SocialPass – SocialScan Privacy Notice

SocialPass – SocialScan and Privacy

Privacy Policy – SocialPass and SocialScan

 

  1. Purpose and scope of this document

This document describes collection and processing of your personal data used in the use of our mobile device applications SocialPass and SocialScan. SocialPass is aimed at customers or visitors to public facilities such as restaurants and/or events (guests), while SocialScan serves the operators of public facilities and event organisers (hosts). The purpose of this document is also to inform the employees of the operators of public institutions and the organisers of events in cantons where the collection of employees’ data is also mandatory (e.g., in the canton of Vaud).

  1. Concept of personal data / personal data

Personal data is all information relating to your person, such a  name, postal address, e-mail address, telephone number.

  1. Responsible for the processing of personal data

The parti in charge of the data protection topic

NewCom4U Sàrl
Technopôle 4
CH – 3960 Sierre

You can send your privacy requests to the following address: info@socialpass.ch

  1. Purpose

We collect and process your personal data for the following purposes:

  • hosts to comply with the legally imposed obligations to collect and verify contact details. In Switzerland, article 4(2) of the Ordinance of 19 June 2020 on measures to combat the COVID-19 epidemic in special situations is at issue.
  • The competent health authorities should be able to identify and contact potentially infected persons, within the meaning of Articles 33 e.g., of the Federal Act of 28 September 2012 on the Control of Communicable Diseases of Humans (Pandemic Act).
  1. Data collected.        

5.1. SocialPass

When using SocialPass for the first time, you will be asked to enter the language of use, telephone number, your name, first name, address of the place of residence and date of birth. Filling in the corresponding fields is mandatory. You can also provide your e-mail address (optional). Please note that your phone number will be automatically checked with an SMS to the number you entered earlier. This data remains stored in your phone and is used to generate a secure, encrypted QR code.

There may be two cases at the entrance to a public institution or event, depending on the canton in which you are located and the institution/event:

  • You scan your host’s QR code using the SocialPass app. The data provided by your host will then be linked to the data provided by you as well as the time data of the scan (date, time) and, if applicable, the table number, visitor sector or other situation-specific data. This data is stored on one or more secure servers in Switzerland.
  • You show your QR code generated by the SocialPass app, and your host scans it. The SocialScan application of your host then takes over the data that you provided when you first used SocialPass, links it to the data of its establishment / event as well as the relevant time data (date, time) and the data record is stored on one or more secure servers in Switzerland. Your host does not have access to your data, and it will not be stored with him.
    • If the   competent health authorities have opted to access the database directly  (VS, VD), they can access it directly if their tracing work requires it.
    • If the competent health authorities have opted accessing the database directly, the host may, at the request of the local health authority, download a  list of the persons present at a given time and send it to the competent health authority.

If you use SocialPass as a host employee  (only in cantons where the collection of personnel data is also required), scan your employer’s QR code, which is reserved for employees (“TEAM”) at the start of work and end of work. The data provided by your employer will then be linked to the data you provide and the time data at the time of the scan (date, time) and stored on one or more secure servers in Switzerland.

SocialPass does not have a connection to your phone’s GPS system.

5.2. SocialScan

When using SocialScan for the first time, you will be asked to register your “organization” depending on the category (restaurant, event, sporting event, etc.) and to enter the required identification data (name of the institution or event, postal address, e-mail address and name of the person responsible). Please note that a user account is created.

When a customer arrives, there may be two cases, depending on which method you use:

  • Guests scan the QR code you have issued using the SocialPass app. The data provided by SocialScan users will then be linked to the data provided by the guest by the SocialPass as well as the time data of the scan (date, time) and, if necessary, the table number, visitor sector or other situation-specific data. This data is stored on one or more secure servers in Switzerland.
  • You scan the QR code generated by the guest’s SocialPass app. Your SocialScan application then takes over the data that is made available on SocialPass, links it to the data of your institution/event as well as the relevant time data (date, time) and the data set is stored on one or more secure servers in Switzerland. You do not have access to the guest and visit data and these are not stored by you.
    • In case authorized health authorities have opted to access the database directly  (VS, VD),then they can do so if required for their tracing activities.
    • If the competent health authorities have opted to access the database directly, the host may, at request of the authorized health authority, download a  list of the persons present at a given time and send it to the respective health authority. You undertake not to save, print, make available to others or otherwise use this list.

You can also allow your employees to store their data if your health authorities so request and allow. Your employees will be informed of the collection and processing of their personal data by this document, which they must agree to before using the SocialPass application for the first time.

  1. Your rights

You have the following rights with respect to personal data concerning you:

  • Right to access / to information about data processing
  • Right to rectification or deletion of data
  • Right to object to data processing
  • Right to withdraw your consent if it is necessary for the processing of your data

Please note that the use of SocialPass and SocialScan is voluntary and therefore requires your consent. However, the collection and provision of your data to the competent public health authority is a legal obligation and you cannot oppose such processing, which is not subject to your consent. If you no longer want to use SocialPass and/or SocialScan, it is sufficient to uninstall the app that you no longer want to use (see point 7 below). You then have the obligation to provide the data manually or by other means to fulfil the statutory information requirements.

If you uninstall one of the two applications SocialPass or SocialScan, this will have no effect on visit data already registered in the database in accordance with Article 7 below. These are available to the competent cantonal authorities for a maximum of 14 days.

  1. Data retention

All your data will be kept strictly confidential and secure throughout the entire processing process.

The data you provided when you first used the SocialPass app will only be stored on your mobile device for the entire duration of the application being installed. They will be permanently deleted if the application is uninstalled. You can uninstall SocialPass and/or SocialScan at any time.

The data collected by scanning the QR code (see section 5 above) is centrally stored at national level on one or more secure servers in Switzerland. In accordance with Article 5(3) of the Regulation of 19 June 2020 on measures to combat the COVID-19 epidemic in special situations, they shall be kept in encrypted form (256-bit key) for a maximum period of 14 days. After the expiry of this legal period of 14 days, your data will be deleted. The operator of the public institution or the organiser of the event does not have access to this data.

  1. Disclosure of your data to third parties

Eligible health authorities can access data stored on one or more secure servers (data generated by scanning). According to the health authority, this access can be made by providing this data directly to the competent department or by forwarding this data to the operator of the public institution or to the organiser of the event, who is then responsible for forwarding your data to the competent cantonal service and ensuring its destruction after 14 days. In the latter case, we assume no responsibility for the processing of personal data by the operator of the public institution or by the  organisers of the event.

The data stored on your mobile phone will never be passed on to third parties.

Access to the competent health service is fully secured and controlled. It requires an encrypted access key and double authorization.

No data is sold or used in our favour.

  1. Modification of this declaration

We reserve the right to change this declaration at any time, subject to legal provisions, considering the deadlines and the nature of the storage as well as the purpose of the processing, which may develop with changes in the law. The changes will be communicated by displaying them on the app. They will enter into force as soon as they are approved by the user (customer, host or employee).

Version of 15.4.21