This Privacy Policy describes how Piedra Muda LAB (Marc Molinos Vallugera), with registered address at Plaça de Ramon Berenguer el Gran, 2, Barcelona, Spain ("we," "us," or "our"), collects, uses, processes, and protects personal data in connection with our website piedramudalab.com and services, including CHŌWA visual meditation sessions. Piedra Muda LAB acts as the data controller for customer contact information, session booking data, and service-related communications, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation "GDPR") and Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales.

Personal data processing is conducted based on the following legal grounds under Article 6 of the GDPR:
i. Explicit Consent: Processing of biometric data and special categories of personal data through Bio-Well technology is based on explicit written consent provided by data subjects through a mandatory consent form signed prior to each session, in accordance with Article 9(2)(a) of the GDPR.
ii. Contract Performance: Processing necessary for the performance of service contracts and pre-contractual measures taken at the data subject's request, including session booking, scheduling, and service delivery.
iii. Legitimate Interests: Processing necessary for legitimate business interests, including service improvement, quality assurance, customer relationship management, and business communications, where such interests do not override fundamental rights and freedoms.
iv. Legal Obligation: Processing required to comply with applicable legal obligations under Spanish and European Union law, including health and safety regulations and professional standards.

We collect and process the following categories of personal data:
i. Identity and Contact Information: Full name, email address, telephone number, postal address, date of birth, and identification documents where required for service provision and legal compliance.
ii. Biometric and Health Data: Physiological measurements collected exclusively through Bio-Well GDV (Gas Discharge Visualization) camera technology and processed through Bio-Well proprietary software during CHŌWA sessions. This data constitutes special categories of personal data under Article 9 of the GDPR and is processed exclusively by THE HUMAN ENERGY CORPORATION (Bio-Well España) according to their privacy policy available at https://bio-well.es/politica-de-privacidad/. Piedra Muda LAB does not store, retain, or have access to raw biometric data collected through Bio-Well systems.
iii. Session and Service Data: Session attendance records, service preferences, feedback, session summary reports received from Bio-Well systems, personalized meditation program recommendations, and communication records related to service provision.
iv. Technical Data: Website usage data, IP addresses, browser information, device identifiers, cookies, and similar tracking technologies used for website functionality and analytics.
v. Financial Data: Payment information, billing addresses, and transaction records processed through secure third-party payment processors in accordance with PCI DSS standards.

i. Bio-Well Technology Partnership: CHŌWA sessions utilize Bio-Well GDV camera technology and proprietary software manufactured by Bio-Well LLC and distributed in Spain by THE HUMAN ENERGY CORPORATION (Bio-Well España), located at BRUELLO, 22330 – SANTA MARÍA DE BUIL – ESPAÑA. THE HUMAN ENERGY CORPORATION acts as an independent data controller for all biometric data collected and processed through their technology platform.
ii. Data Processing Separation: Biometric data collected during sessions is processed exclusively through Bio-Well's proprietary software and stored on Bio-Well's systems according to their privacy policy and data retention practices. Piedra Muda LAB receives only aggregated session reports and analytical summaries necessary for service personalization, without access to raw biometric measurements or detailed physiological data.
iii. Independent Privacy Policies: Participants must review and consent to Bio-Well España's privacy policy (https://bio-well.es/politica-de-privacidad/) in addition to this Privacy Policy, as THE HUMAN ENERGY CORPORATION processes biometric data independently under their own legal framework and data protection obligations.
iv. Consent Documentation: Prior to each CHŌWA session, participants must complete and sign a comprehensive consent form that includes explicit consent for biometric data processing through Bio-Well technology, acknowledgment of Bio-Well España's privacy policy, and understanding of data processing arrangements between Piedra Muda LAB and THE HUMAN ENERGY CORPORATION.

i. Pre-Session Consent Form: Each participant must complete and sign a detailed consent form before any biometric measurements are conducted. This form includes explicit consent for biometric data processing, acknowledgment of the voluntary nature of participation, understanding of data processing purposes, and confirmation of awareness regarding Bio-Well España's independent data processing.
ii. Informed Consent Requirements: The consent form provides comprehensive information about Bio-Well technology, types of biometric data collected, data processing purposes, Bio-Well España's privacy policy and data retention practices, participant rights under GDPR, and procedures for withdrawing consent.
iii. Consent Verification: Participants must provide written confirmation that they have read and understood both this Privacy Policy and Bio-Well España's privacy policy, agree to biometric data processing through Bio-Well systems, understand their rights regarding personal data, and consent to receive session summary reports for service personalization.
iv. Consent Withdrawal: Participants may withdraw consent for biometric data processing at any time by providing written notice. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal but will prevent future biometric measurements and CHŌWA session participation.

Personal data is processed for the following specific purposes:
i. Service Provision: Delivering CHŌWA visual meditation sessions, including session scheduling, personalized visual content generation based on Bio-Well summary reports, and session customization according to individual preferences and requirements.
ii. Health and Safety: Ensuring participant safety during sessions through pre-session health assessments, monitoring for contraindications, and maintaining records necessary for continuity of care and safety compliance.
iii. Service Improvement: Analyzing aggregated and anonymized session data to enhance service quality, develop new methodologies, improve the effectiveness of visual meditation techniques, and advance research in contemplative practices and biometric integration.
iv. Communication: Providing session results and recommendations, follow-up communications, customer support, appointment scheduling, and service-related notifications.
v. Legal Compliance: Fulfilling legal obligations under applicable health and safety regulations, data protection laws, professional standards, and business compliance requirements.
vi. Business Operations: Managing bookings and scheduling, processing payments, maintaining customer relationships, conducting legitimate business activities, and ensuring operational efficiency.

Personal data is retained for the following periods, after which it is securely deleted or anonymized:
i. Biometric Data: Raw biometric data is retained exclusively by THE HUMAN ENERGY CORPORATION according to their data retention policies as outlined in their privacy policy. Piedra Muda LAB retains only session summary reports and analytical insights for a maximum period of three (3) years following the last service provision.
ii. Consent Forms: Signed consent forms are retained for seven (7) years to demonstrate compliance with legal requirements and provide evidence of lawful processing of special categories of personal data.
iii. Identity and Contact Information: Retained for the duration of the customer relationship and for seven (7) years thereafter for legal and tax compliance purposes under Spanish commercial and tax legislation.
iv. Session Records: Service-related records and communications maintained for five (5) years to support continuity of care, quality assurance, and service improvement initiatives.
v. Technical Data: Website analytics data retained for two (2) years; security logs and access records maintained for one (1) year for security monitoring and incident response purposes.
vi. Financial Records: Payment and billing records retained for ten (10) years in accordance with Spanish tax and accounting legislation and anti-money laundering requirements.

We implement comprehensive technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:
i. Technical Safeguards: Advanced encryption of data in transit and at rest, secure network protocols with regular security updates, multi-factor authentication and access controls, intrusion detection and prevention systems, and regular security vulnerability assessments.
ii. Organizational Measures: Comprehensive staff training on data protection principles and procedures, confidentiality agreements for all personnel, regular security awareness programs, incident response procedures and breach notification protocols, and privacy by design principles integrated into all business processes.
iii. Physical Security: Secure storage of consent forms and documentation, restricted access to facilities and equipment, environmental controls for data processing equipment, and secure disposal procedures for confidential documents.
iv. Third-Party Security: Due diligence assessments of all service providers, contractual data protection obligations with vendors, regular monitoring of third-party security practices, and verification of compliance with applicable data protection standards.

Personal data is primarily processed within the European Union. Any transfers to third countries are conducted in accordance with GDPR requirements:
i. Bio-Well Data Processing: Biometric data processed through Bio-Well technology is handled by THE HUMAN ENERGY CORPORATION within Spain and the European Union. Any international transfers related to Bio-Well technology are conducted under their privacy policy and appropriate GDPR safeguards.
ii. Adequacy Decisions: Transfers to countries with European Commission adequacy decisions are permitted without additional safeguards where such decisions remain valid.
iii. Standard Contractual Clauses: Transfers to countries without adequacy decisions are protected by Standard Contractual Clauses approved by the European Commission or equivalent mechanisms.
iv. Explicit Consent: International transfers may be conducted with explicit consent where other legal bases are not available and participants have been informed of potential risks.

Under the GDPR and Spanish data protection law, individuals have the following rights regarding their personal data:
i. Right of Access: Request confirmation of data processing activities and obtain copies of personal data held by Piedra Muda LAB. For biometric data processed by Bio-Well, participants must contact THE HUMAN ENERGY CORPORATION directly using the contact information provided in their privacy policy.
ii. Right to Rectification: Request correction of inaccurate or incomplete personal data held by Piedra Muda LAB or THE HUMAN ENERGY CORPORATION, as applicable to the specific data category.
iii. Right to Erasure: Request deletion of personal data where legally permissible, subject to legal retention requirements and legitimate business interests.
iv. Right to Restrict Processing: Request limitation of data processing in specific circumstances, including during dispute resolution or pending verification of rectification requests.
v. Right to Data Portability: Receive personal data in a structured, commonly used format and transmit to another controller where technically feasible and legally applicable.
vi. Right to Object: Object to processing based on legitimate interests or for direct marketing purposes, with immediate effect for marketing communications.
vii. Right to Withdraw Consent: Withdraw consent for processing at any time without affecting the lawfulness of processing conducted prior to withdrawal. Withdrawal of consent for biometric data processing will prevent future session participation.
viii. Right to Lodge Complaints: File complaints with the Spanish Data Protection Agency (Agencia Española de Protección de Datos - AEPD) or other competent supervisory authorities regarding data processing practices.

Our website uses cookies and similar tracking technologies to enhance user experience and analyze website performance:
i. Essential Cookies: Necessary for website functionality, security, and service provision, which cannot be disabled without affecting core website operations.
ii. Analytics Cookies: Used to understand website usage patterns, user behavior, and service performance for improvement purposes, deployed with appropriate consent where required by law.
iii. Marketing Cookies: Used for targeted advertising and marketing communications, requiring explicit consent before deployment and with opt-out mechanisms readily available.
iv. Cookie Management: Users can manage cookie preferences through browser settings, our cookie consent management platform, or by contacting us directly for assistance with privacy settings.

Our services are not directed to individuals under 18 years of age, and we do not knowingly collect personal data from minors without appropriate parental consent and additional legal safeguards required for processing children's data under GDPR Article 8.

This Privacy Policy may be updated periodically to reflect changes in our practices, legal requirements, service offerings, or third-party relationships. Material changes will be communicated through website posting with updated effective dates and, where appropriate, direct notification to affected individuals via email or other communication methods.

For questions, concerns, or requests regarding this Privacy Policy, data processing practices, or exercise of data subject rights, please contact:
 

Data Protection Contact
Piedra Muda LAB
Email: contact@piedramudalab.com
Address: Plaça de Ramon Berenguer el Gran, 2, Barcelona, Spain
 

Bio-Well Data Processing Inquiries (Spain)
For questions specifically regarding biometric data processing through Bio-Well technology:
THE HUMAN ENERGY CORPORATION
Address: BRUELLO, 22330 – SANTA MARÍA DE BUIL – ESPAÑA
Website: https://bio-well.es
Privacy Policy: https://bio-well.es/politica-de-privacidad/

Bio-Well Global Headquarters
Bio-Well LLC
Email: info@bio-well.com
Address: 833 W South Boulder Rd, Building G, Louisville, CO, 80027, US
Privacy Policy: https://bio-well.com/policies/privacy-policy

Supervisory Authority
Agencia Española de Protección de Datos (AEPD)
Website: www.aepd.es
Email: consultas@aepd.es

​This Privacy Policy is designed to ensure compliance with all applicable data protection legislation, including but not limited to the General Data Protection Regulation (EU) 2016/679, Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales, and related Spanish and European Union privacy legislation. Any conflicts between this Privacy Policy and applicable law shall be resolved in favor of legal requirements, and invalid provisions shall not affect the validity of remaining policy terms.