Digital vaccination proof | BMG (2024)

The digital COVID Certificate is proof that a person has

• been vaccinated against COVID-19 (vaccination certificate),
• tested negative for COVID-19 (test certificate) or
• recovered from a COVID-19 infection (certificate of recovery).

A certificate can be obtained on request from a competent entity (vaccination centres, testing points, doctor’s surgeries or pharmacies) after a vaccination, a test or after recovering from a confirmed case of COVID-19.

You can carry the certificate in paper form or in electronic form on your smartphone. Each certificate contains a QR code with an electronic signature from the RKI to protect against forgeries. If you would like to store a certificate on your smartphone, you can simply scan the QR code with the CovPass app. The app then securely stores an electronic version of the certificate on your smartphone.

Please note that the QR codes on the certificates contain health data (data about coronavirus vaccinations, coronavirus test results or your recovery from a confirmed case of coronavirus). You should only show the certificates and QR codes if you want to provide appropriate proof. Do not provide QR codes to anyone if you do not want the data to be read. To prevent unwanted access to the certificates stored on your smartphone, you should set up a code lock on the device.

a. Certificate creation

The RKI briefly processes the necessary personal data of certificate holders to technically create and sign the requested certificate (Sect. 22a (5)–(7) of the Infection Protection Act, IfSG). The personal data is deleted at the RKI immediately once the technical creation of the certificate is complete. There is no centrally administered registry of vaccinations or certificates.

b. Using certificates as proof

You can use the CovPass app to scan your own printed certificates and those of family members and store them in encrypted form on your smartphone.

In order to prove to third parties – in the situations where this is required by law – that you have been vaccinated, have tested negative, or have recovered from COVID-19, you can show the relevant certificate to the person performing the check. If the person performing the check uses a special verification app (such as the RKI’s CovPassCheck app), it is sufficient to show the QR code of the certificate and have it scanned. The QR code is the certificate in digital form and contains only the information necessary for the specific type of certificate (see Section 5).

The verification app allows for example authorities to scan the QR code of certificates presented to them, in order to verify whether the certificates are valid and prove a complete vaccination protection. During the verification, the data contained in the certificate is read. For the certificate to be valid, it must meet the following technical and formal criteria:

• The certificate contains a valid electronic signature.
• The certificate has not been revoked.
• The technical expiration date of the certificate has not yet been reached.
• The certificate meets the formal criteria applicable at the place where it is verified (for example regional entry rules).

The verification app will show whether the certificate provided is valid or, if applicable whether another certificate needs to be scanned. If the certificate is valid, the name and date of birth of the certificate holder will also be disclosed, as will whether or not it is a test certificate. In the case of test certificates, the time of sampling will also be displayed.

The name and date of birth of the certificate holder are displayed so that the person performing the check can compare this information with an ID document (for example passport or ID card). A notification of whether the certificate is a test certificate, and the time of sampling, are necessary to enable the person performing the check to assess whether the test result on which the certificate is based is still valid.

c. Electronic signature of certificates and revocation

To protect against forged certificates, it is necessary to verify the authenticity of the stored certificates. The electronic signature contained in a certificate’s QR code is used for this purpose. The electronic signature is generated by the RKI when creating the certificate, on the basis of the data contained in the certificate (see Section 5). The signature is a special type of encryption that allows the RKI to confirm that the certificate is an official digital document created by the RKI. The RKI also provides the corresponding public keys from the RKI. These public keys can be used to check whether a certificate’s electronic signature actually originates from the RKI and whether the certificate has been manipulated since being signed electronically.

To protect the health of certificate holders and the public, certain certificates may be revoked in special cases. This may be necessary, for example, if a competent entity (for example pharmacy, vaccination centre or doctor’s surgery) has issued an incorrect certificate. The competent hazard prevention authorities will decide on whether to revoke a certificate, and the revocation is then technically implemented by the RKI (Sect. 22a(8) IfSG). Revocation will result in the certificate becoming invalid and no longer being accepted when verified. It does not matter whether the certificate is presented in electronic form on a smartphone or on paper during the verification. If you have stored a revoked certificate in the app, it will show as "invalid".

To be able to determine the validity of the electronic signature or whether stored certificates have been revoked, the app regularly downloads the RKI’s current public keys and revocation lists in the background and stores them locally on your smartphone. The public keys do not contain any personal data. The revocation lists only contain a revocation identifier for a revoked certificate in the form of special one-way encryption (what’s known as a hash value). The revocation identifier cannot be used to infer the certificate data or other information about a particular person. The RKI receives the revocation identifier of a certificate to be revoked from the competent hazard prevention authority, which has read this identifier from the incorrect certificate. If, in exceptional cases, it is necessary to revoke all certificates issued by the same competent entity (for example a specific pharmacy), only a small subsection from the unique certificate identifier of the issued certificates will be transferred to the revocation list instead of the individual revocation identifiers. This subsection is identical for all certificates issued by the same competent entity. The CovPass app then compares this with the unique certificate identifier of the certificates stored on the smartphone. If there is a match between the identifier of the stored certificates and the certificates on the revocation list, the certificate in question will show as "invalid" in the CovPass app. Both the verification of the electronic signature and the comparison with the revocation lists take place exclusively locally in the app and no data about this process is passed on to the RKI or other agencies.

d. Reminder feature

The app can remind you to check stored vaccination certificates if you received your last vaccination a long time ago. To do this, the app downloads the current rules on booster vaccination recommendations from the app’s server system at regular intervals. The app then uses the data contained in the certificates to check whether a booster vaccination is recommended soon. This check also takes place exclusively offline in the app and no data about the vaccination is passed on to the RKI.

e. Export feature (Create PDF)

You have the option of exporting a certificate stored in the CovPass app, in order to print it out and use the paper version (for examplewhen travelling for extended periods) or scan the certificate afterwards with a new smartphone and store it again as an electronic version in the CovPass app (for exampleif you get a new smartphone). The "Create PDF" feature uses the data of the certificate stored in the CovPass app in order to create a PDF file. This processing is performed only locally on your smartphone. You then have the option of storing this PDF file. The PDF document contains sensitive health data (data about coronavirus vaccinations, test results or recovery from confirmed cases of coronavirus). Therefore, please keep the stored or printed certificate safe and do not publish or share the document.

f. Verifications of certificates for ticket bookings

When you book a ticket with a travel or event company or other provider, you can use the app to submit a digital COVID certificate to the provider’s verification partner so that it can verify the validity of the certificate for your booking with the travel or event company.

To do this, you will need to have added a digital COVID certificate in the CovPass app. The app will ask the provider for the booking information to be used for verification and suggest a suitable certificate based on this information. You can then select this and send it to the verification partner together with the booking information made available by the provider (See Section5 c.).

The verification partner will check whether the certificate’s electronic signature is genuine and that the technical expiration date has not passed. The verification partner will immediately inform the provider of the result of this verification. The only information communicated will be whether the verification was successful or not. You will also be shown the result of the verification in the CovPass app.

The booking information made available by the provider is only processed locally in the CovPass app. This means the RKI cannot tell which certificates you have selected and had verified or which trips or events you have booked.

The RKI is not responsible for the data processing performed by the provider and the verification partner. Please read their privacy notices so that you know what your data is used for and how it is used.

g. Update feature

It may happen that the app offers you to update a valid certificate.

The app uses the data contained in the certificates to check whether it is possible to update a certificate via the app. If this is the case, you will then be advised of a possible update. For the update, with your consent, the certificate required for the update will be transmitted from the app to the app’s server system in encrypted form. If the certificate to be updated is a vaccination certificate proving a booster vaccination, then the certificates proving the basic immunisation or recovery prior to the booster vaccination will also be transmitted to the app’s server system in the process. The validity of the transmitted certificates will then be checked there (see Section4c.). A new version of the certificate for the booster vaccination will be generated using the data from the transmitted certificates. During the update, the contents of the transmitted certificates will be processed for a short time. The updated certificate will then be sent back to your app.

In order to be able to prevent users from using the update feature several times, which is not permitted, the signatures of the updated and new certificates are temporarily stored by means of special one-way encryption (what are known as hash values). The hash values cannot be used to infer the certificate data or other information about you. The hash values will be deleted again 365 days after the update.

a. Certificate data

The certificates contain health data and are stored in a secure area on your smartphone. The certificates contain the following data:

• Data about the certificate holder (last name, first name, date of birth),
• type of certificate (vaccination certificate, test certificate, certificate of recovery),
• the necessary information about the vaccination, the test or the recovery,
• a unique certificate identifier,
• the RKI’s electronic signature and
• a QR code containing the aforementioned data in encoded form.

You can find out what specific information is stored in a certificate from the information provided on the certificate (in German and English). No information other than that indicated on the certificate is stored.

This data will be stored in the app as soon as you scan the QR code on the printed certificate. This data was collected previously by the entity that issued the certificate, and transmitted to the RKI so that the certificate could be signed.

When a certificate is updated, the hash values of the signatures of the updated and new certificates are temporarily stored on the app’s server system by means of special one-way encryption (see Section 4e.).

b. Access data

In order to download the RKI’s public key for authenticating the electronic signature, the current revocation lists and the rules on booster vaccination recommendations, a connection needs to be established to an RKI server. The server has to process technical access data for this purpose. This data includes the following:

• IP address
• Date and time of retrieval
• Transmitted data volume (or packet length)
• Notification of whether the data exchange was a success.

This access data is processed to enable and secure the connection and data exchange between the app and the server. You will not be identified personally as a user of the app and no user profile will be created. Your IP address will not be stored beyond the end of the individual usage procedure.

c. Booking information

If you make a booking via the internet with a travel or event company or other provider, you can use the CovPass app to prove to the provider that you have a valid digital COVID certificate (verification of certificates for ticket bookings). To do this, you will need to have added a digital COVID certificate in the CovPass app. In addition, the provider must be connected to a verification service.

To check the certificate, you will require a special QR code which you will receive from the provider as part of the booking process. This QR code contains a unique transaction ID, a short description of the booking (for example "booking number 1234") and an internet address (URL).

The CovPass app uses this information to retrieve technical specifications from the provider as well as the following booking information for consideration when verifying the COVID certificate:

• Your name
• Your date of birth
• Information about the date of the required validity of the COVID certificate (date of travel or date of event)
• For travel: Country of origin and country of destination
• Proof requirements, that is in particular the types of certificate suitable for proof, for example vaccination certificate (in the case of cross-border travel, also the requirements of the destination country)
• For certain bookings, information on the type of event is also shared (for example concert or major event).

The provider decides which specific information will be used to verify the COVID certificate, and which COVID certificates are permitted as proof.

The RKI processes the certificate data mentioned above in Section 5 a. for the purpose of technically creating and signing the requested certificate. The legal basis for the processing in each case is Art. 6(1) Sentence 1(c), Art. 9(2)(g) of the General Data Protection Regulation (GDPR) in conjunction with

• Sect. 22a(5) IfSG (vaccination certificate),
• Sect. 22a(6) IfSG (certificate of recovery) or
• Sect. 22a(7) IfSG (test certificate).

According to Sect. 22a(5)–(7) IfSG, the RKI is obliged to technically create and sign the requested certificate, provided that the vaccinated, recovered or tested person requests the issuance of such a certificate.

The processing of data in connection with the feature for verifying COVID certificates for ticket bookings is based on your consent. The legal basis is Art. 6 (1) lit. a, Art. 9 (2) lit. a DSGVO.

The legal basis for the processing of the access data mentioned above in Section 5 b. is Sect. 3 of the German Federal Data Protection Act (BDSG) and Art. 6(1) Sentence 1(e) GDPR.

When updating certificates (see Section4e.), the data of the certificates that have been submitted for updating is processed on the basis of your consent. The legal basis is Art.6(1) Sentence 1(a), Art.9(2)(a) GDPR. Temporary storage of the hash values of the signatures of the updated and new certificates is carried out on the basis of Sect.22(1)(c)BDSG and Art.9(2)(i) GDPR.

The legal basis for data processing in connection with certificate revocations is Sect. 22a(8) IfSG.

The certificates will only be stored in the app on your smartphone. The certificates are not automatically deleted in your app. If you wish to delete a certificate, you can remove a certificate from the app yourself at any time or delete the app. To add the certificate again later, you will need to rescan the QR code of the printed certificate.

The booking information required for the verification of certificates for ticket bookings will be deleted after the verification.

When a certificate has been created, the data is permanently deleted at the RKI immediately after the signed certificate has been provided to the issuing entity.

In the case of updating a certificate, the data will be deleted again at the RKI after the updated certificate has been sent to your app. Only the hash values of the signatures of the updated and new certificates will be stored on the RKI’s server system for 365days.

The revocation identifiers of revoked certificates on the revocation lists are stored on the app’s server system until the technical expiration date of the respective certificates.

The RKI has commissioned the company KDO Service GmbH (KDO) to operate and maintain the server system. KDO processes the personal data on behalf and at the instruction of the RKI (meaning it is what’s known as a processor under data protection law). Contractual safeguards are in place to ensure that the data protection requirements are met.

If, in the situations where it is required by law, you present a certificate to other persons or entities, they will become aware of all the data contained in the certificate.

You can prevent this by showing the QR code in the app, so that it can be scanned using a verification app. Then, the data contained in the QR code will be read. Here the verification app will only show whether the certificate shown is valid, an explanation of the result, and if applicable whether another certificate needs to be scanned. In the case of a valid certificate, the name and date of birth of the certificate holder are displayed additionally in the verification app, so that the person performing the check can compare this information with an ID document (for example passport or ID card). In addition, it is displayed whether the certificate is a test certificate or not. In the case of test certificates, the time of sampling is then also displayed so that the person performing the check can assess whether the underlying test result is still valid.

The verification app will only process the displayed data for a short time. Once the verification is complete, the displayed data is discarded, meaning the data that has been read is not permanently stored.

During certificate verification for ticket bookings, your COVID certificates and booking information are transmitted to a verification partner used by the provider. The specific verification partner is displayed in the CovPass app before transmitting the information. To retrieve the individual booking information, the CovPass app transmits to the provider the booking identifier contained in the provider’s booking QR code.

If the RKI processes your personal data, you have the following data protection rights:

• The rights under Art. 15, 16, 17, 18 and 21 GDPR,
• the right to contact the official RKI Data Protection Officer and raise your concerns (Art. 38(4) GDPR) and
• the right to lodge a complaint with a data protection supervisory authority. To do so, you can for example contact your local supervisory authority or the authority responsible for the RKI. The supervisory authority responsible for the RKI is the Federal Commissioner for Data Protection and Freedom of Information, Graurheindorfer Straße 153, 53117 Bonn.

Please note that the RKI can only fulfil the rights mentioned above if data to which the asserted claims relate is processed on an ongoing basis. This would only be possible if personal data were stored after being transmitted to the RKI server. This is not generally necessary for the purposes of the app. For this reason, the aforementioned data protection rights under Art. 15, 16, 17, 18 and 21 GDPR are largely redundant. If the hash values of the signatures are temporarily stored when a certificate is updated, this does not enable the RKI to determine the identity of certificate holders (see Section4e.).