Information on processing of personal data

The purpose of the processing of your personal data is to give you the possibility of easily and securely providing evidence of and showing your personal, valid corona passport in Denmark.

The purpose of the processing of your personal data is described in Article 10 (2) of the COVID Certificate Regulation, under which personal data is processed solely for the purpose of accessing and verifying the information included in the certificate, in order to facilitate the exercise of the right of free movement within the Union during the covid-19 pandemic.

Your personal data will thus not be used for implementation of any measures against you. This means that information in the app will not become the basis for any orders on quarantine measures or other decisions.

The legal basis for the processing of personal data carried out in connection with the corona passport app follows from the COVID Certificate Regulation, Article 6(1), points (c) and (e) and Article 9(2), points (i) and (g) of the General Data Protection Regulation, cf. section 7(4) of the Danish Data Protection Act and the Corona Passport Order.

The following data are processed in connection with checking of your corona passport:

• Data regarding your name (surname(s) and first name(s)) and date of birth (non-sensitive personal data) as well as data about your covid-19 vaccinations (sensitive personal data), including targeted disease or agent, vaccine/prophylaxis, vaccine pharmaceutical, holder of the marketing authorisation for the vaccine or the vaccine manufacturer, the number of a series of vaccinations/doses, the date of vaccination with indication of the date of the latest dose, Member State in which the vaccine has been given, the issuer of the certificate and a unique certificate identifier.

• Data regarding your name (surname(s) and first name(s)) and date of birth (non-sensitive personal data) as well as data about your covid-19 test and test results (sensitive personal data), including targeted disease or agent, test type, test name (optional in connection with NAAT tests), test manufacturer (optional in connection with NAAT tests), date and time of test, date and time of test result (optional in connection with quick antigen tests), test result, test centre or facility, Member State in which the test was made, issuer of the certificate and a unique certificate identifier.

• Data regarding your name (surname(s) and first name(s)) and date of birth (non-sensitive personal data) as well as data about previous infection with covid-19 (restoration) (sensitive personal data), including disease or agent from which the citizen has recovered, date of first positive test result, Member State in which the test was taken, issuer of the certificate, date of validity, end date of validity (max. 180 days after the date of the first positive test result), a unique certificate identifier.

The processing of personal data is temporary, and data are only processed when the Danish corona passport app is used for scanning your corona passport by an official checking your corona passport in Denmark.

SSI (Statens Serum Institut) processes personal data from your corona passport when your corona passport app is scanned by the corona passport app in connection with checking of your corona passport in Denmark.

When you show your corona passport to an official for checking of your corona passport, the app and the official will gain access to your full name and date of birth, as well as the data on your phone that you choose to display via your QR code in the app. When the official scans your corona passport, the data disclosed to the official will not be stored on the official's device. When the official scans the QR code in connection with the check, the camera on the official’s phone will be allowed to scan the QR code.

In connection with our processing of your personal data, you have the right to:

• Request access to the data that we process about you.
• Request that incorrect data about you be rectified.
• In certain cases, to have data about you erased.
• In certain cases, to have the processing of data about you restricted.
• In certain cases, to object to our lawful processing of data about you.
• Complain to the Danish Data Protection Agency if you believe that we process personal data about you in breach of the data protection rules, see section 8 below.

If you wish to exercise your rights, please contact us at [email protected]. For further information, please see the section below.

SSI can be contacted in the following ways:

Statens Serum Institut
Artillerivej 5
DK-2300 Copenhagen S

Tel.: 3268 3268
E-mail: [email protected]

If you have any questions about our processing of personal data or your rights in this connection, you can contact SSI via Borger.dk or by sending an e-mail to [email protected]. You can also contact our Compliance unit at [email protected], which mainly deals with questions about the processing of personal data.

The Danish Ministry of Health has a common data protection officer (DPO), Helle Ginnerup-Nielsen, who is employed in the Department of the Danish Ministry of Health. The tasks of the DPO include advice to the Ministry and the agencies on data protection and data protection rules. The DPO can be contacted by sending an e-mail to [email protected].

You can complain to SSI about issues relating to the checking of your corona passport through use of the Danish corona passport app.

You can complain about our processing of your personal data to the Danish Data Protection Agency (Datatilsynet).

The Danish Data Protection Agency is an independent public authority responsible for monitoring compliance with the data protection rules in Denmark. You can find information about the Danish Data Protection Agency and the complaints procedure on their website: https://www.datatilsynet.dk.

If you wish to complain, you should first of all contact us. This way we will be able to address your inquiry and possibly change the way in which we process your data.

The COVID Certificate Regulation (Regulation (EU) 2021/953 of the European Parliament and of the Council of 14 June 2021 on a framework for the issuance, verification and acceptance of interoperable covid-19 vaccination, test and recovery certificates (EU Digital COVID Certificate) to facilitate free movement during the covid-19 pandemic):

The COVID Certificate Regulation (europa.eu)

The COVID Certificate Order regarding Third-country Nationals (Regulation (EU) 2021/954 of the European Parliament and of the Council of 14 June 2021 on a framework for the issuance, verification and acceptance of interoperable covid-19 vaccination, test and recovery certificates (EU Digital COVID Certificate) with regard to third-country nationals legally staying or residing in the territories of Member States during the covid-19 pandemic):

The COVID Certificate Order regarding Third-country Nationals (europa.eu)

The Corona Passport Order (the Order no. 1521 of 30 June 2021 on the processing of personal data in the digital solution Coronapas):

The Corona Passport Order (retsinformation.dk) in Danish

The General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation):

The General Data Protection Regulation (europa.eu)

The Danish Data Protection Act (Act No. 502 of 23 May 2018 on Supplementary Provisions to the Regulation on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data):

The Danish Data Protection Act (retsinformation.dk) in Danish