aLIVE pass declaration
Declaration on health data protection.
Declaration on handling Covid-19 health data.
Global action is urgently needed to address the threats to lives and livelihoods posed by COVID-19, but this must not undermine the individual's right to privacy over health information.
The aLIVE Pass declaration on COVID-19 health data protection (hereinafter “declaration”) is in accordance with the statutory provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).
This declaration welcomes signatories and supporters from all legal systems, industries and ecosystems worldwide who are committed to the continued protection of individual data protection rights in the health sector in the post-COVID-19 world.
The use of personal data is carried out by the responsible provider on this website (in the following “offer”) and in Companies:
1. Who is the publisher of the aLIVE Pass app?
This app is published by aLIVE-Service GmbH on behalf of the Eberberg district. ALIVE-Service GmbH is also responsible for ensuring that your personal data is processed in accordance with the data protection regulations.
2. What is the digital COVID certificate?
The digital COVID certificate is proof that a person has received a vaccination against COVID-19 (vaccination certificate), has tested negative for COVID-19 (test certificate) or has recovered from COVID-19 disease (recovery certificate). The digital COVID certificates of the aLIVE Pass are valid from April 1st, 2021 throughout Germany as a certificate of COVID-19 vaccinations and recovery from a COVID-19 infection.
Upon request, you will receive a certificate from a competent institution (vaccination centers or doctors) after a vaccination or after having suffered a COVID-19 illness. A certificate will be used in electronic form on your smartphone. Each certificate contains a QR code with an electronic signature to protect against counterfeiting.
Please note that the QR codes of the aLIVE Pass certificates are not compatible with the certificates of the RKI.
Only show the certificates and QR codes if you want to provide evidence of this. Do not make the QR codes available to anyone if you do not want the data to be read out.
3. Is the use of the app voluntary?
Yes, using the aLIVE Pass app is voluntary. Each certificate is linked to the ID number given at the time of vaccination. You can decide at any time whether you want to create an account and save the certificate in the app. You can also delete the certificate and any of your data yourself from the app at any time.
4. Which personal data are processed?
Personal data is all information that relates to an identified or identifiable natural person (hereinafter "data subject"); A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person (Art. 4 (1) GDPR). This information includes name, contact details such as postal address, email address, telephone number and the like. as well as further information about natural persons.
In general, you can visit our website without providing any personal data.
5. Which data are processed?
a. Certificate data.
The certificates issued by the doctor or in the vaccination center contain administrative data. The certificates contain the following data:
- ID number,
- Place of vaccination,
- Date of vaccination,
- the necessary information about the vaccination (type of vaccine, batch number, number of doses)
- and the electronic signature of the aLIVE Pass.
This data is only saved in the app as soon as you enter it and, if the data match, activate and download the certificate. This data was previously collected by the authority that issued the certificate and transmitted to aLIVE-Service GmbH for signing the certificate.
b. Access data.
In order to use the public key of the aLIVE Pass to check the authenticity of the electronic signature, a connection to a server of the aLIVE-Service GmbH is established. Technical access data is processed by the server. These include the following data:
- IP address
- Date and time of the call
- transferred data volume (or packet length)
- Message as to whether the data exchange was successful
This access data is processed to enable and secure the connection and data exchange between the app and the server. You will not be personally identified as a user of the app and no usage profile will be created. The IP address is not stored beyond the end of the individual usage process.
6. On what legal basis are your data processed?
When creating the aLIVE-Service GmbH processes the above under section 5 a. mentioned certificate data on a legal basis. The legal basis is Article 6 (1) (c) and Article 9 (2) (g) of the General Data Protection Regulation (GDPR) combined with
- Section 22 (5) of the Infection Protection Act (vaccination certificate) OR
- Section 22, Paragraph 6 of the Infection Protection Act (Genesis Certificate).
The EU is currently working on a European legal basis for the certificate, in which the data processing for the creation and electronic signing is standardized for all EU countries. ALIVE-Service GmbH reserves the right to process data in the future on the basis of this regulation, should a connection be possible.
The legal basis for the processing of the above under section 5 b. The access data mentioned is Section 3 of the Federal Data Protection Act and Art. 6 Paragraph 1 lit. e GDPR.
7. What permissions does the app need?
To create an account in the aLIVE Pass app, you need an email address. The vaccination status certificate can be activated and downloaded by specifying the identification number used for vaccination (if specified), the vaccination location and the vaccination date, if these data match the administrative details of the vaccination.
The aLIVE Pass app requires access to your smartphone's camera when you scan the QR code of other users to check a vaccination certificate. The app also needs an internet connection in order to be able to download the current key material from the aLIVE-Service GmbH server system.
8. When will your data be deleted?
The certificates are only saved in the app on your smartphone and in our German data center certified for health data. If you wish to delete it, you can remove the relevant certificate and all your data from the app yourself at any time and then delete the app afterwards.
9. Who will your personal data be passed on to?
If you show your certificate to other persons or institutions, they will gain knowledge of all the data contained in the certificate.
You can prevent this by only displaying the QR code in the app so that it can be scanned with another aLIVE Pass app. Then only the data relevant for the vaccination status are read out and only displayed whether the certificate presented is valid and an explanation of the result. The name and ID number of the certificate holder are also displayed above the QR code so that the person checking can compare this information with proof of identity (e.g. passport or ID card).
10. Data protection officer
If you have any questions about the processing of personal data, you can also contact our data protection officer.
Contact details of the data protection officer
c / o aLIVE-Service GmbH
E-mail: [email protected]
Data protection authority: https://datenschutz.sachsen-anhalt.de/landesbeauftragter/Contact/
Last updated: 07/14/2021