Privacy policy for the TK-Ident-App

The free TK-Ident-App enables you to use your TK-HealthID, the TK digital identity card you can carry in your pocket. It lets you access online healthcare services such as TK-Safe and the ePrescription app from home or on your mobile device.

This privacy policy informs users about the nature, scope and purposes for which the provider responsible for this app collects and uses personal data. The legal bases for the protection of data are set forth in the General Data Protection Regulation (GDPR), the Sozialgesetzbuch [German Social Code] (SGB) and the Bundesdatenschutzgesetz [German Federal Data Protection Act] (BDSG). TK only collects and uses your personal data within the framework of these provisions. Personal data is understood as any information that refers to an identified or identifiable natural person. This includes information such as your insurance number.

1. Data controller and legal bases

The data controller responsible for the collection, processing and use of personal data in connection with the TK-Ident-App is

Techniker Krankenkasse
Bramfelder Straße 140
22305 Hamburg
Phone: 0800 285 85 85
E-mail: datenschutz@tk.de

These services are rendered by TK's contractor IBM Deutschland GmbH (hereinafter referred to as "IBM") in accordance with TK's specifications. IBM is subject to the data privacy requirements and control of TK.

Any personal data collected by the app is obtained either on the basis of your express consent (Art. 6(1)(a) GDPR), to comply with legal obligations to which TK is subject (Art. 6(1)(c) GDPR), to perform tasks in the public interest or in the exercise of official authority vested in TK (Art. 6(1)(e) GDPR), or for purposes of the legitimate interests pursued by TK (Art. 6(1)(f) GDPR). Provided there are no statutory retention periods that prevent their erasure, the data are only stored for as long as necessary to fulfil the purpose for which they were collected.

2. Installing the TK-Ident-App

The TK-Ident-App is available through market platforms known as app stores (Google Play and Apple App Store), which are operated by third parties. Before you can download the app, you may be required to register with the respective app store and install the app store software. Techniker Krankenkasse has no influence over the collection, processing and use of personal data in connection with your registration and the provision of downloads in the respective app store and app store software. The operator of the respective app store is therefore the sole data controller. Please contact the respective app store provider for further information if required.

3. Note on using third-party keyboards

Please note that the use of any keyboard other than that provided by the operating system may cause security loopholes. The information you enter could be recorded without your knowledge and transmitted to untrustworthy third parties. We therefore advise you to use the system's own keyboard.

4. Which data are required to use the TK-Ident-App?

In the following, we would like to inform you about the data which are collected, processed and stored when using the TK-Ident-App.

4.1. Basic functions

Network access & network connections
Network access is essential since the TK-Ident-App can only be used in online mode.

Storage
When using the TK-Ident-App, security-relevant data are encrypted and stored locally. Some of the settings in the TK-Ident-App can also be stored locally, for example information about screens that should no longer be displayed.

Device status
Your device must undergo a security check before you can use it to access the TK-Ident-App. This involves the detection and analysis of your device status.

NFC capability
The TK-Ident-App will check your device to determine whether it supports NFC (near-field communication). This function is essential for reading NFC cards such as your eHealth card or personal ID card.

4.2. Configuration data

The free TK-Ident-App enables you to use your TK-HealthID, the TK digital identity card for online healthcare services. Access to and the use and secure storage of these cards are strictly regulated by law. Your TK-HealthID will be set up for you automatically the first time you configure the TK-Ident-App.

Personal data collected and processed in connection with the TK-Ident-App are stored and processed exclusively in the European Union on servers located in the multi-certified data centre operated by IBM Deutschland GmbH. Technical and organisational security measures have been implemented to protect your data from unauthorised transmission or disclosure, unauthorised access, unintentional or unlawful destruction, loss, modification or other forms of improper use.

The TK-Ident-App can only be used with two-factor authentication. After installation, you will be requested to create an app-specific PIN as the first factor. The second factor is your device, which you will be required to register so that your TK-HealthID can be assigned to it. We will use both factors to create a secure connection between the TK-Ident-App and your TK-HealthID. This unique assignment requires the performance of an identification process for security purposes (see section 4.2.2 below for further information). The data required for configuration purposes are necessary for the functioning of the app.

You will have to repeat the configuration process if you reinstall the TK-Ident-App on the same device or install it on further devices. Your existing TK-HealthID will be assigned to these devices.

The law requires your device registration to be renewed at regular intervals. Information about this process is provided in the app.

4.2.1. App-specific PIN

While setting up the TK-Ident-App, you will be asked to create a six-digit app-specific PIN. This PIN will protect your TK-Ident-App and TK-HealthID. If you do not want to use the app-specific PIN every time you log in, you can use your device's system PIN or password instead. This function will be offered to you as an option when you configure the app.  

4.2.2. Identification & device registration

Your personal data will be processed for the purpose of registering the device and performing the necessary verification of your identity. You can use either your online ID card or your eHealth card for identification purposes. The following personal data will be processed when verifying your identity and registering your device:

Data collected when verifying your identity using your online ID (electronic personal ID, electronic residence permit or the eID card for EU citizens):

  • first name and last name
  • date of birth
  • address
  •  insurance number
  •  type of document (personal ID/electronic residence permit/eID card for EU citizens)
  • service-specific and card-specific identifiers (pseudonymised numbers)
  • abbreviation "D" for the Federal Republic of Germany

Data collected when verifying your identity using your eHealth card:

  • first name and last name
  • date of birth
  • insurance number
  • type of document
  • card identification number
  • card access number (CAN)

Data collected when registering your device:

  • user ID
  • device model (for example Samsung Galaxy S9)
  • device name chosen by you
  • serial number of the connected device
  • keystore type
  • OS type (for example ANDROID_x86)
  • OS version (for example 9.0.0)
  • most recent log-in (for example 1 August 2023 10.47 a.m.)
  • the version of the TK-Ident-App you have installed (for example 3.1.0)
  • security-relevant changes to the device (for example JailBreak/Root or a beta version of an operating system)
  • registration of your device and the time of registration with the associated identification process.

4.2.3. Storing your insurance data in the TK-HealthID

The data collected during the identification process are compared with the data stored by TK. Your insurance data are stored separately and updated regularly to comply with the relevant legal provisions and high availability requirements. This is necessary for the app to function. The following data are stored separately in the TK-HealthID:

  • salutation
  • first name and last name
  • date of birth
  • insurance number
  • e-mail address, if available
  • gender
  • service-specific and card-specific identifiers (pseudonymised numbers)
  • ID of your TK-HealthID (automatically generated number assigned to your insurance)
  • eligibility for insurance
  • membership of a health insurance fund

4.3. Logging in on multiple devices

You can use the TK-Ident-App to log in to online healthcare services on multiple devices. This may, for example, be the case if you access an online healthcare service in a browser on your desktop PC but your TK-Ident-App is installed on your smartphone. A unique identification number (session identifier) is displayed on both devices so that these sessions can be assigned to each other. When logging in to the TK-Ident-App, make sure that the identifiers match and that you have really initiated the log-in process. Next, confirm your log-in by entering the activation code displayed in the TK-Ident-App into the relevant field provided by the online service.

When you log in on multiple devices, we collect the following information:

  • insurance number
  • session identifier
  • time
  • device information

Session cookies

Cookies are used when logging in on multiple devices. These are essential for security purposes. The cookies do not store data which allow conclusions to be drawn regarding the person visiting our website. The information in the cookies is stored separately from any other data that may be transmitted to us. We do not combine these data with other data sources.

The lifespan of a session cookie is limited to the respective session. What this means: as soon as you completely close the browser, the cookie becomes invalid and can no longer be used. The same occurs if you have not performed any action on the website for longer than 60 minutes.

You can delete the cookies placed by TK at any time by clearing your browser. This will mean you can no longer use any services that require you to log in.

5. Data collection for billing purposes

You can use the TK-Ident-App free of charge. TK covers the costs incurred when you use the TK-HealthID. The following information is collected, stored and processed so that IBM can bill TK for your use of the TK-Ident-App and the TK-HealthID:

  • the date and time at which you last accessed the TK-Ident-App and TK-HealthID in each quarter (the data collected and stored only ever spans the last five quarters)
  • health insurance number
  • membership of a health insurance fund
  • date and time of termination (if applicable) 

As a rule, the data stored for billing purposes are only made available in aggregated and anonymised form so that IBM can use them to issue its invoices. Only if objections regarding your actual use of the TK-Ident-App arise during the invoice checking process could it become necessary to disclose the time you last accessed the TK-Ident-App in each quarter (over a period spanning the last five quarters) along with your technical reference number to TK. This allows the invoice data to be compared against the data collected by TK regarding your use of the TK-Ident-App.

During this comparison, IBM receives no information whatsoever which could allow individual users of the TK-Ident-App to be identified.

The processing of data for billing purposes is a prerequisite for the performance of our contract with you regarding the use of the TK-Ident-App. Your data will not be used for any other purposes or otherwise forwarded to third parties. Under no circumstances will the health applications you use be disclosed to TK.

6. Authorisations for the use of operating system functions

Before you can use the special service functions offered by the app, you will be required to authorise access to specific operating system functions. You will therefore be asked to grant the appropriate access authorisation when you start using the app or when you use the respective functions. In the vast majority of cases, however, your consent will not be required for the operation of the TK-Ident-App.

Camera
The app requires access to your camera in order to scan QR codes.

Phone
When you install the app, older Android operating systems (OS) will ask you to consent to the use of your phone (the app may initiate and manage phone calls). This is because older operating systems included access to your device status within the scope of this consent. This authorisation is required for the TK-Ident-App to execute its basic functions (section 4.1). At no time does TK use the contact or call data stored on your device. Newer operating systems no longer issue this authorisation request since it is among the basic functions of your operating system.

Overview of access authorisations granted and withdrawal of authorisations (operating system)
You can always track and revoke the authorisations you have already granted by making the necessary changes in your device's operating system settings.

7. Do TK and its partners receive data, and for what purpose?

The online healthcare services only receive and process the data you provide in the TK-Ident-App for the intended purposes. In the following, we would like to inform you about these purposes and the individual recipients:

All the data collected, processed and stored in the TK-Ident-App are sent exclusively to TK and will not be transmitted to any third parties without your consent. State-of-the-art SSL encryption is invariably used when transmitting data between the TK-Ident-App and the recipients mentioned.

7.1. Verifying your identity with your online ID

When you verify your identity with your online ID, the state eID infrastructure is used to read it and determine whether it is valid. This involves the use of the electronic identity function as described in section 18 of the Personalausweisgesetz [German Identity Card Act] and section 79 subsection 5 of the Aufenthaltsgesetz [German Residency Act] (so-called eID). TK has no influence over this. Further details are provided in the privacy statement for the online identification function at https://www.ausweisapp.bund.de/en/privacy.

7.2. Log-in and transmission of data to online healthcare services

The online healthcare services use your TK-HealthID to log you in to their web portals or apps. This means that rather than registering separately for each service, you can use your TK-HealthID as your central digital identity and as a means of logging in. Along with your registration information, these online services may also request specific personal data from you. You will be required to give your explicit consent to the use of these data in each individual case. This means that TK will only transmit these data once you have given your explicit consent. Please refer to the respective online service to find out which data are required.

Online services may request one or more of the following types of data:

  • first and last names, title, name extension
  • date of birth
  • age
  • gender
  • e-mail address
  • health insurance number
  • health insurance provider

Your consent to the transmission of data to each online service is stored permanently in your TK-HealthID. You can use the TK-Ident-App to view and revoke the consent you have granted to individual services at any time. If you do so, you may find that individual online services will not function properly until you have again provided the necessary consent.

Please refer to the privacy policies of the respective online services for further information on data processing, data storage and data erasure.

7.3. Transmission of data to other third parties

Your data are treated strictly confidentially.

Unless explicitly provided for in this privacy policy, TK will not forward your data to other third parties unless you have expressly consented to this.

TK also contracts service providers who help make the TK-Ident-App and the TK-HealthID available. These consist exclusively of IBM and its subcontractors - all of which are domiciled in the European Union.

These companies assist with the technical operation of the TK-Ident-App and the TK-HealthID and the provision of their functions and services; they also offer technical support. Under no circumstances will your personal data be transmitted to a third country outside the European Economic Area. The service providers act exclusively on behalf of TK and in accordance with TK's instructions to IBM; moreover, they have a duty to take all the technical and organisational measures necessary to protect your data in compliance with the requirements set out in the data protection legislation. They are not permitted to forward the data to third parties or use them for other purposes.

8. Data collection for preventing improper use, ensuring traceability and receiving blocking notifications (log data)

The law obliges us to log events (date, time, means of authentication, device and action) connected with the TK-Ident-App and to display them to you in the app.
The following processes are recorded in security logs and system logs in order to prevent improper use of your TK-Ident-App and TK-HealthID and guarantee the necessary traceability, both of which serve your interests:

  • device information as described in section 4.2.2
  • log-in processes
  • unsuccessful log-in attempts and blocking
  • log-in processes and approvals for applications (anonymised to prevent profiling)
  • registration processes
  • identification processes
  • PIN reset processes

The data logged in these cases consist of the user ID, the time, the date and a transaction identifier. The IP address is also stored in the event of an unsuccessful attempt to log in.

IBM's administrators are able to view your data in order to receive blocking notifications and uphold your rights as set out in Art. 15, Art. 16, Art. 17 and Art. 18 GDPR. However, this does not include the health applications you have accessed and used.

9. Storage periods and erasure of the data used

9.1. Storage periods in cases of active use

If you actively use the app, your data will be stored until you delete your TK-HealthID and uninstall the TK-Ident-App.

9.2. Deleting your data

You can delete the data collected and stored in connection with the TK-Ident-App and TK-HealthID by

  • deleting your TK-HealthID in the TK-Ident-App's settings then uninstalling the TK-Ident-App, or
  • calling our telephone support hotline to have your TK-HealthID deleted then uninstalling the TK-Ident-App.

Please note that we cannot delete all your data if you only uninstall the TK-Ident-App from your device. TK will not receive any information from your operating system concerning the deletion of the app.

If you have installed the TK-Ident-App on multiple devices, the app must be uninstalled separately from each device.

The TK-Ident-App and the TK-HealthID are independent of Meine TK and the TK-App. The deletion of Meine TK does not automatically lead to the deletion of your TK-HealthID and vice versa.

Data transmitted to online healthcare services
TK is unable to retrieve or delete data transmitted to online healthcare services (see section 7.2). Please refer to the privacy policies of the respective online healthcare services and contact the respective data protection officer to have your data erased.

Unless your TK-HealthID has been deleted, the TK-Ident-App will show you the data transmitted for each application.

Deleting your device registration or a device
If you are using multiple devices or have reinstalled the app, you will be able to view and delete the devices stored at any time by navigating to the TK-Ident-App's settings. The device you are currently using to remove the other devices can only be deleted by deleting your TK-HealthID.

Our telephone support service can block all your devices, for example if you have lost them. When you delete a device, we will erase all the data collected in connection with it (section 4.2.2).

If you reinstall the TK-Ident-App on the same device, the data collected to register your device will be erased in your TK-HealthID and replaced by the more recent data.

Data deletion when uninstalling the app
Uninstalling the TK-Ident-App will erase the following locally stored data:

  • cryptographic log-in material
  • Information on screens that will no longer be shown

Deleting your TK-HealthID
When you delete your TK-HealthID, we will erase all the data collected for this purpose:

  • data described in section 4
  • data described in section 7

If you withdraw your consent to the terms of use, we will be obliged to delete your TK-HealthID with all the associated data.

If you lose your eligibility to take part, for example because you change your health insurance provider or insurance type, we will automatically delete your TK-HealthID 3 months after you became ineligible.

By law, we are obliged to archive your use of the TK-HealthID and any periods in which it was blocked and to store these data for 10 years. In these circumstances, we will only store

  • your insurance number
  • the date on which your participation started
  • the date on which your participation ended
  • periods in you were barred from using the TK-HealthID (blocks, ineligibility to participate)

Deletion of log data
Security logs are deleted within 30 days. System logs are deleted after 14 days. Log data collected to track your use of the TK-HealthID will be erased when your TK-HealthID is deleted, at the latest after 2 years have passed. 

Deletion of declarations of consent
Once given, proofs of your consent will be kept for 3 years after you withdraw your consent or your TK-HealthID is erased. These include declarations of consent to

  • terms and conditions of use
  • the transmission of personal data to an online healthcare service

10. Your rights

You have the following rights:

  1. the right to withdraw your consent with future effect (Art. 7(3) GDPR)
  2. the right of access to information (Art. 15 GDPR)
  3. the right to rectification (Art. 16 GDPR)
  4. the right to erasure (Art. 17 GDPR)
  5. the right to restriction of processing (Art. 18 GDPR)
  6. the right to object (Art. 21 GDPR)

Please contact TK directly to exercise your rights as a data subject under data protection legislation. Since IBM has no access to any of your identifying characteristics, they will be unable to check your authorisation and assign it to your stored data if you contact them.

11. Communication channels

If you would like to contact TK, please call us on 0800 285 85 85 or send an e-mail to service@tk.de.

12. Contact data for the data protection officer and supervisory authorities

Techniker Krankenkasse
Beauftragter für den Datenschutz [Data Protection Officer]
Bramfelder Str. 140
22305 Hamburg
E-mail: datenschutz@tk.de

As a data subject, you have the right pursuant to Art. 77 GDPR to contact a supervisory authority if you believe that the processing of your data constitutes a breach of the GDPR. The supervisory authorities responsible for TK are:

The Bundesbeauftragte für Datenschutz und die Informationsfreiheit [Federal Commissioner for Data Protection and Freedom of Information] (BfDI)

The BfDI: www.bfdi.bund.de

Bundesamt für Soziale Sicherung [Federal Office for Social Security] (BAS)

The BAS: www.bundesamtsozialesicherung.de

13. Amendments or adjustments to the privacy policy

This privacy policy is currently in force and dates from 1 December 2023. It may become necessary to amend this privacy policy due to the further development of our app or the implementation of new technologies.