Privacy

Below we provide you with some information that we believe is necessary to bring to your attention, not only to comply with legal obligations but also because transparency and fairness toward data subjects are fundamental pillars of our business.
This privacy policy is addressed to individuals interacting with the TAOL platform, accessible via the URL longevity.lamaisonvalmont.com, to benefit from the wellness and longevity services provided by Valmont, including those provided through third parties.

The Data Controller for your personal data is CVL Cosmetics SA (1, place du port,1110 Morges Switzerland), who is responsible to you for the lawful and correct use of your personal data. You may contact the Controller for any information or request at the following addresses: privacy@evalmont.com. Upon your request, your data will be shared with the facility/hotel/wellness/spa (hereinafter referred to as the "Affiliated Facility"), which, within the scope of the service, acts as an independent Data Controller in the management of your data.

Data is collected through the platform/website directly from the data subject. These sources are not publicly accessible.

Your personal data is collected and processed, including through automated electronic means, as specified below.

To fulfill the purposes mentioned above, your personal and biological data will be processed by providers specializing in IT services (SaaS platform) and laboratory diagnostic services. These entities operate as Data Processors, bound by specific contractual agreements designed to ensure the maximum security and confidentiality of your data. The Data Processor for your personal data is BMR GENOMICS S.r.l. (P.iva IT03888370289), Via Redipuglia, 21/A - 35131, Padua (PD) - Italy.
In addition to the above, as part of the activities required for the proper management of the organization, your personal data will also be processed by duly authorized internal or external personnel for the following purposes:

1. Management and maintenance of the network and IT systems: Specifically when processing occurs through partially or fully automated means (e.g., when data transits through BMR GENOMICS S.r.l.’s IT systems). This is based on the legitimate interest in protecting such systems and fulfilling information security obligations. Data is stored in compliance with security implementations and the provisions of the primary processing activity described above.
2. Compliance and governance management: Including fulfillment of personal data protection obligations and verifying compliance with quality standards and procedures. This is carried out as required by law or based on the Controller’s legitimate interest in ensuring organizational control and efficiency. Data is retained in accordance with the retention periods of the primary processing activity or as per applicable regulations.
3. Prevention and detection of abuse: To defend the rights and interests of the Data Controller. Data will be stored until the expiration of the statute of limitations, except in the event of litigation (in which case, data will be retained until the final resolution of the dispute). This is based on the Controller’s legitimate interest in protecting its rights and interests.

Your data is processed using manual, paper-based, and electronic tools, with logic strictly related to the purposes specified above and in a manner that ensures the security, integrity, and confidentiality of the data.

Except for purposes based on consent, providing your data is a necessary requirement. Therefore, in the event of failure to provide such data, you may not obtain the expected result or may only obtain it partially.

Your personal data is stored on servers located within the European Union.
However, for the fulfillment of the purposes described above, some of your data may be transferred to service providers located in countries outside the European Economic Area (EEA). Such transfers are carried out exclusively toward countries that ensure an adequate level of protection as recognized by a decision of the European Commission, or on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission.
These measures ensure that your data is protected with the same level of security as required within the European Union. You may request further information regarding the specific safeguards adopted by contacting the Data Controller at the addresses provided in this policy.

To the extent permitted by applicable law, we will keep the personal data we obtain about you for as long as is necessary for the purposes for which they have been obtained, in accordance with the provisions of this Privacy Policy, or if we have another legal basis, indicated in this Privacy Policy, to maintain such data beyond the period during which it is necessary to achieve the initial purpose of obtaining the personal data.
You can exercise your right to have your personal data deleted at any time, see the sections "What are your recognized rights?".

Our platform/website use a variety of appropriate technical security measures, communication protocols and organisational measures. Authentication tools are encrypted to ensure the security of your personal data.
We have implemented procedural, technical and physical safeguards in accordance with legal requirements and the state of the art at every stage of the processing of personal data. These measures are designed to protect against the destruction, loss, alteration, unauthorized access, use or disclosure of the personal information you provide to us. We regularly make automated backups of our databases.
We draw your attention to the need to maintain the confidentiality of the password you established when you registered on one our platform/website. The protection and confidentiality of your personal data depends on this.

This platform/website uses technicals cookies to enable:

• Navigation and use of the platform/website (allowing, for example, authentication to access restricted areas; navigation or session cookies);
• Navigation based on a series of selected criteria (for example, language, functionality cookies) in order to improve the service provided.

A cookie is a small text stored on your device (computer, tablet, or mobile) when you browse our website/platform. Cookies are commonly used to recognize users, remember preferences, and provide user experience.
Cookies are stored for a maximum period of 12 months.

Pursuant to Articles 15 et seq. of EU Reg. 2016/679:

• you have the right to request from the Controller access to your personal data, as well as its rectification, erasure, or the "right to be forgotten";
• You also have the right to request data portability or the restriction of processing;
• You have the right, for reasons related to your particular situation, to object to processing based on the legitimate interest concerning your personal data;
• You have the right to review the essential contents of any joint controllership agreements that may have been signed;
• For processing activities based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
• You may also lodge a complaint with the relevant Supervisory Authority for the protection of personal data.

To exercise your rights or to request additional information, you may contact the Data Controller using the contact information provided above.

We reserve the right to update our Privacy Policy. Any changes will be communicated in the manner deemed most appropriate, and we will update the date in this Privacy Policy. Therefore, we recommend periodically consulting our Privacy Policy or requesting a copy from the Data Controller.