(1) If the COVIDSafe user or former COVIDSafe user in relation to a communication device, or a parent, guardian or carer of that person, requests the data store administrator to delete any registration data of the person that has been uploaded from the device to the National COVIDSafe Data Store, the data store administrator:
(a) must take all reasonable steps to delete the data from the National COVIDSafe Data Store as soon as practicable; and
(b) if it is not practicable to delete the data immediately--must not use or disclose the data for any purpose.
(2) A request under subsection (1) may only be made by a parent, guardian or carer of the COVIDSafe user if:
(a) the COVIDSafe user is unable to make a request under subsection (1); or
(b) the COVIDSafe user has requested that parent, guardian or carer to act on the COVIDSafe user's behalf.
(3) Subsection (1) does not:
(a) prevent the data store administrator from accessing data for the purpose of, and only to the extent required for the purpose of, confirming that the correct data is being deleted; or
(b) require the data store administrator to delete from the National COVIDSafe Data Store data relating to the person that:
(i) was uploaded from another communication device in relation to which another person is a COVIDSafe user; and
(ii) was collected through the other device interacting with the device mentioned in subsection (1).
(4) This section does not apply to data that is de-identified.