This document describes collection and processing of your personal data used in the use of our mobile device applications SocialPass and SocialScan. SocialPass is aimed at customers or visitors to public facilities such as restaurants and/or events (guests), while SocialScan serves the operators of public facilities and event organisers (hosts). The purpose of this document is also to inform the employees of the operators of public institutions and the organisers of events in cantons where the collection of employees’ data is also mandatory (e.g., in the canton of Vaud).
Personal data is all information relating to your person, such a name, postal address, e-mail address, telephone number.
The parti in charge of the data protection topic
CH – 3960 Sierre
You can send your privacy requests to the following address: firstname.lastname@example.org
We collect and process your personal data for the following purposes:
When using SocialPass for the first time, you will be asked to enter the language of use, telephone number, your name, first name, address of the place of residence and date of birth. Filling in the corresponding fields is mandatory. You can also provide your e-mail address (optional). Please note that your phone number will be automatically checked with an SMS to the number you entered earlier. This data remains stored in your phone and is used to generate a secure, encrypted QR code.
There may be two cases at the entrance to a public institution or event, depending on the canton in which you are located and the institution/event:
If you use SocialPass as a host employee (only in cantons where the collection of personnel data is also required), scan your employer’s QR code, which is reserved for employees (“TEAM”) at the start of work and end of work. The data provided by your employer will then be linked to the data you provide and the time data at the time of the scan (date, time) and stored on one or more secure servers in Switzerland.
SocialPass does not have a connection to your phone’s GPS system.
When using SocialScan for the first time, you will be asked to register your “organization” depending on the category (restaurant, event, sporting event, etc.) and to enter the required identification data (name of the institution or event, postal address, e-mail address and name of the person responsible). Please note that a user account is created.
When a customer arrives, there may be two cases, depending on which method you use:
You can also allow your employees to store their data if your health authorities so request and allow. Your employees will be informed of the collection and processing of their personal data by this document, which they must agree to before using the SocialPass application for the first time.
You have the following rights with respect to personal data concerning you:
Please note that the use of SocialPass and SocialScan is voluntary and therefore requires your consent. However, the collection and provision of your data to the competent public health authority is a legal obligation and you cannot oppose such processing, which is not subject to your consent. If you no longer want to use SocialPass and/or SocialScan, it is sufficient to uninstall the app that you no longer want to use (see point 7 below). You then have the obligation to provide the data manually or by other means to fulfil the statutory information requirements.
If you uninstall one of the two applications SocialPass or SocialScan, this will have no effect on visit data already registered in the database in accordance with Article 7 below. These are available to the competent cantonal authorities for a maximum of 14 days.
All your data will be kept strictly confidential and secure throughout the entire processing process.
The data you provided when you first used the SocialPass app will only be stored on your mobile device for the entire duration of the application being installed. They will be permanently deleted if the application is uninstalled. You can uninstall SocialPass and/or SocialScan at any time.
The data collected by scanning the QR code (see section 5 above) is centrally stored at national level on one or more secure servers in Switzerland. In accordance with Article 5(3) of the Regulation of 19 June 2020 on measures to combat the COVID-19 epidemic in special situations, they shall be kept in encrypted form (256-bit key) for a maximum period of 14 days. After the expiry of this legal period of 14 days, your data will be deleted. The operator of the public institution or the organiser of the event does not have access to this data.
Eligible health authorities can access data stored on one or more secure servers (data generated by scanning). According to the health authority, this access can be made by providing this data directly to the competent department or by forwarding this data to the operator of the public institution or to the organiser of the event, who is then responsible for forwarding your data to the competent cantonal service and ensuring its destruction after 14 days. In the latter case, we assume no responsibility for the processing of personal data by the operator of the public institution or by the organisers of the event.
The data stored on your mobile phone will never be passed on to third parties.
Access to the competent health service is fully secured and controlled. It requires an encrypted access key and double authorization.
No data is sold or used in our favour.
We reserve the right to change this declaration at any time, subject to legal provisions, considering the deadlines and the nature of the storage as well as the purpose of the processing, which may develop with changes in the law. The changes will be communicated by displaying them on the app. They will enter into force as soon as they are approved by the user (customer, host or employee).
Version of 15.4.21