In a number of cases, vaccination centers wish to be able to in group contact persons, who have been invited for a vaccination, at their email address or mobile phone number as known in the vaccination code database. In the vaccination code database, these digital contact data are available for about half of the population. These digital contact data are provided by the sickness funds for the persons for whom the sickness funds dispose of an email address or mobile phone number. All persons who have activated the eBox for citizens (1.4 million persons) can also be reached through that channel.
The use of the personal data from the vaccination code database must be in accordance with the cooperation agreement and the regulation on data protection. In other countries, such data has already unlawfully ended up with direct marketing firms. Such risk should be avoided. Therefore, the following standard method is proposed.
A vaccination center can download the following lists of National Register numbers from the reservation application
- a list of people who have been invited to the vaccination center concerned, but have not yet booked a vaccination moment;
- a list of persons who have been invited to the vaccination center concerned, but have not yet confirmed a pre-booked vaccination moment;
- a list of people who have been booked in for a vaccination moment at the vaccination center concerned on a certain date.
Based on the lists, the mobile phone number and / or the e-mail address of the persons concerned can be obtained in the vaccination code database by calling an API.
The downloading and further processing of these lists is done by the population manager of the vaccination center. The list is requested by the population manager after authentication and the downloading is logged. The population manager signs a contract in which he indicates that he is the controller of the processing of the personal data mentioned on the lists and he engages responsibility to take necessary data protection measures in accordance with the cooperation agreement and the regulation on data protection. In particular, he ensures that any person who intervenes in the processing only has access to the data that is strictly necessary for the execution of his tasks and that an unchangeable logging exists about the processing of the data.
The personal data mentioned on the lists referred to under points 1. and 2. can only be used to contact the persons in order to support them in booking or confirming a pre-booking. Once the persons have been contacted successfully, the personal data will be deleted.
The personal data mentioned on the lists referred to under point 3 can only be used to contact the persons if an unforeseen circumstance occurs on the date concerned (e.g. change of location due to weather conditions). Once the persons have been contacted successfully or the date has passed, personal data will be deleted.