Privacy policy.

Business and data processing activities of LabToWellness

LabToWellness designs beautiful patient focused health and wellness reports for automatic delivery from its cloud-based reporting platform to the hospitals, clinics, laboratories, pharmacies etc (LabTo Wellness clients). Patient focused reports can be designed for any existing or new service, such as laboratory test packages, health checkups, wellness screenings, DNA testing, pharmacy services. Inside the reports laboratory tests, health examinations, measurements, questionnaire answers, quick tests will be visualized and interpreted.

Data and information are at the heart of what LabToWellness does and we are committed to process personal data accordance with applicable data protection regulations. We respect our relationships with customers, clients, visitors, business partners and suppliers, and the trust they place in us to hold their and their patient’s personal information.

This Privacy Policy applies to personally identifiable information processed by LabToWellness as a personal data controller, whether the information is collected through a personal meeting, through this website https://www.labtowellness.com/ or other systems and processes under LabToWellness’ control. This Privacy Policy explains how the LabToWellness, uses and protects personal information. This personal information relates to the following categories of people: contacts of our business partners and/or visitors on our website, including person who have made a query on our website or by other means.

LabToWellness is not the controller of the patients’ health data that is processed under a data protection agreement between LabToWellness as a data processor and a hospital, clinic, laboratory or other client as a data controller. Named processing activities are not covered by this Privacy Policy. Please contact your service provider directly for any privacy or data protection related questions or requests.

Even if this website provides links to third-party websites, these third-party websites are not covered by this Privacy Policy. LabToWellness takes no responsibility for the privacy or security of information you provide to any third-party through linked websites or any other means.

By using this website, you agree that you have reviewed and understood this Privacy Policy, that you accept it.

Name and contact details of the controller

Labtowellness OÜ, Estonian registry code: 12069847, address: Mäealuse tn 2/1, 12618 Tallinn, Estonia, e-mail: info@labtowellness.com, phone number: +372 527 0307 (hereinafter referred to as “LabToWellness”, "we", "us" or "our").

Aim of this Privacy Policy

This Privacy Policy provides information about how we process your personal data, including:

  • what personal data we process;

  • what are the purposes and grounds for processing your personal data;

  • whom we can transfer your personal data to;

  • how long we will retain your personal data;

  • how you can object to your data processing;

  • what rights you have and how you can enforce them;

  • changes of this Privacy Policy.


The types of data we process

Personal data means data which is directly or indirectly related to a physical person which makes it possible to identify specific person.

You can visit our website without providing any personal data. When you choose to submit it to us, we process this certain personal data about you. For example, we collect information when you sign up as a user of our platform, submit information to us, request customer support, contact us on cooperation or otherwise communicate with us.

We may collect information such as your name, company name, your professional information, position in the company, delivery and invoicing address, e-mail address, phone (incl. mobile phone) and fax number, bank account, your requests, comments, other content submitted or other identifying information you choose to provide or is provided to us about you and website and communication usage information, such as correspondence and details of your use of our website and services obtained through cookies or other tracking technologies. This information may be collected through a personal meeting, filling up the registration form upon signing up as a user, submitting information through LabToWellness platform, visiting our website, e-mail, telephone. We may also collect this information from third party partners and public sources to the extent permitted by applicable data protection law. We collect this information about you into our client database.

Our website uses cookies to understand how you and other visitors use our site. We use this information to improve the performance and experience of our website visitors. This includes improving search results, showing more relevant content and information, better communication, and improved website performance.

Purposes and legal basis for processing your personal data

LabToWellness uses your personal data to process your requests and transactions, deliver your orders, offer or provide additional products and services, personalise the types of information you receive from us and to develop the services and products we provide. We may also process your data for accounting purposes.

We may process your data for the performance of a contract or to take steps prior to entering into a contract (GDPR Art. 6(1)(b)), including approach you based on publicly available information we have gathered. On some occasions the legal basis of the processing of your personal data may be your consent (GDPR Art. 6 (1)(a), for example, in case of newsletter consent) or a legal obligation (GDPR Art. 6(1)(c), for example, court order).

When communicating with you through newsletters, the legal basis of the processing is our legitimate interest (GDPR Art. 6(1)(f)) to keep our users, clients and other contacts informed of our latest products and services, share invitations to events where we will be taking part or that we are organising and to manage and administer your user account and orders. We rely on interest to maintain business relationships and communicating with our clients.


How we protect your personal data

We use a variety of physical and technical measures to keep personal data safe and prevent unauthorised access to, or use or disclosure of it. Electronic data and databases are stored on secure computer systems with control over who has access to information using both physical and electronic means. Our employees and partners receive data protection training and there is a set of detailed security and data protection policies which our employees are required to follow when handling personal information.

We give our best to keep your personal data secure at all times, but you should also ensure yourself that user account details and passwords as well as other personal data are securely held and not disclose these to unauthorised third parties. 

Who personal data is shared with

Your personal data is only processed within European Economic Area (EEA). Our processing activities do not include data transfers outside the EEA.

Your personal data may be transferred to certain processors that we may involve. Such data processors may be: companies providing data centre services, companies providing e-mail or other IT services, companies providing order services and other service providers whose services relate to processing of your personal data or to processing your requests and transactions.

If we are subject to negotiations for the sale of all or a part of our business to a third party, are sold to a third party or undergo a re-structuring, we may need to transfer some or all of your personal data to the relevant third party or its advisors as part of any due diligence process. Any information that is transferred to that re-structured entity or third party will be used for the same purposes as set out in this policy, or for the purpose of analysing any proposed sale or re-structure.

 We do not sell or rent your personal data to any third parties.

We may process your personal information to comply with our legal and regulatory obligations or to respond to regulators where applicable. This may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. In some circumstances, we may be legally required to disclose your personal information because a court, the police, another judicial or law enforcement body or government entity has asked us for it.


How long will we retain your personal data


We store your personal data for the purposes mentioned above for as long as we have a meaningful business contact or other contact or as may otherwise be required by law, generally not longer than for 3 years from the date of last contact (for example, from the date we answered to your inquiry). We review the necessity of retaining your personal data, as well as the data's correctness from time to time and erase or destroy unnecessary or outdated data.


How can you object to your data processing

You have the right to object to your personal data processing for the purposes specified in this Privacy Policy.

If you wish to state that you object to processing of your personal data for the purposes indicated in this Privacy Policy or that you do not wish to receive newsletters from us anymore, please contact us using the contact details indicated in this Privacy Policy.

You can also opt out of our newsletters by using the unsubscribe link in any email you receive from us.


What rights do you have

Depending on the legal restrictions, you have the following rights in relation to your personal data:

  • to request that we give you access to your personal data processed by us;

  • to request correction of incorrect, inaccurate or incomplete data;

  • to require the erasure of personal data or the restriction of its processing, when there is a legal basis for this;

  • to request to transfer personal data which you provided to us and which is processed by automated means, to another data controller or to submit it directly to you in a convenient form;

  • withdraw your consent to our use of your personal information at any time, in case the processing is based on consent and there is no other legal basis to continue the processing;

  • we hope we will be able to resolve any privacy concerns you may have. However, you have the right to file a complaint to the supervisory authority (Estonian Data Protection Inspectorate, Tatari 39, Tallinn 10134 Tallinn, tel.; +372 627 4135, e-mail: info@aki.ee or the supervisory authority of your place of residence or work or of the place of the alleged infringement within the EU).

Given that your personal data is processed on the basis of a legitimate interest, you have the right to access the assessment of the compatibility of interests of the data controller (LabToWellness) and the data subject (you).

 For the enforcement of your rights, please contact us using the contact details indicated in this Privacy Policy.

Changes to Privacy Policy

We are keeping our Privacy Policy under regular review and that is why we take the right to make changes to the Privacy Policy at any time. We kindly ask you to check our Privacy Policy when you use our website to ensure that you are aware of any changes in our privacy practice. Our Privacy Policy was last updated in September 2022.