DIVOC
DIVOC 3.0
DIVOC 3.0
  • Introduction to DIVOC
    • What DIVOC is and what it's not
    • DIVOC Docs Index
  • Platform
    • Release Notes
      • DIVOC 2.0 Release Features
      • DIVOC 3.0 Release Features
    • Specification
      • API Documentation
      • Setting up DIVOC development environment
    • DIVOC's Verifiable Certificate Features 2.0
      • Creating a DIVOC Certificate
        • Overview of DIVOC’s digital certificates
        • What information is included in the DIVOC certificate?
        • DIVOC’s certificate generation service: How does it work?
        • Compliance with internationally used COVID-19 certificate schemas
      • Distributing a DIVOC Certificate
      • Updating a DIVOC Certificate
      • Revoking a DIVOC Certificate
      • Verifying a DIVOC Certificate
      • DIVOC's Native COVID-19 Certificate Specification
      • DIVOC’s EU-DCC Adapter Service
      • DIVOC’s SHC Adapter Service
      • Adding a User Type in DIVOC
      • Printing Certificates at a Facility
      • Normal QR Code Versus Signed/Verifiable QR Code
      • What Information Goes Into a QR Code?
      • WHO Master Vaccine Checklist
      • EU Master Vaccine Checklist
    • DIVOC's Verifiable Certificate Features 3.0
      • How to Configure a New Tenant?
      • How to Access the VC System and Generate Tokens
      • How to Generate Certificates
      • How to Fetch Certificates
      • How to Update Certificates
      • How to Revoke Certificates
      • How to Suspend Certificates
    • DIVOC Architecture
    • Installation
      • Skills needed to set up DIVOC
      • Implementation Checklist
      • Setting Up DIVOC in k8 Cluster
        • How to Install DIVOC
        • How to Install DIVOC for V3.0
        • Backup & Restore: Postgres, Clickhouse, Kafka, & Redis
        • Infrastructure Recovery
        • Server Hardening
    • Verifiable Credential (VC): Production Deployment
    • Configuration
      • Configuring the Certification and Verification Component
        • Generating Signed Key Pairs
        • Configuring certificates
          • Step 1: Create a certification generation request
          • Step 2: Configure the QR code content
          • Step 3: Configure the certificate template
        • How to set up the verification portal for implementation
        • How to configure the update certificate API
        • Configuring Environment Variables in 2.0
      • Configuration Management Via ETCD
        • Adding a New Vaccine and ICD-11 Mapping
          • Adding a New Vaccine and ICD-11 Mapping Using ETCD CLI
        • PDF Template Change for Vaccine Certificates
          • PDF Template Change for Vaccine Certificates via ETCD CLI
        • EU Vaccine Configurations
          • Adding a New Vaccine and its Mapping via ETCD CLI
        • Payload Changes in the QR Code
          • Payload Changes in the QR Code via ETCD CLI
    • Performance Report
  • Products
    • Issuing COVID-19 Vaccination Certificates in India
    • Issuing COVID-19 Test Reports in India
    • Issuing COVID-19 Vaccination Certificates in Sri Lanka
    • Issuing COVID-19 Vaccination Certificates in the Philippines
    • Issuing COVID-19 Vaccination Certificates in Jamaica
      • Troubleshooting
    • Issuing COVID-19 Vaccination Certificates in Indonesia
    • Open Events
      • Past Events
      • DIVOC in the Media
  • DIVOC Demo
    • Program Setup (Via Orchestration Module)
    • Facility App
    • Issue and Verify Certificates
    • Citizen Portal
    • Feedback
    • Analytics
  • Community
    • Roadmap
    • Partner Support
      • Terms and Conditions of Using the DIVOC Site
      • Privacy Policy: Short Version for Display
      • Privacy Policy: Detailed
      • Platform Policy Guidelines
      • Privacy Policy Recommendations
      • Troubleshooting Guide
    • Source Code
    • Discussion Forum
    • Issues
    • Project Repo
Powered by GitBook
On this page
  • Privacy notice for citizens
  • Privacy policy guidelines for an implementing country
  1. Community
  2. Partner Support

Privacy Policy Recommendations

Privacy notice for citizens

We recommend that you include the privacy notice in the platform. This information should be shared by implementing countries with their citizens. The privacy notice should have the following sections:

  1. Purpose of processing

  2. What information is collected

  3. Retention of information

  4. Grievance officer details

  5. Sharing of information with third parties

  6. Usage of cookies, what information is stored in cookies

  7. Security measures taken for processing/storing information

  8. Rights of individuals

Privacy policy guidelines for an implementing country

We recommend that the following guidelines should be followed by a country that is implementing DIVOC:

  • A citizen's consent should be collected against the privacy notice and a centralised database should be maintained to log consent provided by the citizen (wherever applicable).

  • The privacy notice should ask people to connect with the privacy officer/grievance officer to exercise his/her right to withdraw their consent.

  • Personal data should only be accessible to limited individuals. In case third parties require access to the application for administrative purposes, we recommend you de-identify personal information.

  • Organisations should not retain the information for longer than it is required for the purpose for which the information was originally collected.

  • A formal document should be created to define the roles and responsibilities of personnel having access to personal data stored in the application.

  • Document an access matrix for the application. Ensure that regular reviews are conducted on the access matrix.

  • Review user access rights vis-à-vis the roles defined regularly.

  • Platform end-users (citizens) should be informed about the mechanisms to update their information through the privacy notice.

  • Platform end-users (citizens) should be informed about the mechanisms to update their information through the privacy notice.

  • Perform security testing on the application regularly. We also recommend that you fix all the vulnerabilities after the testing is performed, on-time.

  • Sign agreements/contracts with third parties, wherever applicable, including relevant security and privacy clauses.

  • Obtain explicit consent against the privacy notice from the individuals whenever sensitive personal data is processed.

PreviousPlatform Policy GuidelinesNextTroubleshooting Guide

Last updated 2 years ago

All content on this page by is licensed under a .

eGov Foundation
Creative Commons Attribution 4.0 International License
Creative Commons License