The EU Digital Covid Certificate platform “EU DCC Portal”, hereinafter “the platform”, was created for the implementation of Regulation (EU) 2021/953. This Regulation provides for the mutual recognition of certificates issued by the EU Member states to citizens to facilitate their free movement, between Member States. Your personal data entered therein shall be processed in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679, hereinafter “the GDPR”, and the Protection of Natural Persons with regard to the Processing of Personal Data and the Free Movement of such Data Law of 2018, L.125(Ι)/2018, hereinafter “the national Legislation”, both constitute “the legislative framework for the protection of personal data”.
Data controller of the data collected through the platform is the Ministry of Health. For questions regarding the processing of personal data and the exercise of the Regulation rights you may contact the Data Protection Officer of the Ministry of Health at the email address director@mphs.moh.gov.cy
The Ministry of Health collects and processes your personal data pursuant to the basic principles governing the Legislative framework on the protection of personal data, i.e. the principles of legality, purpose limitation, transparency, minimisation, accuracy, limitation of storage period, confidentiality, integrity and accountancy, for the following purposes:
The digital certificate has been designed based on the needs of the Member States to progressively lift the restrictive measures against the Covid-19 pandemic, since it will be used as a proof of vaccination, test result or recovery, safeguarding public health in response to the redispersion of Covid-19.
According to Regulation (EU) 2021/953, the legal basis of the processing of your personal data are Articles 6(2)(c) and 9(2)(g) of the GDPR.
In particular, after submitting your request and inserting your data (Identity Card No or ARC No or Passport No) and following successful completion of your identification by inserting the unique OTP code (OTP), which shall be sent to your mobile phone, the digital Covid certificate (Certificate Issuance) of your choice shall be issued.
The design and implementation of this platform is based on the provisions of Regulation (EU) 2021/953 and the recommendation of the European Network eHealth on the technical specifications of the solution.
Citizens requesting a digital Covid certificate through the platform.
Categories of data to be included in the certificates and hosted in encrypted form on a local cloud computing of CYTA:
a) Vaccination Certificate:
For the security of personal data technical and organisational measures are taken against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Personal data are kept in computer servers in a controlled, secure and protected environment. When the personal information is being uploaded to the platform, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol (SecureSocketLayer(SSL)). These personal data can only be accessed by specially authorised personnel of the controller and of the following processors, depending on their role and duties: - University of Cyprus: responsible for the development and operation of the integrated system for issuing the EU Digital Covid Certificate; - CYTA: responding for hosting the integrated system for issuing the EU Digital Covid Certificate on its cloud computing.
The controller ensures that your data kept in an encrypted form shall not be disclosed to recipients unless permitted by the Legislative framework on the protection of personal data and according to national and European Union legislation.
Personal data shall be retained in an encrypted form for the period of validity of Regulation (EU) 2021/953 on digital Covid certificates.
In accordance with the Legislative framework for the protection of personal data, you have the following rights, which you may exercise at any time within the period of validity of Regulation (EU) 2021/953:
Right of access (Article 15 of the Regulation): You may have access to your personal data and obtain complementary information concerning as well as a copy of these data.
Right to erasure (Article 17 of the Regulation): You have the right to request the erasure of your data under the conditions of Article 17 of the Regulation.
Right to restriction of processing (Article 18 of the Regulation): You have the right to request the restriction of processing of your data under the circumstances provided for by Article 18 of the Regulation.
You may exercise any of the above rights, as well as make any request by communicating with the Data Protection Officer of the Ministry of Health at the email address director@mphs.moh.gov.cy You also reserve the right to file a complaint to the competent supervising Authority, The Commissioner of the Protection of the Personal Data, if you discover that an unlawful processing of your personal data is taking place or your rights in respect of your personal data have been breached.
The “CovPass” application hosting the digital Covid certificate,hereinafter “the application” was created for the implementation of Regulation (EU) 2021/953. This Regulation provides for the mutual recognition of certificates issued by the EU Member states to citizens to facilitate their free movement, between Member States. Your personal data entered therein shall be processed in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679, hereinafter “the GDPR”, and the Protection of Natural Persons with regard to the Processing of Personal Data and the Free Movement of Such Data Law of 2018, L.125(Ι)/2018, hereinafter “the National Legislation”, both constitute “the legislative framework for the protection or personal data”.
The controller of the data inserted in the EU digital Covid Certificate which is kept in the Covpass wallet is the Ministry of Health. For questions regarding the processing of personal data and the exercise of your rights by virtue of the GDPR, you may contact the Data Protection Officer of the Ministry of Health via the email address director@mphs.moh.gov.cy.
The Ministry of Health collects, processes and keeps your personal data pursuant to the basic principles governing the Legislative framework on the protection of personal data, i.e., the principles of legality, purpose, limitation, transparency, minimisation, accuracy, limitation of storage period, confidentiality and integrity and accountancy, for the following purposes:
The application aims at facilitating the mutual recognition and use of certificates issued by the EU Member States to citizens who wish to travel within the EU, thus ensuring the coordinated lifting of restrictive measures and the safe and free cross-border movement.
In view of the use of CovPass application, the Ministry of Health, being the Data Controller, ensures that it respects the rights of the users of CovPass application, safeguarding that the data kept in the application and contained in the EU Digital Covid Certificate shall neither be processed nor used for any reason other than for verifying the authenticity and validity of the QR code of each certificate.
In particular, the digital certificate has been designed based on the needs of the Member States to progressively lift the restrictive measures against the Covid-19 pandemic, since it will be used as a proof of vaccination, test result or recovery, safeguarding public health in response to the redispersion of Covid-19.
The design and implementation of this platform is based on the provisions of Regulation (EU) 2021/953 and the recommendation of the European Network eHealth on the technical specifications of the solution.
Citizens wishing to store their EU digital Covid Certificate to the Covpass wallet. The application for storing digital Covid-19 certificates is used for the secure transmission and storage of Covid-19 certificates in electronic format.
The user of the CovPass Application must give his/her permission for the use the camera. If the access to the camera is not granted the scanning of the QR code will not be possible to take place.
a) Vaccination Certificate:
The controller ensures that your data included in the digital Covid certificate shall not be disclosed to recipients unless permitted by the legislative framework on the protection of personal data and according to national and EU law.
During the check at the points of entry of an EU Member State, the authorised officers shall be able to proceed to the necessary verification of the authenticity, integrity and validity of the QR code, using special verifier devices. This ensures that during the verification process the data contained in the digital Covid certificate shall not be further processed or/and stored.
Users are obliged to store only their own personal EU digital Covid-19 certificates or the certificates of their close relatives given their consent.
Users are obliged to undertake all the necessary and required security precautions for their own devices in order to protect their own EU digital Covid-19 certificates against any unauthorised access by third parties and against malware.
The digital Covid certificates shall be retained in the application for the period of validity of Regulation (EU) 2021/953 on EU digital Covid certificates. Therefore, the use of the CovPass Application may be terminated by the Republic of Cyprus at any time.
The digital Covid-19 certificates are stored on the user’s device as long as they are valid and are deleted when the user deletes the app from his device.
In accordance with the Legislative framework for the protection of personal data, you have the following rights, which you may exercise at any time within the period of validity of Regulation (EU) 2021/953:
Right of access (Article 15 of the Regulation): You may have access to your personal data and receive additional information about their processing, as well as a copy of these data.
Right to erasure (Article 17 of the Regulation): You have the right to request the erasure of your data under the conditions of Article 17 of the Regulation.
Right to restriction of processing (Article 18 of the Regulation): You have the right to request the restriction of processing of your data under the circumstances provided for by Article 18 of the Regulation.
You may exercise any of the above rights, as well as make any request by communicating with the Data Protection Officer of the Ministry of Health using the email address director@mphs.moh.gov.cy.
Moreover, you reserve the right to file a complaint to the competent supervising Authority, The Commissioner of the Protection of the Personal Data, if you discover that an unlawful processing of your data is taking place or your rights in respect of your personal data has been breached.
The “CovScan” application has been designed for the execution of the verification/checking of the authenticity, validity and integrity of the digital Covid-19 certificates, hereinafter “the application”, which is based in the context of the implementation of the Regulation (EU) 2021/953 and the Infectious Diseases (Determination of Measures for the Prevention of the Spread of the COVID-19 Coronavirus Decree of 2021) Decrees, issued by the Minister of Health of the Republic of Cyprus.
Specifically, the Regulation provides for the mutual recognition of the certificates issued by EU Member states to citizens in order to facilitate the free movement, between Member States. Therefore, your personal data entered therein shall be processed in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679, hereinafter “the GDPR”, and the Protection of Natural Persons with regard to the Processing of Personal Data and the Free Movement of Such Data Law of 2018, L.125(Ι)/2018, hereinafter “the National Legislation”, both constitute “the legislative framework for the protection or personal data”.
The controller of the data stored in the EU digital Covid-19 Certificate and which its validity is checked through the CovScan Application is the Ministry of Health. For questions regarding the processing of personal data and the exercise of your rights by virtue of the GDPR, you may contact the Data Protection Officer of the Ministry of Health via the email address director@mphs.moh.gov.cy.
The Ministry of Health collects, processes and keeps your personal data pursuant to the basic principles governing the Legislative framework on the protection of personal data, i.e., the principles of legality, purpose, limitation, transparency, minimisation, accuracy, limitation of storage period, confidentiality and integrity and accountancy, for the following purposes:
The application aims at facilitating the mutual recognition, verification of the validity and use of the digital Covid-19 certificates issued by the Republic of Cyprus and the EU Member States, ensuring the coordinated lifting of restrictive measures and the safe and free cross-border movement.
The digital certificate has been designed based on the needs of the Member States to progressively lift the restrictive measures against the Covid-19 pandemic, since it will be used as a proof of vaccination, test result or recovery, safeguarding public health in response to the redispersion of Covid-19.
The CovScan application has been designed in accordance to the principle of minimisation, which means that the application uses only the available public keys for the required verification of the validity, authenticity and integrity of the certificates. For verification purposes, only the validity and authenticity of the certificate is checked, by verifying who issued and signed it.
In view of the use of CovScan application, the Ministry of Health, being the Data Controller, ensures that it respects the rights of the users of CovScan application, safeguarding that the data kept in the application and contained in the EU Digital Covid-19 Certificate shall neither be processed nor used for any reason other than for verifying the authenticity and validity of the QR code of each certificate. No personal data is transmitted or permanently stored during the verification and checking procedure.
In particular, the data controller undertakes the hosting of public national keys, with the aim of verifying and updating the digital signatures contained in the QR codes of the citizens’ certificates, without any processing of personal data. Specifically, in order to achieve the confirmation of the cross-border data, only the validity and authenticity of the certificate will be checked, through the verification of the digital signature, by the Issuance Authority of the certificates.
The validity checks carried out in the application do not trigger any server request, as they performed using the QR code, without any personal data being transmitted. The information system checks the validity, integrity and authenticity of the digital Covid-19 certificate through the unique certificate identifier and the QR code.
The design and implementation of this application is based on the provisions of Regulation (EU) 2021/953 and the recommendation of the European Network eHealth on the technical specifications of the solution.
Passengers/citizens wishing to use their EU digital Covid-19 Certificates in order to freely move within EU member states. Therefore, the CovScan application is used for the secure verification/checking of the validity, integrity and authenticity of the digital Covid-19 certificates.
The user of the CovScan Application must give his/her permission for the use the camera. If the access to the camera is not granted the scanning of the QR code and the verification of the digital Covid-19 certificate will not be possible to take place.
The controller ensures that your data included in the EU digital Covid-19 certificate shall not be disclosed to recipients unless permitted by the legislative framework on the protection of personal data and according to national and EU law.
During the checks at the points of entry of an EU Member State, the authorised officers shall be able to proceed to the necessary verification of the authenticity, integrity and validity of the QR code, using verifying handheld devices. This ensures that during the verification process the data contained in the digital Covid certificate shall not be further processed or/and stored.
In the cases, specified by the Infectious Diseases (Determination of Measures for the Prevention of the Spread of the COVID-19 Coronavirus Decree of 2021) Decrees, issued by the Minister of Health, the authorised officers shall be able to procced with the required verifications/checks through the use of the CovScan application.
The CovScan application shall be open for public use during the validity of the Regulation (EU) 2021/953 on EU digital Covid certificates (paragraph 49).
“Where a Member State has adopted or adopts, on the basis of national law, a system of COVID-19 certificates for domestic purposes, it should ensure for the period of application of this Regulation that certificates making up the EU Digital COVID Certificate can also be used and are also accepted for domestic purposes, in order to avoid that persons travelling to another Member State and using the EU Digital COVID Certificate are obliged to obtain an additional national COVID-19 certificate”.
In accordance with the Legislative framework for the protection of personal data, you have the following rights, which you may exercise at any time within the period of validity of Regulation (EU) 2021/953:
Right of access (Article 15 of the Regulation): You may have access to your personal data and receive additional information about their processing, as well as a copy of these data.
Right to erasure (Article 17 of the Regulation): You have the right to request the erasure of your data under the conditions of Article 17 of the Regulation.
Right to restriction of processing (Article 18 of the Regulation): You have the right to request the restriction of processing of your data under the circumstances provided for by Article 18 of the Regulation.
You may exercise any of the above rights, as well as make any request by communicating with the Data Protection Officer of the Ministry of Health using the email address director@mphs.moh.gov.cy.
Moreover, you reserve the right to file a complaint to the competent supervising Authority, The Commissioner of the Protection of the Personal Data, if you discover that an unlawful processing of your data is taking place or your rights in respect of your personal data has been breached.