When processing personal data, questions automatically arise about the amount and type of data that is collected, processed and possibly stored.
In principle, the certificate is decoded and processed locally on the controller in real time. During this process, the data is only stored in the volatile memory (RAM) of the controller.
The certificate as such contains the following data, among others:
- Name
- First name
- Date of birth
- in the case of a vaccination certificate, the day of vaccination
- Vaccine used
- Technical validity of the certificate
- Order of vaccination (first vaccination / second vaccination / third vaccination (booster))
- Issuer of the certificate
When comparing against an identity card or passport, the following data is also read out via the machine-readable part (MRZ ):
- Name
- First name
- Date of birth
- Serial number of the identity card
- Validity of the document
If no logging is activated, the data is discarded after the check.
With the logging level "anonymous", only the result of the scan is processed, i.e. accepted or rejected.
Only in the "detail" setting, depending on the operating mode of the controller, is the surname, first name, date of birth, vaccine and validity stored locally on the controller or in the C4 instance. This data is partly required operationally by organisations, partly the recording is required by law.