2021-06-25 12:18:25 +02:00
import Page from '../components/Page'
import Card from '../components/Card'
export default function Privacy ( ) {
return (
< Page content = {
2021-06-28 18:17:16 +02:00
< Card step = "i" heading = "Privacy Policy" content = {
2021-06-26 14:22:53 +02:00
< div className = "space-y-2" >
< p >
Our privacy policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation ( GDPR ) .
< / p >
2021-06-28 16:27:04 +02:00
< p className = "font-bold" > General information < / p >
2021-06-26 14:22:53 +02:00
< div className = "px-4" >
< ul className = "list-disc" >
< li >
2021-06-30 00:59:11 +02:00
The whole process of generating the pass file happens locally in your browser . For the signing step , only a hashed representation of your data is sent to the server .
2021-06-26 14:22:53 +02:00
< / l i >
< li >
Your data is not stored beyond the active browser session and the site does not use cookies .
< / l i >
2021-06-27 18:19:37 +02:00
< li >
No data is sent to third parties .
< / l i >
2021-06-26 14:22:53 +02:00
< li >
We transmit your data securely over https .
< / l i >
< li >
Our server is hosted in Nuremberg , Germany .
< / l i >
< li >
The source code of this site is available on < a href = "https://github.com/marvinsxtr/covidpass" className = "underline" > GitHub < / a > .
< / l i >
< li >
By default , Apple Wallet passes are accessible from the lock screen . This can be changed in the < a href = "https://support.apple.com/de-de/guide/iphone/iph9a2a69136/ios" className = "underline" > settings < / a > .
< / l i >
< li >
2021-06-30 00:59:11 +02:00
The server provider processes data to provide this site . In order to better understand what measures they take to protect your data , please also read their < a href = "https://www.hetzner.com/de/rechtliches/datenschutz/" className = "underline" > privacy policy < /a> and the <a href="https:/ / docs . hetzner . com / general / general - terms - and - conditions / data - privacy - faq / " className=" underline " > data privacy FAQ < / a > .
2021-06-26 14:22:53 +02:00
< / l i >
< / u l >
< / d i v >
< p className = "font-bold" > Contact < / p >
< p >
Marvin Sextro < br / >
Wilhelm - Busch - Str . 8 A < br / >
30167 Hannover < br / >
Germany < br / >
Email : marvin . sextro @ gmail . com < br / >
Website : < a href = "https://marvinsextro.de" className = "underline" > https : //marvinsextro.de</a><br />
< / p >
2021-06-28 16:27:04 +02:00
< p className = "font-bold" > Simplified explanation of the process < / p >
2021-06-27 18:19:37 +02:00
< p >
2021-06-28 16:27:04 +02:00
This process is only started after accepting this policy and clicking on the Add to Wallet button .
< / p >
< p >
First , the following steps happen locally in your browser :
< / p >
< div className = "px-4" >
< ul className = "list-disc" >
< li > Recognizing and extracting the QR code data from your selected certificate < / l i >
< li > Decoding your personal and health - related data from the QR code payload < / l i >
< li > Assembling an incomplete pass file out of your data < / l i >
< li > Generating a file containing hashes of the data stored in the pass file < / l i >
< li > Sending only the file containing the hashes to our server < / l i >
< / u l >
< / d i v >
< p >
Second , the following steps happen on our server :
< / p >
< div className = "px-4" >
< ul className = "list-disc" >
< li > Receiving and checking the hashes which were generated locally < / l i >
< li > Signing the file containing the hashes < / l i >
< li > Sending the signature back < / l i >
< / u l >
< / d i v >
< p >
Finally , the following steps happen locally in your browser :
< / p >
< div className = "px-4" >
< ul className = "list-disc" >
2021-06-30 00:59:11 +02:00
< li > Assembling the signed pass file out of the incomplete file generated locally and the signature < / l i >
2021-06-28 16:27:04 +02:00
< li > Saving the file on your device < / l i >
< / u l >
< / d i v >
< p className = "font-bold" > Locally processed data < / p >
< p >
The following data is processed on in your browser to generate the pass file .
2021-06-27 18:19:37 +02:00
< / p >
< p >
Processed personal data contained in the QR code :
< / p >
< div className = "px-4" >
< ul className = "list-disc" >
< li > Your first and last name < / l i >
< li > Your date of birth < / l i >
< / u l >
< / d i v >
< p >
For each vaccination certificate contained in the QR code , the following data is processed :
< / p >
< div className = "px-4" >
< ul className = "list-disc" >
< li > Targeted disease < / l i >
< li > Vaccine medical product < / l i >
< li > Manufacturer / Marketing Authorization Holder < / l i >
< li > Dose number < / l i >
< li > Total series of doses < / l i >
< li > Date of vaccination < / l i >
< li > Country of vaccination < / l i >
< li > Certificate issuer < / l i >
< li > Unique certificate identifier ( UVCI ) < / l i >
< / u l >
< / d i v >
< p >
For each test certificate contained in the QR code , the following data is processed :
< / p >
< div className = "px-4" >
< ul className = "list-disc" >
< li > Targeted disease < / l i >
< li > Test type < / l i >
< li > NAA Test name < / l i >
< li > RAT Test name and manufacturer < / l i >
< li > Date / Time of Sample Collection < / l i >
< li > Test Result < / l i >
< li > Testing Centre < / l i >
< li > Country of test < / l i >
< li > Certificate Issuer < / l i >
< li > Unique Certificate Identifier ( UVCI ) < / l i >
< / u l >
< / d i v >
< p >
For each recovery certificate contained in the QR code , the following data is processed :
< / p >
< div className = "px-4" >
< ul className = "list-disc" >
< li > Targeted disease < / l i >
< li > Date of first positive NAA test result < / l i >
< li > Country of test < / l i >
< li > Certificate Issuer < / l i >
< li > Certificate valid from < / l i >
< li > Certificate valid until < / l i >
< li > Unique Certificate Identifier ( UVCI ) < / l i >
< / u l >
< / d i v >
< p >
The < a href = "https://github.com/ehn-dcc-development/ehn-dcc-schema" className = "underline" > Digital Covid Certificate Schema < / a > c o n t a i n s a d e t a i l e d s p e c i f i c a t i o n o f w h i c h d a t a c a n b e c o n t a i n e d i n t h e Q R c o d e .
< / p >
2021-06-26 14:22:53 +02:00
< p className = "font-bold" > Server provider < / p >
< p >
Our server provider is < a href = "https://www.hetzner.com/" className = "underline" > Hetzner Online GmbH < / a > .
The following data may be collected and stored in the server log files :
< / p >
< div className = "px-4" >
< ul className = "list-disc" >
< li > The browser types and versions used < / l i >
< li > The operating system used by the accessing system < / l i >
< li > The website from which an accessing system reaches our website ( so - called referrers ) < / l i >
< li > The date and time of access < / l i >
< li > The pseudonymised IP addresses < / l i >
< / u l >
< / d i v >
< p className = "font-bold" > Your rights < / p >
2021-06-27 18:19:37 +02:00
In accordance with the GDPR you have the following rights :
2021-06-26 14:22:53 +02:00
< div className = "px-4" >
< ul className = "list-disc" >
< li >
Right of access to your data : You have the right to know what data has been collected about you and how it was processed .
< / l i >
< li >
Right to be forgotten : Erasure of your personal data .
< / l i >
< li >
Right of rectification : You have the right to correct inaccurate data .
< / l i >
< li >
Right of data portability : You have the right to transfer your data from one processing system into another .
< / l i >
< / u l >
< / d i v >
< p className = "font-bold" > Third parties linked < / p >
< div className = "px-4" >
< ul className = "list-disc" >
< li >
GitHub : < a href = "https://docs.github.com/en/github/site-policy/github-privacy-statement" className = "underline" > Privacy Policy < / a >
< / l i >
< li >
PayPal : < a href = "https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_EN" className = "underline" > Privacy Policy < / a >
< / l i >
< li >
Gmail / Google : < a href = "https://policies.google.com/privacy?hl=en-US" className = "underline" > Privacy Policy < / a >
< / l i >
< li >
Apple may sync your passes via iCloud : < a href = "https://www.apple.com/legal/privacy/en-ww/" className = "underline" > Privacy Policy < / a >
< / l i >
< / u l >
< / d i v >
< / d i v >
2021-06-25 12:18:25 +02:00
} / >
} / >
)
}
