Privacy and Data

Coronalert only uses information that you expressly allow.

The app will NEVER:

• ask for your name, age or address,
• keep your phone number,
• determine your location or follow it,
• check if you respect any quarantine,
• identify your close contacts,
• identify individuals who tested positive for the coronavirus.

It’s always your choice:

• you use the app, or you don’t,
• you share any contagion anonymously, only with your express consent.

You can at any time:

• use the app without sharing any personal information,
• change the app settings or temporarily disable your Bluetooth signal,
• remove or ignore the app’s warnings,
• choose after a positive test, or
• you want to leave a warning anonymously
• send it out.

All data collected by the app will only be stored locally on your own phone. No one else has access to this data, unless you choose to report any infection to the health services. Data that you share completely anonymously in that case helps to prevent the spread of the coronavirus.

Private is private. We’re all very fond of our privacy. Coronalert is therefore designed with maximum protection of your privacy in mind. Technically, Coronalert is based on the DP-3T solution and the official German Corona-Warn-App – which is considered best practice in Europe – and of course fully compliant with the GDPR.

The only data you exchange with other app users is the anonymous ‘gibberish’ exchanged between phones. If you are not infected, this code means nothing at all. If you do appear to be infected with the coronavirus, you are given the opportunity to anonymously pass on the anonymous ‘gibberish’ via a central server. Other users, with whom you came into contact, know that they had a risk contact – but NOT when, where or with whom.

Independent specialists were involved in the design of the app from the start, including ICT, security, privacy and legal protection. The software also underwent an extensive security audit by an external party (NVISO).

Would you like to not only rely on their judgment, but also delve into the finest details yourself? That is possible. A public consultation was organized by ESAT (KU Leuven), and the software is available in open source (Github).

Coronalert records and uses a combination of anonymous data and minimal personal data.

Personal data used by the app may be provided by:

• yourself (only after you explicitly choose to provide them)
• your phone

You do not have to provide any personal information yourself. The only personal information automatically provided by your phone is your IP address. Coronalert does not store your IP address. We will delete it each time your phone is disconnected from our systems.

Telephone number

Coronalert doesn’t know your phone number. However, you can decide to inform Coronalert afterwards when you contact the contact tracing service.

And you can receive the test result directly on your phone.

The contact detection also receives phone numbers from close contacts, when they talk to people who have the coronavirus. This means that you could also get a call from them without knowing your number through the app.

Read more about the data collected and processed

IP-address

Your IP address is a unique set of numbers that identifies your phone or computer when you use the Internet. IP addresses are required to send and receive information online. Your IP address is automatically shared each time you use an app or visit a website.

Coronalert does NOT store your IP address. We will remove it from our server as soon as the connection through the app is complete.

Learn more about the data collected and processed.

The anonymous data we collect includes:

• data about how you use the app,
• data that we use for contact follow-up.

Information about how the app is used

No data is collected or stored on how the app is used. However, it does centrally track how many apps are downloaded and updated, how many tests are requested by users of the app, how many users get their test result in the app and how many users with a positive test share their anonymous data with other users. This data is analysed to see if the app is working correctly.

Contact tracking data

For contact tracing, Coronalert uses technology developed by Apple and Google, namely Exposure Notification. Thanks to Exposure Notification, your phone is able to generate and share anonymous ‘gibberish’. This anonymous ‘gibberish’ is shared when you are in contact with other users of the app.

You can read more about the Exposure Notification system on Apple or Google websites.

The app uses this anonymous data to determine:

• how long you’ve been close to another anonymous app user,

This data remains local and protected on your phone. They can’t be accessed by anyone. If you test positive for the coronavirus, you will be asked to share the random ‘gibberish’ anonymously with the health services.

The anonymous ‘gibberish’ you have shared and received will be automatically deleted from your phone after 14 days. You can also delete the app and any data it stores on your phone whenever you want.

We work closely with Apple and Google to ensure that contact tracking functionality works effectively on as many phones as possible.

Apple and Google’s privacy statements are available on following links:

• Apple privacy statement
• Google privacy statement

Read more about how long we’ll keep your data.

To make the app work technically, we use the services of some companies and government organizations. These organisations process part of the app’s data, including your anonymous information.

See a list of third parties with whom we work and who use your data.

NEW 27/04/2021: Statement by the Interfederal Committee Testing & Tracing about a possible privacy infringement by Google GAEN (statement in French | statement in Dutch)

Coronalert is made on the basis of EU directives, EU recommendations on privacy, Belgian standards and data protection legislation.

This means the app:

• is safe to use,
• in compliance with all legal regulations,
• meets the highest standards for secure and confidential processing.

The detection of contacts via the app is completely decentralised. Matching the anonymous ‘gibberish’ is done locally on your own phone. This means that no one can follow your location, your movements or your contacts.

Read more about compliance and security.

You can choose to delete the app and your details at any time.

To do this:

1. Go to ‘Settings’ in the app.
2. Select ‘Leave’.
3. Press ‘I want to leave’.

This will delete the app and your details.

When the Belgian federal government decides that the corona pandemic is over, the app will no longer work. You are then encouraged to delete the app and all your data. It will no longer be available for download in the app stores.

The Data Protection Officer (DPO) can be contacted directly via [email protected].

Read here how to contact the Data Protection Authority (GBA) if you wish to make a complaint.

Coronalert strives for total transparency – about the objectives, the concept, the technical realization, the technology used, and so on. Detailed information can be found in the following documents:

• Data Protection Impact Assessment (DPIA)
• Data Protection Information Notice
• Security report (NVISO)
• Privacy statement
• Source code: Coronalert GitHub

Learn more about how we keep your data safe.

Organizations inside and outside Belgium cooperate to develop the Coronalert App. They act as partners:

• Project management and realization
• Research
• Technology
• Commercial cooperation

Project management and realisation

• Interfederaal Comité Testing & Tracing
• Sciensano
• FOD Volksgezondheid
• Agentschap Zorg
• AviQ
• GGC Brussel
• Deutschsprachige Gemeinschaft

Research

• Decentralized Privacy-Preserving Proximity Tracing (DP3T)
• COSIC (KU Leuven)

Technologiepartners

• Apple
• Google
• Amazon Web Services
• Devside
• Ixor
• Nviso
• Smals