Voting with votebox: Technical information and data protection

1. votebox voting software

The voting software is a desktop application in which eligible voters, voting items and voting results are managed and stored. Depending on the customer’s preference, the voting software is controlled either by the customer (installed on a customer PC) or by a votebox team member (installed on a PC operated by QuizzBox Solutions GmbH).

The voting software includes a database in which all data relating to the meeting is stored in real time. After a meeting, reports can be created which contain the stored voting data in either anonymized or identifiable form.

Every eligible voter is uniquely identified in the voting software and only one vote (or weighted vote) per ballot per voter is taken into account. If a voter changes their mind or votes twice, possibly on different browsers or devices, while a vote is open, only the last submitted vote is taken into account.

Eligible voters vote by means of handsets and/or via a web app.

2. votebox handsets (in-person meetings)

If handsets are used at a meeting, the allocation of handsets to eligible voters is recorded in the voting software. The handsets are then distributed in person to the corresponding voters. The software and handsets communicate wirelessly via a USB receiver. No Internet is required, and the voting computer can simply be taken offline.

3. votebox web app (online, in-person and hybrid meetings)

At online and hybrid meetings in particular, eligible voters vote via a web app. The web app can be opened from any web browser on a smartphone, tablet or PC, without requiring any installation.

Ahead of a meeting, the names of the eligible voters are entered in the voting software together with a unique PIN. This authentication information is automatically synchronized with the web app server. Shortly before the meeting, the voters receive an email containing the meeting-specific URL to the web app and their unique PIN with which they authenticate themselves in the web app.

4. Open vote/election

In an open vote or election, the votes cast are stored together with the voter’s name. The audience can be shown who voted for what. Anonymized results can also be displayed. Reports containing the names of the eligible voters and which way they voted can be produced subsequently. Anonymized reports can also be produced.

5. Secret vote/election

In a secret vote or election, the results are stored anonymously after the vote. The audience cannot be shown who voted for what. The reports contain no names of the eligible voters (other than attendance lists). No link can be made in the database and the program logs between voters and votes cast.

6. Proxies/transfers of votes

The voting software allows eligible voters to appoint a proxy, in which case they are then not permitted to vote themselves.

If the vote is carried out via handsets, eligible voters appointed as proxies are also given the handsets of the corresponding voters.

If the vote is carried out via the web app, eligible voters can vote both on their own behalf and on behalf of the voters for whom they have been appointed proxy. They do not have to vote the same way in each case.

7. Security of the voting software

If the voting software is installed and controlled by the customer, then the customer is responsible for deleting the data.

If the voting software is installed and controlled by QuizzBox Solutions, then all data (especially personal data associated with a meeting) is deleted one week after the voting reports have been created, unless otherwise specified by the customer.

8. Security of the web app

The web app server is hosted at a secure location by the company OVHcloud (the European leader in cloud computing) in the EU (France). We have signed a data processing agreement with this company in accordance with the GDPR. Access is granted only in accordance with a defined security procedure. The web app server can be accessed only in line with the defined authorization concept. Access to the network is restricted to specific administrator accounts, with complex and regularly expiring passwords.

Only the authentication data (voter’s name and PIN) is stored on the web app server as personal data, not the voter’s voting record. This authentication data is deleted automatically every night.

Access to the web app is exclusively via HTTPS and encrypted WebSocket connection.

The meeting is identified by means of a unique 6-letter code.

Unique PINs are used to authenticate eligible voters. The customer can choose the level of complexity of the PINs. We recommend 8-digit PINs containing a mixture of numbers, upper- and lower-case letters and special characters.

During votes or secret elections, the results are stored anonymously after the vote. It is not possible to show the public who voted for what. The reports do not contain the names of voters (except in attendance lists). No link can be established in the database and software log files between the voters and the votes cast.

9. Processing of personal data/GDPR

All personal data that is processed in the voting software and in the web app is treated confidentially and with the utmost care, in accordance with the applicable legislation on the protection of personal data (GDPR and national data protection legislation).

If the voting software is installed and controlled by the customer and handsets are used for voting, then no data processing is carried out by QuizzBox Solutions.

In all other cases we will sign a data processing agreement with the customer in accordance with the GDPR.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
cookielawinfo-checkbox-autres	1 year	No description available.
cookielawinfo-checkbox-fonctionnel	1 year	No description available.
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessaire	1 year	No description available.
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

Cookie	Duration	Description
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.

Cookie	Duration	Description
CONSENT	16 years 4 months 19 days 3 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
_ga	session	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-186797544-2	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_ga_HJW82MKNSL	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.