Home Data Privacy Policy

Data Privacy Policy

Data privacy policy about the processing of personal data on our website

Thank you for the interest you have shown in POLYAS. The protection of your data is important to us and we would like you to feel secure when visiting our websites. It is important that you know what data is collected and how it is used when using our online services. In this privacy statement, we (POLYAS) inform you about the processing of personal data when using our website and our products.  For the data protection statement regarding data processing when using our products, please scroll down or click here.

1. Contact Person

The contact person and person responsible for the processing of your personal data in line with the EU General Data Protection Regulation (GDPR) is POLYAS GmbH, Marie-Calm-Straße 1-5, 34131 Kassel, Deutschland, Telephone number: +49 (0)30 88 06 01 00 0, E-Mail: info@polyas.de.

If you have any questions about data protection in connection with our products/services or the use of our website, you can contact our data protection officer at any time. Please use the above postal address or the e-mail address datenschutz@polyas.de (keyword: “Att. Data Protection Officer”). We expressly point out that when using this e-mail address, the content is not processed exclusively by our data protection officer. If you wish to exchange confidential information, please first use this e-mail address to request direct contact details.

2. Data processing on our Website

2.1. Accessing our website / access data

Each time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data include:

  • The IP-Address of the relevant appliance,
  • The date and time the site was accessed,
  • The address of the relevant web-page and site,
  • Information about the browser and operating system being used to access the website,
  • Online-Identifiers (e.g. Device ID, Session-ID).

The processing of access data is necessary to enable our website to be accessed and ensures the long-term functionality and security of our systems. Access data is temporarily stored in internal log files in order to provide statistical information on the usage of our website. The legal basis is Art. 6 (1) (b) GDPR, provided that the page is accessed in the course of initiating or executing a contract, and otherwise Art. 6 (1) (f) GDPR due to our legitimate interest of the long-term functionality and security of our systems.

All information stored in the log files does not allow any direct inference to your person. We store IP addresses in a shortened, anonymised form only.

2.2. Contact

You have different ways to get in contact with us, including a web-based contact form. In this regard, we only process data with the sole purpose of contacting with you. The legal basis is Art. 6 Para. 1 Sent. 1 lit. b GDPR. The data collected from us during this communication will be automatically deleted after your request has been processed fully, unless we need your request for the fulfilment of contractual or legal obligations.

In individual countries, we work together with distribution partners to whom we, among other things, submit your contact details, so that they can submit a country-specific offer for the use of our products on our behalf. The legal basis for this data processing is Art. 6 Para. 1 Sent. 1 lit. b, f GDPR.

2.3. Registration

You have the option of registering for our login area so that you can use the full functionality of our website. We have highlighted the data you are required to provide by marking them as compulsory fields. Registration is not possible without this data. The legal basis for data processing is Art. 6 (1) (b) GDPR.

When you register, you will also receive information about us and our products by e-mail. The legal basis for this data processing is the aforementioned legitimate interest in accordance with article 6 (1) (f) GDPR. You can at any time object to or unsubscribe from these e-mails at no charge. Every mail contains an appropriate unsubscribe link. A message to us would also be sufficient for this.

2.4. Participation in the support community
You have the option to register with our support community, where you can put questions to other users of our products, and find answers for yourself. Registering gives you access to the FAQ and help area. We have highlighted the data you are required to provide by marking them as compulsory fields. Registration is not possible without this data. The legal basis for data processing is Art. 6 (1) (b) GDPR.
The support community is managed with Vanilla Forums operated by Vanilla Forums Inc., 2045 Stanley, Suite 1000, Montreal, QC H3A 2V4, Canada. If you register or write posts, your data will be recorded and processed by Vanilla Forums. This data includes your first and last name, e-mail address and other information, if provided. For further information on Vanilla Forums, see https://vanillaforums.com/en/legal/website-terms-of-use/ and the privacy policy https://vanillaforums.com/en/legal/privacy-policy/. Insofar as personal data is transmitted to Canada, the European Commission has issued an adequacy decision in accordance with Art. 45 (3) GDPR.

2.5. Online course registration

Register for our online course and find out more about the POLYAS online voting system. Your registration data will be used solely for communicating with you and organizing the online course above. The legal basis is Article 6(1)(b) of the GDPR. The data collected by us in the registration form will be automatically deleted after your inquiry has been fully resolved unless a record of your inquiry is needed to meet contractual or legal obligations.

3. Payment service provider

3.1 PayPal

When using our products, one of the payment service providers we use is PayPal. The provider of this payment service is PayPal (Europe) S.à.rl; Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.

If you choose to pay through PayPal, data about you that is required for the payment process will automatically be transmitted to PayPal. This data is usually the following: Name, address, company, e-mail address, telephone number, IP address.

PayPal may transmit this data to credit agencies. The purpose of this transmission is to check your identity and creditworthiness. PayPal may pass on personal data to affiliated companies and service providers or subcontractors to the extent necessary to fulfill its contractual obligations or to process the data on its behalf.

The transmission of your data to PayPal is based on the requirements of Art. 6 Paragraph 1 b) GDPR, since the processing of the data is necessary for payment through PayPal and thus for the fulfillment of the contract.

You can read PayPal's privacy policy under https://www.paypal.com/eu/webapps/mpp/ua/privacy-full.

3.2 PAYONE

We process payments with the service provider PAYONE GmbH, Lyoner Str. 9, 60528 Frankfurt am Main, Germany (“PAYONE”). Your payment data will be collected and processed directly by PAYONE and is not saved by us.

Depending on the payment method, the IBAN, card number, check digit and other transaction data (e.g. date/time of transaction, payment amount) are processed during payment. Your data will only be transmitted to PAYONE if this is necessary for payment processing. The legal basis for this is Art. 6 (1) (b) GDPR.

PAYONE may, under certain circumstances, transfer your data to third parties, including credit agencies, for the purpose of checking creditworthiness.

Further information on data processing at PAYONE can be found in PAYONE's data protection information at https://a.storyblok.com/f/64176/x/c90fa8e6ef/payone-information-zu-datenverarbeitung-gemass-art-14-dsgvo-0220-1.pdf and under https://www.payone.com/DE-de/dsgvo.

4. Newsletter

You have the possibility to subscribe to our newsletter in which we will regularly inform you about the latest news from POLYAS.

For our newsletter subscriptions, we use the so-called Double Opt-In procedure. In this way we will only send you newsletters once you have confirmed your subscription by clicking on the link that is sent to the email address that you have provided. This confirms that you want to subscribe to the newsletter and that you are the owner of the email address. If you choose to confirm your e-mail address, we will save your e-mail address, the time of registration, and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose storing this data is to send you the newsletter and to confirm your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. You may also send a letter (email or by post) to the address listed in the newsletter to unsubscribe. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR.

We use commercially available technologies in our newsletters to measure our subscribers' interactions with our newsletters (e.g. opening the email, clicked links). We use this data in pseudonymised form for general statistical analysis and optimisation as well as for the further development of our content and customer communications. This is done with the help of small graphics which are imbedded in the newsletter (so called Pixels). The collected data is pseudonymised and not linked to your personal data. The Legal basis for this is our aforementioned legitimate interest acc. Art. 6 Para. 1 Sent. 1 lit. f GDPR.

Our newsletter is aimed to share relevant information with our customers and to better understand our readers are interested in. If you do not wish us to analyse the usage behaviour, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program by default. You can unsubscribe from our newsletter at any time, for example at the bottom of every newsletter you will find an "unsubscribe" link. Alternatively, you can contact us via the aforementioned contacted details. 

5. Job applications

You can apply to us at any time. We collect applicant data for the possibilities of future employment. The following data is collected to process your application: first name, last name, E-mail address, application documents (Cover letter, CV, references etc.), the earliest starting date and salary expectations. The legal basis for the processing of your application documents is Art Para. 1 Sent. 1 lit. b and Art. 88 Para. 1 GDPR, in conjunction with § 26 Para. 1 Sent. 1 BDSG.

6. Cookies

This website uses cookies and comparable technologies (collectively “tools”) that are offered either by us or by third parties. A cookie is a small text file stored on your device by your browser. Cookies are not used to run programs or load viruses onto your computer. The main purpose of our cookies is offer you a service that meets your needs and saves your time.

6.1. Use of Cookies

We use certain tools to provide the basic functions of our website (“necessary tools”). Without these tools, we would be unable to provide our service. For this reason we use the necessary tools without direct consent on the basis of our legitimate interests in accordance with Art. 6 (1) (f) GDPR or to fulfill a contract or to carry out pre-contractual measures in accordance with Art. 6 (1) (b) GDPR.

We use our own cookies, in particular for login authentication and to identify your session on our web server. Our aim is to allow you to use our website more conveniently and individually. These services are based on our legitimate interests in helping you to use our website more conveniently and individually, and to save your time. The legal basis for this is Art. 6 (1) (f) GDPR.

6.2. Third-party cookies for functional purposes

We use tools to improve the user experience on our website and to offer you more functions (“functional tools”). Although these are not absolutely necessary for the basic functioning of the website, they can provide users with considerable advantages, in particular with regard to user-friendliness and the provision of additional communication or presentation channels. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR. To withdraw your consent, see section 11: “Right of withdrawal and objection”. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 8 (“Data transfer to third countries”).

6.2.1. Google Fonts

Our website uses the Google Fonts service, which is provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC 1600 Amphitheater Parkway Mountain View, CA 94043 , USA (collectively “Google”).

When you access a page, your browser loads the required fonts to display texts correctly and in an attractive manner. For this purpose, your browser must connect to the Google servers. This tells Google that our website was accessed from your IP address. According to Google, these invocations run separately from other Google services that require user authentication. There is no merging with other data. No cookies are saved.

The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. Google Fonts provides a uniform and appealing presentation of our online presence through the maintenance-free and efficient use of fonts, which also accounts for any licensing restrictions for local integrations.

The server to which a connection is established may be located in the USA. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 8 (“Data transfer to third countries”). We have a data processing agreement with Google as well as standard contractual clauses in the event that personal data is transferred to the USA or other third countries.

Further information about Google Fonts is available at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/

6.2.2. Google Custom Search

Our website uses the Google Custom Search service, which is provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC 1600 Amphitheater Parkway Mountain View, CA 94043 , USA (collectively “Google”). The tool enables a full text search for the content of our website. When you use the search function, the search terms and other data, such as your IP address, are transmitted to Google. The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. The server to which a connection is established may be located in the USA. In this respect, reference is made to the above.

6.3. Cookies for analysis purposes

In order to improve our website, we use tools for statistical recording and analysis of general usage behavior based on access data (“analysis tools”). We also use analysis services to evaluate the use of our various marketing channels.

Unless otherwise stated, the legal basis for the analysis tools is your consent in accordance with Art. 6 (1) (a) GDPR. To withdraw your consent, see section 11: “Right of withdrawal and objection”. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 8 (“Data transfer to third countries”).

6.3.1. Google Analytics

Our website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). According to Google, the contact for all data protection issues is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies and similar technologies to analyze and improve our website based on your user behavior. Google will process the information obtained in order to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and Internet usage. The data arising in this context may be transmitted by Google to a server in the USA for analysis and stored there. In this respect, reference is made to the above.

We operate the following data protection settings for Google Analytics:

  • IP anonymization (shortening of the IP address before analysis so that your identity cannot be inferred)
  •  Automatic deletion of old logs / limitation of storage time
  • Personalized ads disabled
  • Measurement protocol disabled
  • Data sharing with other Google products and services disabled

The following data are processed by Google Analytics, among others:

  • anonymized IP address;
  • referrer URL (previously visited page);
  • pages accessed (date, time, URL, title, length of stay);
  •  downloaded files; 
  • clicked links to other websites;
  •  successful conversions, if applicable;
  • Technical information: Operating system; browser type, version and language; device type, brand, model and resolution;
  • Approximate location (country and possibly city, based on anonymous IP address).

Google Analytics sets the following cookies for the specified purpose with the respective storage period:

  • "_ga" for 2 years and "_gid" for 24 hours (both to identify and differentiate between website visitors by means of a user ID);
  • "_gat" for 1 minute (to minimize requests to the Google server);
  • “IDE” for 13 months (third-party cookie to recognize and distinguish website visitors by means of a user ID, to record interaction with advertising and in the context of displaying personalized advertising).

For the use of Google Analytics we have a data processing agreement as well as standard contractual clauses in the event that personal data is transferred to the USA or other third countries.

6.3.2. Visual Website Optimizer (VWO)

Our website uses Visual Website Optimizer (“VWO”), a web analysis service from Wingify, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India (“Wingify”).

Wingify uses cookies that make it possible to analyze the use of our website. These cookies generate information about usage behavior on this website and save your anonymized IP address. The data is then transferred to Wingify's servers in India and stored there. Wingify use this information on our behalf to analyze how you use the website and, based on this, to improve our website. If the cookies do not expire at the end of the session, they are available for a maximum of 100 days (further information can be found here: https://vwo.com/knowledge/cookies-used-by-vwo/).

For the use of VWO we have a data processing agreement with Wingify as well as standard contractual clauses in the event that personal data is transferred to India or other third countries. Further information on data protection can be found here: https://vwo.com/terms-conditions/ and here: https://vwo.com/privacy-policy/

6.4. Cookies for marketing purposes

We also use tools for advertising purposes (“Marketing Tools”). Some of the access data generated when using our website is used for interest-related advertising. By analyzing and evaluating this access data, we are able to present you with personalized advertising, i.e. advertising that meets your actual interests and needs, on our website and on the websites of other providers.

The legal basis for the marketing tools is your consent in accordance with Art. 6 (1) (a) GDPR. To withdraw your consent, see section 11 “Right of withdrawal and objection”. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 8 (“Data transfer to third countries”).

In the following section we would like to explain these technologies and the providers used for them in more detail. The data collected can include in particular:

  • the IP address of the device;
  • the identification number of a cookie;
  • the device ID of mobile devices;
  • referrer URL (previously visited page);
  • pages accessed (date, time, URL, title, length of stay);
  • downloaded files;
  • clicked links to other websites;
  • successful conversions, if applicable;
  • Technical information: Operating system; browser type, version and language; device type, brand, model and resolution;
  • approximate location (country and possibly city).

However, the data collected is only stored under a pseudonym, so that the person’s identity cannot be inferred.

6.4.1. Microsoft Advertising (formerly Bing Ads)

Our website uses Microsoft Advertising, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft uses cookies and similar technologies to present advertisements that are relevant to you.

For the use of Microsoft Advertising we have a data processing agreement as well as standard contractual clauses in the event that personal data is transferred to the USA or other third countries.

You can also prevent the collection of data generated by the cookies and relating to your use of the website by Microsoft, as well as the processing of this data by Microsoft, by deactivating the personalized ads at Microsoft Advertising or in the settings for ads.

Further information on this is available in Microsoft’s privacy statement at: https://privacy.microsoft.com/en-us/privacystatement.

6.5. Social Media Plugins

6.5.1. Social plugins and the Shariff protection tool

​Our website uses so-called "social plugins". We currently use integrated buttons from namely Facebook, Twitter, Xing and LinkedIn. We do not collect personal data through the use of these "Social Plugins”. In order to prevent information being transmitted without your knowledge, in particular to the USA, we use “Shariff”. This ensures that when you visit our website, no personal data is forwarded to the providers of these Social Plugins. In line with our obligations to inform you under Article 13 of the GDPR, we would like you to know that data can only be transmitted to the service provider and stored there once you click on any of the social plugins.

Unless otherwise stated, the legal basis for this is your consent according to Art. 6 (1) (a) GDPR, which you submit via the cookie banner. To withdraw your consent, see section 11: “Right of withdrawal and objection”. In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 (1) (a) GDPR). The associated risks can be found in section 6 (“Data transfer to third countries”).

For data protection reasons, no personal data is initially passed on to the social network when you visit our website. The plug-in is only activated after you have given your consent, so allowing your browser to contact the social network directly. The solution we use for this is named Shariff.

In addition to revoking your consent, you as a Facebook member also have the option under advertising preferences to deactivate advertising based on social interactions. Further information on this is available in Facebook’s data policy statement at: https://www.facebook.com/about/privacy/.

7. Online presence in the social network Facebook (fan page)

We operate a fan page on social network Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook"), in joint responsibility, to communicate with interested parties and followers, among others, and to inform and talk about our products and services.

At the same time, Facebook may provide us with statistics on the use of our Fanpage by fanpage users, such as information about interactions, likes, comments or aggregated information and statistics (such as age or origin of our followers) that help us learn about interactions with our site. For more information on the nature and scope of these statistics, see the Facebook Site Stats Tips, and for respective responsibilities see the Facebook Page Insights Supplement. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR and Art. 6 para. 1 sentence 1 lit. f GDPR based on our aforementioned legitimate interest.

We do not have any influence on data processed by Facebook under its own responsibility in accordance with the terms of use of Facebook. We point out that when visiting the fan page, data from your usage behavior of Facebook and the fan page are transferred to Facebook. Facebook itself processes the aforementioned information in order to produce more detailed statistics and for its own market research and advertising purposes, over which we have no influence. Further information can be found in the privacy policy of Facebook. In the event that personal information is transferred to the US, Facebook is subject to the EU-US Privacy Shield.

As far as we have personal data from you when operating the fan page, users are entitled to the rights stated in this privacy policy. If users also want to assert rights to Facebook, you can contact Facebook directly; Facebook knows the details of the technical operation of the fan page and the associated data processing as well as the specific purpose of data processing and can implement appropriate measures if you exercise your rights. We are happy to assist you in asserting your rights as far as we can and forward your requests to Facebook.

8. Transferral of Data

Data collected by us is only transferred if:

  • you have given your express consent for us to do so according to Art. 6 Para. 1 Sent. 1 lit. a GDPR,
  • according to Art. 6 Para. 1 Sent. 1 lit. f GDPR the data is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in refraining from passing on your data,
  • we are legally required to transfer data according to Art. 6 Para. 1 Sent. 1 lit. c GDPR or
  • this is legally permissible and according to Art. 6 Para. 1 Sent. 1 lit. b GDPR is required for the execution of contractual relationships with you or for the execution of pre-contractual measures, which are carried out at your request.

Some of the data processing may be carried by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, but is not limited to, data centres that maintain our website and databases, IT service providers who maintain our systems, and consultants, distributors, and shipping service providers. If we pass on data to our service providers, they may only use the data to fulfil their tasks. Our service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organizational measures to protect the rights of the persons concerned and are regularly monitored by us.

Furthermore, your data may be disclosed in connection with government inquiries, court orders and legal proceedings if your data is required for prosecution or law-enforcement.

9. Data transfer to third countries

As explained in this data protection statement, we use services whose providers may be located in so-called third countries (outside the European Union or the European Economic Area) or who process personal data there, i.e. countries whose data protection level does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision for these countries (Art. 45 GDPR), we have taken the necessary precautions to ensure an appropriate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the data transfer on exceptions of Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

If a third country transfer is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) can gain access to the transmitted data in order to record and analyze them, and that the enforceability of your data subject rights cannot be guaranteed. If you grant your consent via the cookie banner, you will also be informed of this.

10. Storage Period

Typically, we only store personal data as long as necessary to fulfil the contractual or legal obligations to which we have collected the data. Thereafter, we delete the data immediately, unless we need the data until the expiration of the statutory limitation period for evidence for civil claims or for statutory storage requirements.

For evidence, we must retain contract information for three years from the end of the year in which the business relationship ends with you. At the earliest, any claims are barred after this legal limitation period has ended.

We sometimes have to save your data for accounting reasons. We are obliged to do so because of legal documentation obligations, which may arise from the German Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The deadlines for storing documents are two to ten years.

11. Your Rights

You have the right to request information about how we process your personal data at any time. As part of the provision of information, we will explain the data processing and provide you with an overview of the data stored about you.

If data stored on us should be incorrect or out of date, you have the right to have this information corrected.

You may also request your data to be deleted. If your data is prevented from being deleted due to legal provisions in exceptional cases, the data will be blocked, so that they are only available for these legal purposes.

You can also limit the processing of your data, such as: for example, if you believe that the information we hold is incorrect. You also have the right to have your data transferred, meaning that we will send you a digital copy of the your submitted personal data.

In addition, you have the right to object to data processing, which is based on Art. 6 Para. 1 Section. e & f GDPR. You have the right to complain to our Data Protection Authority. You can assert this right with a supervisory authority in the Member State in your place of residence, your place of work, or the place of the alleged breach. In Berlin, the responsible supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße. 219, 10969 Berlin.

12. Withdrawal and withdrawal of consent

In line with Art. 7 Para. 2 GDPR, you have the right to revoke the consent you have given us at any time. As a result, we will not continue to process your data. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent up until the withdrawal.

Your inquiries about the assertion of data protection rights and our answers to them will be stored for documentation purposes for a period of up to three years and for longer in individual cases of the assertion, exercise or defense of legal claims. The legal basis is Art. 6 (1) (f) GDPR, based on our interest in defending against any civil law claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability under Art. 5 (2) GDPR.

If you would like to exercise your right to withdraw or object, it is sufficient to send an informal message to the aforementioned contact details.

13. Data Security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against dangers during data transfers as well as from unwanted third parties. These are adjusted according to current technologies. We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against dangers during data transfers as well as prior knowledge of third parties. These are adjusted according to the current state of technology. To maintain the confidentiality and integrity of the information you provide on our website, this information is transmitted via https and Transport Layer Security (TLS).

Privacy policy on data processing when using our products

1. Officer and contact person

We provide our service to you as a processor as contracted by the client to implement the election (election organizer) within the meaning of Art. 28 (1) GDPR. This means that the election organizer is responsible for the personal data processed during the implementation of the election within the meaning of the GDPR. The election organizer should use their own data protection information to inform you of their contact details and those of the data protection officer and how the data processed during the election is handled.

However, you can still contact us or our data protection officer with regard to any questions about the use of data within the scope of the election. Our contact details are available here hier. If necessary, we will forward your inquiries to the election organizer.

2. Participation in elections

When you take part in an election, certain election data is collected. The only data to be collected is that which is necessary for you to take part in the election. These are

  • Identification data (e.g. your PIN and TAN),
  • the indication that you have voted (i.e. marked in the electoral roll),
  • and, separate from that, what or who you voted for (your ballot paper). Your ballot paper cannot be linked to the other data.

Your identification data and the information that you have voted are solely used to secure your one-time vote.

After you log in to the voting system, the POLYAS server needs to save a cookie on your computer. This session cookie contains no personal data and is not used by us in any way other than to facilitate your voting. In this way we can ensure that you can vote online with any operating system and browser. As soon as you close your browser after voting, the cookie is deleted automatically.

Of course the election itself is secret, i.e. it is impossible for the election organizer or for us to match your ballot paper and your other data at any time. The secret ballot papers are stored in encrypted form and are used solely to determine the election result.

After the election, the election organizer can request a list of who took part in the election. At no time does the election organizer have any way to find out about the voting behavior of individual voters.

The legal basis for this processing is Art. 6 (1) (b) GDPR.

State: October, 2021

Changes to the data protection statement

We occasionally update this data protection statement, for example if we update our website or if there is a change to the legal or official requirements.