SYNLAB Eesti OÜ (registry code: 11107913, address Veerenni 53a, 10138 Tallinn, email firstname.lastname@example.org) (hereinafter SYNLAB Eesti or we) manages the mobile application TESTI (hereinafter the Testi App) and the related webpage www.testi.me, as well as its subdomains, via which we offer the service of viewing corona virus test results and preparing a certificate on the basis thereof (hereinafter the Testi Webpage). For reasons of clarity: the Testi App and the Testi Webpage are jointly referred to as Testi.
Testi offers a secure virtual environment through which people can order SARS-CoV-2 testing at SYNLAB and view their corona virus SARS-CoV-2 results, if they have been tested at SYNLAB’s corona virus testing points, blood collection points, testing points linked to SYNLAB or at medical institutions that are SYNLAB’s clients; they can prepare a PDF certificate on the basis of the test result and, if the User so wishes, share or disclose the result to a third person, e.g., an employer or a trip organiser.
SYNLAB Eesti may make amendments to this Policy from time to time, in which case we will inform you of such amendments upon login to the Testi application, and request your consent to the amended Policy. The up-to-date Policy is always published on the Testi Webpage.
If you have more specific questions about the Policy or about how we process your personal data, or if you wish to submit requests to us for exercising the rights entailed in the processing of your personal data to us, please contact us via the contact details provided below in the section ‘Customer support’.
|GDPR||Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or GDPR).|
|Personal Data||Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.|
|Applicable Law||All the applicable legal acts of the European Union and all the applicable legal acts of the Republic of Estonia, including, but not limited to, the national implementing acts of the GDPR, which apply during the validity of a data processing agreement or enter into force after the conclusion of a data processing agreement, and legal acts which regulate the provision of healthcare services.|
|Data Subject||A natural person whose personal data are processed.|
|Processing||Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.|
|Controller||The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. SYNLAB Eesti is the controller of Testi.|
|User||A person who is using Testi App under this Policy.|
|A person on whose behalf and in whose name the User uses Testi under this Policy (the User’s minor child or another person under custodianship with regard to whom the User has the right of custody).|
2. USING TESTI
2.2. The Testi App can be used in the name of the User himself or herself and in the name of the Principals whom the User represents. If the User is using the Testi App in the role of a Principal (i.e., on behalf of a person or persons with regard to whom a right of custody has been assigned), the User confirms upon agreeing to the terms and conditions of use that he/she has a full right of representation for representing the Principal and the right of representation has not been restricted by court, upon an agreement of the parents or otherwise. The User is responsible for the validity of the right of representation and understands that using Testi in the name of a Principal without a full right of representation is unlawful.
2.3. Please note that in order to prevent unauthorised enquiries, the Testi App can only be used in the role of a Testi App Principal, if the User has been assigned a full right of custody over the Principal in the Population Register. SYNLAB Eesti checks the right of representation on the basis of the User’s enquiry once a year. If the User’s right of representation has been altered after making the enquiry and the User no longer has the right to decide on matters related to the health of the Principal (including to view test results), the User shall be obligated to no longer use the Testi App on behalf of the Principal and shall be liable for accessing unauthorised data, and understands that this is unlawful.
2.4. If the User has been assigned a partial right of custody over a Principal, but the User nevertheless has the right to decide on matters related to the health of the Principal (including to view test results), we ask the User to contact SYNLAB Eesti for viewing the corona virus SARS-CoV-2 test results on behalf of the Principal, using the contact details provided under the Policy, and submit documents that certify the existence of the right of custody.
2.5. Please note that as the Testi App makes enquiries to the database of the Population Register at an interval of once a year, the Testi App may in certain cases not find all the associations via the Population Register enquiries (e.g., in the case of infants whose birth has been registered in the Population Register after an enquiry is made). If the Testi App does not display all the associations or if you discover an error in the displayed associations, please contact SYNLAB Eesti, using the contact details provided below.
3. ORDERING TESTING AND BOOKING APPOINTMENTS
3.1. The Testi App allows Users to order corona virus SARS-CoV-2 testing and book appointments for testing at the testing points of SYNLAB Eesti for themselves and/or other persons. Testing can be ordered for up to 10 persons at once.
3.2. Testing can also be ordered for persons who are not the User’s Principals and with regard to whom the User does not have a right of representation. In such case, the User will not see the test results and the results shall only be made available to the person himself or herself and his or her legal representatives (see the next chapter below for viewing the results).
3.3. For the purpose of ordering testing and booking an appointment for testing, the User must enter the names of the persons for whom a test is ordered in the Testi App. The Testi App will send a booking reminder by a short message to the User’s e-mail address and by SMS to the mobile number before the chosen testing time, if the User has expressed his or her wish to receive such a reminder.
3.4. The time chosen for testing can be changed and cancelled after choosing the time for testing, but not later than 12 hours before the arrival of the testing time. The testing time can be changed in the Testi App via your own user account. The testing time can also be cancelled by calling SYNLAB Eesti using the phone number 17123 (taking into account the working hours of the customer support helpline) within 14 days at the latest after paying for the service, but not later than 12 hours before the arrival of the agreed time.
4. VIEWING RESULTS AND CREATING CERTIFICATES
4.1. The Testi App allows Users to view the results of corona virus SARS-CoV-2 tests, if the test has been done at SYNLAB Eesti or a service provider related to SYNLAB Eesti, and to prepare a certificate on the basis of the result. The certificate certifies the corona virus SARS-CoV-2 test result and constitutes a confirmation of the test result.
4.2. Test results can be viewed only with regard to oneself or one’s Principals, if the Population Register enquiry confirms the existence of a right of representation. In order to use the Testi App in the name of a Principal, the User has to confirm in the Testi App that he/she would like to make an enquiry to the Population Register to verify the right of custody, after which the User can choose the role of the Principal via the Testi App. For the purpose of verifying the existence of the right of custody, the Testi App is interfaced with the Population Register administered by the Ministry of the Interior and an enquiry will be made to the Register upon the User’s request.
4.3. In order to view the SARS-CoV-2 test result and generate a certificate, the User must enter his/her (or the Principal’s, if the User is using Testi in the role of a Principal) data and, for generating a certificate, the number of the personal identification document used for travelling. After that the User will be displayed the result of his/her (or his/her Principal’s) corona virus SARS-CoV-2 test result in the Testi App.
4.4. After generating the certificate, the User can, if he/she so wishes, share his/her or the Principal’s result on a PDF template, which is created under the User’s account in the Testi App. In sharing the result, the provisions of chapter 8 of the Terms and Conditions shall be taken into account.
4.5. Via the Testi App, the User can also share his/her own or his/her Principal’s certificate by way of the unique QR code displayed in the App. The QR code creates a link that directs the viewer to a page on the server of SYNLAB Eesti, via which the User’s SARS-CoV-2 test result is displayed. In sharing the result, the provisions of chapter 8 of the Terms and Conditions shall be taken into account.
4.6. The User shall be obligated not to alter the data on the certificate. The User is aware that the alteration of the information on the certificate can be construed as a forgery of a document, which pursuant to the Penal Code is a punishable offence regardless of whether the forgery is used or not.
5. FEE AND PAYMENT
5.1. Using the Testi App, viewing the results of the ordered tests and displaying certificates via the App is free of charge for private persons.
5.2. Ordering testing and booking appointments for testing via the Testi App is available for a fee. The User shall be obligated to pay SYNLAB Eesti a fee for the ordered testing on the basis of the price list of SYNLAB Eesti, which is available on the webpage of SYNLAB Eesti. The testing prices are also displayed in the Testi App.
5.3. Testing can also be paid for in the Testi App via a bank link or by credit card.
5.4. If the User cancels an order in accordance with the terms specified in chapter 3, the payment shall be returned to the User immediately, but not later than within 14 days from notifying SYNLAB Eesti of the wish to cancel.
6. PERSONAL DATA PROCESSING
6.1. The Testi App processes your Personal Data for the following purposes and on the following legal bases:
|Processed Personal Data and processing procedures||Purpose of processing Personal Data||Legal basis of processing Personal Data|
|Given name, surname, personal ID code or date of birth, mobile phone number, email address||Creating an account for using the Testi App.||Subparagraph (b) of paragraph 1 of Article 6 of the GDPR, the provision of services to the Data Subject.|
|The given name, surname, personal ID code or date of birth of the User or the Principal, the chosen time and place of testing, document number for producing a certificate||Taking steps for the provision of healthcare services in connection with ordering and booking a time for corona virus SARS-CoV-2 testing||Article 6.1.b. and Article 9.2.h. of the GDPR, the provision of healthcare services to the Data Subject.|
|Given name, surname, personal ID code or date of birth, mobile phone number, email address, number of personal ID document, country of residence, date and time of coronavirus SARS-CoV-2 testing and laboratory test result||The provision of healthcare services in connection with corona virus SARS-CoV-2 testing and displaying the test result via the App.||Article 6.1.b and subparagraph of Article 9.2.h of the GDPR, the provision of healthcare services to the Data Subject.|
|The given name, surname and personal ID code of the User and the given name, surname and personal ID code of the User’s Principal and the existence of a family relationship between the User and the User’s Principal and the verification of the validity of the right of representation via a Population Register enquiry||A Population Register enquiry to verify a family relationship in order to allow the User to use the Testi App on behalf of his/her minor child (the User’s Principal)||Article 6.1.b of the GDPR, the provision of services to the Data Subject, and Article 6.1.f of the GDPR, legitimate interest|
|Payment details related to the order upon paying for the order via a bank link or by credit card||The last four numbers of the number series on the card, the card expiry date, the given name and surname of the payer, the country of issue of the card, the details of the bank that issued the card, the customer’s account No.||Article 6.1.b. of the GDPR and the provision of services to the Data Subject|
7. STORAGE OF PERSONAL DATA
7.1. SYNLAB Eesti shall not store Personal Data longer than necessary according to the purpose of processing the Personal Data or on the basis of the applicable law.
7.2. Personal Data is stored as follows in the Testi App:
7.2.1. Data collected for the creation of an account in the Testi App (given name, surname, personal ID code, mobile phone number, email address) shall be stored until you use the Testi App in accordance or on the basis of the legitimate interest of SYNLAB Eesti under Article 6.1.f of the GDPR for up to 3 years after you have deleted the App or have no longer logged in to the App;
7.2.2. The certificates created in the Testi App and the results of SARS-CoV-2 testing shall be stored in the Testi App for up to 12 months from the sample having been taken by SYNLAB Eesti;
7.2.3. The data concerning the right of custody verified via the Testi App from the database of the Population Register shall be stored for 1 year from the time you made the enquiry.
7.3. In other cases, SYNLAB Eesti stores data in accordance with the applicable law and has applied the following storage terms:
7.3.1. We generally store sample materials for up to 3 days or in accordance with the quality requirements for laboratory services;
7.3.2. If you have ordered paid corona testing for which we have issued an invoice to you, pursuant to the Accounting Act we are obligated to store invoices and other accounting documents for 7 years; accounting documents do not contain health data or information about whether the corona test result was positive or negative;
7.3.3. As a general rule, we store Personal Data related to the conclusion of a contract, the longer storage term of which does not arise from the applicable law, until the data are needed in connection with the fulfilment of the contract during the validity of the contract or for up to 5 years after the end of the contract in accordance with the limitation period applicable upon the provision of healthcare services as stipulated in the Law of Obligations Act.
7.4. If you wish to receive more detailed information about the storage terms of the Personal Data related to you, please contact us using the contact details provided below in the section ‘Customer support’.
8. WHAT SHOULD BE CONSIDERED WHEN USING THE APP AND SHARING THE DATA?
8.1. The following should be considered when using the Testi App:
8.1.1. SYNLAB Eesti warrants that it will apply the necessary measures for ensuring the quality of the SARS-CoV-2 test results. SYNLAB Eesti makes all reasonable efforts to ensure that the results are accurate and truthful. Despite the efforts of SYNLAB Eesti it is not possible to fully exclude the risk that the information given to the User concerning the state of health of the User (or the Principal) is not accurate or truthful. The test results do not provide confirmation that the User or the Principal has not been infected with another (viral) disease;
8.1.2. The data of a corona virus SARS-CoV-2 test displayed via the Testi App show the result of the test as at the time of testing, and not later or earlier;
8.1.3. The ‘negative’ result displayed via the Testi App does not guarantee that the User or the Principal is healthy, e.g., that the User or the Principal has not been infected with corona virus SARS-CoV-2 after testing.
8.1.4. SYNLAB Eesti does not guarantee that the Testi Webpage and the Testi App are always in working order and functional without interruptions; the use of the Testi Webpage and App may be obstructed or disrupted due to maintenance, overload or other unexpected faults, as well as when the functionality of the User’s device (e.g., a phone) is disrupted, or in the case of Internet connection disruptions;
8.1.5. SYNLAB Eesti is constantly developing the Testi App, in order to ensure a better user experience and better functionalities for the User, but we do not warrant that all the functionalities described in the User Policy are always operational;
8.1.6. If the User wishes to use the Testi App in connection with travelling, the User must take into account that SYNLAB Eesti does not have any control over the movement restrictions or entry rules applicable in the country of destination. SYNLAB Eesti shall not be liable, if the certificate displayed via the Testi App is not recognised in the country of travel destination or if the Testi App does not work in the country of travel destination. In connection with the above, SYNLAB Eesti shall not be obligated to compensate any costs or damage, for instance if the User is unable to enter the country of travel destination because the certificate displayed via the Testi App is not recognised or the Testi App does not work. In using the Testi App, the User releases SYNLAB Eesti from all the liability that may arise in connection with any prohibitions or restrictions, including movement and travel restrictions being applied to the User. The User understands that SYNLAB Eesti cannot guarantee that the Testi App is always in working order and that the result displayed via the Testi App is recognised by third persons and countries, and the User shall take the said risk into account is using the Testi App;
8.1.7. The User shall be responsible for ensuring the data communication necessary for using the Testi App and bear all the costs related to the use of data communication. The User is aware that data communication costs in a foreign country may be higher than in Estonia.
8.2. Upon sharing data via the Testi App, the following has to be taken into account:
8.2.1. Upon showing the certificate created via the Testi App to third persons, including submitting the QR code displayed via the Testi App to third persons, the User discloses his or her personal data.
8.2.2. The User understands and agrees that upon sharing his or her Personal Data with third persons, decisions may be made with regard to him or her, including negative decisions related to travelling.
8.2.3. The User understands and agrees that SYNLAB Eesti has no control over the processing of the User’s Personal Data by third persons with whom the User shares the Personal Data displayed via the Testi App. In connection with the above, SYNLAB Eesti shall not be obligated to compensate any costs or damage, if such third persons process the User’s Personal Data unlawfully. Upon sharing Personal Data, the User shall be obligated to take into account the potential risks.
8.2.4. The User understands and agrees that if he or she shares his or her Personal Data with third persons outside the European Union, data protection in that country may not necessarily be of a level equivalent to the European Union. The User understands and agrees that SYNLAB Eesti has not control over the processing of the User’s Personal Data in such third countries and SYNLAB Eesti cannot guarantee that the User’s rights as a Data Subject are respected in sharing Personal Data. In connection with the above, SYNLAB Eesti shall not be obligated to compensate any costs or damage and the User shall be obligated to take into account the potential risks upon sharing Personal Data outside the European Union.
8.3. The User agrees that upon him/her disclosing his/her mobile phone number, SYNLAB Eesti will send a questionnaire by SMS to his/her mobile phone number for assessing the quality of the service and receiving feedback. If you do not wish to receive the questionnaire, please write to email@example.com to refuse from it.
9. RIGHTS OF DATA SUBJECTS
9.1. In processing the personal data, SYNLAB Eesti shall ensure the rights of Data Subjects on the basis of the applicable law. Above all, every Data Subject has the following rights:
9.1.1. Right of access: you have the right to enquire at any time whether the Personal Data Controller holds your Personal Data or not, and to receive information about which Personal Data the Controller processes with regard to you;
9.1.2. Right to have Personal Data rectified: you have the right to request that the Controller specify or rectify your Personal Data, if the data are insufficient, deficient or incorrect;
9.1.3. Right to submit objections: you have the right to submit objections to the Personal Data Controller with regard to the processing of your Personal Data;
9.1.4. Right to request the deletion of Personal Data: you have the right to request the deletion of your Personal Data, if there are no legal bases for storing the personal data; in order to delete a user account created in the Testi App, please send a free-format digitally signed application to firstname.lastname@example.org;
9.1.5. Right to restrict processing: you have the right to request that the Personal Data Controller restrict the processing of your Personal Data, for instance when the Personal Data Controller no longer needs your Personal Data for the processing purposes or when you have submitted an objection with regard to the processing of Personal Data;
9.1.6. Right to withdraw the consent given for processing Personal Data: if the processing of Personal Data is based on the consent given by you, you have the right to withdraw the consent given to the Personal Data Controller at any time;
9.1.7. Right to data portability: you have the right to receive Personal Data which you have submitted to the Personal Data Controller and which are being processed on the basis of your consent from the Personal Data Controller in a written or generally recognised electronic format, and, if technically possible, request that the Personal Data Controller transmit such data to a third person.
9.1.8. Right to file complaints: if you find that your rights have been violated in the processing of your Personal Data, you can file a claim or complaint to the Data Protection Inspectorate (Tatari 39, Tallinn 10134, email@example.com, www.aki.ee) or court.
9.2. Your rights listed in this section in connection with the processing of Personal Data are not complete rights. In certain cases, the rights of a Data Subject may be restricted by the rights of other Data Subjects or the obligations of the Personal Data Controller, including the legal obligations of SYNLAB Eesti or another Personal Data Controller and/or a healthcare service provider that is a public testing organisation. For instance, the applicable law obligates SYNLAB Eesti and healthcare service providers to transmit corona virus test results to the Health Board and the Patient Portal in personalised form.
9.3. The User understands and agrees that SYNLAB Eesti cannot guarantee the rights of a Data Subject listed in this chapter in connection with the processing of the User’s Personal Data by third persons with whom the User has shared his or her Personal Data in connection with using the Testi App. In sharing Personal Data, the User shall take into account the risks described in subsection 5.2.
9.4. In order to exercise the rights related to the processing of Personal Data or submit requests related to the processing of Personal Data, please contact us using the contact details provided below in the section ‘Customer Support’.
10.2. The Testi App and the Testi Webpage use the following types of cookies:
10.2.1. Session cookies: session cookies or temporary cookies are used every time upon the Testi Webpage being used and are deleted after the web browser is closed. Temporary cookies are necessary for the functionality of the Webpage to work.
10.3. More specifically, the Testi Webpage uses the following cookies:
|_ga||Used to distinguish users. (Google Analytics)||2 years||Analytics for evaluating the use of the Webpage|
|_gid||Used to distinguish users (Google Analytics)||24 hours||Analytics for evaluating the use of the Webpage|
|_ga_<container-id>||Used to persist session state. (Google Analytics)||2 years||Analytics for evaluating the use of the Webpage|
|_fbp||Cookie is placed by: Facebook The functionality is: to store and track visits across websites.||3 months||Marketing / Tracking|
11. SECURITY OF PERSONAL DATA
11.1. The Personal Data Controller shall be obligated to ensure the security of the processing of Personal Data with the aim to protect Personal Data from unintentional or unauthorised processing, disclosure or destruction.
11.2. Considering the latest science and technology developments and implementation costs and the manner, extent, context and purposes of the processing of Personal Data, as well as the risks of varying probability and size that threaten the rights and freedoms of natural persons arising from processing, SYNLAB Eesti shall be obligated to apply appropriate technical and organisational measures in order to ensure the security of Personal Data in the processing of Personal Data.
12. CUSTOMER SUPPORT, CONTACT AND QUESTIONS
12.1. In the case of questions related to this Policy or questions related to the processing of your Personal Data or in order to submit requests related to the processing of Personal Data, please contact SYNLAB Eesti by phone, email or post.
Contact details of SYNLAB Eesti:
Information about coronavirus, testing and hotlines can be found HERE.