Controller for processing of your personal data is:
OPD Drozina d.o.o.
Trg Republike 3
(optional) Data privacy officer: firstname.lastname@example.org
With your consent (Art. 6 para. 1 lit a GDPC ICW Art. 9 para. 2 lit a GDPR), the personal data provided by you will be processed for the purpose of carrying out a COVID-19 test and transmitting findings to or by OPD Drozina d.o.o., These include, in particular, name, gender, address, date of birth, email address, telephone number, time of test acceptance, resulting COVID-19 infection status, social security number and type of sample material.
Your data will be collected and stored by OPD Drozina d.o.o directly from you and (with the exception of the photographs see below) transmitted to a partner laboratory for the purpose of laboratory-medical analysis, where your sample material will be evaluated by qualified specialists. The test results are then transmitted electronically by the laboratory to OPD Drozina d.o.o. for the communication of results.
Participation in COVID-19 testing is voluntary. You will not suffer any disadvantages due to the non-participation.
If you want to officially present your test result, we need to check your identity. For this we need your ID. The photo recording of your identity document is read out with the help of a software for text recognition and subsequently the contents of the identity document(document number, expiration date, name, etc.) are further processed. In the further course of the application, we create photographs of your person when applying the gurgle test. In addition to the ID, these photos serve to ensure that you (and no one else) apply the gurgle test. By clicking on "AUTHENTICATE" you consent to the processing of your ID data and your photos for the stated purpose (Art. 6 para 1 lit a GDPR ICW Art 9 para 2 lit a GDPR). This consent is voluntary, alternatively you can refuse to verify your identity by selecting "SKIP PROOF". In this case, you will not receive a certificate.
On the basis of the prevailing statutory reporting obligations, the laboratory reports the result to the competent health authorities.
In principle, your data will not be transmitted by OPD Drozina d.o.o. to any other third parties. Excluded is the transfer to processors who work exclusively on the instructions of OPD Drozina d.o.o., who do not use data for their own purposes and are bound by their own agreements to the data protection obligations under the GDPR. Your data will not be transferred to countries outside the European Union.
If you create a user account, your access and master data will be deleted 1 year after your last login, all other data already 14 days after delivery of the result to you.
The partner laboratories are subject to the statutory retention obligations under medical law or otherwise applicable law.
Please note that the provision of your data is necessary to perform COVID-19 testing. Since participation is voluntary, you will not suffer any disadvantages due to non-participation. You have the right to withdraw your consent(s) at any time without giving reasons, which does not affect the lawfulness of the processing until the withdrawal has taken place. You can revoke your consent to the processing of the photos and identity card data for the determination of identity separately, but please note that we will not be able to issue a certificate in this case. To withdraw your consent, please contact email@example.com.
You have a right of access to the personal data we process, to rectification and erasure, to restriction of processing as well as a right to data portability, a right to object and a right to lodge a complaint to the protection authority; all this in accordance with the legal regulations. There is no automated decision-making (including profiling).
For concerns and questions about data protection, please contact our data protection officer at firstname.lastname@example.org.
If you create a user account on our web app, LEAD processes your access data (username and password) for the purpose of setting up and operating this account on the basis of our legitimate interests (Art. 6 (1) (f) GDPR). This data will be deleted 1 year after the last login.
For the operation of the web app, LEAD also processes technical telemetry data such as your IP address, which are necessary for the operation of the web app and the execution of the tests. LEAD also processes this data on the basis of the legitimate interest (Art. 6 (1) (f) GDPR) in a smooth technical operation. This data will also be deleted after 14 days.
If you contact us by e-mail, your personal data such as your e-mail address and e-mail correspondence for the purpose of customer service will be processed on the basis of the legitimate interest (Art. 6 (1) (f) GDPR) in a good customer relationship. This data will be deleted no later than 3 years after the last contact.
Data processing by cookies is based on our legitimate interest (Art. 6 (1) (f) GDPR and § 96 (3) telecommunications law) in the provision of a functioning web app.