Data protection/consent declaration

With your consent, LEAD Horizon GmbH, Sandwirtgasse 12/1, 1060 Vienna processes your name, address, date of birth, national insurance number, e-mail address, COVID-19 infection status and technical telemetry data, such as your IP address, which are necessary for the operation of the web app and the performance of the tests. We also process photo and video recordings of you and your passport, which are used to establish your identity and ensure that the test is carried out correctly. Furthermore, your data will be used for the purpose of preparing studies and statistical evaluations.

The web app also uses cookies. Only technically necessary cookies are used: lead_horizon_testkit_session - The session cookie is used to recognize you during your session and is necessary to ensure the functionality of the application. As soon as you close the web application, the session cookie is automatically deleted.

XSRF-TOKEN - supports a security measure to prevent cross-site request forgery or cross-site scripting. This cookie will also be deleted after your session has ended.

lh_id_set - encrypted storage of your sample number when you retrieve the result.

Your data will be transmitted electronically to an available/assigned laboratory in your region for the purpose of COVID-19 testing. With your consent, you also agree that the laboratory may report the findings back to LEAD Horizon in electronic form. In case of a positive status, the laboratory is legally obliged to report the infection to the relevant health authority.

If you choose the shipping method "Have sample collected", your data will be passed on to the logistics service provider mentioned above, who will process your data on their own responsibility.

As a matter of principle, your data will not be transferred to any other third parties or to countries outside the European Union. Excepted from this is the transfer to contract processors who work exclusively on the instructions of LEAD Horizon, do not use the data for their own purposes and are bound by their own agreements to the data protection obligations of the basic data protection regulation. Further excluded is the transfer to the payment service provider Stripe, see "Payment Service Provider Stripe".

To defend legal claims, your data will be stored for a period of 3 years in the legitimate interest of the person responsible. If you order a certificate, your data concerning the certificate order will be stored for 7 years within the scope of the legal storage obligations.

Consent is voluntary. Please note, however, that deletion, restriction and revocation mean that you can no longer be informed of the result of the test.

Payment service provider PayPal

If you decide to pay with the online payment service PayPal during the ordering process, your contact details will be transmitted to PayPal during the ordering process. PayPal is an offer from Pay Pal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal acts as an online payment service provider as well as a trustee and offers buyer protection services. The personal data transmitted to PayPal is usually first name, surname, address, telephone number, IP address, e-mail address, or other data required to process the order, as well as data related to the order, such as number of items, invoice amount and taxes in percent, billing information and the like. This transmission is necessary to process your order with the payment method you have chosen, in particular to confirm your identity, to administer your payment and the customer relationship.

PayPal will also transfer your data to the USA for further processing. We would like to point out that the USA has a lower level of data protection than the EU and that US companies are obliged to disclose data to courts, law enforcement agencies, supervisory authorities or security agencies.

Personal data may also be passed on by PayPal to service providers, subcontractors or other associated companies, as far as this is necessary to fulfil the contractual obligations arising from your order, or if the personal data is to be processed on behalf of PayPal. Depending on the method of payment selected via PayPal, e.g. invoice or direct debit, the personal data transmitted to PayPal will be transferred by PayPal to credit agencies.

This transmission serves the purpose of checking identity and creditworthiness with regard to the order you have placed. Please refer to PayPal`s privacy policy to find out which credit agencies are involved and which data is generally collected, processed, stored and passed on by PayPal:

You have a right of access to the personal data processed by you, correction and deletion, restriction of processing, as well as a right to data transferability and a right of appeal to the data protection authority. You can also revoke this consent at any time with effect for the future (e.g. by e-mail to

If you have any questions about this processing, the exercise of your rights or questions about data protection at LEAD Horizon, please contact our data protection officer at