Privacy policy

Read our privacy policy

As updated June 2021

If you visit any of our centers, websites, or use our apps, we will collect certain information relating to you. Generally, unless you submit information to us, such as via an online form, we only collect technical and device-related information from your use of our website and apps.

Our privacy policy outlines how Mafanikio Holding AB ( uses and protects any information that you provide during your client journey. This notice sets out how Mafanikio Holding AB will use and protect any information that you provide when you use any aspect of our service including our website. As a client of Mafanikio Holding AB, we hold personal information (known as “personal data”). Personal data refers to information from which you as an individual can be identified.

1. What information we hold

The information we need to hold includes:

  • Name
  • Phone number
  • Email Address
  • ID Document number or social security number
  • Medical information
  • Other information relevant to client surveys and/or offers

Personal data relating to the testing service is held in controlled computer systems. As the “data controller”, Mafanikio Holding AB and its affiliates must process this information fairly and lawfully.

During the running of the service, we also hold and process particularly sensitive information about you. This is known as “sensitive personal data” and specifically this information includes present health, specifically, medical testing carried out through our service

2. How we use this information

We use this information for the purposes described below.

  • Providing the Services: We process your information (including your health information) as necessary to provide the Services requested. For example, we collect information from you in order to provide the Services. We also store this information on our platform so you can access your results and other information, where you have given consent.
  • Account set up and payment: We process your information in order to set up a profile for you on our platform and as part of our administrative, financial and operational processes, such as taking payment, issuing invoices, etc. where you pay for the Service directly.
  • Service improvement and development: We process your information in order to improve our Services and for business planning purposes. For example, we may process information about how you use our Services in order to troubleshoot technical issues, predict service level demands and understand the features of the Services that are most popular. We also process your information in order to develop new products and services. For example, as part of our work with commercial partners, we may share anonymised data that does not identify you but which reveal trends, patterns or other information about how we provide the Services that is useful to our commercial partners.
  • Safety and security: We process your information as necessary to ensure we offer safe and secure Services, including to detect and prevent fraudulent and other illegal behaviour.
  • Legal and regulatory: We process your information as required (a) for compliance with our legal and regulatory obligations (b) to detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) to protect our rights, property, or safety; (d) to enforce any contracts we have with you; (e) to prevent physical injury or other harm to any person or entity, including you and members of the public; and (f) for regulatory compliance and investigations. For example, we may be legally required to share information with public health bodies.
  • Marketing: We may send you updates, invites and marketing materials relating to the Services. If we do so, we will also collect information on your interaction with such communications.

3. Our legal bases

In order to collect, use, share, and otherwise process your information for the purposes described in this notice, we rely on a number of legal bases, some of which are mentioned above, including where:

  • necessary to perform a contract we have with you, and to provide the Services;
  • you have consented to the processing (in which case you may withdraw your consent at any time). When processing your health information we rely on your explicit consent;
  • necessary for us to comply with a legal obligation;
  • necessary to protect your vital interests, or those of others;
  • necessary in the public interest;
  • necessary for the purposes of Mafanikio Holding AB’s or a third party’s legitimate interests, for example for marketing, improving or developing the Services and keeping the Services safe and secure, provided that those interests are not overridden by your interests or fundamental rights and freedoms.

4. Sharing your information

In the course of providing the Services, we may share information with various third parties such as your employer (with your consent), relevant government departments and bodies (including public health bodies), our service providers or regulators (where legally required).

We do this based upon the legal bases and exceptions mentioned in this notice for the following purposes.

  • Providing the Services: If you are a patient, we share the information provided by you with our service providers in order to provide the Services.
  • Keeping our Services safe and secure: We use your information in certain instances as necessary to pursue our and your legitimate interests of keeping some of our Services, such as our domains, websites, apps, offices and events, safe and secure. For example, we collect IP addresses and process log files to ensure our website and apps are not subject to fraudulent access.
  • Legal and safety reasons: We may share your information with law enforcement, public health bodies, regulators and others if we have a good-faith belief that it is reasonably necessary to (a) respond, based on applicable law, to a legal request (e.g., a subpoena, search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce any contracts we have with you; (e) prevent physical injury or other harm to any person or entity, including you and members of the public; (f) for regulatory compliance and investigations.
  • Service providers and professional advisers: We may share your personal information to help us provide our services and communicate with you. Categories of service providers include IT software, hosting providers and records-storage companies. We may also share your personal information where we need advice and support from our professional advisers, such as accountants, lawyers and insurance providers. Where such third parties are processors, these third parties are contractually required to use it only to provide their service to us and are contractually barred from using it for their own purposes.
  • Business re-organisation: In instances where our business is subject to a re-organization, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, need to share information in the course of the transaction. In such circumstances, your information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of Mafanikio Holding AB.

5. How long we keep your information

We may retain your information for as long as necessary in light of the purposes set out in this notice, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for Mafanikio Holding AB to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled. For example, we have specific legal obligations to retain medical information in accordance with our statutory requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, we retain any sample or DNA data you provide to us for the minimum period required to provide the Services, which will be less than two weeks after which it is safely and securely destroyed.

6. Your rights

You have a number of rights in relation to your information that we process. To exercise these rights, please contact us at [email protected]

While some of these rights apply generally, certain rights apply only in specific circumstances. We describe these rights below.

  • Access: You have the right to request access to your information that we control.
  • Data Portability: You have the right to request that some of your personal information that you initially provided to us is returned to you or another controller in a commonly used machine readable format.
  • Rectify, Restrict and Delete: You have the right to ask us to restrict the processing of your information or to rectify or delete your information. Please note that despite a deletion request, we may continue to process your information if we have a legal basis to do so.
  • Object: If we process your information based on our legitimate interests explained above, or in the public interest, you can object in certain circumstances. In such cases, where legally required to do so, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing, you can always object using the unsubscribe link in such communications or by contacting us at [email protected]
  • Withdraw Consent: Where you have previously provided your consent, you have the right to withdraw your consent to our processing of your information at any time. For example, you can withdraw your consent to email marketing by using the unsubscribe link in such communications or contacting us at [email protected] In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
  • Complain: You have the right to submit a complaint about our use of your information with your local supervisory authority or Mafanikio Holding AB’s supervisory authority, the Swedish Data Protection Authority (Integritetsskyddsmyndigheten)

7. Third party services

Our websites, domains and apps may contain links to other websites and services, which are managed and controlled by third parties. Please note that this notice does not apply in those cases and we are not responsible for the privacy practices of such third parties.

8. Amending the notice

From time to time, we may amend this notice. This might happen, for example, where we make changes to the Services. If we make material changes to the notice, we will take steps to notify you, such as by posting a notice on our website.

9. Contact us

Please contact [email protected] for the first instance, if you wish to:

  • Withdraw your consent
  • See your personal data or to exercise any of the rights mentioned previously
  • Make a complaint about how we have handled your personal data