At DIVOC (“we” or “us” or “our”) we respect the privacy of our users (“user” or “you” also referred to as ‘your’) and are committed to protecting it. Hence, we maintain the highest standards for secure activities, user information/data privacy and security. This Privacy Policy explains what information we collect about you and why.

Summary

We hope you read this entire privacy policy. However, if you are in a hurry, here is a brief overview of the most important point:

• Primarily we provide recommendations to implementing partners or service providers (include any governmental organisation, agency, department as well as private or corporate bodies) on certain privacy protecting principles and practices. They are advised to share it with citizens regarding their personally identifiable Information and how it is managed in DIVOC.

• DIVOC services follow the WHO DDCC:VS which includes compliance with principles of legitimate use, fair processing, accountability, transparency, purposeful, proportional, minimal and lawful collection, usage, storage and disclosure of personally identifiable information (“PII”), confidentiality and security of data.

• Through DIVOC any implementing partner (national governmental bodies, department, local bodies & their agencies) corporate/private bodies (utility services) (Service Providers) could collect the following datasets -

first name, last name, parent’s / guardian’s name, address, unique identifier, nationality, date of birth, mobile number (optional dataset), age, gender (optional dataset), identification documents (for example passport number), vaccine details (batch number, dosage number, date of vaccination, total number of doses, country of vaccination), payment information (https://divoc.digit.org/platform/divocs-verifiable-certificate-features/what-information-goes-into-a-qr-code).

• The service provider may collect data such as vaccine manufacturer, vaccine market authorisation holder, vaccine administering centre, health worker identifier, due date of next dose, certificate valid from, certificate valid from and to period, certificate issuer, and health certificate identifier (certificate id).

• For the upkeep and working of our website we collect information such as Internet Protocol (IP) addresses, domain name, browser type, Operating System, Date and Time of the visit, pages visited, IMEI/IMSI number, device ID, location information, language settings, handset make & model etc. However, no attempt is made to link these with the true identity of individuals visiting our website, implementing partner or service providers application or platform.

• The information collected by us shall depend on the need of the service providers and interests of the users. Datasets collected shall be subject to change from time to time, (please check our privacy policy for any updates/changes as well as changes in the service providers privacy policy).

• We provide a checklist to service providers for data protection , only after which they can install and use DIVOC. Click here to see the checklist. We also provide them with recommendations and guidelines to create privacy policies for their frontend applications.

• We do not store any of your data (for example, we do not store any persons medical history).

• We do not and will not share your information with third parties which you would have not been aware of and consented to sharing.

• We only collect data which you provide to us through the service provider or when you access our website (for example, data supplied by you on subscribing to our emailing list, or any grievance/complaint data).