Milva Lab

Legal

Privacy & Cookie Policy

Last updated: March 2026

This policy explains how Milva ApS collects, uses, and protects personal data, and how cookies are used on our website and platform. We are committed to transparency and to compliance with the GDPR and the ePrivacy Directive.

Data controller

Who is responsible for your data?

The data controller is Milva ApS, VAT DK34720932.

Data Protection Officer (DPO)

For questions regarding your personal data, or to exercise your rights, contact our DPO at contact@milva.dk.

Scope of this policy

This policy applies to:

  • All visitors to milvalab.com and related subdomains
  • Milva Lab platform users and their clients
  • Individuals who contact us via email, phone, or our booking system
  • Newsletter and marketing communication subscribers

Personal data we collect

What personal data we collect and why

Client & prospect relationships

  • Data: name, company, email, phone, job title
  • Purpose: respond to inquiries, provide demos, onboard clients, and manage relationships
  • Legal basis: GDPR Art. 6(1)(b) — performance of a contract, or Art. 6(1)(f) — legitimate interest

Newsletter & marketing

  • Data: email address, name, marketing preferences
  • Purpose: send product updates, webinar invitations, and industry news
  • Legal basis: GDPR Art. 6(1)(a) — your explicit consent

Bookkeeping & invoicing

  • Data: name, company address, invoice details, VAT number
  • Purpose: maintain accurate financial records as required by the Danish Bookkeeping Act
  • Legal basis: GDPR Art. 6(1)(c) — legal obligation

Milva Lab platform users

  • Data: login credentials, usage logs, sample submission data, GPS location (captured in the app on-site), uploaded photos
  • Purpose: provide and improve the laboratory information management service
  • Legal basis: GDPR Art. 6(1)(b) — performance of a contract

Cookie policy

How we use cookies

Cookies are small text files placed on your device during website visits. We use cookies for site functionality, to understand visitor behaviour, and — with your consent — to personalise content and measure marketing effectiveness.

Strictly necessary

Essential for the website and platform to function — enabling login sessions, security, and navigation. No consent required.

Functional / preferences

Remember user settings and choices, such as language preference and login details. Consent required.

Analytics / statistics

Help us understand how visitors interact with the website through aggregated, anonymised data. Consent required.

Marketing / targeting

Deliver relevant advertisements and measure campaign effectiveness, potentially including third-party cookies from Google Ads or LinkedIn. Consent required.

Manage your cookie preferences

You can change or withdraw your cookie consent at any time by emailing our DPO at contact@milva.dk with the subject line "Cookie Consent".

Data retention

How long we keep your data

We retain personal data only as long as necessary, or as required by law.

  • Active relationship: retained for the full duration of the business relationship or platform subscription.
  • Prospect / inquiry: communication data is deleted within 2 years of last meaningful contact if no contract follows.
  • Newsletter consent: upon unsubscription, consent records are retained for 2 years, per Danish Consumer Ombudsman spam guidelines.
  • Accounting records: invoices and bookkeeping are retained for 5 years, per the Danish Bookkeeping Act.

Your rights

Your rights under the GDPR

As a data subject, you have important rights regarding the processing of your personal data. These can be exercised at any time by contacting our DPO at contact@milva.dk.

Withdrawal of consent

Where processing is based on consent — such as newsletter subscriptions or non-essential cookies — you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Data sharing

Who we share your data with

Milva ApS does not sell personal data to third parties. Data is shared only with trusted processors and partners, and only when necessary to deliver our services.

Data processors

Cloud infrastructure

The platform is hosted on secure, EU-based cloud infrastructure that complies with GDPR data transfer requirements.

CRM & marketing tools

HubSpot is used for CRM and email marketing, with data processing agreements in place as required by the GDPR.

Analytics

Google Analytics is used with IP anonymisation enabled. No personally identifiable information is shared with Google.

International transfers

Where data transfers occur outside the EU/EEA, we apply appropriate safeguards:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions issued by the European Commission
  • Binding Corporate Rules, where applicable

We conduct regular reviews of our data processor agreements to ensure ongoing GDPR compliance.

Contact

Milva ApS · VAT DK34720932

Email: contact@milva.io