SYNLAB Eesti OÜ (registry code 11107913, address Veerenni 53a, 11313 Tallinn, email email@example.com) (hereinafter SYNLAB Eesti or we) manages the mobile application TESTI (hereinafter the Testi App) and the related webpage www.testi.me, as well as its subdomains, via which we offer the service of viewing coronavirus test results and preparing a certificate on the basis thereof (hereinafter the Testi Webpage). For reasons of clarity: the Testi App and the Testi Webpage are jointly referred to as Testi.
Testi offers a secure virtual environment through which people can access their coronavirus SARS-CoV-2 results, if they have been tested at SYNLAB’s corona testing points, blood collection points, testing points linked to SYNLAB’s clients; they can create a PDF certificate on the basis of the test result and, if the user so wishes, share or disclose the result to a third person, e.g. an employer or a trip organiser.
SYNLAB Eesti may make amendments to this Policy from time to time. The up-to-date Policy is published on the Testi Webpage.
If you have more specific questions about the Policy or about how we process your personal data, or if you wish to submit requests to us for exercising the rights entailed in the processing of your personal data to us, please contact us via the contact details provided below in the section ‘Customer support’.
|GDPR||Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or GDPR).|
|Personal Data||Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.|
|Applicable Law||All the applicable legal acts of the European Union and all the applicable legal acts of the Republic of Estonia, including, but not limited to, the national implementing acts of the GDPR, which apply during the validity of a data processing agreement or enter into force after the conclusion of a data processing agreement, and legal acts which regulate the provision of healthcare services.|
|Data Subject||A natural person whose personal data are processed.|
|Processing||Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.|
|Controller||The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. SYNLAB Eesti is the controller of Testi.|
|User||A person who is using Testi App under this Policy.|
|A person on whose behalf and in whose name the User uses Testi under this Policy (the User’s minor child or another person under custodianship with regard to whom the User has the right of custody).|
2. USING TESTI
2.2. Via the Testi App, Users can view the results of their corona virus SARS-CoV-2 tests, if they have been tested at SYNLAB Eesti or a service provider related to SYNLAB Eesti, and prepare a certificate on the basis of the result. The certificate is a document which certifies the result of the corona virus SARS-CoV-2 test.
2.3. Via the Testi App, Users can view the results of their corona virus SARS-CoV-2 tests, if they have been tested at SYNLAB Eesti or a service provider related to SYNLAB Eesti, and prepare a certificate on the basis of the result also for the User’s Principal. The certificate is a document which certifies the result of the corona virus SARS-CoV-2 test. In order to use the Testi App in the name of a Principal, the User has to confirm in the Testi App that he/she would like to make an enquiry to the Population Register to verify the right of custody, after which the User can choose the role of the Principal via the Testi App. For the purpose of verifying the existence of the right of custody, the Testi App is interfaced with the Population Register administered by the Ministry of the Interior and an enquiry will be made to the Register upon the User’s request.
2.4. In order to view the SARS-CoV-2 test result and generate a certificate, the User must log in to the Testi App and enter his/her (or the Principal’s, if the User is using the Testi App in the role of a Principal) telephone number and country of residence; for the certificate, the number of the identity document used for travelling is also required. After that the User can view the result of his/her (or Principal’s) corona virus SARS-CoV-2 test result.
2.5. The corona virus SARS-CoC-2 test result contains data concerning the test, such as the time of testing and the test result. The exact data depend on the particular test and the type of test.
2.6. After generating the certificate, the User can, if he/she so wishes, share the result on a PDF template which is created under the User’s account in the Testi App. In sharing the result, the provisions of chapter 5 of the Terms and Conditions shall be taken into account.
2.7. Via the Testi App, the User can also share his/her own or his/her Principal’s certificate by way of the unique QR code displayed in the App. The QR code creates a link that directs the viewer to a page on the server of SYNLAB Eesti, where the User’s SARS-CoV-2 test result is displayed. In sharing the result, the provisions of chapter 5 of the Terms and Conditions shall be taken into account.
2.8. Using the Testi App is free of charge for private persons.
2.9. The User shall be obligated not to alter the data on the certificate. The User is aware that the alteration of the information on the certificate can be construed as a forgery of a document, which pursuant to the Penal Code is a punishable offence regardless of whether the forgery is used or not.
2.10. If the User is using the Testi App in the role of a Principal (i.e., on behalf of a person with regard to whom a right of custody has been assigned), the User confirms upon agreeing to the terms and conditions of use that he/she has a full right of representation for representing the Principal and the right of representation has not been restricted by court, upon an agreement of the parents or otherwise. The User shall be responsible for accessing unauthorised data and understands that accessing and requesting data in the absence of a full right of representation is unlawful.
2.11. The Testi App allows the User to also order corona virus SARS-CoV-2 testing and book a time for testing (for himself/herself or for the User’s Principals) at SYNLAB Eesti testing points as stated in the Testi App. (NB! The ordering and booking functionality may not necessarily be fully operational before September 2021).
2.12. For ordering corona virus SARS-CoV-2 testing and booking a time for testing, the User has to log into the Testi App and enter the details of the persons for whom the test is being ordered. The Testi App will send a booking reminder by a text message to the User’s phone number before the chosen time of testing. (NB! The ordering and booking functionality may not necessarily be fully operational before September 2021).
2.13. Please note that in order to prevent unauthorised enquiries, the Testi App can only be used in the role of a Testi App Principal, if the User has been assigned a full right of custody over the Principal in the Population Register. SYNLAB Eesti checks the right of representation on the basis of the User’s enquiry once a year. If the User’s right of custody has been altered after making the enquiry and the User no longer has the right to decide on matters related to the health of the Principal (including to view test results), the User shall be obligated to no longer use the Testi App on behalf of the Principal and shall be liable for accessing unauthorised data, and understands that this is unlawful.
2.14. If the User has been assigned a partial right of custody over a Principal, which grants the right to decide on matters related to the health of the Principal (including to view test results), we ask the User to contact SYNLAB Eesti for viewing the corona virus SARS-CoV-2 test results on behalf of the Principal, using the contact details provided under the Policy, and submit documents that certify the existence of the right of custody.
2.15. Please note that as the Testi App makes enquiries to the database of the Population Register at an interval of once a year, the Testi App may in certain cases not find all the associations via the Population Register enquiries (e.g., in the case of infants whose birth has been registered in the Population Register after an enquiry is made). If the Testi App does not display all the associations or if you discover an error in the displayed associations, please contact SYNLAB Eesti, using the contact details provided below.
3. PERSONAL DATA PROCESSING
3.1. The Testi App processes your Personal Data for the following purposes and on the following legal bases:
|Processed Personal Data and processing procedures||Purpose of processing Personal Data||Legal basis of processing Personal Data|
|Given name, surname, personal ID code or date of birth, mobile phone number, email address||Creating an account for using the Testi App.||Subparagraph (b) of paragraph 1 of Article 6 of the GDPR, the provision of services to the Data Subject.|
|The given name, surname, personal ID code or date of birth of the User or the Principal, the chosen time and place of testing, document number for producing a certificate||Taking steps for the provision of healthcare services in connection with ordering and booking a time for corona virus SARS-CoV-2 testing||Article 6.1.b. and Article 9.2.h. of the GDPR, the provision of healthcare services to the Data Subject.|
|Given name, surname, personal ID code or date of birth, mobile phone number, email address, number of personal ID document, country of residence, date and time of coronavirus SARS-CoV-2 testing and laboratory test result||The provision of healthcare services in connection with corona virus SARS-CoV-2 testing and displaying the test result via the App.||Article 6.1.b and subparagraph of Article 9.2.h of the GDPR, the provision of healthcare services to the Data Subject.|
|The given name, surname and personal ID code of the User and the given name, surname and personal ID code of the User’s Principal and the existence of a family relationship between the User and the User’s Principal and the verification of the validity of the right of representation via a Population Register enquiry||A Population Register enquiry to verify a family relationship in order to allow the User to use the Testi App on behalf of his/her minor child (the User’s Principal)||Article 6.1.b of the GDPR, the provision of services to the Data Subject, and Article 6.1.f of the GDPR, legitimate interest|
4. STORAGE OF PERSONAL DATA
4.1. SYNLAB Eesti shall not store Personal Data longer than necessary according to the purpose of processing the Personal Data or on the basis of the applicable law.
4.2. Personal Data is stored as follows in the Testi App:
4.2.1. Data collected for the creation of an account in the Testi App (given name, surname, personal ID code, mobile phone number, email address) shall be stored until you use the Testi App in accordance or on the basis of the legitimate interest of SYNLAB Eesti under Article 6.1.f of the GDPR for up to 3 years after you have deleted the App or have no longer logged in to the App;
4.2.2. The certificates created in the Testi App and the results of SARS-CoV-2 testing shall be stored in the Testi App for up to 12 months from the sample having been taken by SYNLAB Eesti;
4.2.3. The data concerning the right of custody verified via the Testi App from the database of the Population Register shall be stored for 1 year from the time you made the enquiry.
4.3. In other cases, SYNLAB Eesti stores data in accordance with the applicable law and has applied the following storage terms:
4.3.1. We generally store sample materials for up to 3 days or in accordance with the quality requirements for laboratory services;
4.3.2. If you have ordered paid corona testing for which we have issued an invoice to you, pursuant to the Accounting Act we are obligated to store invoices and other accounting documents for 7 years; accounting documents do not contain health data or information about whether the corona test result was positive or negative;
4.3.3. As a general rule, we store Personal Data related to the conclusion of a contract, the longer storage term of which does not arise from the applicable law, until the data are needed in connection with the fulfilment of the contract during the validity of the contract or for up to 5 years after the end of the contract in accordance with the limitation period applicable upon the provision of healthcare services as stipulated in the Law of Obligations Act.
4.4. If you wish to receive more detailed information about the storage terms of the Personal Data related to you, please contact us using the contact details provided below in the section ‘Customer support’.
5. WHAT SHOULD BE CONSIDERED WHEN USING THE APP AND SHARING THE DATA?
5.1. The following should be considered when using the Testi App:
5.1.1. SYNLAB Eesti warrants that it will apply the necessary measures for ensuring the quality of the SARS-CoV-2 test results. SYNLAB Eesti makes all reasonable efforts to ensure that the results are accurate and truthful. Despite the efforts of SYNLAB Eesti it is not possible to fully exclude the risk that the information given to the User concerning the state of health of the User (or the Principal) is not accurate or truthful and the test results do not provide confirmation that the User or the Principal has not been infected with another (viral) disease;
5.1.2. The data of a corona virus SARS-CoV-2 test displayed via the Testi App show the result of the test as at the time of testing, and not later or earlier;
5.1.3. The ‘negative’ result displayed via the Testi App does not guarantee that the User or the Principal is healthy, e.g., that the User or the Principal has not been infected with corona virus SARS-CoV-2 after testing.
5.1.4. SYNLAB Eesti does not guarantee that the Testi Webpage and the Testi App are always in working order and functional without interruptions; the use of the Testi Webpage and App may be obstructed or disrupted due to maintenance, overload or other unexpected faults, as well as when the functionality of the User’s device (e.g., a phone) is disrupted, or in the case of Internet connection disruptions;
5.1.5. SYNLAB Eesti is constantly developing the Testi App, in order to ensure a better user experience and better functionalities for the User, but we do not warrant that all the functionalities described in the User Policy are always operational;
5.1.6. If the User wishes to use the Testi App in connection with travelling, the User must take into account that SYNLAB Eesti does not have any control over the movement restrictions or entry rules applicable in the country of destination. SYNLAB Eesti shall not be liable, if the certificate displayed via the Testi App is not recognised in the country of travel destination or if the Testi App does not work in the country of travel destination. In connection with the above, SYNLAB Eesti shall not be obligated to compensate any costs or damage, for instance if the User is unable to enter the country of travel destination because the certificate displayed via the Testi App is not recognised or the Testi App does not work. In using the Testi App, the User releases SYNLAB Eesti from all the liability that may arise in connection with any prohibitions or restrictions, including movement and travel restrictions being applied to the User. The User understands that SYNLAB Eesti cannot guarantee that the Testi App is always in working order and that the result displayed via the Testi App is recognised by third persons and countries, and the User shall take the said risk into account is using the Testi App;
5.1.7. The User shall be responsible for ensuring the data communication necessary for using the Testi App and bear all the costs related to the use of data communication. The User is aware that data communication costs in a foreign country may be higher than in Estonia.
5.2. Upon sharing data via the Testi App, the following has to be taken into account:
5.2.1. Upon showing the certificate created via the Testi App to third persons, including submitting the QR code displayed via the Testi App to third persons, the User discloses his or her personal data.
5.2.2. The User understands and agrees that upon sharing his or her Personal Data with third persons, decisions may be made with regard to him or her, including negative decisions related to travelling.
5.2.3. The User understands and agrees that SYNLAB Eesti has no control over the processing of the User’s Personal Data by third persons with whom the User shares the Personal Data displayed via the Testi App. In connection with the above, SYNLAB Eesti shall not be obligated to compensate any costs or damage, if such third persons process the User’s Personal Data unlawfully. Upon sharing Personal Data, the User shall be obligated to take into account the potential risks.
5.2.4. The User understands and agrees that if he or she shares his or her Personal Data with third persons outside the European Union, data protection in that country may not necessarily be of a level equivalent to the European Union. The User understands and agrees that SYNLAB Eesti has not control over the processing of the User’s Personal Data in such third countries and SYNLAB Eesti cannot guarantee that the User’s rights as a Data Subject are respected in sharing Personal Data. In connection with the above, SYNLAB Eesti shall not be obligated to compensate any costs or damage and the User shall be obligated to take into account the potential risks upon sharing Personal Data outside the European Union.
6. RIGHTS OF DATA SUBJECTS
6.1. In processing the personal data, SYNLAB Eesti shall ensure the rights of Data Subjects on the basis of the applicable law. Above all, every Data Subject has the following rights:
6.1.1. Right of access: you have the right to enquire at any time whether the Personal Data Controller holds your Personal Data or not, and to receive information about which Personal Data the Controller processes with regard to you;
6.1.2. Right to have Personal Data rectified: you have the right to request that the Controller specify or rectify your Personal Data, if the data are insufficient, deficient or incorrect;
6.1.3. Right to submit objections: you have the right to submit objections to the Personal Data Controller with regard to the processing of your Personal Data;
6.1.4. Right to request the deletion of Personal Data: you have the right to request the deletion of your Personal Data;
6.1.5. Right to restrict processing: you have the right to request that the Personal Data Controller restrict the processing of your Personal Data, for instance when the Personal Data Controller no longer needs your Personal Data for the processing purposes or when you have submitted an objection with regard to the processing of Personal Data;
6.1.6. Right to withdraw the consent given for processing Personal Data: if the processing of Personal Data is based on the consent given by you, you have the right to withdraw the consent given to the Personal Data Controller at any time;
6.1.7. Right to data portability: you have the right to receive Personal Data which you have submitted to the Personal Data Controller and which are being processed on the basis of your consent from the Personal Data Controller in a written or generally recognised electronic format, and, if technically possible, request that the Personal Data Controller transmit such data to a third person.
6.1.8. Right to file complaints: if you find that your rights have been violated in the processing of your Personal Data, you can file a claim or complaint to the Data Protection Inspectorate (Tatari 39, Tallinn 10134, firstname.lastname@example.org, www.aki.ee) or court.
6.2. Your rights listed in this section in connection with the processing of Personal Data are not complete rights. In certain cases, the rights of a Data Subject may be restricted by the rights of other Data Subjects or the obligations of the Personal Data Controller, including the legal obligations of SYNLAB Eesti or another Personal Data Controller and/or a healthcare service provider that is a public testing organisation. For instance, the applicable law obligates SYNLAB Eesti and healthcare service providers to transmit corona virus test results to the Health Board and the Patient Portal in personalised form.
6.3. The User understands and agrees that SYNLAB Eesti cannot guarantee the rights of a Data Subject listed in this chapter in connection with the processing of the User’s Personal Data by third persons with whom the User has shared his or her Personal Data in connection with using the Testi App. In sharing Personal Data, the User shall take into account the risks described in subsection 5.2.
6.4. In order to exercise the rights related to the processing of Personal Data or submit requests related to the processing of Personal Data, please contact us using the contact details provided below in the section ‘Customer Support’.
7.2. The Testi Webpage uses the following types of cookies:
7.2.1. Session cookies: session cookies or temporary cookies are used every time upon the Testi Webpage being used and are deleted after the web browser is closed. Temporary cookies are necessary for the functionality of the Webpage to work.
7.3. More specifically, the Testi Webpage uses the following cookies:
|PHPSESSID||This cookie is used by the PHP application. The cookie is used for recording and identifying the unique session ID of the User to manage the User’s session on the website. The cookie is a session cookie and is deleted when all the browser windows are closed.||Until the browser is closed||Necessary for the functioning of the Webpage|
|__utmc||The cookie is assigned by Google Analytics and it is deleted when the User closes the browser. Ga.js does not use the cookie. The cookie is used for allowing interoperability with urchin.js which is an older version of Google Analytics and which is used together with __utmb cookies for determining new sessions/visits.||Until the browser is closed||Analytics for evaluating the use of the Webpage|
|__utmz||This cookie is assigned by Google Analytics and it is used for recording the source of traffic or campaign via which the visitor reached the site.||6 months||Analytics for evaluating the use of the Webpage|
|__utmt||The cookie is assigned by Google Analytics and it is used for limiting enquiry speed.||10 minutes||Analytics for evaluating the use of the Webpage|
8. SECURITY OF PERSONAL DATA
8.1. The Personal Data Controller shall be obligated to ensure the security of the processing of Personal Data with the aim to protect Personal Data from unintentional or unauthorised processing, disclosure or destruction.
8.2. Considering the latest science and technology developments and implementation costs and the manner, extent, context and purposes of the processing of Personal Data, as well as the risks of varying probability and size that threaten the rights and freedoms of natural persons arising from processing, SYNLAB Eesti shall be obligated to apply appropriate technical and organisational measures in order to ensure the security of Personal Data in the processing of Personal Data.
9. CUSTOMER SUPPORT, CONTACT AND QUESTIONS
9.1. In the case of questions related to this Policy or questions related to the processing of your Personal Data or in order to submit requests related to the processing of Personal Data, please contact SYNLAB Eesti by phone, email or post.
Contact details of SYNLAB Eesti:
Information about coronavirus, testing and hotlines can be found HERE.