Privacy statement

Welcome to the official website of the Federal Government’s Corona-Warn-App.

1. Controller and data protection officer

The so-called controller responsible for processing your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) when you visit this website is:

Robert Koch-Institut (RKI)
Nordufer 20
13353 Berlin
Represented by the President

Contact:
Robert Koch-Institut
Press and Public Relations
Nordufer 20
13353 Berlin
Phone: +49 30 18754 0
Fax: +49 30 18754 2328
Email: presse...rki...de
Website: www.rki.de/EN

If you have any questions or concerns regarding data protection, you are welcome to send them to the RKI’s data protection officer by post to: Robert Koch-Institut, FAO the data protection officer, Nordufer 20, 13353 Berlin, or by emailing: datenschutz...rki...de.

The RKI takes the protection of your personal data very seriously. Personal data means any information relating to an identified or identifiable person. This includes information that allows conclusions to be drawn about your identity. Further definitions of the terms used here (e.g. “processing”) can be found in Art. 4 GDPR. As a federal authority, the RKI is subject to the provisions of the GDPR and the BDSG. Below you will find the necessary information on how your personal data is pro-cessed when using this website.

2. Visiting the website

Each time you call up the website, your browser automatically transmits data so that you can visit the website. This access data includes:

• IP address
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status / HTTP status code
• Volume of data transferred in each case
• Website from which the request comes
• Browser
• Operating system and its interface
• Browser software version and language

The legal basis of the processing is Art. 6(1) Sentence 1(e) GDPR in conjunction with Sect. 3 BDSG. The processing is necessary in order to inform the public about the duties for which the RKI is responsible.

3. Creating an event QR code for the Corona-Warn-App

The website offers you the possibility to create a QR code for your guests, so that they can use the Corona-Warn-App to check in at your event or place and receive warnings.

The event details you provide (name of the event/place, address/location, typical length of stay and event start time) will be stored in the QR code for the event or place together with a random code. The random code ensures that different places and events that have the same event details can be distinguished later on.

You can make this QR code available to your guests. Your guests can “check in” by scanning the QR code with the Corona-Warn-App. Your guest’s app will then remember that they were at your event or place, and when they were there. The event details you provide and the check-in time will also be stored on your guest’s smartphone. Furthermore, the app uses the information contained in the QR code to derive an encrypted identifier that can be uniquely assigned to the event (the so-called event ID). No conclusions about the event or the place can be drawn from the event ID.

If a guest later tests positive for coronavirus and activates the warning feature via their app, then all other guests who were checked in at your event or place at the same time will receive a warning. In this case, your guest’s app will only transmit the event ID to the server system.

If one of your guests has tested positive for coronavirus and has not used the Corona-Warn-App to warn other guests (for example, because they were not checked in or because they subsequently deleted the entry for the event or place), the competent public health office (Gesundheitsamt) may provide you, as the host, with a TAN so that you can use the Corona-Warn-App to warn guests who were checked in.

All information provided when creating the QR code will be processed exclusively locally in your browser. Neither the QR codes you generate nor the information contained in them will be sent to the Corona-Warn-App servers. The RKI does not process data when you create an event QR code.

4. Your data protection rights (rights of the data subject)

If the RKI processes your personal data, you have the following data protection rights in accordance with the legal requirements:

• The right to obtain access to your personal data, and information about its processing, at any time (Art. 15 GDPR)
• The right to have inaccurate data rectified or incomplete data completed (Art. 16 GDPR)
• The right to have data erased or its processing restricted (e.g. if you withdraw your consent or the processing is unlawful) in accordance with the legal requirements (Art. 17, 18 GDPR)
• In the case of data processing based on consent, the right to withdraw your consent at any time with effect for the future (Art. 7(3) GDPR)
• The right to data portability (you can have an overview of your data provided in an electronic format) (Art. 20 GDPR)
• The right to object to data processing which, based on a legitimate interest of the RKI, is carried out for the performance of public tasks or in the exercise of official authority (Art. 21 GDPR)
• The right to contact the RKI’s data protection officer and raise your concerns (Art. 38(4) GDPR) and
• The right to lodge a complaint with a supervisory authority for data protection (e.g. the Federal Commissioner for Data Protection and Freedom of Information, Graurheindorfer Str. 153, 53117 Bonn, +49 228 997799 0, E-Mail: poststelle...bfdi...bund...de, http://www.bfdi.bund.de) (Art. 77(1) GDPR).

Last amended: 20 October 2021