Please note: the following text is not an official version, but a preliminary translation from the German original for your convenience.
A platform for online voting requires high standards in the handling of personal and confidential data. We have put technical and organisational measures in place to ensure such high standards. This also includes standards in the selection of external service providers and data processors.
Data protection and data security are permanent tasks. We therefore regularly check whether functions of votesUP can be improved. In general, votesUP follows the principle of data economy and data reduction – data that is not collected cannot be lost.
Information, correction, deletion or blocking of stored personal data can be requested at any time via our privacy contact firstname.lastname@example.org.
The data we collectEvery access to votesUP (votesup.eu) is stored in a log file. The following data is recorded in that file:
- IP address: the server needs the IP address to deliver the requested data to your device. However, the IP address is immediately pseudonymised by our provider and cannot be assigned to a connection at any time.
- Date and time, page or name of the file accessed, amount of data transferred and message as to whether the access/retrieval was successful: this allows us to monitor the stability of the service.
- Self-declaration of your browser (type, version, operating system)
The legal basis for this processing is art. 6 (1) lit. f GDPR (legitimate interest of system security).
On top of the web server, the online voting system itself processes some more personal data:
- User account: your public name or pseudonym, e-mail address and a hash value of the password (not the password itself)
- Votings: ballots in open votings are linked to a specific user ID, but not in secret votings, in which the ballots are stored independently.
- Messages: status messages and chats between participants
- Requests to speak and points of order
- Date and time of the last user activity
- When creating an event, your IP address is stored for 48 hours, due to security reasons.
- Email history: all e-mails sent by the votesUP platform are logged for 14 days.
Organisers can permanently delete all votings and all data of an event. However, the organisers must observe any necessary obligations to provide evidence about the voting results themselves. Automated deletion takes effect after 90 days of inactivity of an event (if the e-mail address of the organiser had been verified) or already three days after creation of the event, in case the organiser has not been verified.
The legal basis for this processing is art. 6 (1) lit. a and c GDPR (consent of the affected person, legal obligation).
We do not operate the underlying server ourselves, but have put the technical maintenance in professional hands. The server is provided by:
Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
Tel.: +49 (0)9831 505-0, Fax: +49 (0)9831 505-3, E-Mail: email@example.com
The provider is certified according to ISO 27001 (Information technology – Security techniques – Information security management systems – Requirements). The technical and organisational measures of the provider according to art. 28 GDPR can be retrieved here: www.hetzner.com/AV/TOM.pdf.
The server is located in Nuremberg/Germany.
Disclosure of personal data to third parties
votesUP does not integrate any external services or plugins. The data is therefore only stored and processed on our own server. There is one exception: your email provider naturally also processes the emails sent to you, before you retrieve them.
Data that is logged when using votesUP is only transmitted to third parties if we are obliged to do so by law or by a court decision (for legal or criminal prosecution). Data will not be passed on for any other purpose.
Cookies related to this website are only created and processed by the primary server.
Most browsers are set to automatically accept cookies. However, the storage of cookies can be deactivated or the browser can be set so that cookies are only stored for the duration of the respective votesUP session.
Data protection for minors
Persons under 16 years of age should not submit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and minors. Neither will we collect such data knowingly nor will we pass such data on to third parties.
Rights of information, rectification and deletion and right of appeal
The GDPR provides for various rights for data subjects, e.g. information about processed data, correction of incorrectly processed data and deletion of data, insofar as the latter does not conflict with other legal regulations.
To excercise these rights, all you need to do is contact us as described above.
Note for participants in an event: votesUP is usually only the data processor on behalf of the actual organisers. Accordingly, we will forward deletion and correction requests to the responsible parties. If they do not respond promptly, we will consult with the person concerned and take appropriate steps to make sure their rights are met.
Furthermore, there is a right of appeal to the competent supervisory authority at any time:
Berliner Beauftragte für Datenschutz, Friedrichstr. 219, 10969 Berlin, Deutschland
Telefon: +49 30 13889-0, E-Mail: firstname.lastname@example.org, Web: www.datenschutz-berlin.de