Privacy Policy

Our privacy policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR).

The Important Stuff

  • We don’t store your vaccination certificate anywhere on our servers
  • We use Google Analytics because it’s interesting to see who is using our site and what is happening
  • All the processing of your data happens on your device - we can’t see anything
  • Because we can’t see anything, we obviously don’t share you data … what data?

Simplified explanation of the process

First, the following steps happen locally in your browser:

  1. Recognising and extracting the QR code data from your selected certificate
  2. Decoding your personal and health-related data from the QR code payload
  3. Assembling an incomplete pass file out of your data
  4. Generating a file containing hashes of the data stored in the pass file
  5. Sending only the file containing the hashes to our server

Second, the following steps happen on our server:

  1. Receiving and checking the hashes which were generated locally
  2. Signing the file containing the hashes
  3. Sending the signature back

Finally, the following steps happen locally in your browser:

  1. Assembling the signed pass file out of the incomplete file generated locally and the signature
  2. Saving the file on your device

Locally Data Processed

South Africa
In South Africa what you see on your certificate is what we see, no spec that has been followed, or we couldn’t find the information online anywhere. Sorry.

European Union
The Digital Covid Certificate Schema contains a detailed specification of which data can be contained in the QR code and will be processed in your browser.

Server Provider

The following data may be collected and stored in the server log files:

  • The browser types and versions used
  • The operating system used by the accessing system
  • The website from which an accessing system reaches our website (so-called referrers)
  • The date and time of access
  • The pseudonymised IP addresses
  • The serial number of your pass

Your Rights

In accordance with the POPI Act and GDPR you have the following rights:

  • Right of access to your data; You have the right to know what data has been collected about you and how it was processed.
  • Right to be forgotten; Erasure of your personal data.
  • Right of rectification; You have the right to correct inaccurate data.
  • Right of data portability; You have the right to transfer your data from one processing system into another.

More Information

Third Party Privacy Policies


Email: info@lankchilled.com
Website: lankchilled.com