GDPR Compliance

Mithla Lab is committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page explains our approach to data protection and the rights available to EU/EEA residents.

Our Role

When you use the Mithla Lab website or submit inquiries, we act as the Data Controller. When our platform processes patient data on behalf of our laboratory clients, we act as a Data Processor under their instructions.

Legal Basis for Processing

Contract — processing necessary to fulfill our service agreement with you
Legitimate Interests — operating and improving our services, security
Consent — marketing emails and non-essential cookies (you can withdraw at any time)
Legal Obligation — compliance with applicable laws

Data Transfers

We may transfer data outside the EEA. All such transfers are protected by:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable

Your Rights Under GDPR

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct any inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing

Limit how we use your data under certain conditions.

Right to Data Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interests or direct marketing.

To exercise any of these rights, email privacy@mithlalab.com. We respond within 30 days.

Technical & Organisational Measures

AES-256 encryption at rest, TLS 1.3 in transit

Data processing agreements with all sub-processors

Privacy by design and by default in all product development

Regular Data Protection Impact Assessments (DPIAs)

Strict access controls and employee training

72-hour breach notification to supervisory authorities

Data minimization — we only collect what we need

Contact our Data Protection Officer

Email: dpo@mithlalab.com
Address: Dhaka, Bangladesh