1) General provisions
We are aware that we process highly sensitive data with the Corona Health App. For this reason, we take care to request, process and store only the absolutely necessary data.
Within the scope of using the Corona Health App (hereinafter referred to as “App”), certain personal data is processed by us and stored only for the time required to fulfil the defined purposes in compliance with all legal obligations.
With this data protection declaration, we inform you what data is involved, how it is processed and what rights you are entitled to on the basis of applicable statutory provisions.
According to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data is all information relating to an identified or identifiable natural person.
However, our app does not store any personal data such as name, address, e-mail address, IP address, telephone number, SIM card or the telephone name. In particular, no data is read from the memory of your smartphone.
2) Name and contact details of the person responsible for data processing and the data protection officer
This data protection declarations concerns the data handling while using our app. In terms of data protection regulation, the responsible instance is:
University of Würzburg
Data protection officer:
Administrative data protection officer of the University of Würzburg
Responsible instance within the scope of using the App:
Prof. Rüdiger Pryss, PhD
Professor for Medical Informatics,
Institute for Clinical Epidemiology and Biometry,
University of Würzburg,
Am Schwarzenberg 15,
Phone: +49 931 201-46471
Contact to the data protection officer: firstname.lastname@example.org
If you have any questions regarding data protection law or your rights as a data subject, you can contact our data protection officer directly.
3) Storage location for data, especially personal data
All data is stored on an encrypted server of the University Hospital Würzburg.
The data exchange between your mobile device and the server takes place via the Internet, based on a secure SSL connection.
A transfer of personal data to a third country or to international companies or organizations is precluded.
4) Authorizations of the app
No authorizations are required to use the app with full functionality.
If you give the app permission for the location data (Android and iOS mobile operating systems) or app usage data (only Android mobile operating system), we can use this data for scientific analysis. However, this is not necessary to use the app to its full extent.
5) Use of location data
If you grant the authorization, the GPS data of your smartphone will be stored, in particular to enable scientific analyses. However, you can also use the app without granting authorization for GPS data.
Other location data will not be retrieved, processed or stored. In particular, no geotracking is performed by our app. Importantly, location data will be scientifically processed only in a coarse-grained way (resolution 11,1 kilometres).
6) Use of app usage data
If you grant the authorization, the following app usage data sources of your smartphone will be stored, in particular to enable scientific analyses. However, you can also use the app without granting authorization app usage data:
(1.) usage frequency and duration of the fifth most used apps
(2.) usage frequency and duration of the following communication apps (if installed): phone, SMS, WhatsApp, Facebook, Facebook Messenger, Telegram, Skype, Snapchat, Zoom, Instagram.
Other app usage or communication data will not be retrieved, processed or stored and no content of your communication will be transmitted
7) Use of push services
The app uses push services of the operating system manufacturers. These are short messages that are displayed on the user’s screen with the user’s consent and actively inform the user about recently available questionnaires or news.
If the push services are used, a device token from Apple or a registration ID from Google may be allocated. The sole purpose of their use by us is to provide the Push Services. These are only encrypted, anonymised Device IDs. We cannot draw any conclusions about the individual user.
You can decide during the installation of the app whether you want to use this functionality. If you want to unsubscribe from the push messages later, you can use the unsubscribe option in the app. You can find this under the settings.
8) Evaluation of usage data
The device recognition of your smartphone is saved. This is necessary to be able to correctly assign your data to the app if you use it several times. This allows the user to find out, for example, the frequency of use and previous results.
Anonymized usage data, e.g. answers to health questionnaires, are processed for the secure operation of the app and, if necessary, evaluated for its further development. However, it is not possible to make connections of this data to your person. This anonymous usage data is also not merged with other data sources.
When using the app, this data is stored in a log file with a timestamp.
9) Research purpose and scientific publications
The results of the anonymous app use can be published in scientific journals within the scope of research projects. However, it will in no way be possible to identify your personal identity on the basis of your personal data collected and processed by the app.
10) Transfer of data to third parties
Data that has been logged during the use of the app and will be used by the participating scientists and collaborating partners for scientific purposes only. Exceptions to this rule can only be made if this is required by law, a court decision or if the transfer is necessary for legal or criminal prosecution. A transfer for commercial purposes will not take place.
10) External links
The app contains links to websites or applications of other providers. Compliance with data protection regulations on these external locations is the responsibility of the respective operators, so that we cannot assume any guarantee or liability. We therefore ask you to contact this provider to find out about their data protection practices and their corresponding legally binding data protection declaration.
11) Rights of affected persons
You have the right:
pursuant to Art. 7 para. 3 GDPR to revoke your consent to us at any time. As a result, we may no longer continue the data processing based on this consent for the future;
in accordance with Art. GDPR to request information about your personal data processed by us. In particular, you may request information on the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, restriction of processing or opposition, the existence of a right of appeal, the origin of your data if it has not been collected by us;
in accordance with Art. 16 GDPR, to demand the correction of incorrect or incomplete personal data stored by us without delay;
pursuant to Art. 17 GDPR to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims, or if you have lodged an objection to the processing pursuant to Art. 21 DSGVO
in accordance with Art. 20 GDPR, to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party;
pursuant to Art. 77 GDPR, to complain to a supervisory authority. As a rule, you may contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose.
Information on your right of objection under Art. 21 GDPR You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Article 6 paragraph 1 sentence 1 letter e of the DPA (data processing in the public interest) and Article 6 paragraph 1 sentence 1 letter f of the DPA (data processing based on a balancing of interests).If you lodge an objection, we will no longer process your personal data unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If you wish to exercise your right of objection, please contact the data protection officer: email@example.com
12) Updating and modification of this privacy information
This data protection information is currently valid and is dated May 2020.
It may become necessary to amend this data protection information due to the further development of our product range or due to changes in legal or official requirements. The current data protection information can be accessed at any time via the latest version of the app.