Privacy Policy

We as the provider of website https://votyapp.com/ (also "website") are responsible for the processing of personal data of the user ("you") of the app and the website in accordance with applicable data protection laws, in particular the General Data Protection Regulation ("GDPR").

Personal data is defined in the GDPR as any information relating to an identified or identifiable natural person.

The following privacy notice transparently inform you, within the scope of our information obligations (Art. 13 et seq. GDPR), about our processing of your personal data when using our app and our website and on which legal basis we may process your personal data. You will also receive information regarding your data subject rights and competent supervisory authorities.

  1. Information on the data controler
  2. Informational use of our website
  3. When you call up our website merely to visit it, so-called log files are processed by being automatically recorded by our system.

    The following log files are processed automatically:

    • Type of internet browser used
    • Language of the Internet browser used
    • Date and time of the visit
    • Access status/http status code

    The log files contain your IP address and possibly other personal data. Therefore, an assignment to you is possible in principle. However, we only store your data temporarily and, in particular, not together with other personal data.

    The processing of the above-mentioned data is necessary for the provision of our website. We also store the data for the purpose of the security of our information technology systems. These purposes also constitute our legitimate interest in processing the data on the legal basis of Art. 6 para. 1 sentence 1 lit. f GDPR. The log files, which also contain your IP address, are deleted or anonymised immediately after they are no longer required to achieve the aforementioned purposes.

    Hosting:

    Our website is operated on the servers of the provider Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg, with server location in Germany. This means that the data we collect when you visit and use this website is stored by our hoster.

    The legal basis for processing your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR, as it is in our legitimate interest to use the services of a professional provider for the secure and efficient provision of our website. We have concluded an order processing agreement with Amazon Web Services.

  4. Contact form
  5. You can contact us electronically via our contact form, e.g. to give us feedback, to send us enquiries about the services we offer or to ask us general questions. If you use this option, you will transmit the following data to us:

    • Email address (to contact you)
    • Name (to address you and for abuse prevention purposes)
    • Telephone number (optional)
    • Your message to us

    The legal basis for processing your data for the purpose of handling your contact is Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data is stored until it is no longer required to achieve the purpose of the conversation with you and the matter of your contact has been fully clarified.

    If your contact request is aimed at concluding a contract with us, the additional legal basis for processing your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR. This data is stored for as long as it is required for the execution of the contract or the pre-contractual measures. Beyond that, we only store your data in order to comply with legal obligations (e.g. tax obligations) (Art. 6 para. 1 sentence 1 lit. c GDPR).

    In addition to the data you provide to us, we store the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in order to ensure the security of our systems and to counteract misuse. This data, which we additionally collect during your contact, is deleted as soon as it is no longer required, at the latest when the matter of your contact has been comprehensively clarified.

    You can inform us at any time (see section 1 above) that you would like us to delete the data provided during the conversation. In this case, all personal data of the conversation will be deleted, if permissible, and a continuation of the conversation is not possible.

  6. Contact via email or telephone
  7. You have the option of contacting us by email or telephone. Your personal data transmitted in this way will be stored by us. The data is processed exclusively in order to deal with your contact request appropriately, which corresponds to our legitimate interest. The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR. The data is stored until it is no longer required to achieve the purpose of the conversation with you and the matter of your contact request has been comprehensively clarified.

    If your contact request is aimed at concluding a contract with us, the additional legal basis for processing your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR. This data is stored for as long as it is required for the execution of the contract or the pre-contractual measures. Beyond that, we only store your data in order to comply with legal obligations (e.g. tax obligations) (Art. 6 para. 1 sentence 1 lit. c GDPR).

    You can inform us at any time (see section 1 above) that you would like us to delete the data provided in the course of the conversation. In this case, all personal data of the conversation will be deleted, if permissible, and a continuation of the conversation is not possible.

  8. Troubleshooting with Sentry
  9. To track errors that occur when you visit our website, we use the open source software Sentry, an error management tool provided by Functional Software Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105 USA. This may result in your IP address being transmitted to Sentry.

    If an error occurs while using our site, certain personal information is transmitted from the browser to our system in order to track the error:

    • Browser information
    • Date/time of the error
    • Device information
    • Request URL of the website
    • Further details of the action performed (such as shopping basket contents, products called up, etc.)
    • E-mail address/customer number of the user (if logged in)

    The data is transferred to the USA (a non-EU country). The USA is a third country within the meaning of the GDPR for which an adequacy decision of the EU Commission (the so-called "EU-US Data Privacy Framework" or also "EU-US DPF") is available. Sentry is certified as a US company under the EU-US DPF, seehttps://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000YdenAAC&status=Active

    The processing of the data is carried out in accordance with Art. 6 para. 1 p. 1 lit. f GDPR, as it is in our legitimate interest to detect and eliminate errors on our website as quickly as possible. In this context, Sentry processes the data on our behalf and on the basis of a data processing agreement pursuant to Art. 28 GDPR, which we have concluded with Sentry.

  10. Use of service providers
  11. We would like to point out that when processing your personal data, we may use service providers with whom we have concluded dara processing contracts (e.g. for website hosting). If processors in a third country (not within the EU) carry out the data processing, we ensure that the level of protection of your data guaranteed by the GDPR is not undermined (Art. 44 et seq. GDPR). The legal basis for the use of service providers is Art. 6 para. 1 sentence 1 lit. f GDPR. The commissioning of service providers (specialists or other service providers in areas that we cannot serve ourselves) is in our legitimate interest. If you would like to receive a copy of the suitable or appropriate guarantees, please let us know (see point 1 above).

  12. Your rights

    If we process your data, you are a "data subject" within the meaning of the GDPR. You have the following rights: right of access, right of rectification, right to restrict processing, right of erasure, right of information and right to data portability. In addition, you have a right to object, a right of withdrawal and the right to lodge a complaint with a supervisory authority.

    Below you will find some details on the individual rights:

    1. Right of access

      You have the right to request confirmation from us as to whether we are processing your personal data. If we process your personal data, you have the right to obtain information in particular about the processing purposes, categories of personal data, recipients or categories of recipients, storage period, if applicable.

    2. Right of rectification

      You have the right to rectify and/or complete the data we have stored about you if this data is incorrect or incomplete. We will carry out the correction or completion without delay.

    3. Right to restrict processing

      Under certain circumstances, you have the right to request us to restrict the processing of your personal data. An example of this is if you dispute the accuracy of your personal data and we need to verify the accuracy for a certain period of time. For the duration of the verification, your data will only be processed in a restricted manner. Another example of restriction is if we no longer need your data but you need it for litigation.

    4. Right of erasure

      In certain situations, you have the right to demand that we erase your personal data immediately. This is the case, for example, if we no longer need your personal data for the purposes for which we collected the data or if we have processed your data unlawfully. Another example would be if we process your data on the basis of your consent, you withdraw your consent and we do not process the data on any other legal basis. However, your right to erasure does not always exist. For example, we may process your personal data to comply with a legal obligation or because we need it for litigation.

    5. Right of information

      If you have exercised your right to rectify, erase or restrict the processing of your data, we are obliged to notify all recipients to whom we have disclosed your personal data of the rectification, erasure or restriction of the processing of your data, unless this proves impossible or involves a disproportionate effort.

    6. Right to data portability

      You have the right, under certain conditions, to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and the right to have this data transferred to another controller. This is the case where we process the data either on the basis of your consent or on the basis of a contract with you and that we process the data using automated procedures. You have the right to request that we transfer your personal data directly to another controller, insofar as this is technically feasible and does not affect the freedoms and rights of other persons.

    7. Right to object

      You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6 (1) sentence 1 lit. e or lit. f GDPR. This also applies to profiling based on these provisions. We will no longer process your personal data after an objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling insofar as it is related to direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process it for these purposes.

    8. Right of withdrawal

      Pursuant to Art. 7 para. 3 GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent does not retroactively invalidate the lawfulness of the processing.

    9. Right to lodge a complaint with a supervisory authority

      You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. In particular, you may exercise your right to lodge a complaint in the Member State of your place of residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

      You can find an overview of the respective data protection commissioners of the German federal states as well as their contact details under the following link:

      https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
  13. Last updated: October 2023

    Cookie information

    We use cookies on our website. Cookies are text files that are sent to your browser by our web server when you visit our website and are stored on your computer for later retrieval. Cookies are then sent to the server of our website with every server request or page call. A cookie can therefore be used to identify your internet browser when you return to the website. Some of the functions that we have integrated into our website also use web storage objects. These work in a similar way to cookies, but are temporarily stored in your browser and are generally not transmitted to the server.

    There are session cookies, which delete themselves when you close the browser, and there are persistent cookies, which are stored on the hard disk until their preset expiry date is reached or until they are actively removed by you. Web storage objects are divided into local storage objects, which never expire, and session storage objects, which are deleted when the browser is closed.

    With cookies, a distinction is made between first party cookies(only visible from the domain you are currently visiting) and third party cookies (visible across domains and regularly set by third parties).

    Cookies and web storage objects are divided into the following categories:

    Technically necessary: these are mandatory in order to navigate the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes nor do they store which web pages you have visited. The legal basis for setting technically necessary cookies and web storage objects is Section 25 para. 2 TTDSG.

    Optional: These are used, for example, for analysis and marketing purposes and to display external content such as videos. Analysis cookies and web storage objects collect information about how you use a website, which pages you visit and, for example, whether errors occur during website use. Marketing cookies and web storage objects are used to show you tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers. These are technologies that are not technically necessary. The legal basis for the setting of these cookies and web storage objects is therefore your consent in accordance with § 25 para. 1 TTDSG.

    Please note the following: You can ensure yourself that no cookies and similar technologies are stored on your computer at all, or that the storage of only certain cookies is permitted. You can select this in your internet browser settings. You can also view and delete the stored cookies there. If you block all cookies, it is possible that not all functions of our website will be available to you.

    Withdrawal and removal options:
    As communicated in the introduction to this section, you can enable or restrict the transmission of cookies and similar technologies by changing the settings in your internet browser. You can delete cookies and web storage objects that have already been stored by your internet browser at any time. If cookies and web storage objects are restricted or deactivated for our website, it may not be possible to use all functionalities.

    Information about cookies and web storage objects on our website:
    We use the following technically necessary cookies and web storage objects on our website:
    NamePurposeStorage period
    __Secure-next-auth.callback-urlThis cookie is used in case a visitor wants to access a protected route but is not logged in; after logging in, the visitor is redirected to this route. This improves the user experience.Session
    __Host-next-auth.csrf-tokenThis cookie is used for user authentication (login, logout).Session

    Last updated: October 2023