SocialPass – SocialScan and Data Protection
Privacy Policy – SocialPass and SocialScan
The purpose of this document is to inform you about the collection and processing of your personal data when using our SocialPass and SocialScan mobile applications. SocialPass is aimed at customers or visitors to public locations and/or events (customers), while SocialScan is used by operators of public locations as well as event organizers (hosts). Finally, this document aims to inform, if necessary, the employees of operators of public locations as well as event organizers if the collection of employee data is also mandatory (for example in the canton of Vaud).
Personal data is all information that relates to you, such as your name, postal address, email address, phone number. .
The master of the file is: NewCom4U Sàrl
You can address your data protection queries to rgdp@socialpass.ch
We collect and process your personal data for the following purposes:
When you first use SocialPass, you will be asked to enter the language of use, phone number, name, first name, home address and date of birth. It is compulsory to enter the corresponding information. You can also provide your email address (optional). Please note that your phone number will be automatically verified by SMS. All data you enter remains stored in your phone only and is used to generate a secure (encrypted) QR Code.
At the entrance to a public location or event, two scenarios may arise, depending on the canton in which you are located and depending on the location/event:
If you use SocialPass as an employee of the operator of a public location or the organizer of an event (only in cantons that also require the collection of staff data, like the canton of Vaud), you scan your employer’s employee-only QR Code (“TEAM”) when arriving and leaving work. The data provided by your employer is then associated with the data you provided as well as the time data at the time of scanning (date, time) and is stored on one or more secure servers in Switzerland.
SocialPass has no use of your phone’s satellite positioning system.
When you first use SocialScan, you will be asked to register your “organization” according to the category to which it belongs (restaurant, event, sporting event, etc.), to introduce the necessary identification data (name of the establishment/location or event, postal address, email address and name of the person responsible). Please note that a user account will be created.
When a client arrives, there may be two scenarios, depending on the method you apply:
You also have the option to allow your employees to record their data. This is only necessary (and therefore allowed) in the cantons that request it (e.g., Vaud). Your employees are informed about the collection and processing of their personal data through this document, which they must also approve before the first use of the SocialPass application.
You have the following rights to personal data:
Thank you for taking note of the fact that the use of SocialPass and SocialScan is optional, and therefore subject to your consent. However, the collection and provision of your data to the relevant cantonal services in any form is a legal obligation and you cannot object to this obligation. It is not subject to your consent. If you no longer want to use SocialPass and/or SocialScan, simply uninstall the app you want to stop using (see section 7 below). It will then be up to you to provide the data manually or with other tools to meet the statutory obligations.
All your data is kept in a strictly confidential and secure manner throughout its processing.
The data you provide when you first use the SocialPass app is stored on your mobile device only for the duration of the app’s installation. It will be permanently deleted if the application is uninstalled. SocialScan data is stored in a database. You can uninstall SocialPass and/or SocialScan at any point in time.
Data obtained by scanning the QR Code (see section 5 above) is stored on one or more secure servers in Switzerland (ZH). Data is kept there, in encrypted form (256-bit key), for 14 days, in accordance with Article 5 paragraph 3 of the Ordinance of 19 June 2020 on measures to combat the COVID-19 epidemic in a particular situation. At the end of this 14-day legal period, your data is erased. The operator of the public location or the event organizer does not have access to this data.
Access to your data stored on one or several secure servers (data obtained after scanning) is granted to authorized state authorities upon request. Depending on the state’s legislation, this access can be provided either by making this data available directly to the relevant state authority, or by disclosing this data to the operator of the public location or to the organizer of the event, who is then responsible for transferring your data to the relevant state authority and ensuring the destruction of the data after 14 days. In the latter case, we assume no responsibility for the processing of your personal data by the operator of the public location or by the event organizer.
The data stored on your phone is never transmitted to third parties other then those involved in the process described above: operators of public locations, organizers of events and authorized state authorities.
Access to data by the relevant state authority is fully secure and controlled. It requires an encrypted access key as well as a dual authorization.
No data will be sold or used for the benefit of SwissHelios LLC or NewCom4u LLC (owner of HotelPro4u)
The SocialScan application can only be used in Switzerland and in countries where there is no data protection legislation. Data collected by this application may only be used by health authorities, both in Switzerland and abroad. In the event of non-compliance with these conditions of use, we reserve the right to prosecute offenders with the relevant authorities and to withdraw the right to use the application.
We reserve the right to amend this statement at any time. Changes are communicated by displaying them on the app. They come into effect as soon as they are approved by the user (customer, host or employee).
Version 24.2.2021