Right of erasure relates to Personally Identifiable Information (PII). For Consentry this PII is held in two locations:
Firstly your name, email address, location history and health self-assessment records are held within the Consentry app on your iOS or Android device. Uninstalling the app will delete all those items. There is no back-up unless you are using your own back-up solution for the device data.
Secondly, PII will exist in the Consentry database that your company is using. The PII your company holds is limited in the first instance to your name and email address, your normal facility or sub-location and whether you are an employee or a contractor. Your company legitimately holds this information and uses it on other systems. Your company will also know that you have responded to the email invite they sent you and that you have downloaded the Consentry app and connected.
Daily health self-assessments you submit are truly anonymised before these are sent and are therefore not normally PII. However, if you submit an anonymous assessment that states the sender has become infected or exposed to COVID-19 and you then advise your company separately that you have developed COVID-19, it is likely that health self-assessment will be recognised as yours, as you would expect. That assessment would then become PII.
Any location history you choose to share with your company, because you have contracted COVID-19, will be PII. You are providing this information solely in respect of COVID-19, keeping your colleagues healthy and your company’s locations safe, as well as maintaining compliance with any Government requirements in place. Your company cannot use the PII for any other purpose and you can of course edit the location history before it is sent. The location history you send to the company is automatically deleted by the Consentry solution, once it has been used to update the company’s list of “Potentially Infected Places”.
All PII your company holds is covered by your company’s Privacy Policies and is not specific to Consentry. Digi.me Limited (for Consentry) is the data processor, but your company is the data controller. To exercise any right of erasure you should contact your company’s Data Protection Officer in the normal way. It is not possible to make this request using the Consentry app.