Mislab
Sign InSign Up
Back

GDPR Compliance

Last updated: 20.11.2025

The Mislab service is designed and operates in accordance with the requirements of Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD). Below are the key principles and measures ensuring compliance with personal data protection legislation.

Lawfulness, Fairness and Transparency

Processing of personal data is carried out on lawful grounds: for the performance of a contract, on the basis of the user's explicit consent, and within the framework of legitimate interests. Users receive clear information about what data is collected and how it is used.

Purpose Limitation

Data is used exclusively for providing the medical document translation service, ensuring service security, and fulfilling legal obligations. Use of data for any other purposes is excluded.

Data Minimisation

Only data that is necessary for the operation of the service is collected. Processing is limited to the minimum required amount of information.

Processing of Special Categories of Data

Medical documents may contain health data classified as special category data under Art. 9 GDPR. Their processing is carried out:

  • on the basis of the user's explicit consent
  • exclusively for the purpose of providing the service
  • with enhanced protection measures

Automatic Anonymisation

During document recognition, the system automatically removes or masks personal identifying data, including patient names and contact information, if this does not hinder the translation. This reduces the risks of processing sensitive information.

Data Retention Periods

Data is retained only for the time necessary to provide the service and fulfill legal obligations. After this, the data is deleted or anonymised.

Rights of Data Subjects

Users may exercise all rights provided by GDPR:

  • right to access
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to data portability
  • right to object

Requests are processed via email:

info@mislab.es

Security of Processing

Technical and organisational protection measures are applied:

  • encryption of data in transit and at rest
  • access control and segregation
  • protection against unauthorised access
  • security incident monitoring

Data Transfers to Third Parties

Data is transferred only when necessary:

  • to verified service providers (e.g. hosting or AI processing)
  • under Data Processing Agreements (DPA)
  • in compliance with GDPR requirements

When transferring data outside the EEA, standard contractual clauses and other applicable protection mechanisms are applied.

Accountability and Compliance

Mislab implements internal processes and measures aimed at ongoing GDPR compliance, including data processing control and risk management.

Supervisory Authority Oversight

Users have the right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD): www.aepd.es

Contact for data protection matters:

info@mislab.es