Privacy Policy

Please note: the following text is not an official version, but a preliminary translation from the German original for your convenience.

A platform for online voting requires high standards in the handling of personal and confidential data. We have put technical and organisational measures in place to ensure such high standards. This also includes standards in the selection of external service providers and data processors.

Data protection and data security are permanent tasks. We therefore regularly check whether functions of votesUP can be improved. In general, votesUP follows the principle of data economy and data reduction – data that is not collected cannot be lost.

We collect and process personal data only to the extent described in this privacy policy.

Information, correction, deletion or blocking of stored personal data can be requested at any time via our privacy contact


The data we collect

Every access to votesUP ( is stored in a log file. The following data is recorded in that file:

The legal basis for this processing is art. 6 (1) lit. f GDPR (legitimate interest of system security).

On top of the web server, the online voting system itself processes some more personal data:

Organisers can permanently delete all votings and all data of an event. However, the organisers must observe any necessary obligations to provide evidence about the voting results themselves. Automated deletion takes effect after 90 days of inactivity of an event (if the e-mail address of the organiser had been verified) or already three days after creation of the event, in case the organiser has not been verified.

The legal basis for this processing is art. 6 (1) lit. a and c GDPR (consent of the affected person, legal obligation).


Data processing

We do not operate the underlying server ourselves, but have put the technical maintenance in professional hands. The server is provided by:

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
Tel.: +49 (0)9831 505-0, Fax: +49 (0)9831 505-3, E-Mail:

The provider is certified according to ISO 27001 (Information technology – Security techniques – Information security management systems – Requirements). The technical and organisational measures of the provider according to art. 28 GDPR can be retrieved here:

The server is located in Nuremberg/Germany.


Disclosure of personal data to third parties

votesUP does not integrate any external services or plugins. The data is therefore only stored and processed on our own server. There is one exception: your email provider naturally also processes the emails sent to you, before you retrieve them.

Data that is logged when using votesUP is only transmitted to third parties if we are obliged to do so by law or by a court decision (for legal or criminal prosecution). Data will not be passed on for any other purpose.


Use of cookies

Systems with login functionality require the use of cookies. Otherwise, users would have to re-enter their credentials with every new click. Therefore, we do not point out to the particular use of cookies.

Cookies related to this website are only created and processed by the primary server.

Most browsers are set to automatically accept cookies. However, the storage of cookies can be deactivated or the browser can be set so that cookies are only stored for the duration of the respective votesUP session.


Data protection for minors

Persons under 16 years of age should not submit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and minors. Neither will we collect such data knowingly nor will we pass such data on to third parties.


Rights of information, rectification and deletion and right of appeal

The GDPR provides for various rights for data subjects, e.g. information about processed data, correction of incorrectly processed data and deletion of data, insofar as the latter does not conflict with other legal regulations.

All users have the right to revoke consent, which had been granted in accordance with art. 7 (3) GDPR, at any time, with effect for the future, by contacting the contact specified in this privacy policy. The revocation of consent does not affect the lawfulness of any prior processing.

To excercise these rights, all you need to do is contact us as described above.

Note for participants in an event: votesUP is usually only the data processor on behalf of the actual organisers. Accordingly, we will forward deletion and correction requests to the responsible parties. If they do not respond promptly, we will consult with the person concerned and take appropriate steps to make sure their rights are met.

Furthermore, there is a right of appeal to the competent supervisory authority at any time:
Berliner Beauftragte für Datenschutz, Friedrichstr. 219, 10969 Berlin, Deutschland
Telefon: +49 30 13889-0, E-Mail:, Web: