As part of the screening program "Alles Gurgelt!", the processing of the personal data provided by you is carried out under the joint controllership of the following project partners:
Stadt Wien, Magistratsabteilung MA 15 – Gesundheitsdienst der Stadt Wien ("Stadt Wien")
Thomas-Klestil-Platz 8/2, 1030 Wien
LEAD Horizon GmbH ("LEAD")
Walcherstraße 1A, Stiege 1, 4. Stock, 1020 Wien
Lifebrain COVID Labor GmbH ("Lifebrain")
Wipplingerstraße 35/10, 1010 Wien
For this purpose, the project partners have concluded an agreement in accordance with Article 26 (1) of the EU General Data Protection Regulation (GDPR), the essential content of which can be accessed here. LEAD acts as a contact point for the concerns of affected persons at: firstname.lastname@example.org
The processing of your personal data takes place within the framework of the screening program "Alles gurgelt! " and is used to determine the prevalence of the occurrence of COVID-19 in the population by means of mass testing. Prevalence is the frequency of a disease or symptom in the population at a given time. In addition, "Alles gurgelt! " You also have to obtain a test certificate or test certificate in order to be able to meet legally prescribed requirements or requirements (keyword: "3G rule").
As part of "Alles gurgelt!" data processing carried out by the (joint) controllers is carried out for reasons of public interest in the field of public health, namely for the prevention, control and monitoring of the COVID-19 pandemic (legal bases: Art 9 para 2 lit i and Art 6 para 1 lit e GDPR in conjunction with § 5a para 2 and 4 Epidemics Act 1950 ("EpiG") or for the school sector § 5a para 5 EpiG).
Please note that the provision of your data is necessary in order to participate in the test program. Since participation in the test program (i.e. in particular the implementation of the COVID-19 test) is voluntary, you will not suffer any disadvantages from not participating.
For the aforementioned purposes (see point 2in particular the following personal data provided by you is processed: "access data" (i.e. name, e-mail address and encrypted password), "master data" (name, gender, date of birth, social security number, place of residence, telephone number, e-mail address), "test data" (time of sampling and sample evaluation, the test result, and in the case of authentication: the period of validity of the Test result, and the barcode/QR code of the test) and technical "telemetry data" (IP address, user name, transaction logs).
The data will be collected and stored by LEAD directly at your premises as part of your registration and transmitted to a Lifebrain laboratory for the purpose of laboratory medical analysis, where the sample material will be processed by qualified specialist personnel using recognized laboratory methods on the state of the art. These test results are then electronically transmitted back to LEAD by Lifebrain so that LEAD can communicate the result to you. If you voluntarily carry out an identity check (see point 4 Lifebrain will also provide you with a laboratory medical report for retrieval and download. If you have voluntarily scanned or entered a QR code of your school or institution, the test result will also be forwarded to the school/institution (see point 5, third paragraph).
In the case of a confirmed infection with SARS-CoV-2 or in the event of a pandemic with COVID-19 the laboratory must transmit also negative and invalid results to the district administrative authority (the health office) due to the legal obligation (cf. § 3 Epidemic Act 1950 and § 1 para 3 of the Ordinance on Electronic Laboratory Reports in the Register of Notifiable Diseases).
The Homecare app, which is operated by the City of Vienna as the sole controller and thus separately by LEAD and Lifebrain, also provides its users with the link to test results and test certificates stored in the register for screening programs. Further information on data processing within the framework of the Homecare app of the City of Vienna can be found in the separate data protection declaration for the Homecare app of the City of Vienna.
In the event of a successful test, you will receive proof of the result of the test. If you also want to present your test result officially (i.e. to meet certain legal requirements), we must establish your identity. For this we need a photo of your ID or your e-card. The photo of your identity document or e-card is read out and processed with the help of text recognition software. In the further course of the application, we will also take photos of you when using the Test. These photos, together with the ID card or e-card, serve to ensure that you (and no one else) use the Test yourself.
Your recordings will not be passed on to Lifebrain or other third parties. The legal basis for the processing of the recordings and ID data for the stated purpose is your consent (Art 6 para 1 lit a in conjunction with Art 9 para 2 lit a GDPR), which you give by clicking on "AUTHENTICATE". This consent is voluntary, alternatively you can also reject the identity verification by selecting "SKIP PROOF". In this case, however, you will not receive a certificate and no medical report from the partner laboratory.
The laboratory (Lifebrain) is legally obliged to report the test result to the competent health authorities (Art. 9 (2) (i) GDPR in conjunction with § 3 (1) EpiG and § 1 (3) of the Ordinance on Electronic Laboratory Reports in the Register of Notifiable Diseases). Further information obligations with regard to your personal data (including the sample material for the purpose of sequencing) may exist at the express request of the competent health authorities (Art. 9 (2) (i) GDPR in conjunction with § 5 EpiG and § 10 (2) of the Data Protection Act).
In addition, there is a legal obligation for test centres and laboratories (such as Lifebrain) to transmit test data in electronic form to the Minister of Health, who creates an official test certificate and stores it in the so-called "EPI service" (Art. 9 (2) (i) GDPR in conjunction with § 4c (2) EpiG). The EPI service is operated by the Minister of Health and is a web service that serves the purpose of issuing and providing test certificates to test persons and thus also forms the basis for the "Green Pass". With regard to this data processing, Lifebrain and the Minister of Health are joint controllers within the meaning of Article 26 GDPR, whereby the distribution of tasks is regulated by law in § 4c (3) EpiG. Further information on data processing by the Minister of Health and the distribution of tasks between Lifebrain and the Minister of Health can be found under https://www.gesundheit.gv.at/service/gruener-pass/datenschutzinformation and under https://www.gesundheit.gv.at/service/gruener-pass/datenschutz-gemeinsame-verantwortlichkeit.
As part of the tests at schools/institutions, your data, including the test result, will be passed on to your school/institution with your consent (Art. 6 (1) (a) in conjunction with Art. 9 (2) (a) GDPR). In addition, during school tests on the basis of Art 9 (2) (i) and (j) GDPR in conjunction with § 7 (1) of the Data Protection Act, aggregated information is passed on to the respective school/institution for statistical purposes.
The data provided by you will not be transmitted by LEAD to any other third parties. Excluded is the transfer to processors, such as the hoster Hetzner Online GmbH (Industriestraße 25, 91710 Gunzenhausen, Germany), which operates an ISO-certified data center in Germany and Anyline GmbH (Zirkusgasse 13 / 2b, 1020 Vienna, Austria), which provides the software for text recognition. Processors work exclusively on the instructions of LEAD, do not use the data for their own purposes and are bound by their own agreements to the data protection obligations according to the GDPR. The data will not be transferred to countries outside the European Union.
Further information on data processing in the sole area of responsibility of the other project partners can be found in their data protection declarations (available for Lifebrain at: https://www.lifebrain-labor.at/datenschutz/#testpersonen).
We delete all data related to the testing, including the photographs, already 14 days after delivery of the result. (Regarding the deletion of other data such as of the access and master data to your user account see point 9 below).
With regard to data storage by the project partners (in particular due to their statutory retention obligations), reference is made to the data protection declarations of the project partners.
You have the right to revoke your consent to the identification and presence recognition (see point 4) and to the forwarding of data to your school or institution (see point 5, third paragraph), thereby, however, the lawfulness of the processing carried out until the revocation or forwarding is not affected. To revoke your consent, please contact email@example.com.
You have a right to information about the personal data you process, to correction and deletion, restriction of processing as well as a right to data portability, a right to object and a right to lodge a complaint with the data protection authority; all this in accordance with the statutory provisions.
As part of the project "Alles gurgelt! " LEAD acts as a contact point for the concerns of data subjects (Art. 26 (1) GDPR). For this purpose, you are welcome to contact our data protection officer at firstname.lastname@example.org
If you create a user account in our web app, LEAD processes your access and master data (see point 0 as well as master data of other test persons created by you in your user account for the purpose of processing COVID-19 tests on the basis of our legitimate interests (Art. 6 (1) (f) GDPR). This data will be deleted half a year after the last login.
For the operation of the web app, LEAD also processes technical telemetry data, which is necessary for the operation of the web app and the execution of the tests. LEAD also processes this data on the basis of the legitimate interest (Art. 6 (1) (f) GDPR) in smooth technical operation. This data will be deleted after 32 days at the latest.
If you contact us by e-mail, your personal data such as your e-mail address and e-mail correspondence will be processed for the purpose of customer service on the basis of the legitimate interest (Art. 6 (1) (f) GDPR) in a good customer relationship. This data will be deleted no later than 3 years after the last contact.
The data processing by cookies is based on our legitimate interest (Art. 6 (1) (f) GDPR and § 165 (3) of the Telecommunications Act 2021) in the provision of a functioning web app.
The project "Alles gurgelt!" is a test offensive initiated and carried out by the City of Vienna ("screening program" within the meaning of § 5a Epidemic Act 1950 – EpiG) in the course of the worldwide COVID-19 pandemic. For this purpose, the City of Vienna cooperates with LEAD Horizon GmbH ("LEAD") and Lifebrain COVID Labor GmbH ("Lifebrain") as project partners, whereby these project partners also process personal data within the meaning of the EU General Data Protection Regulation (GDPR) as part of the project implementation.
The cooperation and areas of responsibility of the project partners in the implementation of the COVID-19 tests within the framework of "Alles gurgelt!" are as follows:
As part of the described implementation of COVID-19 tests – and taking into account the previously defined areas of responsibility (a) to (c) – the project partners therefore jointly determine the purposes of and the means of data processing. They are joint controllers within the meaning of Article 26 GDPR.
As part of their joint responsibility under data protection law, the project partners have agreed on which of them fulfils which obligations under the GDPR. This applies in particular to the exercise of the rights of data subjects and the fulfilment of the information obligations pursuant to Articles 13 and 14 GDPR.
In particular, the project partners have agreed on the following:
Lifebrain is responsible for ensuring that the laboratory-medical analyses of the sample material are carried out according to the state of the art. For this purpose, only qualified personnel who are subject to appropriate legal or contractual confidentiality obligations are used.
As the first point of contact for your data protection concerns, LEAD is available to you under the following contact options. Regardless of this, however, you have the right to assert your data protection rights against each of the joint controllers.
LEAD Horizon GmbH
Walcherstraße 1A, Stiege 1, 4. Stock, 1020 Wien
Stadt Wien, Magistratsabteilung MA 15 – Gesundheitsdienst der Stadt Wien
Thomas-Klestil-Platz 8/2, 1030 Wien
Lifebrain COVID Labor GmbH
Wipplingerstraße 35/10, 1010 Wien