We have defined a Privacy and Data Protection Policy, based on our principles and the regulations in force.
1. INFORMATION PROVIDED BY CUSTOMERS BEFORE VOTING
In electronic voting and assemblies, EVoting works with the information provided by its customers for these purposes.
This is generally information containing the name, identity card number and e-mail address of the persons authorized to participate in the voting or meeting (electoral roll or register of members).
2. INFORMATION PROVIDED BY USERS IN THE VOTING PROCESS
EVoting consults personal data of the voters or participants, which they themselves provide, such as, identity card number, telephone number, and some other, depending on the authentication mechanism and the process. However, this information is not stored.
3. DATA USAGE
The information provided by the client or by the users to EVoting is confidential. This means that it is only used for the purpose of providing a good voting or electronic assembly service.
The provision that prohibits the information to be given to third parties or used for purposes other than voting is explicit in the contracts signed between EVoting and its customers.
The data generated in EVoting's voting or assemblies have a differentiated treatment, which is also detailed in the service contract.
3.1 ELECTRONIC VOTING
The following electronic voting data are considered public, i.e., they are available to all:
- Existence of the election, reason for the election and those calling it
- Time at which votes are received
- Time of opening and closing of the election
- Online participation
- Results
The following electronic voting data are considered confidential, that is, the Electoral Commission has restricted access:
- The list of voters and their data
- The identity of those who have voted
The following electronic voting data are considered secret, i.e., it is not possible to know them:
- The preference marked by those who have voted
It should be noted at this point that the voting platform developed by EVoting makes it technically impossible to know the option marked by the voter..
3.2 ELECTRONIC ASSEMBLIES
The following electronic voting data are considered public, i.e., they are available to all:
- Existence of the meeting, reason and conveners of the meeting
- Opening time of the meeting
In the case of assemblies, the following data are considered private:
- Time at which votes are received
- Closing time of the vote
- Matters to be discussed
- Online participation
- Results
In the assemblies, the following data may be secret, depending on how the configuration of a vote is requested:
- The preferences marked by those who have voted
4. DATA BACKUP
EVoting safeguards all the data that is collected in its votes in a folder in the cloud, under strict controls, to which only the company's operational staff has access.
For data backup, EVoting works with recognized providers, such as Amazon and Google, so it inherits the same security policies of those providers.
In both cases, access to data by EVoting is protected by two-factor authentication, a procedure similar to the dynamic key used by banks.
5. DATA RETENTION
EVoting only retains personal data that is necessary to fully perform the service for which it was collected: electronic voting.
In determining the appropriate retention period for personal data, we consider the nature and sensitivity of the data, the purposes for which it was collected and processed, and compliance with applicable laws.
We use encrypted disks, so that any information released is impossible to decrypt, as long as you do not have the cryptographic key that allows decoding the information.
6. DELETION OF INFORMATION
All the information that EVoting retains is stored in Amazon Web Services. When resources are released, Amazon follows the National Institute of Standards and Technology (NIST SP 800-88, Guidelines for Media Sanitization), which is part of the U.S. Department of Commerce.
These guidelines provide direction on how to make sanitization decisions - a process that restricts access to target data in the media - based on the categorization of the confidentiality of your information.
7. LEGAL RIGHTS CONCERNING PERSONAL DATA PROTECTION
In the field of personal data protection, EVoting respects the following rights:
- Right of Access: to know the personal data held by EVoting and to be able to have a copy of it.
- Right of Modification or Rectification: to correct personal data held by EVoting.
- Right of Cancellation or Deletion: to object and delete personal data held by EVoting.
- Right of Blocking: to withdraw EVoting's authorization to process personal data. This provision, however, shall not affect the processes developed before the termination of the authorization to use this data.
If there is any doubt regarding the above rights, or there is a request for information, you can contact us at info@evoting.com and we will respond within a maximum of one week. If the doubt or request is particularly complex or there are numerous joint requests and we are unable to respond within one week, we will keep you informed of the progress.
8. DISPUTE RESOLUTION
If there are questions about compliance with this Privacy and Data Protection Policy, you may contact EVoting by email at info@evoting.com.
9. CHANGES TO THIS PRIVACY POLICY
If at any time EVoting implements substantial changes to its Privacy and Data Protection Policy, this will be publicly notified through its website and other institutional channels.
If you do not agree to the use of your personal data in accordance with the changes to the Policy, you should notify us by e-mail.
OTHER PRIVACY AND DATA PROTECTION POLICIES
Notwithstanding the foregoing, each organization that conducts electronic voting with EVoting may have its own data handling protocols, different from ours.