Data protection information for visitors of our test centre
We wish to provide you with the following information and thereby comply with the information obligations arising from the General Data Protection Regulation (GDPR).
Kevin Schmidt Alparslan Bas
Appointment bookings and billing are handled by our ticketing service provider ticket.io, with whom we have entered into a contract for order processing.
The purpose of processing is to conduct the respective test (COVID-19
“citizen rapid test”, PCR test, antigen or antibody test) and to issue the
result certificate. In the event of a free “citizen test”, processing also
occurs for the purpose of billing with the Association of Statutory Health
Depending on the reason for testing and the purpose of the result certificate, the voluntary entry of a document number (personal ID or passport) and nationality may also be appropriate. The purpose of this processing is to issue a complete certificate with all mandatory information; in the case of some countries, entry and/or exit is not possible without this information on the certificate. Please check the travel conditions with the Foreign Office before booking an appointment.
The fulfilment of a contract pursuant to Art. 6 (1b) GDPR provides the
legal basis for processing your data.
In the event of a positive test result, a duty to report the case to the local health department applies. The legal basis for transmitting your data in this case is a legal obligation pursuant to Art. 6 (1c) GDPR.
Your personal data is automatically deleted when it is no longer necessary for the purposes for which it was collected and no retention periods preclude deletion. Here are a number of relevant deletion or retention periods:
Retention or deletion period
Participant data and result data for free “citizen tests”
Deleted from the live database 60 days after testing and transferred to the archive; deleted from the archive database at the end of 2024
Billing of “citizen tests” with the Association of Statutory Health Insurance Physicians until the 15th of the following month or the retention period according to Section 7 (5) of the German Coronavirus Testing Regulation (Coronavirus-Testverordnung – TestV)
Participant data for privately paid COVID-19 tests
Section 147 of the Fiscal Code of Germany ( Abgabenordnung – AO), Section 257 of the German Commercial Code (Handelsgesetzbuch – HGB)
Result data for privately paid COVID-19 tests
Deleted from the live database 60 days after testing
Art. 6 (1c) GDPR in conjunction with Section 6 (1) No. 1 t) of the German Infection Protection Act ( Infektionsschutzgesetz – IfSG)
If you have any further questions regarding the storage of your data, please do not hesitate to contact us.
In order to ensure that only the tested person is able to access the result, different authentication methods are used depending on the laboratory software in use:
The transmission of the test result for online access occurs on the basis
of your consent provided when booking the appointment, in accordance with
Art. 6 (1a) in conjunction with Art. 9 (1a) GDPR.
Your test result is available to access for 72 hours.
Support regarding the booking of appointments is handled via our ticketing service provider ticket.io, with whom we have entered into a contract for order processing.
When establishing contact (e.g. via the contact form or email), personal data is collected. The types of data collected when using the contact form can be seen in the corresponding contact form. This data is stored and used exclusively for the purpose of answering your enquiry or for establishing contact as well as the associated technical administration. The legal basis for processing the data is our legitimate interest in answering your enquiry in accordance with Art. 6 (1f) GDPR. Your data is deleted after your enquiry has been conclusively resolved. This is the case when the circumstances indicate that the relevant subject matter has been fully clarified and where no statutory retention periods preclude deletion. Ticket.io uses the technical service provider ZOHO DESK for customer support: https://desk.zoho.eu/portal/tiosupport/de/home .
The data processed by cookies, necessary for the proper functioning of the website, is required to maintain our legitimate interest and the interests of third parties in accordance with Art. 6 (1f) GDPR.
Insofar as this has not been previously mentioned, as a rule personal data is not shared with third parties. However, we may avail ourselves of service providers – such as the processors already mentioned. As a result, it may be the case that a service provider obtains knowledge of personal data.
We only process data in the European Union.
You have the right to receive information about the personal data we process with respect to your personal identity. Moreover, you have the right to demand the rectification or erasure of the data or the restriction of processing, provided you are entitled to these rights by law.
Furthermore, you have a right to object to processing in accordance with statutory provisions. The same applies to the right to data portability.
In particular, you have a right to object in accordance with Art. 21 (1) and (2) GDPR to the processing of your data if this occurs on the basis of a balance of interests.
Lastly, you have the right to lodge a complaint with a supervisory authority responsible for data protection.