Privacy Statement

Feburary 2023

 

MU-VALLEY BV, having its registered office at 3630 Maasmechelen, Belgium, Koninginnelaan 58, company registration number 0824.845.735 (VAT BE0824.845.735) and RPR (register of legal entities) Antwerp, division Tongeren (“MU-VALLEY” or “we”) is the operator of ELAISA ENERGETIC WELLNESS (Nationaal Parklaan 7, 3650 Dilsen-Stokkem). MU-VALLEY processes your personal data and is a controller in terms of the GDPR (General Data Protection Regulation 2016/679 of 27 April 2016). This privacy statement should be read together with our cookie policy and will inform you about the processing of our personal data.

If you have any questions, complaints or requests, contact us at info@elaisawellness.com or 089/39.09.96. You may lodge a complaint with the Data Protection Authority (DPA) at https://www.gegevensbeschermingsautoriteit.be/burger/acties/klacht-indienen, contact@apd-gba.be or by post (1000 Brussels, Drukpersstraat 35).

1. WHAT PERSONAL DATA DO WE PROCESS, WHAT FOR AND WHY IS IT ALLOWED?

BROWSER AND SESSION DATA OF WEBSITE USERS

Among other things, we collect the following browser and session data by means of cookies when you use our website: internet browser type, user status, language preference, date and time of your visit, domain name or website through which you reached our website, number of visits, IP address, average time spent on our website and pages visited. More information on cookie settings for our website can be found in our Cookie Policy.

For what (purpose)?

  • technical and functional management of our website (essential and functional cookies)
  • evaluating the effectiveness of our website and tracking users’ usage and/or browsing behaviour (analytical cookies)
  • marketing and interaction on social media through the website (marketing cookies and social media plug-ins)

Why is that allowed (legal basis)?

  • our legitimate interests, i.e. providing a safe and well-functioning website (essential cookies)
  • your consent (functional, analytical and marketing cookies & social media plug-ins)

For cookie retention periods, see our cookie policy.

CUSTOMER CONTACT, BILLING AND DELIVERY DATA

Among other things, we collect the following contact, billing and delivery data when you contact us (by phone, e-mail or contact form), make a booking (through our website or otherwise) or use our services and/or enter our facilities: your name, address, telephone number, e-mail address, date of birth, VAT and/or CBE (Crossroads Bank for Enterprises) number, billing and delivery address and payment details, booking and purchase information and preferred products.

For what (purposes)?

  • to answer to your questions or requests for information
  • to negotiate or conclude contracts with you
  • to deliver and invoice our services and/or products
  • to conduct customer satisfaction surveys – to improve our services and/or products & customer service
  • to meet our legal and/or tax obligations, such as accountancy, invoicing, etc.

Why is that allowed (legal basis)?

  • your consent (including your request for information)
  • performance of our contract with you
  • our legitimate interests, i.e. improving our services, products and customer service
  • comply with a legal obligation

Prior to certain treatments, you will inform us of your health and/or physical condition (via an intake form). This information is necessary for the treatments to proceed safely and correctly. This information is also only used in the context of our services and the execution of our (service) agreement with you.

CONTACT AND OTHER DATA OF OUR SUPPLIERS

Among other things, we collect the following contact and other data from our suppliers (and/or their team) when we negotiate and conclude commercial contracts with suppliers: name, address, telephone number, e-mail address.

For what (purposes)?

  • to negotiate or conclude agreements with our suppliers
  • to maintain a commercial relationship with suppliers and receive their services and/or products
  • to meet our legal and/or tax obligations, such as accountancy, invoicing, etc.

Why is that allowed (legal basis)?

  • our legitimate interests, i.e. use of third-party services
  • performance of our contract with you
  • comply with a legal obligation

SELECTION AND RECRUITMENT DATA OF APPLICANTS

Among other things, we collect the following selection and recruitment data when you apply to us (via e-mail, the website or otherwise): your name, address, telephone number, e-mail address, date of birth, academic background, work experience, current job, salary expectations, characteristics, habits, family composition, skills, curriculum vitae and other documents and/or data you provide us with in this context. If you register in job databases and/or with recruitment agencies we work with, we obtain (part of) the aforementioned personal data through these databases and/or recruitment agencies.

For what (purposes)?

  • to process, manage and, when applicable, follow up incoming job applications addressed to us
  • to process, manage and, when applicable, act on your presentation by recruitment agencies or on jobplatforms

Why is that allowed (legal basis)?

  • your consent (including your request to contact you regarding the vacancy and/or job application)
  • the performance of your agreement with the recruitment agency and/or job platform

We may keep the application file of unsuccessful candidates (including the aforementioned personal data) for a period of 1 (one) year, with a view to future projects and/or vacancies, unless instructed otherwise by the applicant candidate. In the latter case, we will delete the application file completely and immediately.

PERSONAL DATA RESULTING FROM YOUR ACCESS TO OUR COMPANY DOMAIN AND/OR WELLNESS FACILITIES

Among other things, we collect the following data when you, as a customer, supplier, job applicant or other guest, physically enter our business premises and/or wellness facilities (f.e. by vehicle or on foot) via activated camera surveillance and access control at the main entrance: image and other data resulting from camera surveillance and access control such as date and time of visit and/or arrival and departure, vehicle model, licence plate number and any behaviour during your stay/visit.

For what (purposes)?

  • to control and management of the main access to the premises and/or domain within which we are located
  • to protection of our assets and/or the property of customers and other (categories of) visitors
  • to prevent burglary and theft

Why is that allowed (legal basis)?

  • our legitimate interests, in particular security on company premises and protection of relevant assets

To create the camera images for the purposes and based on the legal grounds described above, MU-VALLEY relies on certain suppliers, as described below, who license them the devices (cameras) and associated software developed for this purpose.

This license is shared with IMMO MORRAN NV (with registered office at 3630 Maasmechelen, Koninginnelaan 58-60, company registration number 0474.059.586, VAT-number BE0474.059.586en RPR Antwerp, division Tongeren), which operates in the same building as ours and therefore uses the same entrance and exit, including cameras.

BV MU-VALLEY and IMMO MORRAN NV agree to act as joint data controllers in this regard, whereby each of them will comply with data subjects’ requests relating to the piece of data processing for which it is responsible.

2. GOOGLE ADS – GOOGLE ANALYTICS – SOCIAL MEDIA

GOOGLE ADS

MU-VALLEY uses the services of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) for Google Ads. When you use Google Ads to browse to our website, after accepting Google’s terms of use, Google will activate certain marketing cookies on our website. This will record that you visit us after using Google Ads.

  • You can find more information in our Cookie Policy and Google’s policy at the following link: https://business.safety.google/adscookies/.
  • MU-VALLEY is the joint controller of your personal data (art.26 GDPR), when the aforementioned cookies are active. Google and MU-VALLEY have therefore concluded a joint processing agreement. For this we refer to https://business.safety.google/adscontrollerterms/. This stipulates that each controller will comply with data subjects’ requests relating to the piece of data processing for which it is responsible.
  • At the following link you can read Google’s privacy policy, with all the information on how Google processes your personal data: https://policies.google.com/privacy.
  • It is possible that Google may collect your data through Google Ads and exchange this personal data with third parties within or outside the EEA. Find the agreement with Google in this regard here: https://business.safety.google/adscontrollerterms/sccs/eu-c2c/.

DATA EXCHANGE WITH GOOGLE ANALYTICS

MU-VALLEY uses the services of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), for Google Analytics. Consequently, Google will have access to your personal data. Google may share your data with third parties within or outside the EEA. Here you will find our agreements with Google on (i) their role as processor and (ii) their subsequent data transfers, respectively.

DATA SHARED VIA SOCIAL MEDIA

When you share or publish data on social media, the privacy rules of the relevant social media channels will apply as far as the processing of your personal data by these channels is concerned.

MU-VALLEY has accounts, channels or pages on LinkedIn, Instagram, Facebook and YouTube respectively and is a controller of these accounts, channels or pages. Therefore, MU-VALLEY is the joint data controller for the processing of your personal data when (Art.26 GDPR): (i) MU-VALLEY shares your posts or interacts with you via social media (f.e. via comments or Direct Messaging), (ii) you post or share data on MU-VALLEY’s account, channel or page, and (iii) MU-VALLEY accesses your data via your profile or via third-party user pages.

Consequently, MU-VALLEY and aforementioned social media organisations have agreed on their respective roles as data controllers for the purpose of complying with the GDPR. Underneath you’ll find information on the processing of your data via our social media and the responsible parties involved in this.

Beyond what is provided in this privacy statement, MU-VALLEY has no influence on the processing of your personal data as a result of your activity, your page, account or channel on social media. Nor is it involved in such processing.

Facebook & Instagram (Meta Platforms Ireland Limited)

  • The joint processing agreement between the parties is available via the website link below: https://www.facebook.com/legal/controller_addendum.
  • That agreement included that Meta Platforms Ireland Limited will deal with data subjects’ requests relating to their personal data and/or their rights as set out in Articles 15-20 of the GDPR.
  • The information that Meta Platforms Limited Ireland, as joint data controller, is required to provide to data subjects under Articles 13(1)(a) and (b) of the GDPR, can be found in their privacy policy at https://www.facebook.com/about/privacy.

LinkedIn (LinkedIn Ireland Unlimited Company)

  • The joint processing agreement between parties is available at this link : https://legal.linkedin.com/pages-joint-controller-addendum.
  • That agreement included that LinkedIn Ireland Unlimited Company will deal with data subjects’ requests regarding their personal data and/or their rights under the GDPR.
  • LinkedIn Ireland Unlimited Company’s privacy policy, which contains all information about LinkedIn’s processing of your data and how you can exercise your rights, is available at this link: https://www.linkedin.com/legal/privacy-policy.

YouTube (Google Ireland Limited)

  • The joint processing agreement between parties is available at this link: https://business.safety.google/controllerterms.
  • That agreement included that each controller will act on data subjects’ requests relating to the piece of processing for which they are responsible.
  • Google Ireland Limited’s privacy policy, which contains full information about YouTube’s processing of your data and how to exercise your rights, is available at this link: https://policies.google.com/privacy.

3. DIRECT MARKETING

We process the personal data of existing customers and business relations for direct marketing purposes of similar services and products via e-mails. This processing is based on our legitimate interest, i.e. the promotion of our services, products and events (existing or new, similar).

For direct marketing to other categories of persons, consent will be sought prior to the processing of personal data, f.e. upon subscription to our newsletter (opt-in) and after explicit acceptance of this privacy statement.

Each person concerned may withdraw or object to their consent for all purposes, including direct marketing, at any time by informing us at: info@elaisawellness.com or 089/39.09.96 (see also below).

The absence or withdrawal of your consent to direct marketing will have no negative impact on our services to you or on your access to our website(tools).

4. RETENTION PERIOD

MU-VALLEY will not retain your personal data longer than necessary for the processing purposes (see above), unless a special (legal, contractual or other) period is applicable. Images and/or other data collected via camera surveillance are kept for a maximum of 30 days, after which they are automatically deleted.

5. ACCESS TO PERSONAL DATA

MU-VALLEY will keep your personal data confidential. Unless required by law or court order, we will not transfer your data to third parties.

We do sometimes use the services of third parties for support services (see below). These third parties sometimes gain access to (some of) your personal data as a result.

MU-VALLEY will conclude a processing agreement (as referred to in Article 28 of the GDPR) with these third parties. They hereby guarantee, among other things, to take the necessary technical and organisational measures to adequately protect your personal data and to use your data only for the purposes provided for in this Privacy Statement.

Your data will be communicated to the following third-party recipients within the European Union:

  • Staff and employees
  • Suppliers of support services, such as:
    • Hosting of website,
    • Marketing,
    • Legal and accounting advice,
    • ICT support,
    • Management and control of (access to) the business domain
    • Camera surveillance within and around the wellness facilities
    • Cash management, payment and booking systems

Your data will be communicated to the following third-party recipients outside the European Union:

  • Google Analytics (Google LLC) (see above)
  • Google Ads (Google LLC) (see above)

6. PROTECTIVE MEASURES

MU-VALLEY takes appropriate technical and organisational measures to protect your personal data against unlawful and/or accidental destruction, damage or loss as well as against unauthorised processing, access or transmission.

7. YOUR RIGHTS REGARDING YOUR PERSONAL DATA AND HOW TO EXERCISE THEM

With regard to your personal data, you are entitled, free of charge, to:

  • access to and inspection of your personal data and all information relating to the processing thereof;
  • correction of incomplete or incorrect personal data;
  • erasure of your personal data and restriction of their processing;
  • objection to (all or certain purposes), so that MU-VALLEY ceases such processing
  • withdrawal of consent previously granted by you
  • transferring your personal data to a new processor and/or controller and,
  • filing a complaint with the DPA (see above).

If you do not wish to give us consent or withdraw your previous consent, it may be possible that:

  • you will not be able to access (all) the tools of our website
  • we cannot offer you all our services
  • as a result, we will no longer be able to fulfil (all) our contractual obligations towards you.

This will not affect the lawfulness of processing operations based on your previous consent.

To exercise the aforementioned rights, please transfer your request and (a copy of) a valid proof of identity to MU-VALLEY by email at: info@elaisawellness.com. We will implement your requests in exercise of your rights as soon as possible and at the latest within 5 working days.

8. MODIFICATIONS TO THIS PRIVACY STATEMENT

This document was last updated in December 2022. MU-VALLEY reserves the right to modify this privacy statement at any time, for example as a result of new tools on our website or to comply with legal, contractual and/or administrative provisions. Important changes will be announced on our website. Therefore, please check our website regularly.