Last updated: 1 October 2021
We are AOKpass and here is how we protect your data and respect your privacy.
We at AOKpass take your privacy very seriously.
- We will process your data in a lawful, fair and transparent manner.
- We will inform you about how your personal data is being used.
- We do not share your personal data other than for specific necessary purposes.
- We fully respect your privacy rights.
- We embed ‘Privacy by design’ in all data processing carried out by us.
This Privacy Notice explains the data we collect about you, how we use, store and protect your personal data. We encourage you to read our Privacy Notice to understand how we keep up to our commitment.
Data we collect about you and the purposes
We collect minimum amount of your personal data when you register for our mobile application. These include:
- First name,
- Last name,
- Email address,
- Date of Birth, and
The table below specifies the purposes for the data elements collected:
|First Name||Hash value creation and verification||Data Subject||Mobile Device|
|Last Name||Hash value creation and verification||Data Subject||Mobile Device|
|Date of Birth||Hash value creation, verification and fraud prevention||Data Subject||Mobile Device|
|Photograph||Identification and fraud prevention||Data Subject||Mobile Device|
In summary, we will use your Personal Data only for the following purposes:
- The attestation of the digital copy of your COVID-19 compliance status certificate, as provided by your consulting medical professional.
- For efficient verification by employers, authorities or any other third parties of your COVID-19 compliance status certificate.
Personal Data and Minors
We do not knowingly collect any data on minors. If you are under the relevant age of consent in your jurisdiction, you will need your parent’s or legal guardian’s permission.
If you are providing us with Personal Data of individuals under the age of sixteen (16), you represent that you have the appropriate authority to do so, and that you can demonstrate such authority to AOKpass upon request.
Security of your Personal Data
We regularly test our applications (mobile and website) for vulnerabilities and aim to fix them as soon as possible. Inherently, we do not collect any personal data on our blockchain network, hence, reducing the risk to your data.
The security of the personal data on your mobile device is in your control. We ensure the default settings of the app are enabled with ‘Privacy by design and default’. We recommend you use a strong passcode to lock your mobile device and take appropriate care before clicking URL’s or downloading any software from the internet.
Transfer and Disclosure of your Personal Data
Your personal data lives on your device in your control. We do not share your personal data with anyone.
The ‘hash value’ of the certificate is stored on your device. When you display your AOKpass for the status verification, the hash value (in QR code) will be captured by the scan and compared with the stored hash value on the AOKpass server to confirm a match and provide a binary status to the verifying authority. We provide you with a capability to prove your health status. We do not store any data on the scanned location.
A ‘hash value’ is a numeric value of a fixed length that uniquely identifies data. For a better understanding you can refer this video here - https://youtu.be/2BldESGZKB8.
Storage and Destruction of your Personal Data
At any point in time, you can delete the data that is stored in the AOKpass mobile app. It includes your profile and all passes linked to it, by using the “Delete all data” function that is provided the application. Please note that once data is deleted, it cannot be recovered.
At the AOKpass server end, the hash is deleted once you have deleted the data using “Delete all data” function.
We respect your rights to Privacy.
- We do not use any automated decision making.
- You can amend or delete data collected in the mobile application by yourself. All data that you submit in the application remains on your device.
Use of Blockchain
We use blockchain technology to enable an immutable and secure source of truth. We only ever store a hash of the data on the blockchain. It is currently technically impossible to recreate the data from the hash itself. The hash is generated outside the blockchain and hence no personal data enters the blockchain network. We ensure appropriate ‘technical and organizational measures’ to secure our processes and data.
We like to keep it simple:
- We do not target you with any digital technologies such as cookies, tags, pixels, etc.
- We do not use any analytics on our website or mobile application.
If you have questions about this Privacy Notice, or if you would like to request to exercise any individual rights, please contact us at:
1 Allée Pierre Burelle Batiment A,
If you have any questions about this Privacy Notice, you can contact our Data Protection Officer by emailing to firstname.lastname@example.org
You may lodge a complaint with a data protection authority competent for your country or region or place of alleged infringement. To contact the Personal Data Protection Commission in Singapore, please click here: https://www.pdpc.gov.sg/Contact-Us