Data Protection / Declaration of Consent is operated by testFRWD GmbH with its offices in Berggasse 5, 1090 Vienna, Austria. testFRWD offers a digital ecosystem to monitor and control applications of home tests to be able to issue a digital certificate that can be used to enter venues, businesses, airports and other spaces.

testFRWD processes your name, your gender, your address, your date of birth, your ID card data, your email address and your telephone number to obtain your identity.
The testFRWD App will detect the result of your rapid test and store information about your COVID-19 infection status and technical telemetry data, such as your IP address, which are necessary for the app's operation and the testing process.

Pictures of you and your ID card will be processed by YOTI Org T&Cs to conduct OCR recognition of your passport, ID card or driving license and verify document authenticity. You can find the privacy policy of Yoti here:

Furthermore, your data will be used for the purpose of creating anonymous statistical evaluations. Digitalization of your result will not be carried out without your consent.

The photographs taken are used to monitor the correct application of the test and the test cassette (without any personal data) will be analysed by Google AI to interpret the result. The pictures used are not combined with any of your personal data and are therefore processed anonymized. We do not save any of the processed material outside of the European Union permanently. You will have to confirm that the result is correct. If the analysed result and your confirmation match, testFRWD will issue a certificate that will contain your relevant data.

testFRWD will provide you with a QR code (unique identifier) that can be used to share your result with other platforms that may require a certified test result. If you share your unique identifier with a 3rd party company, you also agree that testFRWD may provide relevant data through an API to the third party to check your phone number, email, name and result to give you access to 3rd party venues, airports, events etc.

The app also uses cookies. Only technically necessary cookies are used: we use a session cookie to identify your browser, and we use standard Google Analytics cookies to track the traffic of the website.

We use Google Analytics for some products or websites. Google creates and shares with us an identifier (such as, 76c24efd-ec42-492a-92df-c62cfd4540a3). The information that we collect through Google Analytics is linked only to this identifier, and so it is not possible to search or get the information using your name or your device’s other identifiers. We cannot provide you with this information as it is not linked to any of your identifying details. You can make an access request to Google here:


We collect information about your device and your use of our products using in-house analytics and third-party tools. The information we collect is de-identified and aggregated so we can’t identify you personally. We use it to understand how our products are being used and to improve them. You can opt out of certain analytics in the app and by changing browser settings for web-based products that use a cookie to implement the analytics. This section provides general information, please see the ‘Analytics’ sections of the product-specific information for more details on analytics used in specific products. What are analytics and why do we use them? Analytics means collecting and analysing information about activity on our website and in our app. None of our analytics provide information about you personally. The statistics we get from this data allow us to understand how people are using our products and websites, and things like what works and what doesn’t, how long it takes to complete critical tasks and where we have users. Unlike most other companies, we don’t build individual profiles of the people who use our products and services. We simply look for trends and patterns to inform business decisions. All these statistics are essential to understanding how our products and websites are performing and identify where we need to focus our efforts to improve.

Your choices for analytics

You have some control over analytics information collected through settings available in your website browser and on your phone, as well as in the Yoti app settings.


You can clear pixels and cookies by clearing your cache or browsing history and by setting your browser to refuse cookies and pixels.


Both Android and iOS phones have privacy settings to limit the collection of the Advertising ID.

Deletion rights

In certain circumstances you are entitled to ask us to delete the personal information we hold about you.
For some of our products and services you can delete your account or certain information from within the product / service.
If you have any other deletion request, please email:

Objection rights

In certain circumstances you are entitled to object to testFRWD processing your personal information.
If you want to contact us about your objection rights, please email:

Restriction rights

In certain circumstances you are entitled to ask us to restrict our processing of your personal information.

You can ask us to do this if:
• you dispute the accuracy of your personal information;
• our processing is unlawful but you prefer restriction to deletion;
• we no longer need the information but you need it for legal reasons; or
• you have objected to our processing and we are still dealing with this objection.
If you want to contact us about your restriction rights, please email:

Portability rights

In certain circumstances you are entitled to receive the personal information you have provided us in a structured, commonly used and machine-readable format. If you have contacted our Customer Support or had other contact with us and want to make a portability request, please email:

Removing or blocking the cookies will cause the website to work incorrectly. Learn more about Google’s privacy policy here. ( ).

Security and data location

Security is a core business principle. We always keep personal information in secure locations with strict access controls.

Where we use other organisations to support our business, we have contract terms in place that contain obligations on the other organisation to safeguard your information. Some of these organisations have their servers in other countries. We have contract terms with these third parties and measures in place to cover any transfers of personal information. The measures used are EU-approved model contract clauses, Privacy Shield for some US companies, and some have Binding Corporate Rules. We are currently looking into suppliers who use Privacy Shield to move to an alternative, given the recent CJEU decision that invalidated Privacy Shield.

Your data will not be transferred to any other third parties or to countries outside the European Union. Exceptions to this are the transfer to order processors such as the hosting providers, which operate ISO-certified data centres, YOTI Org T&Cs, and certified affiliates of testFRWD solely for the purpose to give you access to the tested spaces.

All affiliates are bound by their own agreements to the data protection obligations of the General Data Protection Regulation.

You have a right to information about the personal data processed by you, correction and deletion, restriction of processing, and a right to data portability and a right of complaint to the data protection authority. You can also revoke this consent at any time.

For questions about this processing, exercising your rights or queries about data protection at testFRWD, please contact our Data Protection Officer at