Data protection

SocialPass – SocialScan and Data Protection

Privacy Policy – SocialPass and SocialScan

  1. Purpose and scope of this document

The purpose of this document is to inform you about the collection and processing of your personal data when using our SocialPass and SocialScan mobile applications. SocialPass is aimed at customers or visitors to public locations and/or events (customers), while SocialScan is used by operators of public locations as well as event organizers (hosts). Finally, this document aims to inform, if necessary, the employees of operators of public locations as well as event organizers if the collection of employee data is also mandatory (for example in the canton of Vaud).

  1. Notion of personal data/personal data

Personal data is all information that relates to you, such as your name, postal address, email address, phone number. .

  1. Responsible for processing personal data / file master.

The master of the file is: NewCom4U Sàrl

You can address your data protection queries to  rgdp@socialpass.ch

  1. Purpose

We collect and process your personal data for the following purposes:

  • Enable operators of public institutions as well as event organizers to comply with the obligations to collect and verify contact information imposed by federal or cantonal law (including Article 4 paragraph 2 of the 19 June 2020 Ordinance on measures to combat the COVID-19 epidemic in particular).
  • Allow the relevant cantonal service to identify and contact those presumed to be infected within the meaning of articles 33 and following of the Federal Law of 28 September 2012 on the control of communicable human diseases (Epidemics Act).
  1. Data collected

5.1.        SocialPass

When you first use SocialPass, you will be asked to enter the language of use, phone number, name, first name, home address and date of birth. It is compulsory to enter the corresponding information. You can also provide your email address (optional). Please note that your phone number will be automatically verified by SMS. All data you enter remains stored in your phone only and is used to generate a secure (encrypted) QR Code.

At the entrance to a public location or event, two scenarios may arise, depending on the canton in which you are located and depending on the location/event:

  • You scan your host’s QR Code using the SocialPass app. The data provided by your host is then associated with the data you provided and complemented with a time stamp (date, time) and, if applicable, with a table number; this data is then stored on one or more secure servers in Switzerland.
  • You present your QR Code generated by the SocialPass app. The data encrypted in the QR-Code is associated with restaurant specific information and complemented with a time stamp (date and time) and then stored on one or more secure servers in Switzerland. Your host will have no access to your data, and it will not be kept with them.
  • Should pertinent health authorities not have opted to access the data directly, the host may, on demand of the health authority, download a file and submit it to the Health Authorities. The host commits not to store or print the list or to put it at disposal of others or use it in any other form.

 

If you use SocialPass as an employee of the operator of a public location or the organizer of an event (only in cantons that also require the collection of staff data, like the canton of Vaud), you scan your employer’s employee-only QR Code (“TEAM”) when arriving and leaving work. The data provided by your employer is then associated with the data you provided as well as the time data at the time of scanning (date, time) and is stored on one or more secure servers in Switzerland.

SocialPass has no use of your phone’s satellite positioning system.

5.2.        SocialScan

When you first use SocialScan, you will be asked to register your “organization” according to the category to which it belongs (restaurant, event, sporting event, etc.), to introduce the necessary identification data (name of the establishment/location or event, postal address, email address and name of the person responsible). Please note that a user account will be created.

When a client arrives, there may be two scenarios, depending on the method you apply:

  • You scan the QR Code that your client presents to you. The data provided by your client is then associated with the data you have provided as well as with a time stamp (date, time of scanning) and is stored on one or more secure servers in Switzerland.
  • You present your QR Code to your client, whether you posted it at the entrance or have one per table. When scanning the QR Code that you have made available, your client’s SocialPass app will link your data (including, if applicable, the table number) to data your customer has provided as well as to the time data (date, time); this data will be stored on one or more secure servers in Switzerland.
  • Should pertinent health authorities not have opted to access the data directly, you may, on demand of the health authority, download a file and submit it to the Health Authorities. You commit not to store or print the list or to put it at disposal of others or use it in any other form.

 

You also have the option to allow your employees to record their data. This is only necessary (and therefore allowed) in the cantons that request it (e.g., Vaud). Your employees are informed about the collection and processing of their personal data through this document, which they must also approve before the first use of the SocialPass application.

  1. Your rights

You have the following rights to personal data:

  • Right of access/right to information on data processing
  • Right to correct or delete data
  • Right to object to data processing
  • Right to revoke your consent when it is required to process your data

Thank you for taking note of the fact that the use of SocialPass and SocialScan is optional, and therefore subject to your consent. However, the collection and provision of your data to the relevant cantonal services in any form is a legal obligation and you cannot object to this obligation. It is not subject to your consent. If you no longer want to use SocialPass and/or SocialScan, simply uninstall the app you want to stop using (see section 7 below). It will then be up to you to provide the data manually or with other tools to meet the statutory obligations.

  1. Data retention

All your data is kept in a strictly confidential and secure manner throughout its processing.

The data you provide when you first use the SocialPass app is stored on your mobile device only for the duration of the app’s installation. It will be permanently deleted if the application is uninstalled. SocialScan data is stored in a database. You can uninstall SocialPass and/or SocialScan at any point in time.

Data obtained by scanning the QR Code (see section 5 above) is stored on one or more secure servers in Switzerland (ZH). Data is kept there, in encrypted form (256-bit key), for 14 days, in accordance with Article 5 paragraph 3 of the Ordinance of 19 June 2020 on measures to combat the COVID-19 epidemic in a particular situation. At the end of this 14-day legal period, your data is erased. The operator of the public location or the event organizer does not have access to this data.

  1. Transmitting your data to third parties

Access to your data stored on one or several secure servers (data obtained after scanning) is granted to authorized state authorities upon request. Depending on the state’s legislation, this access can be provided either by making this data available directly to the relevant state authority, or by disclosing this data to the operator of the public location or to the organizer of the event, who is then responsible for transferring your data to the relevant state authority and ensuring the destruction of the data after 14 days. In the latter case, we assume no responsibility for the processing of your personal data by the operator of the public location or by the event organizer.

The data stored on your phone is never transmitted to third parties other then those involved in the process described above: operators of public locations, organizers of events and authorized state authorities.

Access to data by the relevant state authority is fully secure and controlled. It requires an encrypted access key as well as a dual authorization.

No data will be sold or used for the benefit of SwissHelios LLC or NewCom4u LLC (owner of HotelPro4u)

  1. Limitation of use of the SocialScan app

The SocialScan application can only be used in Switzerland and in countries where there is no data protection legislation. Data collected by this application may only be used by health authorities, both in Switzerland and abroad. In the event of non-compliance with these conditions of use, we reserve the right to prosecute offenders with the relevant authorities and to withdraw the right to use the application.

  1. Changing this statement

We reserve the right to amend this statement at any time. Changes are communicated by displaying them on the app. They come into effect as soon as they are approved by the user (customer, host or employee).

 

Version 24.2.2021