Medilab24
hu magyar ro română sk slovenčina cs čeština en English

Laboratory Report Analyzer®

Detailed laboratory result evaluation.

The analysis shows not only the interpretation of individual data but also their relationship and their combined effect on the body.

Information
Information

  • Please prepare your laboratory test results.
    If you received it from the laboratory in PDF format, you may need to enter the password, which is typically based on your social security number.

  • Upload the laboratory results as a PDF file or photograph.

  • You can attach one PDF file or multiple photographs.
    In case of photographs, please ensure readability before uploading.

  • You may freely redact your personal information, the results will remain unchanged.
Analysis
Analysis

What do you get with the MediLab24® lab result analysis?

  • Based on your uploaded lab report, we compile a detailed analysis that presents your results in a clear and structured format.

  • The analysis includes a basic evaluation of all tested markers, with detailed explanations of abnormal values in plain language.
    The second section contains the identification of correlations: how do individual abnormal values affect each other? What diseases do different markers indicate when examined together?
    This is extremely important, as looking up values individually on the internet can often be misleading, since markers need to be examined in their complexity,
    and these correlations can point to diseases that the markers examined individually, one by one, do not reveal.

  • In the third section, we provide recommendations on which specialist you should consult and with what urgency.

  • Finally, the last section of the document summarizes personalized lifestyle and nutrition advice outlining the steps you can take for yourself alongside treatments.

  • The result is prepared in a multi-page downloadable PDF format, as well as in a viewable online format.

  • The analysis is typically completed within 25 minutes online, and you will be notified via SMS and email.
Diseases
Diseases

Laboratory result analysis helps identify the following diseases and conditions:

  • Allergies and immunoglobulins

  • Diabetes and insulin resistance

  • Bone and mineral deficiencies

  • Neoplastic processes (tumor markers)

  • Biliary diseases

  • Infections

  • Therapeutic drug monitoring (TDM)

  • Inflammatory and autoimmune conditions

  • Pancreatic diseases

  • Hormonal imbalances

  • Urinary tract diseases

  • Gout and uric acid problems

  • Liver diseases

  • Adrenal gland diseases

  • Metabolic syndrome

  • Thyroid disorders

  • Reproductive health and fertility

  • Sepsis and critical condition markers

  • Cardiovascular risks

  • Nutritional status and malnutrition

  • Pregnancy complications and screening

  • Toxicology and alcohol

  • Coagulation disorders

  • Anemia and blood disorders

  • Kidney diseases

  • Vitamin and trace element deficiencies

  • Lipid metabolism disorders
Help
Help

How the Medilab Analyzer Works

  • Upload your laboratory documents

  • Provide your phone number - for SMS notification

  • Provide your email address

  • Select the data retention period

  • Enter the data shown on the screen

  • Wait for our notification

  • Download the result
1
2
3

Laboratory Result *

Upload Files
Upload or photograph your laboratory test results.

Contact Information *

Phone number

We will send the download link via SMS.

 Email address

Result Retention Period *

How long do we store the test results?

After the specified time expires, the data will be permanently deleted.

Data Processing Policy

1.1 Preamble

The scope of this Privacy Notice applies to all domain names from which this system is officially accessible. In addition, it covers the legal relationships of the applications and networks connected to it. This Document is published in the footer of the Website at all times, is available in multiple languages, is effective from the указан date, and remains valid until revoked. By using the Website—especially when placing an order and by explicitly ticking the relevant checkbox—the User accepts that all rules related to the use of the Website automatically apply to them.

If the User accesses the Website operated by the Company or uses a related application, and reads its content in any manner, the User acknowledges the provisions of this Document as binding. The Operator is entitled to unilaterally amend the content of this Document; such amendments shall not have retroactive effect.

1.2 Data Controller, Operator

Enternova Kft.

  • 2161 Csomád

  • 48 Szent István Street

  • Tax number: HU24892955

  • Contact: via the Website’s support ticket system

1.3 Data Processors and Data Transfer Partners

Partner

Activity

Registered office

Safeguards

Stripe, Inc.

Payment processing

USA / Ireland

EU-US Data Privacy Framework

ClickSend (Synph Pty Ltd)

Transactional SMS sending

Australia

SCC contractual safeguards

Cloudflare, Inc.

CDN and web security

USA

EU-US Data Privacy Framework

KBOSS.hu Kft. (Számlázz.hu)

Invoice issuance

Hungary (EU)

Data transfers within the EU

Google LLC (Google Ads)

Advertising and conversion tracking

USA / Ireland

EU-US Data Privacy Framework

OpenAI, L.L.C.

AI-based analysis of laboratory results

USA

EU-US Data Privacy Framework

Anthropic, PBC

AI-based analysis of laboratory results

USA

EU-US Data Privacy Framework

Google LLC (Gemini)

AI-based analysis of laboratory results

USA / Ireland

EU-US Data Privacy Framework

Data transfers to the USA are carried out on the basis of the EU-US Data Privacy Framework. Data transfers to Australia are based on contractual safeguards (Standard Contractual Clauses – SCC).

1.4 Definitions

  • GDPR (General Data Protection Regulation): the European Union’s General Data Protection Regulation (2016/679).

  • Processing: any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • Controller, processor: the natural or legal person, agency or any other body which, on behalf of the controller, processes personal data and determines, alone or jointly with others, the purposes and means of the processing of personal data.

  • Operator, Company: the operator of the Website.

  • Personal data: any information relating to an identified or identifiable natural person (data subject).

  • Health data: personal data related to the physical or mental health of a natural person, including data concerning health care services provided to them, which reveal information about their health status (GDPR Article 4(15)).

  • Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

  • Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

  • User: visitors, users and customers (data subjects) of the Website.

1.5 Principles of processing

The Data Controller declares that it processes personal data in accordance with this Privacy Notice and complies with the applicable legal requirements, with particular regard to the following:

  • Personal data must be processed lawfully and fairly, and in a transparent manner for the data subject User.

  • Personal data may be collected only for specified, explicit and legitimate purposes.

  • The purposes of processing personal data must be adequate and relevant, and limited to what is necessary.

  • Personal data must be accurate and kept up to date. Inaccurate personal data must be erased without delay.

  • Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary.

  • Personal data must be processed in a manner that ensures appropriate security of the personal data by implementing suitable technical or organisational measures.

1.6 Data processed and their legal basis

When visiting the Website, certain parameters of visitors are automatically recorded. These logging parameters for a given User may include the following:

  • Time of entry of visits, time spent on the website, activity performed during that time, time of exit.

  • Type, resolution and language of the visitor’s browser, operating system, type of IT device.

  • Visitor’s IP address.

1.7 Data processed on the Website

Scope of processed data: the User’s email address, phone number, and the uploaded laboratory result file or photo (health data). During the order process, the User may also provide additional health data in order to refine the analysis.

Purpose of processing: to prepare the ordered AI-based analysis of the laboratory result, deliver the result to the customer, and handle related invoicing.

1.8 Data categories, purposes, legal bases and retention periods

Data category

Purpose

Legal basis

Retention period

Contact details (email, phone)

Performance of the contract, delivery of the result

Art. 6(1)(b) GDPR – performance of a contract

8 years (accounting obligation)

Billing data (name, address, amount)

Issuing invoices, tax compliance

Art. 6(1)(c) GDPR – legal obligation

8 years (accounting obligation)

Payment data (card reference, transaction ID)

Payment processing

Art. 6(1)(b) GDPR – performance of a contract

8 years (accounting obligation)

Health data (laboratory result file, additional health information)

AI-based analysis of the laboratory result

Art. 9(2)(a) GDPR – explicit consent

Retention period chosen by the customer (48 hours – 7 days), after which it is permanently deleted

Analysis result (PDF)

Delivery of the analysis to the customer

Art. 6(1)(b) GDPR – performance of a contract

Retention period chosen by the customer (48 hours – 7 days), after which it is permanently deleted

IP address, browser, session data

Security, quality assurance

Art. 6(1)(f) GDPR – legitimate interest (security)

1 year

Google Ads click identifier (gclid)

Conversion tracking, business analytics

Art. 6(1)(f) GDPR – legitimate interest (business operations)

2 years

SMS data

Delivery of result notifications

Art. 6(1)(b) GDPR – performance of a contract

8 years (accounting obligation)

Customer support communications

Customer support, legal compliance

Art. 6(1)(b) and (f) GDPR

8 years (accounting obligation)

Stripe risk assessment

Fraud prevention (by the payment processor)

Art. 6(1)(f) GDPR – legitimate interest

As set out in Stripe’s privacy policy

1.9 Duration of processing, deadline for deletion of data

Health data (uploaded laboratory result, analysis PDF) are automatically and permanently deleted upon expiry of the retention period selected by the customer at the time of ordering (minimum 48 hours, maximum 7 days). It is not possible to extend the retention period afterwards.

Other personal data will be deleted within 48 hours upon the data subject’s request, except where accounting record retention obligations apply. Requests for deletion may be submitted via the Website’s support ticket system. The Data Controller may request additional identifying information if it is not clear that the request is made by the authorised person.

2.0 Cookies

The Website uses cookies for operation and to improve the user experience. Cookies are small text files stored by the browser on the user’s device.

2.1 Mandatory (technical) cookies

These cookies are necessary for the basic operation of the Website and may be used without consent.

Cookie name

Type

Expiry

Purpose

XSRF-TOKEN

Essential

2 hours

CSRF security protection

evignet24_session

Essential

2 hours

Session identifier (Laravel)

cookie_consent_essentials

Essential

1 year

Consent status for essential cookies

cookie_consent_analytics

Essential

1 year

Consent status for analytics cookies

cookie_consent_marketing

Essential

1 year

Consent status for marketing cookies

evignet24_cookie_consent

Essential

1 year

Full consent object

__cf_bm

Essential

30 minutes

Cloudflare bot management and security protection

2.2 Consent management

The Website uses a cookie consent bar (cookie banner) that manages consent in three categories: Essential, Analytics, Marketing. The Analytics and Marketing categories can be switched on and off at any time in the cookie settings menu. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal (Art. 7(3) GDPR).

2.3 Processing of health data

Uploaded laboratory results qualify as special category (health) data under Article 9 GDPR. Processing of these data is based solely on the customer’s explicit consent (Art. 9(2)(a) GDPR), which is provided during the ordering process by actively ticking a mandatory checkbox.

The Service Provider processes health data exclusively for the purpose of performing the ordered analysis service. The data are not transferred to third parties, except for the processors named in this notice who are necessary for the technical operation of the service.

Consent may be withdrawn at any time via the support ticket system. Withdrawal does not affect the lawfulness of processing prior to the withdrawal.

2.4 Automated decision-making

The platform uses AI-based analysis to process uploaded laboratory results. This constitutes automated processing; however, the result is for informational purposes only and does not produce any legal effects or similarly significant effects for the customer (Art. 22 GDPR). The analysis does not constitute a medical diagnosis and does not replace an examination by a medical specialist.

Stripe, as the payment processor, uses its own risk assessment system (Stripe Radar) for fraud prevention purposes. This is Stripe’s own automated system; Enternova Kft. does not make decisions based on this assessment.

2.5 Transfer of data to a third country

Data transfers to the United States (Stripe, Cloudflare, Google) are carried out on the basis of the EU-US Data Privacy Framework. Data transfers to Australia (ClickSend) are based on Standard Contractual Clauses (SCC) contractual safeguards.

2.6 Data Protection Officer (DPO)

Enternova Kft. is not required to appoint a Data Protection Officer under Art. 37 GDPR, as it is not a public authority/body, its activities do not require large-scale regular monitoring, and it does not process special categories of data on a large scale.

Data protection inquiries may be submitted via the Website’s support ticket system.

3.1 Rights related to data processing

  • Right to request information:
    You may request information from us via the support ticket system about which of your data we process, on what legal basis, for what purpose, from what source, and for how long. Upon your request, we will send the information to the email address provided in the request within a maximum of 30 days.

  • Right to rectification:
    You may request that we amend any of your data. We will take action upon your request within a maximum of 30 days.

  • Right to erasure:
    You may request the deletion of your data. Upon your request, we will do so within a maximum of 30 days. Health data are automatically deleted upon expiry of the selected retention period.

  • Right to restriction of processing:
    You may request restriction of the processing of your data. The restriction will last as long as the reason you indicated makes it necessary to store the data.

  • Right to object:
    You may object to the processing. We will examine the objection within a maximum of 15 days from submission, make a decision on whether it is well-founded, and inform you of the decision by email.

  • Right to data portability:
    The data subject is entitled to receive the personal data concerning them, which they have provided to the controller, in a structured, machine-readable format.

  • Right to withdraw consent:
    Consent given for the processing of health data may be withdrawn at any time via the support ticket system. In the event of withdrawal, the data will be deleted without delay.

3.2 Remedies

If, in your opinion, unlawful data processing has occurred, you may lodge a complaint with the supervisory authority of the Member State of your habitual residence, place of work or place of the alleged infringement (Art. 77 GDPR). The supervisory authority competent for the Data Controller’s registered office is: National Authority for Data Protection and Freedom of Information (NAIH) – www.naih.hu

3.3 Final provisions

The data provided by the User are stored on servers. Only the operator’s staff may access the data, and all of them are responsible for handling the data securely.

If you discover any error or deficiency in this notice, please notify us without delay via the Website’s support ticket system.

Data protection questions and requests may be submitted via the website’s support ticket system.

Legislation forming the basis for data processing:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

  • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.

  • Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

2026.03.01.