Privacy Policy

1) General provisions

We are aware that we process highly sensitive data with the Corona Check service. For this reason, we take care to request, process and store only the absolutely necessary data.

Within the scope of using the Corona-Check-App (hereinafter referred to as “App”), certain personal data is processed by us and stored only for the time required to fulfil the defined purposes in compliance with all legal obligations.

Within the scope of this data protection declaration, we inform you what data is involved, how it is processed and what rights you are entitled to on the basis of applicable statutory provisions.

According to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data is all information relating to an identified or identifiable natural person.

However, our app does not store any personal data such as name, address, e-mail address, IP address, telephone number, SIM card or the telephone name. In particular, no data is read from the memory of your smartphone.

2) Name and contact details of the person responsible for data processing and the data protection officer

This data protection declarations concerns the data handling while using our app. In terms of data protection regulation, the responsible instance is:

University of Würzburg
Sanderring 2
97070 Würzburg

Phone: +49-(0)931-31-0
Telefax: +49-(0)931-31-82600

Data protection officer:
Administrative data protection officer of the University of Würzburg
Sanderring 2
97070 Würzburg

Phone: +49-(0)931-31-0
Telefax: +49-(0)931-31-82600

Responsible instance within the scope of using the App:
Prof. Rüdiger Pryss, PhD
Professor for Medical Informatics,
Institute for Clinical Epidemiology and Biometry,
University of Würzburg,
Am Schwarzenberg 15,
97078 Würzburg

Phone: +49 931 201-46471

Contact to the data protection officer:

If you have any questions regarding data protection law or your rights as a data subject, you can contact our data protection officer directly.

3) Storage location for data, especially personal data

All data is stored on an encrypted server of the University Hospital Würzburg.

The data exchange between your mobile device and the server takes place via the Internet, based on a secure SSL connection.

A transfer of personal data to a third country or to international companies or organizations is precluded.

4) Authorizations of the app

No authorizations are required to use the App with full functionality.

If you give the App permission for the location data via the settings of your smartphone, we can use this data in a coarser form for scientific analyses of regional differences (for details, see 5. Use of coarsened location data). However, this authorization is not required to use the app to its full extent.

5) Use of location data

If you grant the authorization, the GPS data of your smartphone will be stored, in particular to enable scientific analyses. However, you can also use the app without granting authorization for GPS data.

Other location data will not be retrieved, processed or stored. In particular, no geotracking is performed by our app. Importantly, location data will be scientifically processed only in a coarse-grained way.

6) Use of push services

The app uses push services of the operating system manufacturers. These are short messages that are displayed on the user’s screen with the user’s consent and actively inform the user about warnings.

If the push services are used, a device token from Apple or a registration ID from Google may be allocated. The sole purpose of their use by us is to provide the Push Services. These are only encrypted, anonymised Device IDs. We cannot draw any conclusions about the individual user.

You can decide during the installation of the app whether you want to use this functionality. If you want to unsubscribe from the push messages later, you can use the unsubscribe option in the app. You can find this under the settings.

7) Evaluation of usage data

The device recognition of your smartphone is saved. This is necessary to be able to correctly assign your data to the app if you use it several times. This allows the user to find out, for example, the frequency of use and previous results.

Anonymized usage data, e.g. answers to risk questions about the new corona virus in line with the functionality of the app, are processed for the secure operation of the app and, if necessary, evaluated for its further development. However, it is not possible to make connections of this data to your person. This anonymous usage data is also not merged with other data sources.

When using the app, this data is stored in a log file with a timestamp.

8) Research purpose and scientific publications

The results of the anonymous app use can be published in scientific journals within the scope of research projects. However, it will in no way be possible to identify your personal identity on the basis of your personal data collected and processed by the app.

9) Transfer of data to third parties

Data that has been logged during the use of the app and will be used for scientific purposes only. Exceptions to this rule can only be made if this is required by law, a court decision or if the transfer is necessary for legal or criminal prosecution. A transfer for other non-commercial or commercial purposes will not take place.

The app contains links to websites or applications of other providers. Compliance with data protection regulations on these external locations is the responsibility of the respective operators, so that we cannot assume any guarantee or liability. We therefore ask you to contact this provider to find out about their data protection practices and their corresponding legally binding data protection declaration.

11) Rights of affected persons

You have the right:

Information on your right of objection under Art. 21 GDPR You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Article 6 paragraph 1 sentence 1 letter e of the DPA (data processing in the public interest) and Article 6 paragraph 1 sentence 1 letter f of the DPA (data processing based on a balancing of interests).If you lodge an objection, we will no longer process your personal data unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If you wish to exercise your right of objection, please contact the data protection officer:

12) Updating and modification of this privacy information

This data protection information is currently valid and is dated May 2020. It may become necessary to amend this data protection information due to the further development of our product range or due to changes in legal or official requirements. The current data protection information can be accessed at any time via the latest version of the app.