DIVOC
DIVOC 3.0
DIVOC 3.0
  • Introduction to DIVOC
    • What DIVOC is and what it's not
    • DIVOC Docs Index
  • Platform
    • Release Notes
      • DIVOC 2.0 Release Features
      • DIVOC 3.0 Release Features
    • Specification
      • API Documentation
      • Setting up DIVOC development environment
    • DIVOC's Verifiable Certificate Features 2.0
      • Creating a DIVOC Certificate
        • Overview of DIVOC’s digital certificates
        • What information is included in the DIVOC certificate?
        • DIVOC’s certificate generation service: How does it work?
        • Compliance with internationally used COVID-19 certificate schemas
      • Distributing a DIVOC Certificate
      • Updating a DIVOC Certificate
      • Revoking a DIVOC Certificate
      • Verifying a DIVOC Certificate
      • DIVOC's Native COVID-19 Certificate Specification
      • DIVOC’s EU-DCC Adapter Service
      • DIVOC’s SHC Adapter Service
      • Adding a User Type in DIVOC
      • Printing Certificates at a Facility
      • Normal QR Code Versus Signed/Verifiable QR Code
      • What Information Goes Into a QR Code?
      • WHO Master Vaccine Checklist
      • EU Master Vaccine Checklist
    • DIVOC's Verifiable Certificate Features 3.0
      • How to Configure a New Tenant?
      • How to Access the VC System and Generate Tokens
      • How to Generate Certificates
      • How to Fetch Certificates
      • How to Update Certificates
      • How to Revoke Certificates
      • How to Suspend Certificates
    • DIVOC Architecture
    • Installation
      • Skills needed to set up DIVOC
      • Implementation Checklist
      • Setting Up DIVOC in k8 Cluster
        • How to Install DIVOC
        • How to Install DIVOC for V3.0
        • Backup & Restore: Postgres, Clickhouse, Kafka, & Redis
        • Infrastructure Recovery
        • Server Hardening
    • Verifiable Credential (VC): Production Deployment
    • Configuration
      • Configuring the Certification and Verification Component
        • Generating Signed Key Pairs
        • Configuring certificates
          • Step 1: Create a certification generation request
          • Step 2: Configure the QR code content
          • Step 3: Configure the certificate template
        • How to set up the verification portal for implementation
        • How to configure the update certificate API
        • Configuring Environment Variables in 2.0
      • Configuration Management Via ETCD
        • Adding a New Vaccine and ICD-11 Mapping
          • Adding a New Vaccine and ICD-11 Mapping Using ETCD CLI
        • PDF Template Change for Vaccine Certificates
          • PDF Template Change for Vaccine Certificates via ETCD CLI
        • EU Vaccine Configurations
          • Adding a New Vaccine and its Mapping via ETCD CLI
        • Payload Changes in the QR Code
          • Payload Changes in the QR Code via ETCD CLI
    • Performance Report
  • Products
    • Issuing COVID-19 Vaccination Certificates in India
    • Issuing COVID-19 Test Reports in India
    • Issuing COVID-19 Vaccination Certificates in Sri Lanka
    • Issuing COVID-19 Vaccination Certificates in the Philippines
    • Issuing COVID-19 Vaccination Certificates in Jamaica
      • Troubleshooting
    • Issuing COVID-19 Vaccination Certificates in Indonesia
    • Open Events
      • Past Events
      • DIVOC in the Media
  • DIVOC Demo
    • Program Setup (Via Orchestration Module)
    • Facility App
    • Issue and Verify Certificates
    • Citizen Portal
    • Feedback
    • Analytics
  • Community
    • Roadmap
    • Partner Support
      • Terms and Conditions of Using the DIVOC Site
      • Privacy Policy: Short Version for Display
      • Privacy Policy: Detailed
      • Platform Policy Guidelines
      • Privacy Policy Recommendations
      • Troubleshooting Guide
    • Source Code
    • Discussion Forum
    • Issues
    • Project Repo
Powered by GitBook
On this page
  • What is DIVOC?
  • ADHERENCE TO DATA PRIVACY PRINCIPLES
  • WHAT DATA DO WE COLLECT?
  • FOR OUR WEBSITE
  • HOW DO WE COLLECT THIS DATA?
  • HOW DO WE STORE THIS DATA?
  • WHY AND HOW DO WE PROCESS, DISCLOSE, AND/OR SHARE THIS DATA?
  1. Community
  2. Partner Support

Privacy Policy: Detailed

PreviousPrivacy Policy: Short Version for DisplayNextPlatform Policy Guidelines

Last updated 2 years ago

At DIVOC (“we” or “us” or “our”) we respect the privacy of our users (“user” or “you” also referred to as ‘your’) and are committed to protecting it. Hence, we maintain the highest standards for secure activities , user information/data privacy and security.

This Privacy Policy explains what information we collect about you and why.

What is DIVOC?

DIVOC (Digital Infrastructure for Verifiable Open Credentialing) is an open-source digital platform that has enabled governments across the world to issue, distribute and verify secure and tamper-proof COVID-19 vaccination and test result digital certificates, at scale. DIVOC, a Digital Public Good (DPG) by eGov Foundation, is designed in accordance with precise international specifications, is recognised by 120 countries globally and is compliant with WHO and EU standards.

DIVOC refers to the services being provided through the DIVOC platform. To know more about the services provided, please refer to our .

Through DIVOC, any implementing partner (national governmental bodies, department, local bodies & their agencies) corporate/private bodies (utility services) (Service Providers) can use DIVOC website/application/services in different ways such as for issuing and verifying certificates, set up registries for streamlines public health program executions, etc.

ADHERENCE TO DATA PRIVACY PRINCIPLES

The DIVOC data dictionary follows the which includes compliance with principles of legitimate use, fair processing, accountability, transparency, purposeful, proportional, minimal and lawful collection, usage, storage and disclosure of personally identifiable information (“PII”), confidentiality and security of data.

WHAT DATA DO WE COLLECT?

DIVOC collects information/data (“data”) to improve and provide better public health programme execution. We collect and process PII such as your first name, last name, parent’s/guardian’s name, address, unique identifier, nationality, date of birth, mobile number, age, gender, identification documents, vaccine details (batch number, dosage number, date of vaccination, total number of doses, country of vaccination).

We may collect data such as vaccine manufacturer, vaccine market authorisation holder, vaccine administering centre, health worker identifier, due date of next dose, certificate valid from, certificate valid from and to period, certificate issuer and health certificate identifier ( certificate id).

We collect information such as Internet Protocol (IP) addresses, domain name, browser type, operating system, date and time of the visit, pages visited, IMEI/IMSI number, device ID, location information, language settings, handset make & model etc. However, no attempt is made to link these with the true identity of individuals visiting the relevant our website, implementing partner or service providers application or platform.

The information collected by us shall depend on the need of the service providers and interests of the users. Datasets collected shall be subject to change from time to time. Such changes shall be reflected in the privacy policy of the service provider (if nature of data changes from the service provider perspective) or our website’s privacy policy (if we change the nature of data collected).

FOR OUR WEBSITE

The internet address associated with your computer, the type of web browser you use, your operating system, the site that referred you to us, the pages you visited, and the dates and times of those visits.

HOW DO WE COLLECT THIS DATA?

DIVOC collects data directly from the user (when the user uses our services) as and when you register and login into the service providers app/website. DIVOC may also collect data from national governments (union, state, and local governments or any other governing body, including their agents/employees), private bodies (only after our data protection and privacy guidelines are adhered to) as well as receive data that is available openly for public use.

We also collect data that any visitor to our website consensually provide to us (for example, data provided to make a complaint, customer query, or to subscribe to our emailing list).

HOW DO WE STORE THIS DATA?

Your data is stored in a secure manner on the implementation partner provided space. It does not allow your data to be visible to anyone, except persons who are authorised to do so by virtue of their official role. Unless indicated otherwise, this data will be retained for a minimum period as per implementing countries laws and a maximum period of as per implementing countries' laws. You can review and edit your data, as well as delete your data from the app/website by following the procedures as per implementing countries laws.

You may delete your account any time you wish. In case of deletion, we will remove all your PII from the system, so that it is not visible and/or accessible from any regular operation.

After deletion, in case you wish to recreate your profile, the same is permissible and none of the previously captured information will be populated automatically. You need to register as a fresh user.

If you simply delete/remove the application from your mobile device but do not delete your profile or unregister yourself from the app/website, you shall continue to be a registered user of the app and we shall continue to send you all communications that you have opted for unless and until you opt-out of such communications, or as per implementing countries laws.

In case you surrender/disconnect your registered mobile number it is recommended to delete your profile or unregister yourself from the application also.

WHY AND HOW DO WE PROCESS, DISCLOSE, AND/OR SHARE THIS DATA?

We collect only such data as serves these objectives. Specifically:

  • We process this data as necessary to provide you with the services you are requesting (for example, to get your vaccination certificate issued or verified) through the service providers application (for example, in India, the CoWin app is the national government’s application used by citizens for issuance of vaccination certificates).

  • We may process, disclose, or share certain metadata, as well as aggregated and anonymised data, in order to assess and improve the status of such service delivery over time.

  • We may disclose or share this data to/with employees and/or contractors of the government agencies, service providers, whose role requires them to view or use this information in order to perform their official duties, including providing you the service(s) you are requesting.

  • Resolving any disputes that may arise with respect to the transactions/deals that you may conduct using the service providers app/website.

  • Detecting, investigating and preventing activities that may violate our policies or that may be illegal or unlawful.

  • Conducting research or analysing the user preferences and demographics as statistical data and not as individual data.

  • We may disclose or share this data in order to comply with the law or any legal process, including when required in judicial, arbitral, or administrative proceedings.

  • Payments made through the government’s or service providers App/website are processed via secure payment gateways.

We will not process, disclose, or share your data except as described in this policy or as otherwise authorised by you.

All content on this page by is licensed under a .

website
WHO DDCC:VS
eGov Foundation
Creative Commons Attribution 4.0 International License
Creative Commons License