Last Revised: Sep 10, 2021
We want you to understand how and why The Commons Project Foundation (“TCP,” “we,” “us”) collects, uses, and shares information about you when you use the SMART Health Card Verifier application (the “App”). Before using the App, please read the following carefully to understand how we will treat your personal data.
When you use the App, we collect the following personal data:
The App will also collect limited information about how you access and use the App if you experience a crash or another bug within the application. We may also collect statistics on how many times you use the App, your IP address, device type and its unique device identifier, the type of mobile browser, the mobile operating system that you are using, and other log data. Finally, with your permission, we may also access the Camera on your device solely for the purpose of scanning QR codes that are part of the SMART Health Cards.
We use your data for the following purposes only:
Unless otherwise indicated, there is typically no contractual or legal requirement to provide your personal data, however, if you do not provide it, then we may not be able to provide the App to you.
Except for the limited data we collect from the App as stated above, we do not collect personal information about you. With respect to that limited data, except in the instances listed below, we will not disclose your personal data to others unless you consent to it, nor will we ever sell your personal data to advertisers. However, we may share your personal data in the following ways:
You have a number of rights with respect to the personal data we have about you, which may be restricted by law. One key right is the right to ‘object’ to the processing of your personal data in certain circumstances (e.g., if we have no legal right to keep using it). You also have the right:
Contact us at firstname.lastname@example.org if you would like to exercise any rights you have to control your personal data.
If you are based in the European Economic Area (“EEA”) or the UK, you also have the right to lodge a complaint with your local data protection authority if you believe that we have not yet complied with our data protection obligations. If you are based in, or the issue relates to, the UK, the Information Commissioner’s Office can be contacted as follows:
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
If you are based or the issue you would like to complain about took place in the EEA, please click here for a list of local data protection authorities in the countries within the EEA in which we operate.
Note that the rights outlined above only extend to personal information.
We will keep your personal data only for as long as is reasonably necessary to provide the App to you and to fulfill the purposes described in this policy. When your personal data is no longer needed, we will destroy or irreversibly de-identify it.
When you use our App, you may be sending personal data into countries that have different data protection rules than those of your country. As an example, the cloud service which we use to process personal data may be hosted in Switzerland or the data may be viewed from the United States by authorized TCP personnel. We take appropriate steps to protect your personal data when it is transferred across borders, and certain laws may require us to implement particular safeguards including ensuring there is adequate level of protection for the data transferred.
We will collect, use and share your personal data only where we have a legal basis for doing so. This section explains the legal bases we rely on for processing personal data:
The California Consumer Protection Act (“CCPA”) gives consumers who are residents of California the right to request certain information from businesses about their data collection practices. The CCPA does not apply to TCP because TCP is a non-profit organization. However, as part of TCP’s commitment to advancing the public good, it has voluntarily committed to CCPA compliance. In order to submit a CCPA request, please contact us at email@example.com. Please include in your request sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information. Please note that we do not sell your personal data and that TCP will not discriminate against you in any way based on your exercise of these rights.
10.1 Security of Your Personal Data. Security of personal data is important to us. We implement security safeguards designed to protect your personal data. This includes safeguards to protect against anticipated threats or hazards to the security or integrity of the data, and to protect against unauthorized access, acquisition, leak, destruction, alteration, loss, disclosure or destruction. Despite these efforts, we cannot guarantee that your data may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or administrative safeguards. Please notify us immediately at firstname.lastname@example.org if you become aware of any security issues relating to our App.
10.3 Children. The App is not designed or intended to be directly used by children (as defined by applicable law). However, a guardian or parent of a child may choose to use a health provider to consent to the use of the App to create a CommonPass certificate for their child. If we become aware that we have the personal data of such children collected through the App without parental consent, we will promptly delete it.
10.4 Contact Information. For any questions regarding this policy, please contact us at our US headquarters:
The Commons Project Foundation
420 Fifth Avenue, 19th Floor
New York, NY 10018
Our representative in the EU and the UK may be contacted at:
First European Data Rep BV
Schiphol Boulevard 195
1118 BG Schiphol