MILVA APS · PRIVACY & COOKIE POLICY
Your Privacy Matters to Us
This policy explains how Milva ApS collects, uses, and protects your personal data — and how we use cookies on our website and platform. We are committed to full transparency and compliance with the GDPR and the ePrivacy Directive.
GDPR Compliant
We process your personal data in accordance with EU Regulation 2016/679.
Cookie Transparency
We clearly explain what cookies we use, why we use them, and how you can control them.
Your Rights
You have the right to access, correct, delete, and restrict our processing of your personal data at any time.
Last updated: March 2026 · Milva ApS · VAT DK34720932 · contact@milva.io
Data Controller
Who Is Responsible for Your Data?
The data controller for all personal data processed through this website and the Milva Lab platform is Milva ApS VATDK34720932.
Data Protection Officer (DPO)
For all questions regarding your personal data or to exercise your rights, please contact our DPO directly at contact@milva.dk
Scope of This Policy
This policy applies to:
- All visitors to milvalab.com and related subdomains
- MilvaLab platform users and their clients
- Individuals who contact us by email, phone, or via our booking system
- Subscribers to our newsletter or marketing communications
Personal Data
What Personal Data We Collect and Why
We only collect personal data that is necessary for the purposes described below. The legal basis for each type of processing is indicated in accordance with GDPR Article 6.
Client & Prospect Relationships
Data collected: Name, company, email address, phone number, job title.
Purpose: To respond to inquiries, provide demos, onboard new clients, and manage ongoing business relationships.
Legal basis: GDPR Art. 6(1)(b) — performance of a contract, or Art. 6(1)(f) — legitimate interest.
Purpose: To respond to inquiries, provide demos, onboard new clients, and manage ongoing business relationships.
Legal basis: GDPR Art. 6(1)(b) — performance of a contract, or Art. 6(1)(f) — legitimate interest.
Newsletter & Marketing
Data collected: Email address, name, marketing preferences.
Purpose: To send you product updates, webinar invitations, and relevant industry news.
Legal basis: GDPR Art. 6(1)(a) — your explicit consent. You may withdraw your consent at any time by unsubscribing.
Purpose: To send you product updates, webinar invitations, and relevant industry news.
Legal basis: GDPR Art. 6(1)(a) — your explicit consent. You may withdraw your consent at any time by unsubscribing.
Bookkeeping & Invoicing
Data collected: Name, company address, invoice details, VAT number.
Purpose: To fulfil our legal obligation to maintain accurate financial records in accordance with the Danish Bookkeeping Act (bogføringsloven).
Legal basis: GDPR Art. 6(1)(c) — legal obligation.
Purpose: To fulfil our legal obligation to maintain accurate financial records in accordance with the Danish Bookkeeping Act (bogføringsloven).
Legal basis: GDPR Art. 6(1)(c) — legal obligation.
MilvaLab Platform Users
Data collected: Login credentials, usage logs, sample submission data, GPS location (when using the app on-site), uploaded photos.
Purpose: To provide and improve our laboratory information management service.
Legal basis: GDPR Art. 6(1)(b) — performance of a contract.
Purpose: To provide and improve our laboratory information management service.
Legal basis: GDPR Art. 6(1)(b) — performance of a contract.
Cookie Policy
How We Use Cookies
Cookies are small text files placed on your device when you visit our website. We use cookies to ensure the site functions correctly, to understand how visitors use our platform, and — with your consent — to personalise content and measure the effectiveness of our marketing.
Strictly Necessary
Essential for the website and platform to function. These cookies enable core features such as login sessions, security, and page navigation. No consent required.
Functional / Preferences
Remember your settings and choices (e.g. language preference, login details). These improve your experience but are not essential. Consent required.
Analytics / Statistics
Help us understand how visitors interact with our website (e.g. pages visited, time on site). Data is aggregated and anonymised where possible. Consent required.
Marketing / Targeting
Used to deliver relevant advertisements and measure campaign effectiveness. May include third-party cookies from platforms like Google Ads or LinkedIn. Consent required.
Manage Your Cookie Preferences
You can change or withdraw your cookie consent at any time by emailing our DPO at contact@milva.dk with the subject line "Cookie Consent".
Cookie Details
Specific Cookies We Use
The table below provides a detailed overview of the cookies currently in use on milva.io and the MilvaLab platform.
This list may be updated periodically as we add or remove third-party services.
Data Retention
How Long We Keep Your Data
We only retain personal data for as long as necessary for the purposes for which it was collected, or as required by applicable law.
1
Active Relationship
Data is retained for the full duration of the business relationship or platform subscription.
2
Prospect / Inquiry
If no contract follows, we delete communication data within 2 years of the last meaningful contact.
3
Newsletter Consent
Upon unsubscribing, your consent record is retained for 2 years to comply with the Danish Consumer Ombudsman's spam guidelines (section 11.3).
4
Accounting Records
Invoices and related bookkeeping documents are retained for 5 years as required by the Danish Bookkeeping Act.
Your Rights
Your Rights Under the GDPR
As a data subject under the EU General Data Protection Regulation, you have a number of important rights regarding how we process your personal data. You can exercise any of these rights at any time by contacting our DPO at contact@milva.dk.
Withdrawal of Consent
Where our processing is based on your consent (e.g. newsletter subscriptions or non-essential cookies), you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. To withdraw consent email us on: contact@milva.dk.
Data Sharing
Who We Share Your Data With
Milva ApS does not sell your personal data to third parties. We only share data with trusted processors and partners where strictly necessary to deliver our services.
Data Processors
Cloud Infrastructure
Our platform is hosted on secure cloud infrastructure (EU-based data centres) in compliance with GDPR data transfer requirements.
CRM & Marketing Tools
We use HubSpot for CRM and email marketing. All data processing agreements are in place in accordance with GDPR requirements.
Analytics
Google Analytics is used with IP anonymisation enabled. No personally identifiable information is shared with Google through our analytics setup.
International Transfers
Where personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions issued by the European Commission
- Binding Corporate Rules where applicable
We conduct regular reviews of our data processor agreements to ensure ongoing compliance with the GDPR.
