search

covid19-group / c19

C19 is an Open Source COVID-19 self registration tool build by volunteering people in tech.
https://c19.dk
MIT License
27 stars 15 forks source link

Privatlivspolitik #7

Closed valberg closed 4 years ago

valberg commented 4 years ago

Først og fremmest mega sejt projekt! Hatten af for det!

Men, erhm, det er lidt stenet at der ikke er nogen privatlivspolitik nu hvor I rent faktisk behandler følsom persondata.

Jeg vil i hvert fald først udfylde det når jeg ved hvem der får min data og hvordan jeg kan få den slettet igen :)

holgerthorup commented 4 years ago

Hi @valberg. Thank you for addressing this.

We have a legal team working on it; which is one of the reasons we are not currently collecting any medical data. In terms of sharing your phone number with us I can assure that we're GDPR compliant and your data is safe:

  1. The database is encrypted and we can at any time revoke and destroy the encryption password that enabled the application to read/write to it and no one will be able to make sense if anything on there without.
  2. Phone numbers and codes are further encrypted at rest with another password, also disallowing core team (me + @louislva) to reveal that personal information.
  3. We're currently integrated with Twilio to send SMS to that phone number. Twilio is both GDPR and HIPAA compliant (HIPAA: should that be relevant at some point).

Let me know if you have further concerns.

holgerthorup commented 4 years ago

We've added a Declaration of Consent outlining our data protocols etc.: https://c19.dk/consent