Privacy Policy.

Last updated: March 2026

Masdiag ("we", "us", or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the EU General Data Protection Regulation (GDPR) 2016/679, which we apply as our baseline standard across all markets we serve.

1. Data Controller

The data controller responsible for your personal data is:

Masdiag
Email: privacy@masdiag.com

2. Data We Collect

We may collect and process the following categories of personal data:

2.1 Contact & Business Data

Name, email address, phone number, company name, job title, and country/region — collected through our contact form, email correspondence, or partnership agreements.

2.2 Health & Biological Data

Biological samples (dried blood spots, blood, urine, saliva, hair, nails) and associated analytical results. Under GDPR, health data is classified as a special category of personal data and is subject to enhanced protections.

2.3 Technical Data

IP address, browser type, device information, and website usage data collected automatically when you visit our website, used to improve site performance and security.

2.4 Client Portal Data

Login credentials, account preferences, and result access history associated with our online results portal.

3. Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR Article 6:

• Contractual necessity — to fulfil our obligations under partnership agreements, service contracts, and sample analysis agreements.
• Legitimate interest — to respond to enquiries, improve our services, and maintain business relationships.
• Legal obligation — to comply with regulatory, tax, and accreditation requirements.
• Consent — where specifically obtained, for example for marketing communications or optional data processing.

For health data (special category data), we rely on GDPR Article 9(2)(h) — processing necessary for medical diagnosis, the provision of health care, or the management of health care systems.

4. How We Use Your Data

We use personal data for the following purposes:

• Performing diagnostic analyses and delivering results to authorised recipients
• Fulfilling contractual obligations with B2B partners
• Responding to enquiries submitted through our contact form or email
• Managing access to our client portal and results platform
• Quality assurance, method validation, and proficiency testing
• Complying with legal, regulatory, and accreditation obligations
• Improving our website, services, and user experience
• Anonymised and aggregated research and statistical analysis

5. Data Sharing & International Transfers

We do not sell personal data. We may share data with:

• Partner organisations — results are delivered only to the authorised partner or their designated recipient, as defined in service agreements.
• Service providers — IT hosting, email services, and payment processing providers who process data on our behalf under data processing agreements (DPAs).
• Regulatory authorities — where required by law or accreditation obligations.

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) or adequacy decisions.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Analytical results and sample data — retained for the period required by applicable medical, regulatory, and accreditation standards (typically 10 years).
• Business contact data — retained for the duration of the business relationship and for a reasonable period thereafter.
• Website technical data — retained for up to 12 months.
• Contact form submissions — retained for up to 24 months unless a business relationship is established.

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your data where there is no compelling reason for continued processing.
• Right to restrict processing — request limitation of data processing in certain circumstances.
• Right to data portability — receive your data in a structured, commonly used, machine-readable format.
• Right to object — object to processing based on legitimate interest or for direct marketing purposes.
• Right to withdraw consent — where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@masdiag.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission, access controls, secure server infrastructure, regular security assessments, and staff training on data protection obligations.

9. Cookies

Our website uses essential cookies to ensure proper functionality. We do not use third-party advertising or tracking cookies. For analytics, we use privacy-respecting tools that do not create individual user profiles. You can control cookie preferences through your browser settings.

10. Children's Data

Our services are directed at B2B partners and healthcare professionals. We do not knowingly collect personal data from children under 16 without parental or guardian consent. Where diagnostic samples involve minors, data is processed under the authority of the commissioning healthcare professional or partner organisation.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or regulatory guidance. Material changes will be communicated through our website. We encourage you to review this page regularly.

12. Contact & Complaints

If you have questions about this Privacy Policy or wish to exercise your data rights, contact our Data Protection team: