Thank you for the interest you have shown in POLYAS. The protection of your data is important to us and we would like you to feel secure when visiting our websites. It is important that you know what data is collected and how it is used when using our online services. In this privacy statement, we (POLYAS) inform you about the processing of personal data when using our website and our products. For the data protection statement regarding data processing when using our products, please scroll down or click here.
The contact person and person responsible for the processing of your personal data in line with the EU General Data Protection Regulation (GDPR) is POLYAS GmbH, Marie-Calm-Straße 1-5, 34131 Kassel, Deutschland, Telephone number: +49 (0)30 88 06 01 00 0, E-Mail: firstname.lastname@example.org.
If you have any questions about data protection in connection with our products/services or the use of our website, you can contact our data protection officer at any time. Please use the above postal address or the e-mail address email@example.com (keyword: “Att. Data Protection Officer”). We expressly point out that when using this e-mail address, the content is not processed exclusively by our data protection officer. If you wish to exchange confidential information, please first use this e-mail address to request direct contact details.
2. Data processing on our Website
2.1. Accessing our website / access data
Each time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data include:
- The IP-Address of the relevant appliance,
- The date and time the site was accessed,
- The address of the relevant web-page and site,
- Information about the browser and operating system being used to access the website,
- Online-Identifiers (e.g. Device ID, Session-ID).
The processing of access data is necessary to enable our website to be accessed and ensures the long-term functionality and security of our systems. Access data is temporarily stored in internal log files in order to provide statistical information on the usage of our website. The legal basis is Art. 6 (1) (b) GDPR, provided that the page is accessed in the course of initiating or executing a contract, and otherwise Art. 6 (1) (f) GDPR due to our legitimate interest of the long-term functionality and security of our systems.
All information stored in the log files does not allow any direct inference to your person. We store IP addresses in a shortened, anonymised form only.
You have different ways to get in contact with us, including a web-based contact form. In this regard, we only process data with the sole purpose of contacting with you. The legal basis is Art. 6 Para. 1 Sent. 1 lit. b GDPR. The data collected from us during this communication will be automatically deleted after your request has been processed fully, unless we need your request for the fulfilment of contractual or legal obligations.
In individual countries, we work together with distribution partners to whom we, among other things, submit your contact details, so that they can submit a country-specific offer for the use of our products on our behalf. The legal basis for this data processing is Art. 6 Para. 1 Sent. 1 lit. b, f GDPR.
You have the option of registering for our login area so that you can use the full functionality of our website. We have highlighted the data you are required to provide by marking them as compulsory fields. Registration is not possible without this data. If you personally become a contractual partner, the legal basis of the processing is Art. 6 (1) (b) GDPR. If you register on behalf of an organization and the organization becomes a contractual partner, the legal basis of the processing is Art. 6 (1) (f) GDPR.
When you register, you will also receive information about us and our products by e-mail. The legal basis for this data processing is the aforementioned legitimate interest in accordance with article 6 (1) (f) GDPR. You can at any time object to or unsubscribe from these e-mails at no charge. Every mail contains an appropriate unsubscribe link. A message to us would also be sufficient for this.
2.4. Participation in the support community
You have the option to register with our support community, where you can put questions to other users of our products, and find answers for yourself. Registering gives you access to the FAQ and help area. We have highlighted the data you are required to provide by marking them as compulsory fields. Registration is not possible without this data. The legal basis for data processing is Art. 6 (1) (b) GDPR.
2.5. Online course registration
Register for our online course and find out more about the POLYAS online voting system. Your registration data will be used solely for communicating with you and organizing the online course above. The legal basis is Article 6(1)(b) of the GDPR. The data collected by us in the registration form will be automatically deleted after your inquiry has been fully resolved unless a record of your inquiry is needed to meet contractual or legal obligations.
3. Payment service provider
When using our products, one of the payment service providers we use is PayPal. The provider of this payment service is PayPal (Europe) S.à.rl; Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.
If you choose to pay through PayPal, data about you that is required for the payment process will automatically be transmitted to PayPal. This data is usually the following: Name, address, company, e-mail address, telephone number, IP address.
PayPal may transmit this data to credit agencies. The purpose of this transmission is to check your identity and creditworthiness. PayPal may pass on personal data to affiliated companies and service providers or subcontractors to the extent necessary to fulfill its contractual obligations or to process the data on its behalf.
The transmission of your data to PayPal is based on the requirements of Art. 6 Paragraph 1 b) GDPR, since the processing of the data is necessary for payment through PayPal and thus for the fulfillment of the contract.
We process payments with the service provider PAYONE GmbH, Lyoner Str. 9, 60528 Frankfurt am Main, Germany (“PAYONE”). Your payment data will be collected and processed directly by PAYONE and is not saved by us.
Depending on the payment method, the IBAN, card number, check digit and other transaction data (e.g. date/time of transaction, payment amount) are processed during payment. Your data will only be transmitted to PAYONE if this is necessary for payment processing. The legal basis for this is Art. 6 (1) (b) GDPR.
PAYONE may, under certain circumstances, transfer your data to third parties, including credit agencies, for the purpose of checking creditworthiness.
Further information on data processing at PAYONE can be found in PAYONE's data protection information at https://a.storyblok.com/f/64176/x/c90fa8e6ef/payone-information-zu-datenverarbeitung-gemass-art-14-dsgvo-0220-1.pdf and under https://www.payone.com/DE-de/dsgvo.
You have the possibility to subscribe to our newsletter in which we will regularly inform you about the latest news from POLYAS.
For our newsletter subscriptions, we use the so-called Double Opt-In procedure. In this way we will only send you newsletters once you have confirmed your subscription by clicking on the link that is sent to the email address that you have provided. This confirms that you want to subscribe to the newsletter and that you are the owner of the email address. If you choose to confirm your e-mail address, we will save your e-mail address, the time of registration, and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose storing this data is to send you the newsletter and to confirm your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. You may also send a letter (email or by post) to the address listed in the newsletter to unsubscribe. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR.
We use commercially available technologies in our newsletters to measure our subscribers' interactions with our newsletters (e.g. opening the email, clicked links). We use this data in pseudonymised form for general statistical analysis and optimisation as well as for the further development of our content and customer communications. This is done with the help of small graphics which are imbedded in the newsletter (so called Pixels). The collected data is pseudonymised and not linked to your personal data. The Legal basis for this is our aforementioned legitimate interest acc. Art. 6 Para. 1 Sent. 1 lit. f GDPR.
Our newsletter is aimed to share relevant information with our customers and to better understand our readers are interested in. If you do not wish us to analyse the usage behaviour, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program by default. You can unsubscribe from our newsletter at any time, for example at the bottom of every newsletter you will find an "unsubscribe" link. Alternatively, you can contact us via the aforementioned contacted details.
We use certain tools to provide the basic functions of our website (“necessary tools”). Without these tools, we would be unable to provide our service. For this reason we use the necessary tools without direct consent on the basis of our legitimate interests in accordance with Art. 6 (1) (f) GDPR or to fulfill a contract or to carry out pre-contractual measures in accordance with Art. 6 (1) (b) GDPR.
We use our own cookies, in particular for login authentication and to identify your session on our web server. Our aim is to allow you to use our website more conveniently and individually. These services are based on our legitimate interests in helping you to use our website more conveniently and individually, and to save your time. The legal basis for this is Art. 6 (1) (f) GDPR.
5.2. Third-party cookies for functional purposes
We use tools to improve the user experience on our website and to offer you more functions (“functional tools”). Although these are not absolutely necessary for the basic functioning of the website, they can provide users with considerable advantages, in particular with regard to user-friendliness and the provision of additional communication or presentation channels. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR. To withdraw your consent, see section 11: “Right of withdrawal and objection”. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 8 (“Data transfer to third countries”).
5.2.1. Google Fonts
Our website uses the Google Fonts service, which is provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC 1600 Amphitheater Parkway Mountain View, CA 94043 , USA (collectively “Google”).
When you access a page, your browser loads the required fonts to display texts correctly and in an attractive manner. For this purpose, your browser must connect to the Google servers. This tells Google that our website was accessed from your IP address. According to Google, these invocations run separately from other Google services that require user authentication. There is no merging with other data. No cookies are saved.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Google Fonts provides a uniform and appealing presentation of our online presence through the maintenance-free and efficient use of fonts, which also accounts for any licensing restrictions for local integrations.
The server to which a connection is established may be located in the USA. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 8 (“Data transfer to third countries”). We have a data processing agreement with Google as well as standard contractual clauses in the event that personal data is transferred to the USA or other third countries.
5.2.2. Google Custom Search
Our website uses the Google Custom Search service, which is provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC 1600 Amphitheater Parkway Mountain View, CA 94043 , USA (collectively “Google”). The tool enables a full text search for the content of our website. When you use the search function, the search terms and other data, such as your IP address, are transmitted to Google. The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. The server to which a connection is established may be located in the USA. In this respect, reference is made to the above.
5.3. Cookies for statistical and analytical purposes
In order to improve our website, we use tools for statistical recording and analysis of general usage behavior based on access data (“analysis tools”). We also use analysis services to evaluate the use of our various marketing channels.
Unless otherwise stated, the legal basis for the analysis tools is your consent in accordance with Art. 6 (1) (a) GDPR. To withdraw your consent, see section 11: “Right of withdrawal and objection”. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 8 (“Data transfer to third countries”).
5.3.1. Google Analytics
Our website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). According to Google, the contact for all data protection issues is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We operate the following data protection settings for Google Analytics:
- IP anonymization (shortening of the IP address before analysis so that your identity cannot be inferred)
- Automatic deletion of old logs / limitation of storage time
- Personalized ads disabled
- Measurement protocol disabled
- Data sharing with other Google products and services disabled
The following data are processed by Google Analytics, among others:
- anonymized IP address;
- referrer URL (previously visited page);
- pages accessed (date, time, URL, title, length of stay);
- downloaded files;
- clicked links to other websites;
- successful conversions, if applicable;
- Technical information: Operating system; browser type, version and language; device type, brand, model and resolution;
- Approximate location (country and possibly city, based on anonymous IP address).
Google Analytics sets the following cookies for the specified purpose with the respective storage period:
- "_ga" for 2 years and "_gid" for 24 hours (both to identify and differentiate between website visitors by means of a user ID);
- "_gat" for 1 minute (to minimize requests to the Google server);
- “IDE” for 13 months (third-party cookie to recognize and distinguish website visitors by means of a user ID, to record interaction with advertising and in the context of displaying personalized advertising).
For the use of Google Analytics we have a data processing agreement as well as standard contractual clauses in the event that personal data is transferred to the USA or other third countries.
5.3.2. Visual Website Optimizer (VWO)
Our website uses Visual Website Optimizer (“VWO”), a web analysis service from Wingify, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India (“Wingify”).
For the use of VWO we have a data processing agreement with Wingify as well as standard contractual clauses in the event that personal data is transferred to India or other third countries. Further information on data protection can be found here: https://vwo.com/terms-conditions/ and here: https://vwo.com/privacy-policy/
Our website uses tools from Pendo.io, Inc., 150 Fayetteville St., Raleigh, NC 27601, USA (“Pendo”) to collect feedback from our users, determine which product areas and functions are used the most, and to analyze how customers use our application. It helps us to identify ways to improve the user experience, direct users to relevant features, and customize our products.
Pendo Feedback helps us to ask our users for and analyze their feedback.
Pendo Insights allows us to statistically evaluate how users work with our voting configurator. For this purpose, user behavior (e.g. clicks and interactions with the configurator) is evaluated in order to understand how our product is used and can be improved. Usage is aggregated and analyzed as anonymous statistics that do not allow any inferences about the individual user.
We also use Pendo Guidance to integrate tooltips into the voting configurator, which aim to simplify user interactions.
Pendo uses a unique identifier for each user to collect feedback, evaluate site usage, and display tooltips. When using Pendo, POLYAS only uses user Ids that are hashed. This means that Pendo can recognize users without knowing the plain-text user ID.
Information on the cookies used by Pendo is available here: https://support.pendo.io/hc/en-us/articles/360041032971-Agent-Cookies. Personal data is stored for a maximum of three years.
We have a data processing agreement with Pendo as well as standard contractual clauses in the event that personal data is transferred to third countries such as the USA.
More information about Pendo is available here: https://www.pendo.io/legal/privacy-policy/
Our website uses tools from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark to better track usage patterns on our website. The tools record mouse movements, track where people click most frequently on the website, and track website visitor movements across different subpages. This knowledge helps us to design the website for ease of use and so that relevant information is easily found.
For this purpose the following data is used: A unique identifier that provides information on whether a visitor is a first-time visitor, click path, content viewed, abbreviated IP address and (if possible) location, mouse movements including scrolling activities, operating system and browser used, pages visited, usage data, length of stay on a page, device type, and language settings.
Mouseflow uses two cookies. One recognizes whether you have visited the site previously (mf_user) and another is only saved during your visit (a session cookie). The session cookie is deleted after your visit or at the latest when you close your browser. The mf_user cookie has a storage period of three months.
The legal basis for this is your consent according to Art. 6 (1) (a) GDPR, which you submit via the cookie banner. You can withdraw your consent at any time (see below). In addition, Mouseflow offers the possibility to declare an opt-out for the tracking of this company on all websites: https://mouseflow.com/opt-out/
You can find more information about the provider here: https://mouseflow.com/gdpr/
5.4. Cookies for marketing purposes
We also use tools for advertising purposes (“Marketing Tools”). Some of the access data generated when using our website is used for interest-related advertising. By analyzing and evaluating this access data, we are able to present you with personalized advertising, i.e. advertising that meets your actual interests and needs, on our website and on the websites of other providers.
The legal basis for the marketing tools is your consent in accordance with Art. 6 (1) (a) GDPR. To withdraw your consent, see section 11 “Right of withdrawal and objection”. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 8 (“Data transfer to third countries”).
In the following section we would like to explain these technologies and the providers used for them in more detail. The data collected can include in particular:
- the IP address of the device;
- the identification number of a cookie;
- the device ID of mobile devices;
- referrer URL (previously visited page);
- pages accessed (date, time, URL, title, length of stay);
- downloaded files;
- clicked links to other websites;
- successful conversions, if applicable;
- Technical information: Operating system; browser type, version and language; device type, brand, model and resolution;
- approximate location (country and possibly city).
However, the data collected is only stored under a pseudonym, so that the person’s identity cannot be inferred.
5.4.1. Microsoft Advertising (formerly Bing Ads)
For the use of Microsoft Advertising we have a data processing agreement as well as standard contractual clauses in the event that personal data is transferred to the USA or other third countries.
You can also prevent the collection of data generated by the cookies and relating to your use of the website by Microsoft, as well as the processing of this data by Microsoft, by deactivating the personalized ads at Microsoft Advertising or in the settings for ads.
Further information on this is available in Microsoft’s privacy statement at: https://privacy.microsoft.com/en-us/privacystatement.
5.5. External media
5.5.1. Social plugins and the Shariff protection tool
Our website uses so-called "social plugins". We currently use integrated buttons from namely Facebook, Twitter, Xing and LinkedIn. We do not collect personal data through the use of these "Social Plugins”. In order to prevent information being transmitted without your knowledge, in particular to the USA, we use “Shariff”. This ensures that when you visit our website, no personal data is forwarded to the providers of these Social Plugins. In line with our obligations to inform you under Article 13 of the GDPR, we would like you to know that data can only be transmitted to the service provider and stored there once you click on any of the social plugins.
Unless otherwise stated, the legal basis for this is your consent according to Art. 6 (1) (a) GDPR, which you submit via the cookie banner. To withdraw your consent, see section 11: “Right of withdrawal and objection”. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 6 (“Data transfer to third countries”).
For data protection reasons, no personal data is initially passed on to the social network when you visit our website. The plug-in is only activated after you have given your consent, so allowing your browser to contact the social network directly. The solution we use for this is named Shariff.
In addition to revoking your consent, you as a Facebook member also have the option under advertising preferences to deactivate advertising based on social interactions. Further information on this is available in Facebook’s data policy statement at: https://www.facebook.com/about/privacy/.
5.5.2. Embedded Vimeo videos
We embed the video player services of Vimeo, Inc., 555 West 18th Street (New York), New York 10011 (www.vimeo.com) on our websites and applications. The videos are embedded as iFrames on our pages. When you follow the links to these pages, a connection between your browser (on your device) and the servers of Vimeo is established. In this process, such data as your IP address from the device you used when visiting the page (and some of your activities) may be processed under certain circumstances. By clicking on the video and interacting with the video player service, further information about you may be processed by Vimeo, e.g. to evaluate your viewed videos or your interests.
Vimeo uses so-called web tracking methods on its own pages and within the video player service. These take place regardless of whether you are logged in or registered with Vimeo. Unfortunately, we cannot influence the web tracking methods of Vimeo and its affiliated services.
Please be aware of this: It cannot be ruled out that Vimeo uses your profile data to evaluate your approximate location, interests, videos viewed, etc. We have no influence on the processing of your data by Vimeo and the integrated services.
5.5.3. Embedded YouTube videos
We embed the video player services of YouTube (Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland). Clicking on the videos results in the content from YouTube being reloaded. In this context, YouTube also receives your IP address, which is technically required to retrieve the content. We also have no influence on the further processing by YouTube. However, when embedding the videos, we made sure to activate the extended data protection mode offered by YouTube.
6. Online presence in the social network Facebook (fan page)
We operate a fan page on social network Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook"), in joint responsibility, to communicate with interested parties and followers, among others, and to inform and talk about our products and services.
At the same time, Facebook may provide us with statistics on the use of our Fanpage by fanpage users, such as information about interactions, likes, comments or aggregated information and statistics (such as age or origin of our followers) that help us learn about interactions with our site. For more information on the nature and scope of these statistics, see the Facebook Site Stats Tips, and for respective responsibilities see the Facebook Page Insights Supplement. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR and Art. 6 para. 1 sentence 1 lit. f GDPR based on our aforementioned legitimate interest.
7. Transferral of Data
Data collected by us is only transferred if:
- you have given your express consent for us to do so according to Art. 6 Para. 1 Sent. 1 lit. a GDPR,
- according to Art. 6 Para. 1 Sent. 1 lit. f GDPR the data is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in refraining from passing on your data,
- we are legally required to transfer data according to Art. 6 Para. 1 Sent. 1 lit. c GDPR or
- this is legally permissible and according to Art. 6 Para. 1 Sent. 1 lit. b GDPR is required for the execution of contractual relationships with you or for the execution of pre-contractual measures, which are carried out at your request.
Furthermore, your data may be disclosed in connection with government inquiries, court orders and legal proceedings if your data is required for prosecution or law-enforcement.
8. Data transfer to third countries
As explained in this data protection statement, we use services whose providers may be located in so-called third countries (outside the European Union or the European Economic Area) or who process personal data there, i.e. countries whose data protection level does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision for these countries (Art. 45 GDPR), we have taken the necessary precautions to ensure an appropriate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.
Where this is not possible, we base the data transfer on exceptions of Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.
If a third country transfer is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) can gain access to the transmitted data in order to record and analyze them, and that the enforceability of your data subject rights cannot be guaranteed. If you grant your consent via the cookie banner, you will also be informed of this.
9. Storage Period
Typically, we only store personal data as long as necessary to fulfil the contractual or legal obligations to which we have collected the data. Thereafter, we delete the data immediately, unless we need the data until the expiration of the statutory limitation period for evidence for civil claims or for statutory storage requirements.
For evidence, we must retain contract information for three years from the end of the year in which the business relationship ends with you. At the earliest, any claims are barred after this legal limitation period has ended.
We sometimes have to save your data for accounting reasons. We are obliged to do so because of legal documentation obligations, which may arise from the German Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The deadlines for storing documents are two to ten years.
10. Your Rights
You have the right to request information about how we process your personal data at any time. As part of the provision of information, we will explain the data processing and provide you with an overview of the data stored about you.
If data stored on us should be incorrect or out of date, you have the right to have this information corrected.
You may also request your data to be deleted. If your data is prevented from being deleted due to legal provisions in exceptional cases, the data will be blocked, so that they are only available for these legal purposes.
You can also limit the processing of your data, such as: for example, if you believe that the information we hold is incorrect. You also have the right to have your data transferred, meaning that we will send you a digital copy of the your submitted personal data.
In addition, you have the right to object to data processing, which is based on Art. 6 Para. 1 Section. e & f GDPR. You have the right to complain to our Data Protection Authority. You can assert this right with a supervisory authority in the Member State in your place of residence, your place of work, or the place of the alleged breach. In Berlin, the responsible supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße. 219, 10969 Berlin.
11. Withdrawal and withdrawal of consent
In line with Art. 7 Para. 2 GDPR, you have the right to revoke the consent you have given us at any time. As a result, we will not continue to process your data. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent up until the withdrawal.
Your inquiries about the assertion of data protection rights and our answers to them will be stored for documentation purposes for a period of up to three years and for longer in individual cases of the assertion, exercise or defense of legal claims. The legal basis is Art. 6 (1) (f) GDPR, based on our interest in defending against any civil law claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability under Art. 5 (2) GDPR.
If you would like to exercise your right to withdraw or object, it is sufficient to send an informal message to the aforementioned contact details.
12. Data Security
We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against dangers during data transfers as well as from unwanted third parties. These are adjusted according to current technologies. We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against dangers during data transfers as well as prior knowledge of third parties. These are adjusted according to the current state of technology. To maintain the confidentiality and integrity of the information you provide on our website, this information is transmitted via https and Transport Layer Security (TLS).
1. Officer and contact person
We provide our service to you as a processor as contracted by the client to implement the election (election organizer) within the meaning of Art. 28 (1) GDPR. This means that the election organizer is responsible for the personal data processed during the implementation of the election within the meaning of the GDPR. The election organizer should use their own data protection information to inform you of their contact details and those of the data protection officer and how the data processed during the election is handled.
However, you can still contact us or our data protection officer with regard to any questions about the use of data within the scope of the election. Our contact details are available here hier. If necessary, we will forward your inquiries to the election organizer.
2. Participation in elections
When you take part in an election, certain election data is collected. The only data to be collected is that which is necessary for you to take part in the election. These are
- Identification data (e.g. your PIN and TAN),
- the indication that you have voted (i.e. marked in the electoral roll),
- and, separate from that, what or who you voted for (your ballot paper). Your ballot paper cannot be linked to the other data.
Your identification data and the information that you have voted are solely used to secure your one-time vote.
After you log in to the voting system, the POLYAS server needs to save a cookie on your computer. This session cookie contains no personal data and is not used by us in any way other than to facilitate your voting. In this way we can ensure that you can vote online with any operating system and browser. As soon as you close your browser after voting, the cookie is deleted automatically.
Of course the election itself is secret, i.e. it is impossible for the election organizer or for us to match your ballot paper and your other data at any time. The secret ballot papers are stored in encrypted form and are used solely to determine the election result.
After the election, the election organizer can request a list of who took part in the election. At no time does the election organizer have any way to find out about the voting behavior of individual voters.
The legal basis for this processing is Art. 6 (1) (b) GDPR.
State: July, 2022
Changes to the data protection statement
We occasionally update this data protection statement, for example if we update our website or if there is a change to the legal or official requirements.