<  Back to testi.me

User and privacy policy

SYNLAB Eesti OÜ (registry code 11107913, address Veerenni 53a, 11313 Tallinn, email synlab@synlab.ee) (hereinafter SYNLAB Eesti or we) manages the mobile application TESTI (hereinafter the Testi App) and the related webpage www.testi.me, as well as its subdomains, via which we offer the service of viewing coronavirus test results and preparing a certificate on the basis thereof (hereinafter the Testi Webpage). For reasons of clarity: the Testi App and the Testi Webpage are jointly referred to as Testi.

Testi offers a secure virtual environment through which people can access their coronavirus SARS-CoV-2 results, if they have been tested at SYNLAB’s corona testing points, blood collection points, testing points linked to SYNLAB’s clients; they can create a PDF certificate on the basis of the test result and, if the user so wishes, share or disclose the result to a third person, e.g. an employer or a trip organiser.

This user and privacy policy document (hereinafter the Policy) describes the terms and conditions of using Testi and explains how your personal data are used in connection with using Testi. In order to use Testi, you are required to agree to the Policy.

If you have more specific questions about the Policy or about how we process your personal data, or if you wish to submit requests to us for exercising the rights entailed in the processing of your personal data to us, please contact us via the contact details provided below in the section ‘Customer support’.

SYNLAB Eesti may make amendments to this Policy from time to time. The up-to-date Policy is published on the Testi Webpage.

  1. DEFINITIONS
GDPRRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or GDPR).  
Personal DataAny information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.  
Applicable LawAll the applicable legal acts of the European Union and all the applicable legal acts of the Republic of Estonia, including, but not limited to, the national implementing acts of the GDPR, which apply during the validity of a data processing agreement or enter into force after the conclusion of a data processing agreement, and legal acts which regulate the provision of healthcare services.  
Data Subject  A natural person whose personal data are processed.  
ProcessingAny operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.  
ControllerThe natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. SYNLAB Eesti is the controller of Testi.
UserA person who is using Testi App under this Policy.
  1. USING TESTI
    1. In order to use the Testi App, Users need to login to the Testi App using Mobile ID or Smart ID authentication, and agree to this Testi user and privacy policy.
    2. Via the Testi App, Users can view the results of their SARS-CoV-2 coronavirus tests, if they have been tested at SYNLAB Eesti or a service provider related to SYNLAB Eesti, and prepare a certificate on the basis of the result. The certificate means the result of the corona virus SARS-CoV-2 test.
    3. In order to view the SARS-CoV-2 test result and generate a certificate, the user must log in to the Testi app and enter his/her telephone number and country of residence; for the certificate, the number of the identity document used for travelling is also required. After that, the User can view the result of his/her coronavirus SARS-CoV-2 test result determined using the PCR (real-time polymerase chain reaction) method and/or the corona virus SARS-CoV-2 antibody test result, which contains the following data:
      1. The time of giving the coronavirus SARS-CoV-2 test;
      2. The name of the coronavirus SARS-CoV-2 test, the result of the test, which in the case of a PCR test is positive/negative/borderline and in the case of the antibody test is a numerical value and the verbal value positive/negative.
    4. After generating a certificate, the User can, if he/she so wishes, share the result on a PDF template which is created under the User’s account in the Testi App. In sharing the result, the provisions of chapter 5 of the Terms and Conditions shall be taken into account.
    5. Via the Testi App, the User can also share the certificate by way of a the unique QR code displayed in the app. The QR code creates a link that directs the viewer to a page on the server of SYNLAB Eesti, where the User’s SARS-CoV-2 test result is displayed. In sharing the result, the provisions of chapter 5 of the Terms and Conditions shall be taken into account.
    6. Using the Testi App is free of charge for private persons.
    7. The User shall be obligated not to alter the data on the certificate. The User is aware that the alteration of the information on the certificate can be construed as a forgery of a document, which pursuant to the Penal Code is a punishable offence regardless of whether the forgery is used or not.
  2. PERSONAL DATA PROCESSING
    1. The Testi App processes your Personal Data for the following purposes and on the following legal bases:
Processed Personal Data and processing proceduresPurpose of processing Personal DataLegal basis of processing Personal Data
Given name, surname, personal ID code or date of birth, mobile phone number, email addressCreating an account for using the Testi App.Subparagraph (b) of paragraph 1 of Article 6 of the GDPR, the provision of services to the Data Subject. 
Given name, surname, personal ID code or date of birth, mobile phone number, email address, number of personal ID document, country of residence, date and time of coronavirus SARS-CoV-2 testing and laboratory test resultThe provision of healthcare services in connection with corona virus SARS-CoV-2 testing and displaying the test result via the App.Article 6.1.b and subparagraph of Article 9.2.h of the GDPR, the provision of healthcare services to the Data Subject.
  1. STORAGE OF PERSONAL DATA
    1. SYNLAB Eesti shall not store Personal Data longer than necessary according to the purpose of processing the Personal Data or on the basis of the applicable law.
    2. Personal Data are stored as follows in the Testi App:
      1. Data collected for the creation of an account in the Testi App (given name, surname, personal ID code, mobile phone number, email address) shall be stored until you use the Testi App in accordance or on the basis of the legitimate interest of SYNLAB Eesti under Article 6.1.f of the GDPR for up to 3 years after you have deleted the App or have no longer logged in to the App;
      2. The certificates created in the Testi App and the results of SARS-CoV-2 testing shall be stored in the Testi App for up to 12 months from the sample having been taken by SYNLAB Eesti.
    3. In other cases, SYNLAB Eesti stores data in accordance with the applicable law and has applied the following storage terms:
      1. We generally store sample materials for up to 3 days or in accordance with the quality requirements for laboratory services;
      2. If you have ordered paid corona testing for which we have issued an invoice to you, pursuant to the Accounting Act we are obligated to store invoices and other accounting documents for 7 years; accounting documents do not contain health data or information about whether the corona test result was positive or negative;
      3. As a general rule, we store Personal Data related to the conclusion of a contract, the longer storage term of which does not arise from the applicable law, until the data are needed in connection with the fulfilment of the contract during the validity of the contract or for up to 5 years after the end of the contract in accordance with the limitation period applicable upon the provision of healthcare services as stipulated in the Law of Obligations Act.
    4. If you wish to receive more detailed information about the storage terms of the Personal Data related to you, please contact us using the contact details provided below in the section ‘Customer support’.
  2. WHAT SHOULD BE CONSIDERED WHEN USING THE APP AND SHARING THE DATA?
    1. The following should be considered when using the Testi App:
      1. The data related to a coronavirus SARS-CoV-2 test displayed via the Testi App are not necessarily always accurate and the test data do not provide assurance that the User is not infected with another (viral) disease;
      2. The data of a coronavirus SARS-CoV-2 test displayed via the Testi App show the result of the test as at the time of testing, and not later or earlier;
      3. The ‘negative’ PCR result displayed via the app does not guarantee that the User is healthy, e.g., that the User has not been infected with coronavirus SARS-CoV-2 after testing;
      4. SYNLAB Eesti does not guarantee that the Testi webpage and the Testi App are always in working order and functional without interruptions; the use of the Testi webpage and App may be obstructed or disrupted due to maintenance, overload or other unexpected faults, as well as when the functionality of the User’s device (e.g., a phone) is disrupted, or in the case of Internet connection disruptions;
      5. If the User wishes to use the Testi App in connection with travelling, the User must take into account that SYNLAB Eesti does not have any control over the movement restrictions or entry rules applicable in the country of destination. SYNLAB Eesti shall not be liable, if the certificate displayed via the Testi App is not recognised in the country of travel destination or if the Testi App does not work in the country of travel destination. In connection with the above, SYNLAB Eesti shall not be obligated to compensate any costs or damage, for instance if the User is unable to enter the country of travel destination because the certificate displayed via the Testi App is not recognised or the Testi App does not work. In using the Testi App, the User releases SYNLAB Eesti from all the liability that may arise in connection with any prohibitions or restrictions, including movement and travel restrictions being applied to the User. The User understands that SYNLAB Eesti cannot guarantee that the Testi App is always in working order and that the result displayed via the Testi App is recognised by third persons and countries, and the User shall take the said risk into account is using the Testi App.
      6. The User shall be responsible for ensuring the data communication necessary for using the Testi App and bear all the costs related to the use of data communication. The User is aware that data communication costs in a foreign country may be higher than in Estonia.
    2. Upon sharing data via the Testi App, the following has to be taken into account:
      1. Upon showing the certificate created via the Testi App to third persons, including submitting the QR code displayed via the Testi App to third persons, the User discloses his or her personal data.
      2. The User understands and agrees that upon sharing his or her Personal Data with third persons, decisions may be made with regard to him or her, including negative decisions related to travelling.
      3. The User understands and agrees that SYNLAB Eesti has no control over the processing of the User’s Personal Data by third persons with whom the User shares the Personal Data displayed via the Testi App. In connection with the above, SYNLAB Eesti shall not be obligated to compensate any costs or damage, if such third persons process the User’s Personal Data unlawfully. Upon sharing Personal Data, the User shall be obligated to take into account the potential risks.
      4. The User understands and agrees that if he or she shares his or her Personal Data with third persons outside the European Union, data protection in that country may not necessarily be of a level equivalent to the European Union. The User understands and agrees that SYNLAB Eesti has not control over the processing of the User’s Personal Data in such third countries and SYNLAB Eesti cannot guarantee that the User’s rights as a Data Subject are respected in sharing Personal Data. In connection with the above, SYNLAB Eesti shall not be obligated to compensate any costs or damage and the User shall be obligated to take into account the potential risks upon sharing Personal Data outside the European Union.
  3. RIGHTS OF DATA SUBJECTS
    1. SYNLAB Eesti shall ensure the rights of Data Subjects upon personal data processing on the basis of the applicable law. Above all, every Data Subject has the following rights:
      1. Right of access: you have the right to enquire at any time whether the Personal Data Controller holds your Personal Data or not, and to receive information about which Personal Data the Controller processes with regard to you;
      2. Right to have Personal Data rectified: you have the right to request that the Controller specify or rectify your Personal Data, if the data are insufficient, deficient or incorrect;
      3. Right to submit objections: you have the right to submit objections to the Personal Data Controller with regard to the processing of your Personal Data;
      4. Right to request the deletion of Personal Data: you have the right to request the deletion of your Personal Data;
      5. Right to restrict processing: you have the right to request that the Personal Data Controller restrict the processing of your Personal Data, for instance when the Personal Data Controller no longer needs your Personal Data for the processing purposes or when you have submitted an objection with regard to the processing of Personal Data;
      6. Right to withdraw the consent given for processing Personal Data: if the processing of Personal Data is based on the consent given by you, you have the right to withdraw the consent given to the Personal Data Controller at any time;
      7. Right to data portability: you have the right to receive Personal Data which you have submitted to the Personal Data Controller and which are being processed on the basis of your consent from the Personal Data Controller in a written or generally recognised electronic format, and, if technically possible, request that the Personal Data Controller transmit such data to a third person.
      8. Right to file complaints: if you find that your rights have been violated in the processing of your Personal Data, you can file a claim or complaint to the Data Protection Inspectorate (Tatari 39, Tallinn 10134, info@aki.ee, www.aki.ee) or court.
    2. Your rights listed in this section in connection with the processing of Personal Data are not complete rights. In certain cases, the rights of a Data Subject may be restricted by the rights of other Data Subjects or the obligations of the Personal Data Controller, including the legal obligations of SYNLAB Eesti or another Personal Data Controller and/or a healthcare service provider that is a public testing organisation. For instance, the applicable law obligates SYNLAB Eesti and healthcare service providers to transmit coronavirus test results to the Health Board and the Patient Portal in personalised form.
    3. The User understands and agrees that SYNLAB Eesti cannot guarantee the rights of a Data Subject listed in this chapter in connection with the processing of the User’s Personal Data by third persons with whom the User has shared his or her Personal Data in connection with using the Testi App. In sharing Personal Data, the User shall take into account the risks described in subsection 5.2.
    4. In order to exercise the rights related to the processing of Personal Data or submit requests related to the processing of Personal Data, please contact us via the contact details provided below in the section ‘Customer support’.
  4. USE OF COOKIES
    1. The Testi Webpage uses cookies. Cookies are small text files which contain information stored in a computer and which are used for monitoring or identification.
    2. The Testi Webpage uses the following types of cookies:
      1. Session cookies: session cookies or temporary cookies are used every time upon the Testi Webpage being used and are deleted after the web browser is closed. Temporary cookies are necessary for the functionality of the Webpage to work.
      2. Third party cookies: for the purpose of improving the functioning and presentation of the Testi Webpage and in order to gather statistics, we use third party cookies (Google Analytics). You can review the privacy policy and terms and conditions of the third party on the webpage of the producer of the cookies at https://www.google.com/policies/technologies/cookies/.
    3. More specifically, the Testi Webpage uses the following cookies:

      Cookie
      PHPSESSID This cookie is used by the PHP application. The cookie is used for recording and identifying the unique session ID of the user to manage the user’s session on the website. The cookie is a session cookie and is deleted when all the browser windows are closed. Until the browser is closed Necessary
      __utma This cookie is assigned by Google Analytics and it is used for distinguishing users and sessions. The cookie is created when the JavaScript library is launched and there are no existing __utma cookies. The cookie is refreshed every time data are sent to Google Analytics. 2 years Analytics for evaluating the use of the Webpage
      __utmc The cookie is assigned by Google Analytics and it is deleted when the user closes the browser. Ga.js does not use the cookie. The cookie is used for allowing interoperability with urchin.js which is an older version of Google Analytics and which is used together with __utmb cookies for determining new sessions/visits. Until the browser is closed Analytics for evaluating the use of the Webpage
      __utmz This cookie is assigned by Google Analytics and it is used for recording the source of traffic or campaign via which the visitor reached the site. 6 months Analytics for evaluating the use of the Webpage
      __utmt The cookie is assigned by Google Analytics and it is used for limiting enquiry speed. 10 minutes Analytics for evaluating the use of the Webpage
      __utmb The cookie is assigned by Google Analytics. The cookie is used for determining new sessions/visits. The cookie is created when the JavaScript library is launched and there are no existing __utmb cookies. The cookie is refreshed every time data are sent to Google Analytics. 30 minutes Analytics for evaluating the use of the Webpage
    4. You have the right to disable the use of cookies at any time by changing the settings of your web browser. In such case, please take into account that all the functions of the Testi Webpage may not work properly. Cookies can be disabled by following the instructions under the “Help” section of the web browser. You can also find more information about how cookies work or how to disable cookies at allaboutcookies.org.
  5. SECURITY OF PERSONAL DATA
    1. The Personal Data Controller shall be obligated to ensure the security of the processing of Personal Data with the aim to protect Personal Data from unintentional or unauthorised processing, disclosure or destruction.
    2. Considering the latest science and technology developments and implementation costs and the manner, extent, context and purposes of the processing of Personal Data, as well as the risks of varying probability and size that threaten the rights and freedoms of natural persons arising from processing, the Personal Data Controller shall be obligated to apply appropriate technical and organisational measures in order to ensure the security of Personal Data in the processing of Personal Data.
  6. CUSTOMER SUPPORT, CONTACT AND QUESTIONS
    1. In the case of questions related to this Policy or questions related to the processing of Personal Data or in order to submit requests related to the processing of Personal Data, please contact SYNLAB Eesti by phone, email or post.

Contact details of SYNLAB Eesti:

Address: Veerenni 53a, 10138 Tallinn
Phone: 17123
General emailsynlab@synlab.ee
Data Protection Specialistandmekaitse@synlab.ee
Mobile app supportklienditugi@synlab.ee

Information about coronavirus, testing and hotlines can be found HERE.