PRIVACY POLICY IN ACCORDANCE WITH ARTICLE 13 OF EU REGULATION NO. 679/2016

Pursuant to Regulation (EU) 2016/679 (hereinafter referred to as the "Regulation"), this statement describes how the personal data of users using the web platform "ELIGO" in its various residency domains and versions are processed.

This information does not pertain to other websites, pages, or online services that can be reached through hyperlinks that may be posted in this portal but refer to external resources.

Data controller and processor

The Website where the ELIGO Voting System is released is managed by ID TECHNOLOGY srl, as the Data Processor of the data conferred therein in accordance with Article 28 of the EU Regulation 2016/679, on behalf of the Client who is the Data Controller. The Client means the entity or company that has subscribed to the ELIGO service for the conduct of its Elections. For information on the data processing carried out by the Data Controller, please contact the Client through the institutional channels specified in its institutional web portal.

Purpose of processing

The personal data will be processed at the Data Controller's headquarters, whose services the user requests from this website, through automated tools of ID TECHNOLOGY srl, for the time strictly necessary and exclusively for the performance of voting operations and related activities. Specific security measures are observed to prevent data loss, improper or illicit use and unauthorized access. In general, it should be noted that, through this website different types of data collection are carried out for the following purposes:

  • Pursuit of institutional purposes and management of online voting services and/or technical and consulting services;
  • Necessary and automatic collection of user data aimed at interaction with the website;
  • Processing related to the collection of data voluntarily entered by the user in order to ensure registration and access to the service;
  • Processing related to communications to the addresses indicated to take advantage of the technical assistance service of ID TECHNOLOGY srl.

Processing related to the services of this website is handled only by authorized staff in charge of processing by the Data Controller and ID TECHNOLOGY srl (acting as data processor for the technical management of the website and as developer of the same). Personal data voluntarily provided by users who submit reports or requests for clarification are used for the only purpose of performing the requested service or performance and are disclosed to third parties only if this is necessary for this purpose and after notifying the person concerned. Data may be collected online when browsing the website or when sending e-mails, text messages or using the voting service. Depending on the case and, if necessary, from time to time, the user will be informed of the mandatory or optional nature of providing personal data (e.g. to make a specific request). The compulsory or optional nature of the provision of data will be highlighted by means of a notice or a special character to the information of a compulsory nature. Finally, please note that failure to provide optional personal data will not result in any obligation or disadvantage.

Legal basis for processing

The said personal data are processed by the Data Controller in the performance of its duties in the public interest or otherwise in connection with the exercise of its public powers or to comply with legal or regulatory obligations.

Types of data processed

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data, necessary for the use of web services, are also processed for the purpose of:

  • obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or daily, geographical areas of origin, etc.);
  • check the proper functioning of the services offered

Data uploaded

Uploading of required data for carrying out voting operations can be done independently by the Customer, in the case of a self-use service (full SaaS), or by the appointed ID TECHNOLOGY srl System Administrator in the case of a fulloutsourcing service.

Data disclosed by the end user

The optional, explicit and voluntary sending of messages to the Contact Addresses of the Owner, as well as the filling in and forwarding of the forms on this website, imply the acquisition of the submitter's contact data, necessary to respond, as well as any personal data included in the communications.

Final ballot data publication

The ELIGO platform associates each individual voter with the IP address from which their vote was cast. This data is necessary for security reasons in order to identify any unusual behavior by users. This data is not reported in the final ballot report. It is the Data Controller's concern to publish the ballot results in restricted areas for users to view them while respecting GDPR criteria and maintaining transparency on the operation of the voting platform. ID TECHNOLOGY srl is under no circumstances responsible for how the Data Controller uses the voting information provided by the ELIGO system.

Data accessibility by the data controller

Only the people appointed by the Data Controller to conduct their own voting have access to the voting data. The Data Controller is also entitled to include in the voting platform users having the role of "observers," who are able to access the System only for the purpose of checking on the progress of their votes. Each user profiled in the platform and having access to the data has personal credentials, stored encrypted by the Voting System, delivered directly by the Voting System to the person via email.

Data Accessibility by ID TECHNOLOGY Ltd

To ensure the proper functioning of the voting system, in all its architectural components, ID TECHNOLOGY srl has appointed its own system and database administrators. These people are in charge of managing the systems infrastructure and ensuring that each component functions properly. These people have been appointed in compliance with the internal procedures adopted by ID TECHNOLOGY srl, which also provide for the training of their employees on compliance with all the principles in accordance with Article 5, par 1 of the GDPR.

The credentials for access to the computer systems hosting the Voting System are nominal, non-transferable and adhere to the password policy document adopted by ID TECHNOLOGY srl.

At the express request of the Data Controller, ID TECHNOLOGY srl may access the data to conduct Technical or procedural support activities.

Cloud provider and physical data location

All services, processed data, replications and backups are stored by the ELIGO voting system are maintained in the Microsoft Azure cloud service with physical location in the Netherlands

Microsoft, as a sub-processor, ensures the absolute security and secrecy of personal data through its ISO 9001:2015, ISO 27001:2013, ISO 27018:2014, ISO 27017:2015, ISO 27035:2016, ISO 14001:2015 and ISO 50001:2018 certification and adherence to the CISPE code of conduct.

Cookies and other tracking systems

No use is made of user profiling cookies, nor are any other tracking methods employed.

Instead, use is made of session (non-persistent) cookies in a manner strictly limited to what is necessary for the safe and efficient navigation of the website. For more information about this you should refer to the ELIGOCookie Policy document directly displayed on the website.

Data storage period

The data processed for the voting conduction are used exclusively for some of the above institutional purposes and kept for the time strictly necessary to carry out the specified activities.

The data collected by the Website will be kept for the management of the contact request and for the duration of the services requested and, even after termination, for the fulfillment of all possible legal obligations related to or arising from them, in accordance with the retention and discard plans of the Data Controller.

Rights of data subjects

Data subjects have the right to obtain from the Data Controller and ID TECHNOLOGY srl, in the cases provided for, access to their personal data and the rectification or erasure thereof or the restriction of processing concerning them or to object to processing (Articles 15 et seq. of the Regulations). The appropriate application may be submitted by contacting the Data Protection Officer of the Data Controller at the addresses below.

Rights of complaint

Data subjects who believe that the processing of personal data relating to them carried out through this Website is in violation of the provisions of the Regulation have the right to lodge a complaint with the supervisory authority, as provided for in Article 77 of the Regulation itself, or to take appropriate legal action (Article 79 of the Regulation).

The data controller is directly the Client who has subscribed to the voting service for which the user uses the services offered by this Website. For information on the contact details of the Data Controller and/or the Data Protection Officer identified by the same, interested parties may consult the institutional website of the Data Controller, in the dedicated privacy section.

The Data Processor of the data provided through the use of this Website, as well as for the IT management and maintenance of the same is: ID TECHNOLOGY srl, with registered office in Viale Monte Nero 17, 20135 Milan (MI), P. IVA 11240660156, Tel. (+39) 02 805 11 31, E-mail: contact@eligovote.com, PEC: idtech@legalmail.it. Contact details of the Data Protection Officer: privacy@eligovote.com

Date of last update of this document: February 2021