  know more about your use of our Network Services and to improve such Network Services. These may be collected as part of cookies (click here  to learn about the cookies we use as part of the Network Services).

    Legitimate interests.

    Identification Data

    First name, last name, city, age or date of birth, country, whether you are a hacker, a researcher, a professional, or a neurotech enthusiast, and similar data inputs, many of which are optional.

    If you sign in, create and edit your user profile on our Website, or if you register as a volunteer for the Network, we collect Identification Data to subscribe you. We also use different forms which collect Identification Data, such as the subscription form to our NeuroTechX Newsletter or the Registration Form to our Slack channel.

    Consent.

    Consent Data

    Consents

    If you subscribe to our famous monthly NeuroTech recap, we will ask for your opt-in and we will store it with your profile.

     

    You can opt-out of such communications directly in the emails you receive by clicking the “unsubscribe” link at the bottom. You can also contact us directly , or manage your preferences within our Network Services where available.

    Legitimate interests; compliance with legal obligations.

    Credential Data

    E-mails, passwords and electronic identifiers such as pseudonyms.

    If you attend and register for a MeetUp or if you join our Slack community, notably, we process your account name on such platform.

    Consent.

    Professional  Data

    Curriculum vitaes, cover letters, LinkedIn public profile, Twitter public profile, affiliations, seniority level, interests, location and willingness to relocate/travel, expected salary, many of which are optional.

    If you apply for a job posted on our Website, we collect Professional Data to build your candidate profile and to share it with potential employers who have published such job postings on our Website. Click here  to get more information about how and why we share some of your personal data with the FP Services users.

    Consent.

    Competition Data

    E-mail address, team name, university, project name, photo of you and your team.

    Competition Data is collected when you fill the project submission form, or participate in our contests, challenges and competitions, in order for us to organize them. Such competitions include Student Clubs competitions and Chapters.

    Consent.

    Image Data

    Videos, voices

    If your Student Club is showcased, or if you participate in any of our virtual or on-site events, we may collect and may publish your videos and presentations on third party platforms such as YouTube .

    Consent.

    Event Data

    First and last name, city, attendance and registration to events, workshops and demos, direct marketing, information disclosed through screen sharing, Q&A, chats during webinars, length during which attendees watched online events, business contact information.

    When you register for our events, we collect from you or through our service providers (such as Eventbrite) your Event Data, in order for us to understand our performance and to invite you to other events based on your interests during this event. Our events include our Zoom Webinars, workshops and demos.

     

    If we interact with you as part of events or trade shows, we may collect your contact information.

    Consent; legitimate interests.

    Communication Data

    First and last names, e-mail address, content of communications.

    When you contact us through the “Contact Us” section of our Website, we collect your personal data to respond to your inquiries.

    Legitimate interests.

    Social Media Data

    Publicly available information on your social media profiles and other personal pages, such as Medium, LinkedIn, Twitter, Youtube, Research Gate, etc.

    If you follow us or interact with us on social media, we may process your personal data for marketing or advertising purposes, subject to applicable laws, including those on consent.

    Consent.

     

  4. What cookies do you collect, and why?

    We use cookies for our Network Services to function as intended, to analyze our performance and to improve our Network Services’s security. Under the GDPR, we install essential cookies based on your legitimate interests, as it is required to provide you with the Services. However, we only install performance and functional cookies based on your consent.

    You can also click here to learn how to manage your preferences regarding cookies.

    Type of Cookie

    Description

    Legal basis under the GDPR

    Essential

    These cookies are required for the Network Services to function as intended and be secured. For instance, essential cookies are used to ensure the functionality of a change from http to https, or to remember your cookie preference if you are prompted to accept or refuse certain cookies. We are not required to obtain your consent for these cookies.

    Legitimate interests

    Performance

    These cookies, also called analytics cookies, are used to monitor usage and performance, such as what pages are visited often, whether there are any bugs, and where do our users come from.  This information is available to us in the aggregate, and we use it to improve our Network Services and understand how you interact with our Network Services.

    Consent

    Functional

    These cookies are used to provide you with certain features and functionalities on our Network Services. They are used to store preferences, such as consent to our legal documents or to cookies, account names and language. We also include in this category the cookies that are used for embedded content, including embedded content from social media platforms such as Facebook or Twitter, including through sharing buttons. These functionalities allow third parties to install cookies and, in some cases, to track you across services where their cookies are installed.

    Consent

     

  5. Do you use Google Analytics?

    Yes, we do. We use Google Analytics as part of Performance cookies on our Website. Google Analytics is Google’s analytical tool that helps us to understand how users engage with our Website. The information we collect through Google Analytics is page views, time spent through the Network Services, number of visitors, the source where they come from, the pages they have visited, session and Websites usage, the whole in an anonymous form. It uses a set of cookies to collect such information and reports site usage statistics without allowing us to identify individual visitors. Our use of Google Analytics includes the use of Google Adwords.

  6. To whom do you disclose my personal data to?

    Let’s be clear, we do not sell your personal data to data brokers. We will not disclose, trade, rent, sell or otherwise transfer your personal data without your consent, except as set out in this Privacy Policy.

     

    We disclose your personal data as part of our Network Services, such as to NeuroTechX Services Inc., its clients, to Network users, and to our service providers.

    Category

    Explanations

    Service Providers

    Service providers are used to provide you with some functionalities that are outsourced to third parties. For instance, we use Mailchimp to send our newsletter (click here  to jump to their privacy policy), Google (Google Form) to register you as a Network volunteer or for students to apply to our NeuroTechX Student Clubs Competitions (click here  to jump to their privacy rules).

    We also disclose your personal data to HubSpot (click here  to jump to their privacy policy) that helps us manage our leads, and to send Network Services and/or NeuroTechX Services users marketing and commercial communications, when they give their consent to such communications. Click here  to have more information about how you can opt-out of such communications.  

    We do not assume responsibility for the privacy practices of such third parties, and we encourage you to review all third-party privacy policies prior to using our Network Services.

    IT Service Providers

    We use IT Service Providers to offer you the Network Services, such as Bluehost to host the Network Services and your personal data (click here   to jump to the privacy notice of its parent company, Endurance), and WordPress as our content management and to prevent cyberattacks on our Website (click here  to jump to their privacy policy). We do not assume responsibility for the privacy practices of such third parties, and we encourage you to review all third-party privacy policies prior to using our Network Services.

    Other users of the Website

    When you create a user profile on our Website and decide to make some of your information “public” under the Privacy settings, other people navigating on our Website may have access to such Identification Data made “public” by you.

    Employers

    Employers and other organizations use the FP Services for recruiting employees through the job application section of our Website, as well as our FP Services for headhunting employees and/or consultants. When you apply for a job on our Website, we share your Professional Data with the employer who published the job post. When you create your user profile, we share your Identification Data with employers that use our FP Services for headhunting. Click here  to jump to the FP Services privacy policy which explains how personal data is processed in connection with the FP Services.

    However, if your application is selected by an employer and you become an employee or consultant of such organization (yay!), we are no longer responsible for that organization’s processing of your personal data.

    Law enforcement and other authorities

    We may receive requests by authorities to access your personal data. We will validate that the request is licit before responding. When possible, we will advise you. We will only share what is strictly required.

    In the event of a change of ownership, sale, merger, liquidation, reorganization or acquisition of our organization, in whole or in part, your personal data may also be transferred as part of the transaction.

  7. Will my personal data travel internationally?

    Yes! Although we usually store your personal data in the United S tates, in the context of the NeuroTechX Network, your personal data will be international travellers! This is because we use third-party service providers located internationally, and because you will be posting on public forums, participating in contests and exchanging with individuals worldwide. The objective of the NeuroTechX Network is to grow through local chapters into a large community. This means we will not be able to keep your data in one location, as a large part of it is available publicly to other users.

     

    Some countries may not offer the same level of protection offered in your country for personal data. Prior to sharing your personal data with a service provider, we validate that the laws in place are adequate or we implement reasonable safeguards, in accordance with our legal obligations.

  8. How long do you retain my personal data?

    We keep your personal data as long as necessary  (a) for the purposes of the collection or (b) as required under applicable laws, whichever is longer.

  9. How do you keep my personal data secure?

    We strive to implement physical, organizational, contractual and technological security features that are proportional to the risks, taking into consideration factors such as the sensitivity of the personal data that we collect. 

    We are currently using certain WordPress plugins to ensure the security of the Network Services, such as Akismet Anti-Spam, Anti-Malware Security and Brute-Force Firewall (Wordfence Security).

    However, it is important to understand that some of your personal data is publicly disclosed to other users of the Network, to NeuroTechX Services Inc. and to its clients, and that we cannot guarantee the security of personal data on the Internet and that you must also take precautions, such as not sharing your credentials with anyone. No method of information transmission or information storage is 100% secure or error-free, so we unfortunately cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure (for example, if you are concerned that your account credentials are compromised), please contact us immediately using the contact information provided at the beginning of this Policy.

  10. Do I have any rights over my personal data?

    Of course you do! However, these rights may change depending on where you are located in the world. These rights generally include the right to access and correct your personal data, as well as the right to withdraw your consent to the processing of your personal data (click here  to have more information on how you can do so).  Under the GDPR (if applicable to you), you have additional rights, such as the right to object to the processing of your personal data, the right to data portability, the right to erasure and the right to restrict the processing of your personal data.

    You can exercise your rights at any time by contacting us . You can also review your parameters in our Network Services. For instance, you can change your name, e-mail, password and other Identification Data within the Network Services without involving us, in the “My Profile” section, by clicking “Edit”.

     

    Once we receive your request, we will get back to you within 30 days. It’s possible that we cannot comply with your request, for instance, if it’s not applicable under the law. If we can’t process your request, we will provide you with explanations.

     

    If you are not satisfied with how we process your request, you can communicate with your local data protection authorities or privacy commissioners, and lodge a complaint. We will provide you with explanations on how to do so in our response to your request, based on your location.

    When you exercise your rights, we may have to request personal data to validate your identity.

     

    If your request is lengthy and difficult, and if we are allowed to do so by law, we may charge you a reasonable fee to assist you.

     

    Under the GDPR, if applicable, you are entitled to the following rights:

    • The right of access: under the right of access, you have the right to gain access to your data free of charge in a commonly used format – such as an electronic format if the request is made electronically.
    • The right to rectification: you are entitled to have your personal data rectified if inaccurate or incomplete and we will respond to such request within one month if not deemed complex.
    • The right to erasure: ‘the right to be forgotten’, or right to erasure, means you have the right to request that your data be deleted easily and securely where there is no compelling reason for possession and continued processing.
    • The right to restrict processing: you have the right to ‘block’ or restrict processing of personal data, in certain circumstances.
    • The right to data portability: you also have the right to data portability, which allows you to obtain and reuse your personal data across different services for your own purposes.

    If you are located in the European Union and you want to learn more about your rights, you can consult this guide published by the Information Commissioner’s Office of the United Kingdom.

     

    If you are still not satisfied, you can lodge a complaint to the Office of the Privacy Commissioner of Canada using this online form, or to your local privacy regulators if you are located in Europe.

     

    If you are located in Canada, you can also contact the Office of the Privacy Commissioner of Canada’s Information Center:

     

    Telephone

    9:00 am to 4:00 pm EST

    Toll-free: 1-800-282-1376

     

    Mailing address

    Office of the Privacy Commissioner

    30 Victoria Street

    Gatineau, Québec

    K1A 1H3

     

  11. If I gave consent for you to process my personal data, may I opt-out?

    Yes, whenever we process your personal data based on your consent, you can withdraw that consent at any time by contacting us  or by using the functionalities that we make available to you as part of the Network Services.

  12. Do you respond to “Do Not Track” signals?

    If you are a resident of California, you have the right to ask companies to stop tracking you on the Internet. Please note that we do not respond to Do Not Track signals. However, if you have a legitimate request about your personal data, be sure that we will try our best to assist you!

  13. If I gave consent for you to process my personal data, may I opt-out?

    It is easier than you think! However, some functionalities of our Network Services may require cookies in order to perform as expected, or for security purposes. You can control your cookie preferences through your browser. Depending on the browser that you are using, different instructions are applicable. Click on your browser for more information:

  14. If I gave consent for you to process my personal data, may I opt-out?

    Yes. We plan on adding many functionalities and on continuing to develop our Network Services. As a result, we may need to modify this Privacy Policy to reflect new processing activities, adapt to new laws and regulations or reflect technological changes or corporate changes, such as a result of a merger and acquisition. We may also change this Privacy Policy at our sole discretion. In case of material changes, we will send an e-mail to our registered users. You can view the date of the latest update at the top of this page, and you can always reach out to us  should you have any questions.