TrustOne

Data Processing Guide

TE-FOOD International GmbH. is compliant with the General Data Protection Regulation (GDPR). Under the General Data Protection Regulation (GDPR) (EU) 2016/679, we have a legal duty to protect any information we collect from you.

When processing personal data, we attach great importance to protecting your private sphere and ensuring that your data are secure. This data processing guide tells you about the data we process, why we need them, and how you can lodge an objection to the processing of your data.

We collect, process and store personal data only as permitted by law or if you have given your consent at the time of registration or in case of being registered by sampling station.

The personal data we collect are limited to needed information regarding to Covid-19 testing and vaccination. This includes contact information, such as name, telephone number, email address, as well as residential address. The collected personal information may vary by juridictions/countries where the testing is perfomed, but the collected information is only limited to perform Covid-19 testing, booking an appointment for testing, in some cases paying the cost of testing, or getting controlled by travel agencies, airlines, authorities.

The protection of the collected personal data and related test results, possibly vaccination data, is carried out with the utmost care, and the access to the data is strictly regulated by both internal processes and technological means. We do not sell the data or the statistics prepared on the basis of the data, nor do we prepare statistics, statements or reports for private companies from the collected data. We provide reports and statistics only to state, governmental and official health care organizations, if required by the relevant regional and national legislation.

We strictly restrict access to the data we collect within our company, and we devote the maximum resources expectable data protection. The IT staff operating the system have received appropriate data protection training, and their access to personal data is also restricted through internal regulations. The owners and employees of our company, as well as the employees of the subcontractors (server operators, developers, project managers, etc.) have also received appropriate data protection training from the point of view of GDPR.

This document is the data processing related extension of TrustOne’s Terms and Conditions. 

Definitions:

  • Service provider
    Service providers (e.g. airlines, airports, government authorities, event organizers, sports and cultural venues, cruise lines, etc.) are utilizing TrustOne to manage and automate health screening processes of their employees or guests/passengers. Depending on the use case they might control testing compliance of employees and/or guests/passengers upon entering their premises.
  • Testing Provider
    Testing providers are sample analysis service providers. They are utilizing TrustOne to make their testing activities more efficient. They agree with Service Providers to jointly use TrustOne as a service infrastructure to collect, store, and process patient, sample, test result, and testing compliance control related data, as well as all the complementary data which provides an efficient environment in order to perform the testing related tasks.
  • Support Provider
    Support activity might be provided by internal human resources of TrustOne, or by an assigned external Support Provider. Customer support helps TrustOne users to utilize the features properly, solve user generated errors (e.g. mistypes), or investigate reported anomalies (e.g. test result has not arrived). Support activity contains both First level (client side) support, and Second level (technical side) support. 
  • TrustOne
    TrustOne is a software platform, which enables Service Providers to manage the healthcare screening of their passengers, guests and employees efficiently, by integrating to a Testing Provider, and digitalizing all necessary tasks (registration, booking, payment, sampling, test result communication, test compliance control).
 

Updates

We may update this privacy policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

Basic characteristics

As TrustOne might provide its services to various Service Providers, Testing Providers, and Support Providers in different countries and jurisdictions, for various use cases, the data collected about you and your activities may vary. 

The reasons are: 

  • various use cases: E.g. different types of data are collected, stored and processed for a regular employee testing, and an airline’s testing of passengers.
  • various countries and jurisdictions: Countries and/or regional jurisdictions might require different data to be collected and reported regarding Covid-19 tests.
  • various service providers: E.g. an airline, or a sporting event organizer might require different types of data to identify you in the system.


As TrustOne serves multiple Service Providers, each system instances might provide different Terms and conditions to be accepted. When your register to use TrustOne, you are required to approve the Terms and conditions of that specific Service Provider.  

Types of Data Collected

When you use the TrustOne mobile app, registration pages, or web portal, we will collect, process and use information about you as necessary to manage your testing. As you can register to use TrustOne at various service providers, the personal information we collect may depend on the use case, the service provider, and the country where the service is provided. Data collected to registrate a user may include:

  • Personal data
    Data which is connected to a registered user, and might be used to identify the user.

    Depending on the use case, the service provider, and the country where the service is provided, the data collected may contain personal information such as your name, date of birth, gender, nationality, ethnicity, race, home address, temporary address, ID card number, passport number, email address, phone number, etc.

    We use personal data to identify you while you access our software (user name, password, birth date, name, etc.), when you attend to a testing appointment (e.g. ID card / passport number), or when you enter the premises of a Service Provider (you start using the service).

    Collecting personal data is also obligatory by the relevant authorities, and the testing providers require such data in order to comply with the regulatory requirements (e.g. tested people, their contact data, and their test results).

  • Service Provider related information
    Data which is connected to a registered entity, but might change each time you use a service of a service provider.

    Depending on the use case, the service provider, and the country where the service is provided, additional data might be collected. This may contain the service provider’s ticket number / reference ID. Such data might be required to enable the Service Provider to assess your eligibility for testing, or to be able to measure the metrics of the testing program.

  • Testing related information
    Data which is connected to a registered entity, but might change in each case you book, and attend to a testing appointment.

    Depending on the use case, the service provider, and the country where the service is provided, additional data might be collected. This may contain appointment date/time, appointment location/premise, test type, test sample kit barcode, photo of test kit used, test analysis date, test result, detailed test result values, credit card data, payment status information, health insurance number. Your medical data is stored encrypted, and in a pseudonymised format. Storing sampling and testing related data is necessary to manage your appointment booking, to keep track of your samples, and to enable the Testing Provider to fulfil their regulatory obligations.   

    We might collect GPS based location data (if you give us permission to do so) in order to improve our service (e.g. help you to find the sample stations near to your actual location). You can enable or disable location services when you use our Service at any time by way of your device settings.

  • Control related information
    Data which is collected upon entering the service provider’s premises.

    Depending on the use case, the service provider, this may contain location and time of the control event. 

    TrustOne does not share test results information directly with the service provider’s controllers. A service provider dependent custom business logic assesses the test result, other complementary data, the time of the testing, and potential other parameters in order to run one or more service provider specific testing compliance assessment. The outputs of such assessments might contain on what level your health screening results are compliant to a specific service of the Service Provider. Control is a necessary step in order to ensure guests, passengers, and employees that the Service Provider takes effort to mitigate a potential breakout at the Service Provider’s premises. 

  • Usage Data
    We may also collect information automatically that the service sends whenever you use our service or when you access service by or through any device.

    This Usage Data may include information such as IP address, your device’s unique identifier (e.g. MAC address), your device’s operating system, your device’s language settings, application version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, and other diagnostic data. 

    This information is primarily needed to maintain the security and operation of our services (e.g. to set the languege setting of TrustOne according to your device’s default language).

  • Authentication

    We don’t use cookies, for authentication we are using JWT technology.

    JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

    JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

    This is the most common scenario for using JWT. Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token.

    The JWT tokens containing the following information after a successful login:

    1. user id – unique id generated by the system at the time of registration

    2. organization id – generated by the system, when a new instance is created (

    3. premises/department ID – generated by the system

    4. login timestamp

    5. validity of tokens

    JWTs is encrypted to provide secrecy between parties.

     

Access to data

Data stored by TrustOne might be accessed for various purposes. However, we focus on sharing only the minimal amount of data which is required to perform a specific task.

To provide and maintain the service of TrustOne, Testing Providers, Service Providers, and Support Providers might need to access personal and/or medical data. Depending on the location of these participants, your data might be transferred outside of your jurisdiction.

We may grant access to your personal data to enable Service Provider and Testing Provider users to confirm your identity, to be able to attach certain collected information to your identity, and to contact you when information is sent to the service which is important to you.

In case you attend to a sampling appointment, you might be required to show your TrustOne ID QR code and/or ID card/passport. By scanning the QR code, the sample station personnel gain access to your personal data to verify your identity. When taking a sample, your personal data is assigned to the sample kit’s unique identifier.

Accessing personal data might be required to provide customer support to detect, prevent and address technical issues.

In certain cases, Testing Providers and Service Providers require us to gather, analyse, and extract data for reporting purposes (e.g. creating testing schedules, mandatory reporting to authorities). Reports in pure or anonymized format might be accessed by the Service Provider, in order to overview the results of an event, or the activities of a certain time period.

Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities.

We may employ third party companies and individuals to facilitate our service, provide service on our behalf, perform Service-related services or assist us in analysing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Personal data might be accessed for any other purpose disclosed by us when you provide the information.

Third Party Systems

TrustOne may link you to other websites, or send your data to third party systems. We are not responsible for the way in which third party websites operate or the way in which they may process any personal information, which you provide to them. It is important that you understand this and check their respective privacy policies and terms of use.

Depending on the use case, third party systems may include external web sites to book an appointment at a testing laboratory, external Payment Services Provider (PSP) web sites to process online payments, external Laboratory Information Management Systems (LIMS) of testing providers to store and further process your data, external service providers’ (e.g. airline, cruise line, sports venue, amusement park, etc.) web sites or back end systems to integrate TrustOne’s features within their mobile and/or web based applications, where TrustOne provides a backend, and the external system provides the frontend.

Third Party components

Scanning

The TrustOne mobile application includes a plugin that allows sampling stations and, in certain use cases, end users to scan the MRZ zone of their ID or passport. The goal is to record the minimum required personal information needed to perform a Covid19 test as quickly and efficiently as possible to mitigate the waiting and processing time. We carry out this solution with the German Anyline GMBH solution. The company’s website can be found here:

https://anyline.com/

Anyline GmBH does not store personal data, it only reads locally (means in the mobile application) the data using a built-in plugin software module using OCR technology. TE-FOOD International GmBH has a valid license agreement for this activity and using this plugin.

Sharing of data

In case we are required by Service Providers and Testing Providers to share data, we either provide access to the data stored by TrustOne (see the “Access data” chapter), share the data via an application programming interface (API), or extract data through an export interface.

We share the data with the Service Provider (or Testing Providers) whose service you use, and the Testing Provider (or Testing Providers) which performs your test. We might share your data with other providers in order to perform the service you contracted for. This might include a Payment Services Provider to perform online payments, or a logistics company in order to deliver you a package you ordered (e.g. self test kits).

In case we share data via an API, all communication channels are encrypted in order to defend your data.

Automated decision making, profiling

TrustOne collects and stores information about your role (e.g. passenger) in the system, and your service provider (e.g. an airline). These are necessary information to prevent unauthorized access to your personal data. We might also categorize users by geographical location, in case the Service Provider or the Support Provider requires it, to make the testing process and support tasks more efficient. We might categorize your account according to the role (e.g. passenger, employee), this enables us to set the necessary features for you to use within the app. 

Transfer of Data

Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to these data transfer and storage conditions.

TrustOne will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with the Terms and Conditions and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.

We store data in the cloud, at various cloud infrastructure providers. The personal data of EU citizens or citizens who have been tested in the EU is stored in data centers in the EU, subject to the maximum security requirements that can be expected.

Certain business-critical transactions (the fact of test kit registration and the arrival of test results in the system) are confirmed in the TrustChain blockchain system, ie a timestamp is stored, but no personal data or information referring to a personal data is stored on blockchain.

Deleting Data

You have the right to withdraw consent, and delete your personal data either within the TrustOne mobile app, or by sending an email to info at trustone.com. All the personal data which can be used to identify you will be deleted. Your medical data is stored encrypted, in a pseudonymized form (not connected directly to your personal data). Digital proof about your medical data is also stored on blockchain in hashed format, which can not be used to identify you. 

Please note, that even if you delete your personal data on TrustOne, third party systems (e.g. the test lab’s backend system) might still store your personal data as long as they are obligated to do so in their respective jurisdiction.

Duration of storing personal data

We store your personal data as long as you unsubscribe from our services, and request to delete your data. Also, your personal data will be automatically deleted after 24 months of inactivity within TrustOne. In case a local authority requests change in this procedure, your data might be deleted after a different period.

Source of personal data collection

We always collect your personal data from you, or from your activities in regards of TrustOne. We do not collect personal data about you from external databases, marketing partners, social media platforms, and other outside sources.

Date: 09.OCT.2020