Privacy Policy votesup.eu

Please note: the following text is not an official version, but a preliminary translation from the German original for your convenience.

A platform for online voting requires high standards in the handling of personal and confidential data. We have put technical and organisational measures in place to ensure such high standards. This also includes standards in the selection of external service providers and data processors.

Data protection and data security are permanent tasks. We therefore regularly check whether functions of votesUP can be improved. In general, votesUP follows the principle of data economy and data reduction – data that is not collected cannot be lost.

We collect and process personal data only to the extent described in this privacy policy.

Information, correction, deletion or blocking of stored personal data can be requested at any time via our privacy contact privacy@votesup.eu.

 

The data we collect

Every access to votesUP (votesup.eu) is stored in a log file. The following data is recorded in that file:

  • IP address: the server needs the IP address to deliver the requested data to your device. However, the IP address is immediately pseudonymised by our provider and cannot be assigned to a connection at any time.
  • Date and time, page or name of the file accessed, amount of data transferred and message as to whether the access/retrieval was successful: this allows us to monitor the stability of the service.
  • Self-declaration of your browser (type, version, operating system)

The legal basis for this processing is art. 6 (1) lit. f GDPR (legitimate interest of system security).

On top of the web server, the online voting system itself processes some more personal data:

  • User account: your public name or pseudonym, e-mail address and a hash value of the password (not the password itself)
  • Votings: ballots in open votings are linked to a specific user ID, but not in secret votings, in which the ballots are stored independently.
  • Messages: status messages and chats between participants
  • Requests to speak and points of order
  • Date and time of the last user activity
  • When creating an event, your IP address is stored for 48 hours, due to security reasons.
  • Email history: all e-mails sent by the votesUP platform are logged for 14 days.

Organisers can permanently delete all votings and all data of an event. However, the organisers must observe any necessary obligations to provide evidence about the voting results themselves. An automated deletion of the event occurs after 90 days of inactivity (if the organiser's email address is confirmed) or after just 3 days if the organiser has not been verified. Confirmed organisers are automatically informed of an impending deletion by email after 87 days of inactivity, so that they can take data backup measures, if necessary, or reactivate their votesUP event in order to achieve an extension of the data retention.

The legal basis for this processing is art. 6 (1) lit. a and b GDPR (consent of the affected person, obligation by contract).

 

Data processing

We do not operate the underlying server ourselves, but have put the technical maintenance in professional hands. The server is provided by:

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
Tel.: +49 (0)9831 505-0, Fax: +49 (0)9831 505-3, E-Mail: info@hetzner.com

The provider is certified according to ISO 27001 (Information technology – Security techniques – Information security management systems – Requirements). The technical and organisational measures of the provider according to art. 32 GDPR can be retrieved here: www.hetzner.com/AV/TOM.pdf.

The servers are located in Nuremberg/Germany.

 

Disclosure of personal data to third parties

votesUP does not integrate any external services or plugins. The data is therefore only stored and processed on our own server. There is one exception: your email provider naturally also processes the emails sent to you, before you retrieve them.

Data that is logged when using votesUP is only transmitted to third parties if we are obliged to do so by law or by a court decision (for legal or criminal prosecution). Data will not be passed on for any other purpose.

 

Use of cookies

Systems with login functionality require the use of cookies. Otherwise, users would have to re-enter their credentials with every new click. votesUP only sets cookies that are absolutely necessary for the legitimisation of the user session. Therefore, we do not point out to the particular use of cookies.

Cookies related to this website are only created and processed by the primary server.

Most browsers are set to automatically accept cookies. However, the storage of cookies can be deactivated or the browser can be set so that cookies are only stored for the duration of the respective votesUP session.

 

Data protection for minors

Persons under 16 years of age should not submit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and minors. Neither will we collect such data knowingly nor will we pass such data on to third parties.

 

Rights of information, rectification and deletion and right of appeal

The GDPR provides for various rights for data subjects, e.g. information about processed data, correction of incorrectly processed data and deletion of data, insofar as the latter does not conflict with other legal regulations.

All users have the right to revoke consent, which had been granted in accordance with art. 7 (3) GDPR, at any time, with effect for the future, by contacting the contact specified in this privacy policy. The revocation of consent does not affect the lawfulness of any prior processing.

To excercise these rights, all you need to do is contact us as described above.

Note for participants in an event: votesUP is usually only the data processor on behalf of the actual organisers. Accordingly, we will forward deletion and correction requests to the responsible parties. If they do not respond promptly, we will consult with the person concerned and take appropriate steps to make sure their rights are met.

Furthermore, there is a right of appeal to the competent supervisory authority at any time:
Berliner Beauftragte für Datenschutz (BlnBDI), Alt–Moabit 59–61, 10555 Berlin, Deutschland
Telefon: +49 30 13889-0, E-Mail: mailbox@datenschutz-berlin.de, Web: www.datenschutz-berlin.de

 

We reserve the right to adapt this privacy declaration to new circumstances due to further technical development or changes in the legal framework. However, the sensitive handling of confidential data will always be ensured.

Last update: 10 November 2024