Who we are
We are the Ministry of Health of the Czech Republic (the “Ministry”) and we run the mobile application called eRouška ( the “Application”), which helps the Ministry and its subordinate hygiene stations to eliminate the Covid-19 epidemic caused by SARS-CoV-2. (the “coronavirus ”). This application uses Bluetooth technology to detect other phones with the application installed that move around you.
The Ministry of Personal Data is the administrator of personal data. Keboola Czech Ltd. participates in the development of the application as well as Google Ireland Limited as personal data processors. A processing contract is concluded with these companies. In addition to the Ministry, other people or organisations carrying out the so-called epidemiological investigation may also be recipients of the processed personal data.
We process your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (referred to as “GDPR”) and on the basis of Act No. 110/2019 Coll., The Personal Data Processing Act.
What data we work with and what we do with them
Data is processed with your consent
You enter your phone number into the app, which we verify and we use in order to contact you, incase in the application we see, that there is an infected person near you, and they could infect you.
We work with information about other mobile phones, which have the installed application around your location, when you encountered and how strong the Bluetooth signal between your phone and other phones, which have the application. To determine the signal strength, we work with your phone's information and operational system. Each application stores your encounter history of the last 30 days, and the user may delete their history whenever.
We work with this information in two ways:
1) If an infected person with the app installed sends us information about the phones nearby, including your device with the app installed, we can evaluate the risk of infection and contact you at the phone number you gave us . The phone number is never stored in the app on the phones you meet. Your phone is identified there only by a random identification number. However, by providing us with the phone number during registration, we will be able to connect it with the information from the infected person via the identification number and we can thus contact and warn you. In doing so, we also work with the information regarding the risk of infection, which is a personal information of a special category.
2) In case you test positive for coronavirus, we might ask you to submit your Hangout History with other phones with the app installed. If you voluntarily give us this information by means an application (specifically the "send data" function), then we will use this information to alert people at risk and to identify other epidemiological relations. This means we're trying to figure out who you might have been infected from and who you might have infected. We will ask you to submit your information concerning your coronavirus infection, a personal information of a special category.
How long have we been working with the above mentioned data? When you send us information about meeting, we evaluate it and delete it from your phone within 12 hours of sending. We will delete your phone number that you added during the registration within six months of completing the installation of the application at the latest , or even sooner if we no longer need it or in case you withdraw your consent for its processing. If the pandemic continues after this time, we will ask for your consent again.
We work with the above data with your consent, so it is processing under Art. 9 (2) (a) and 9 (2) (a) | a) GDPR - by the appropriate choice in the application, you agree to the processing of personal data as described above in order to protect public health, specifically for the purpose of epidemiological investigation. Your consent is voluntary. However, without it, we cannot use your information for the above purposes, so the app cannot work without your consent. You can withdraw your consent at any time by selecting “unregister” (this will delete your phone number from the database) and uninstalling the app (then other phones with the app will no longer know that their users have met you). Once we have used the data for an epidemiological inquiry, these findings cannot be technically undone.
By activating the application, you confirm that the phone number and this device is only used by you or by a person who allowed you to consent with their personal data processing on their behalf.
Data processed in connection with your usage of the application
Incase you are contacting us with a question or request, we work with your contact information and information that you sent to us, in order for us to process your question or request. The processing works between you as an application user and the ministry as an application operator. It is therefore a processing classed under Article 6 point 1, letter b) GDPR. We work with this personal information as long as it is necessary due to the nature of your inquiry or request, after which the data is deleted.
In order to make the app work, we will also work with information about how it works on your phone. In the event of a critical error (failure), the application sends telemetry crash data (crash stack traces) to Firebase Crashlytics from Google. Telemetric data is never connected with your personal information, and is solely used to identify and fix critical errors. The purpose of processing is to provide a functional application based on the relationship between you as an application user and the ministry as an application operator. It is therefore a processing under Article 6 point 1, letter b) GDPR. We work with data for up to 180 days.
Where we work with your data
With your personal information we will be working solely on the territories of the EU and in the USA, where Google servers are located, which provides part of the service, in order for the application to work. Transfers to the USA take place under Privacy Shield and under standard contractual clauses, which provide sufficient protection for your rights under the GDPR.
Personal data protection legislation, in particular GDPR, grants you various rights in the area of personal data protection: To the extent, your personal data protection guarantees you, you may require the Ministry, as a controller, to access your personal data under Art. GDPR (ie information about your specific data we work with and how we work with it), restriction of processing of your data according to Art. 18 17 GDPR (wherever the statutory conditions are met) and you have the right to the transfer of personal data pursuant to Article 20 of the GDPR.
To exercise any of these rights, please contact the Data Protection Officer:
Incase you may believe that the processing of your personal information is in violation of the law, you may file a complaint to the national supervisory authorisation, which is the data protection authority (www.uoou.cz).
Jak využíváme cookies
Informace o využívání cookies naleznete na stránce Informace o cookies.