Common use of Google Wallet API Usage for COVID-19 Vaccination & Testing Cards Clause in Contracts

Google Wallet API Usage for COVID-19 Vaccination & Testing Cards. 2.1. To aid pandemic response, eligible entities may use the Google Wallet API to provide their patients with convenient evidence of vaccination and/or test results (hereafter referred to as “COVID Cards”). Usage of the API for this purpose is subject to the Google Wallet API Terms of Service, all provisions of the Google Wallet API Acceptable Use Policy and the following additional requirements: 2.1.1. Usage of the Google Wallet API for COVID Cards is limited to entities in one or more of the below categories. Your API access request must be accompanied by signed documentation on official letterhead verifying that you represent or are endorsed by an eligible entity. 2.1.2. All entities intending to issue COVID cards must use the COVID Card vertical to do so. If an entity has already used the Google Wallet API for another purpose or vertical, they must still fulfill the below requirements and complete an API access request for the COVID Card vertical. Google do not allow entities using the Google Wallet API for another vertical (e.g. loyalty passes, event tickets) to issue COVID cards without being approved for the COVID Card vertical. 2.1.3. For passes that include only uninterpreted vaccine or testing data, eligible entities are: a) Official government agencies b) Healthcare systems or providers (e.g. CVS Health, UK National Health Service, UnitedHealth Group, Xxxxxx Permanente, French national healthcare system, Netcare (South Africa), One Medical, etc.); c) Organizations authorized by public health authorities to distribute COVID-19 vaccines and/or testing 2.1.4. For passes that include interpreted data (e.g. to determine an individual’s eligibility for travel or entry into public spaces), eligibility is limited to official government agencies or entities that have received permission from an official government agency. Interpreted data types are indicated with an asterisk in the Privacy requirements section below. 2.1.5. Usage of the Google Wallet API for COVID Cards must comply with the following requirements: a) You must ensure that COVID Cards reveal the minimum amount of personally identifiable information (e.g. name, date of birth) required to achieve their purpose. b) You must comprehensively disclose all data types you plan to reveal when onboarding. For any data types not listed below, you must include a rationale for why this data type is required for your use case. COVID Cards may, but are not required to, include the following: i COVID-19 Vaccine Information • Vaccine code (e.g., CVX), vaccine generic description, or vaccine manufacturer • Date of vaccination • Lot number • Dose number • Administering facility • Future dose appointment details ii COVID-19 Test Information • Test code (e.g., LOINC) or test description • Test result • Date of testing • Administering facility iii Issuer information (name in plaintext, public key, digital signature, contact information) iv Patient Name v Patient Date of Birth vi *Entry Eligibility Recommendation, i.e. an interpretation of an end user’s vaccination and/or testing status to determine eligibility to enter a particular space or participate in a particular activity (Note that COVID Cards using this data field are subject to additional eligibility requirements detailed above) vii *Expiration Date and Time (Note that COVID Cards using this data field are subject to additional eligibility requirements detailed above) viii Identity Assurance Level c) You must not include or transmit any other sensitive personally identifiable information (e.g. government IDs, social security numbers, patient IDs, health worker IDs) without prior authorisation. 2.1.6. Usage of the Google Wallet API for COVID Cards is limited to end users who are above the applicable legal age of consent. You must ensure that you only distribute the “Save to Phone” button to end users who are above the applicable legal age of consent.