Processing and protection of personal data
The CovidPass mobile application is a comprehensive application providing the ability to find the nearest collection point that performs tests on Covid-19, book test runs, including the ability to send a test request immediately online whenever your test results are available for proof and valid information about your infectivity. In order to use the functions of the application, it is necessary that you provide us with some of your personal data. Providing your personal information is voluntary, but if you do not do so you will not be able to use this application and its features.
Your registration is required to use the application. Mandatory registration involves entering your name and surname, date of birth, birth number, residential address and email contact. Entering a phone number is optional but is recommended in order to make full use of the application. This data will be stored in the database for the purpose of using the functions of the application, for the entire period that your registration will be active.
To create a request to perform a test for COVID-19, it is necessary to process your following personal data: name and surname, date of birth, birth number, residential address. This data will be stored in the database for the necessary period (for a period of [1 month] from the sending of the test request at the longest) for the purpose of creating the test request and its delivery to the selected laboratory.
If you choose to receive the test result via the CovidPass application, we must process your following personal data: name and surname, date of birth, birth number, residential address and email contact and health data in the form of test result information. This data will be stored in the database for the necessary period (for a period of [1 month] from the insertion of the test result at the longest) for the purpose of delivery of the test result. The test result will be entered into the database by the laboratory that will perform the testing.
If you choose this option, the application can save the test results for your later use. In this case, it is necessary to process your following personal data: name and surname, date of birth, birth number, residential address, email contact and health data in the form of information about the test result. This data will be stored in the database for 3 months from the entry of the test result for the purpose of storing the test result.
If you choose this option, the application can share the test results with selected third parties (administrative authorities, your employer, etc.). In this case, it is necessary to process your following personal data: name and surname, gender, date of birth, place of birth, birth number, home address, phone number and email contact. This data will be stored in the database for a period of 3 months from the insertion of the test result for the purpose of sharing the test result with third parties that you mark in the application.
We process your personal data on the basis of your consent or if it is necessary for the performance of the contract concluded with you, or for the implementation of measures before the conclusion of this contract, at your request.
If you have given your consent to the controller to the processing of your personal data, you can withdraw from it at any time. However, we must warn you that any withdrawal of consent for any of the processing purposes may result in you no longer being able to use the CovidPass application. Withdrawal of consent shall not affect the lawfulness of the processing based on the consent given before its withdrawal.
The controller of your personal data, which also processes them, is the company CovidPass s.r.o., with its registered seat at Boženy Němcové 1881/5, Nové Město, 120 00 Prague 2, ID No. (IČO): 09283561, registered in the Commercial Register maintained at the Municipal Court in Prague, file No. C 333824.
For the purposes of performing the test and delivering the test result, we pass on your personal data to other controllers, i.e. laboratories that perform testing and enter test results into the application database. The current list of laboratories is available in the "I want a test" section.
For the purpose of processing personal data, we may also use third parties - processors. The currently, we don't use a processors.
In principle, we do not transfer your personal data to countries outside the European Union without your consent. The servers we use are located in the European Union.
As a data subject, you have number of rights in relation to the protection of personal data. The overview of these rights can be found below:
This right allows you to obtain information about our identity as the controller of personal data and our contact details, you are also entitled to know the legal title of processing and the purpose of processing your personal data, or recipients or categories of recipients, data on the transfer of your personal data to third countries or information about the period for which we will keep your personal data.
This right allows you to obtain information from us based on your request, whether we process your personal data and, if so, to what extent (purpose of processing, categories of personal data processed, recipients, planned processing time, transfer to 3rd countries, information about your rights and other related information). You can also request a copy of the personal data we process.
In order to process only your actual personal data, we need you to notify us of any change as soon as possible. In the event that we process your incorrect data, you have the right to request their correction, which we will perform based on your request.
This right obliges us to delete / destroy your personal data if the purpose of the processing has lapsed, or if you have revoked your consent to the processing, if you object to the processing of your personal data or if the processing was illegal. We are also obliged to delete your personal data if this follows from the applicable legislation. However, your right to delete is subject to certain restrictions. For example, we will not delete your data if it is necessary to prove, assert or defend legal claims.
This right entitles you, in certain cases, to ask us to restrict the processing of your personal data. Therefore, you can request a restriction, for example, when you object to the accuracy of the data being processed or when the processing is illegal and you do not want us to delete the data, but you need the processing to be limited as long as you exercise your rights. We continue to process your data if there are grounds for proving, asserting or defending legal claims.
If the processing is based on your consent or is performed for the purpose of fulfilling the contract concluded with you, and at the same time performed by automated means, you have the right to receive from us your personal data obtained from you in a commonly used machine-readable format. If you are interested and if it is technically possible, we will transfer your personal data directly to another controller.
If we process your personal data for the performance of tasks performed in the public interest or in the exercise of public authority entrusted to us, or if we perform processing on the basis of our legitimate interests or the legitimate interests of a third party, you have the right to object to such processing. Based on your objection, we will restrict the processing of personal data, and until we demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or grounds for proving, asserting or defending legal claims, we will not continue to process personal data and delete your personal data.
To exercise the above rights or to obtain further information, please contact us at the following email address: email@example.com.
If you believe that we process your personal data in violation of the GDPR or other data protection regulations, you have the right to file a complaint with the relevant supervisory authority. For the territory of the Czech Republic, the supervisory body is the Office for Personal Data Protection, with its registered office at: Pplk. Sochora 27, Holešovice, 170 00 Prague 7, Czech Republic, web: www.uoou.cz, tel .: +420 234 665 111.