Skip links
Sign up

Join the Touva Clinic


    Find out more about the collection of your personal data

    Tuva: Lifestyle medicine

    Privacy policy - TOUVA (Patients)

    Version 2025 - Integrative Phenomics SAS

    1. Identity of the data controller

    Integrative Phenomics SAS
    130 rue de Lourmel, 75015 Paris, France
    SAS with capital of €12,030.30 - RCS Paris B 853913846
    Contact : contact@touva.eu
    Data Protection Officer (DPO): dpo@touva.eu

    2. Purpose and scope of application

    This Policy applies to all users of the TOUVA mobile application and web platform.
    It describes how Integrative Phenomics collects, uses and protects personal and health data
    in the context of its cardiometabolic prevention and lifestyle medicine services.

    3. Collected data

    • Identification data: surname, first name, date of birth, e-mail, telephone.
    • Health and lifestyle data: eating habits, sleep, physical activity, stress, biological results.
    • Usage data: interactions, pages consulted, frequency of access.
    • Payment data: via a PCI DSS-certified service provider (not retained by TOUVA).

    4. Purpose of processing

    • Provide TOUVA services (assessments, analyses, personalized recommendations).
    • Enable patient-professional communication (with explicit consent).
    • Ensure safety, maintenance and service improvement.

    No data is used for advertising or non-medical profiling purposes.

    5. Legal basis for processing

    Treatments are based on :

    • the user's explicit consent (article 9.2.a RGPD) for health data, collected separately at registration;
    • and/or performance of the service contract.

    Consent may be withdrawn at any time from the application or by writing to
    dpo@touva.eu.

    6. Hosting and security

    Health data is hosted exclusively in France by an HDS-certified host (AWS Europe).

    Safety measures :

    • Encryption in transit (TLS 1.2+) and at rest (AES-256).
    • Strong authentication (MFA, OAuth2).
    • Role-based access control, logging and regular audits.

    7. Accountability and impact assessment (AIPD)

    Integrative Phenomics keeps a register of processing and has carried out a DPIA in accordance with Article 35 of the RGPD.
    Regular compliance and security reviews are carried out.

    8. Sharing and recipients

    Can only be shared with :

    • the referring healthcare professional (with explicit consent),
    • technical service providers (HDS host, payment, maintenance),
    • health authorities upon legal request.

    No transfers outside the European Union.

    9. Shelf life

    • Health data: duration of use + 10 years.
    • Technical logs: 12 months.
    • Anonymized data: unlimited retention for research purposes.

    10. User rights

    Rights: access, rectification, deletion, limitation, portability, opposition, withdrawal of consent.

    Exercise: from your personal space or at
    dpo@touva.eu.

    In case of dispute: www.cnil.fr.

    11. Incident notification

    In the event of a data breach, notification is made to the CNIL and to the users concerned
    (in accordance with articles 33-34 of the RGPD).

    12. Platform compliance

    Policy compliant with Apple App Store and Google Play Store requirements.
    Public link: https: //www.touva.eu/politique-confidentialite

    This site uses cookies to improve your browsing experience. By continuing your navigation, you accept their use.
    Explore
    Drag