PRIVACY POLICY
Please take a moment to read this Privacy Policy and learn how the company named “SOFT ONE TECHNOLOGIES SOCIETE ANONYME OF COMPUTER SOFTWARE” and the distinctive title “SOFT ONE TECHNOLOGIES S.A.” (hereinafter referred to as “SoftOne”) based in Kallithea Attiki (8, Achilleos and L. Katsoni Street), acting as Processing Responsible, collects, stores, uses and generally processes your personal data when you use the “COVID PASS” service (hereinafter referred to as the "Service") hosted on covidpass.soft1.eu website.
This Privacy Policy also describes how to use, share, and protect your personal data, your choices regarding your personal data, and how to contact us.
Questions about this Privacy Policy and any issues related to your data processing in connection with SoftOne's use of the Service and the exercise of your rights can be addressed to the company's Data Protection Officer (DPO) at 8, Achilleos and L. Katsoni Street (Kallithea, Attiki) or by e-mail at support@softone.gr.
1. About the functioning of the Service
COVID PASS Service has been developed by SoftOne as part of its practical assistance to the broader effort to take on actions and initiative to support citizens in managing all the effects of the COVID-19 pandemic. The Service is available free of charge to any interested citizen (in Greek and English) via the website covidpass.soft1.eu.
Through the Service, SoftOne allows any interested citizen to generate a digital copy of the official Certificate/Attestation of Vaccination against SARS-CoV-2 (either by scanning the embedded QR validation code, or by registering the “Document ID” referred in it, while adding it to the digital wallet of any portable device, iOs or Android..
2. What is Personal Data
The term “personal data” refers to information about individuals, such as first and last name, mailing address, e-mail address, contact telephone, etc., which identifies or may identify you, hereinafter referred to as “Personal Data” or “Data”.
3. What is Personal Data Processing
Any act or series of acts carried out with or without the use of automated means, on personal data or personal data sets, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, information search, use, disclosure by transmission, dissemination or any other form of disclosure, association or combination, restriction, deletion or destruction.
4. Is it mandatory to provide your Data for the operation of the Service?
Your Data is required to be provided to SoftOne for the operation of the Service and for the generation of your Digital Pass (or COVID PASS), so it is necessary to achieve the purposes specified in this Privacy Policy. If you refuse to provide the details marked as mandatory during the process of generating the copy of the digital certificate, it will be impossible to achieve the basic purpose of collecting these Data, and can, for example, make it impossible for SoftOne to operate the Service and generate the Digital Pass.
5. Which of your Data do we collect for the operation of the Service
We make sure that we collect only the Data that is strictly necessary, which is appropriate and clear for the intended purpose and strictly necessary for the operation of the Service. This Data includes:
- First and last name
- Date(s) of vaccination
- Type of vaccine
6. How we use your Data
digital copy of the official Certificate/Attestation of Vaccination against SARS-CoV-2, that is, the file automatically generated by the Service, which you can provide where legally required to prove that you have completed your vaccination against SARS-CoV-2.
Additionally, your Data is also collected for legitimate business purposes, including to help us improve the Service and develop any new version of the Service in the future.
The Service is not intended to be used by individuals under the age of 13, so we do not knowingly collect, or process Personal Data of children and we do not knowingly provide the application to children. If you are under the age of 13, you should not use the Service.
Of course, if you want to change the way we use your Data at any time, you can do so at any time as specified below.
7. What is the legal basis for your data processing by the Company?
Data protection laws define several reasons for which a company may collect and process your Personal Data, including consent. Your consent to the processing of your Data as set out more specifically in this Privacy Policy is necessary in order to successfully complete the generation of the Digital Copy of your official Covid Certificate by the Service as described above. Since your vaccination certificate includes sensitive personal data, we ask for your consent to process it, always as specified particularly in No. 9 of the General Regulation for Personal Data Protection 2016/679/EU, this sensitive personal data (i.e. the information specifically included in the Certificate of Vaccination against SARS-CoV-2) in order to enable the Service to issue the digital copy (of Covid Certificate).
8. Who are the recipients of your data – How is your data shared?
Access to your Data is restricted to the strictly necessary personnel of the Company, who are committed to confidentiality.
9. How do we make sure that the Processing Personnel respect your Data?
Processing Personnel (on our behalf) have agreed and are contractually committed to:
- Maintain confidentiality
- Not send your Data to third parties without SoftOne's permission
- Take appropriate security measures
- Comply with the legal framework for the protection of Personal Data, with Regulation 979/2016/EU (also known as GDPR).
10. How long do we retain your Data?
We keep your Personal Data as long as we need to fulfill the purposes set out in this Privacy Policy (unless a longer retention period is required by applicable law). In particular, the Data you enter into the Service shall be retained for a period of one (1) year.
11. Is your Data secure?
We are committed to safeguarding your Personal Data. In acknowledgment of the importance of the security of your Personal Data, we have taken all appropriate organizational and technical measures to ensure the security and protection of your Data against all forms of accidental or unlawful processing. We use the latest and most advanced methods (which are subject to continuous upgrades) to ensure maximum safety.
12. What are your rights?
You have the right to access your Personal Data. This means that you have the right to be informed by us if we process your Data. If we process your Data, you can ask for the purpose of the processing, the type of Data we hold, who we give it to, how long we store it for, if automated decision-making takes place, and your other rights, such as rectification, deletion of Data, restriction of processing and complaint to the Data Protection Authority.
You have the right to correct inaccurate Personal Data. If you find that there is a mistake in your Data, you may request us to correct it (e.g., name correction or address change update).
You have the right to delete/to be forgotten. You may ask us to delete your Data if it is no longer necessary for the above-mentioned processing purposes or if you wish to withdraw your consent where this is the only legal basis.
You have the right to portability of your data. You may ask us to send you the data you have provided in a readable form or ask us to pass it on to another processing official.
You have the right to restriction of processing. You may ask us to restrict your Data processing for as long as your objections to processing are pending.
You have the right to object and withdraw your consent to the processing of your Data. You may oppose the processing of your Data, and we shall stop processing your Data if there are no other compelling and legitimate grounds that prevail over your right. If you have consented to the collection, processing and use of your Personal Data, you may withdraw your consent at any time with future effect.
13. How can you exercise your rights?
To exercise your rights, you may submit a request to the Data Protection Officer at the Company's mailing address (8, Achilleos and L. Katsoni Street, 176 74, Kallithea, Attiki) or at the e-mail address (support@softone.gr) with the subject “Exercise of Right” and we will make sure that we review and respond to you as soon as possible.
14. What is the applicable law when we process your Data?
The applicable law is the Greek Law, as formulated in accordance with the General Regulation on the Protection of Personal Data 2016/679/EU, and in general the applicable national and European legislative and regulatory framework for the Protection of Personal Data. The courts competent for any disputes relating to your Data shall be the courts of Athens.
15. Where can you appeal if we violate the applicable law, to protect your Personal Data?
You have the right to submit a complaint to the Data Protection Authority (postal address: 1-3, Kifissias Av., 115 23, Athens, Tel. 210. 6475600, e-mail: contact@dpa.gr), if you consider that the processing of your Personal Data infringes the applicable national and regulatory legal framework on the protection of personal data.