- General information
- What categories of personal data do we process?
- What do we process personal data for?
- On what legal basis do we process personal data?
- How long do we store personal data?
- With whom do we share personal information?
- Where is personal data processed?
- What rights do you have?
- Further information.
For the definition of personal data and other terms related to the General Data Protection Regulation (GDPR), please refer to Article 4 of the GDPR.
The Vacuna apps for Android and iOS (hereinafter “app”) are operated by IO Propagator Unternehmergesellschaft (haftungsbeschränkt). This is the responsible party (hereinafter “we”) within the meaning of the GDPR.
What categories of personal data do we process?
The following categories of personal data are processed in the App:
- Contact information (such as your email address),
- Health data (such as your vaccination card),
- Server log data (such as operating system, date and time stamp).
What do we process personal data for?
Your contact information is used to create and provide your user account, for support purposes and/or to send you information about Vacuna. The purpose of processing health data is to determine your vaccination status, to provide vaccination recommendations and/or reminders, and to digitize your vaccination card. The processing of server log data is used to evaluate system security and stability.
On what legal basis do we process personal data?
The legal basis for processing your contact data for registration and creation of your user account is the fulfillment of a contract with you on the use of the app pursuant to Art. 6 para. 1 lit. b DSGVO. The sending of information about Vacuna by email is based on your consent pursuant to Art. 6 para. 1 lit. a DSGVO. The processing of health data is based on your consent pursuant to Art. 6(1)(a) and Art. 9(2)(a) DSGVO.
You can revoke your consent to receive information about Vacuna at any time (with effect for the future) via email. You may revoke your consent to the processing of health data at any time (with effect for the future) by deleting your user account. This will not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
How long do we store personal data?
Your personal data will be stored until it is no longer necessary for the purpose for which it was collected. Please note that we may retain your personal data for longer if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
Your health data will be deleted if you withdraw your consent or if you delete your user account.
With whom do we share personal information?
Your personal data is transmitted in encrypted form and processed on servers operated by Netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany.
Where is personal data processed?
The processing of your personal data takes place in Germany. The data may also be stored locally on the devices you use. Thus, there is no transfer to a third country.
What rights do you have?
You have the right to
- Information about your personal data (Art. 15 DSGVO);
- Amendment or correction of your personal data (Art. 16 GDPR);
- To be forgotten, that is, to erase your personal data (Art. 17 GDPR);
- Restriction of processing of your personal data (Art. 18 GDPR);
- Taking away your personal data (Art. 20 GDPR);
- Withdrawal of your consent (Art. 7(3) DSGVO);
- Revocation of processing of your personal data (Art. 21 GDPR);
- Complaint to your local data protection supervisory authority (Art. 77 GDPR).
You can reach our data protection contact at privacy[at]io-propagator.com.