Privacy policy for the use of the app

This privacy policy is machine-translated and not legally binding.

General information

The purpose of this privacy policy is to inform you about the processing of your personal data in the Vacuna App.

For the definition of personal data and other terms related to the General Data Protection Regulation (GDPR), please refer to Article 4 of the GDPR.

The Vacuna apps for Android and iOS (hereinafter “app”) are operated by IO Propagator Unternehmergesellschaft (haftungsbeschränkt). This is the responsible party (hereinafter “we”) within the meaning of the GDPR.

Translations of the German version of this privacy policy serve to facilitate access to information. These translations are not legally binding; only the German version of this privacy policy is legally valid.

This privacy policy was last updated on June 12, 2024.

What categories of personal data do we process?

The following categories of personal data are processed in the App:

  • Contact information (such as your email address),
  • Personal data (such as your date of birth)
  • Health data (such as your vaccination card),
  • Server log data (such as operating system, date and time stamp).

What do we process personal data for?

Your contact information is used to create and provide your user account, for support purposes and/or to send you information about Vacuna. The purpose of processing personal and health data is to determine your vaccination status, to provide vaccination recommendations and/or reminders, and to digitize your vaccination card. The processing of server log data is used to evaluate system security and stability. The anonymization of data is for research and statistical purposes.

The legal basis for processing your contact data, personal data, and server log data is the fulfillment of a contract with you on the use of the app pursuant to Art. 6(1)(b) DSGVO. Sending information about Vacuna by email is based on your consent pursuant to Art. 6(1)(a) DSGVO. The processing of health data and the digitization of the vaccination records are based on your consent pursuant to Art. 6(1)(a) and Art. 9(2)(a) DSGVO. The anonymization of data is based on Art. 6(1)(f) DSGVO and § 27 BDSG.

You can revoke your consent to receive information about Vacuna at any time (with effect for the future) via email. You may revoke your consent to the processing of health data at any time (with effect for the future) by deleting your user account. This will not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

How long do we store personal data?

Your personal data will be stored until it is no longer necessary for the purpose for which it was collected. Please note that we may retain your personal data for longer if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.

Your health data will be deleted if you withdraw your consent or if you delete your user account.

With whom do we share personal information?

Your personal data is transmitted in encrypted form and processed on servers operated by Netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany.

Your vaccination certificate is digitized with the help of a third party in the European Union. A corresponding data processing agreement in accordance with Art. 28 GDPR is in place to ensure the protection of the data. The third party processes the data exclusively in accordance with our instructions and in compliance with the applicable data protection regulations.

In accordance with the Terms and Conditions, the user of the Vacuna app is obliged to anonymize the vaccination certificate before requesting the automated digitization. This complies with the principles of data minimization pursuant to Art. 5(1c) GDPR.

Where is personal data processed?

The processing of your personal data takes place in Germany. The data may also be stored locally on the devices you use. A transfer to a third country within the European Union solely occurs if the digitization of your vaccination certificate is requested.

What rights do you have?

You have the right to

  • Information about your personal data (Art. 15 GDPR);
  • Amendment or correction of your personal data (Art. 16 GDPR);
  • To be forgotten, that is, to erase your personal data (Art. 17 GDPR);
  • Restriction of processing of your personal data (Art. 18 GDPR);
  • Taking away your personal data (Art. 20 GDPR);
  • Withdrawal of your consent (Art. 7(3) GDPR);
  • Revocation of processing of your personal data (Art. 21 GDPR);
  • Complaint to your local data protection supervisory authority (Art. 77 GDPR).

Further information.

You can reach our data protection contact at privacy[at]io-propagator.com.