Privacy policy

Blutvoll Media Agentur UG (haftungsbeschränkt) collects and processes your data as a responsible authority in the sense of the data protection laws.

Blutvoll Media Agentur UG (haftungsbeschränkt)
Wildenrother Str. 26
D-81245 München

support@pollunit.com

1. Scope

  1. This privacy policy clarifies the nature, scope and purpose of the collection and use of personal data by the Blutvoll Media Agentur UG (haftungsbeschränkt) on this web application (PollUnit). Compliance with data protection regulations is self-evident to us. The basis for this is the EU General Data Protection Regulation (GDPR).

2. Collection of general information

  1. When you access our web application, general information is collected automatically. This data is technically necessary to deliver our web application correctly. The data includes information such as: version and type of your web browser, your used operating system, your IP address, the domain name of your Internet service provider, and the time of your access to our web application. We do not use your data to draw conclusions about your person. In order to constantly improve our service, we evaluate this data statistically. For example, statistics are about which pages and features are most popular and most frequently visited or used.

    Legal basis: Processing is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability, integrity and functionality of our website.

    Recipients: If applicable, technical service providers (contract processors) receive data that are used for the operation and maintenance of our website. Further information can be found in Appendix 2.

    Storage period: We delete this data as soon as it is no longer required for the purpose of collection.

    A contradiction is excluded, since without this data the functionality of our website cannot be guaranteed.

3. Collection of data during registration

  1. We set up a password-protected direct access to the user data (user account) for each of our customers who registered accordingly. When creating user accounts, different personal data is collected. This data includes your first and last name, your e-mail address, and any other information you provide during registration.
  2. In addition, you can comfortably sign in or register with your Facebook and/or Google account on our application. Click on the Facebook or Google logo in the login dialog. This will open a log-in dialog from Facebook or Google, where you give PollUnit the permission to access your information from Facebook or Google. This includes basic information as well as your e-mail address. With this data we create your PollUnit account. During the process, Facebook or Google will not pass a password to our application.
  3. With a PollUnit user account or a completed registration, you can access content and services that we only offer to registered users. The data provided for the registration can be changed at any time in your user account ('My account') after a login. Here the user can also see his orders (subscriptions) and their statuses.
  4. You agree to treat your personal access data confidentially and not to make it accessible to unauthorized third parties. We can not accept liability for misuse of passwords, unless we represent the abuse.
  5. For any information, correction or deletion concerning the personal data we have stored about you, please contact us via the above address. Processing of this data is only possible if there are no statutory storage obligations.
  6. Personal data will only be collected, used and passed on if this is legally permitted or if you have given your consent to the data collection.

    Legal Basis: The data entered during registration are processed on the basis of the user's consent (Article 6(1)(a) GDPR).
    If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Article 6(1)(b) GDPR.


    Recipients: If applicable, technical service providers (contract processors) receive data that are used for the operation and maintenance of our website. Further information can be found in Appendix 2.

    Storage period: You can delete your account yourself in your profile settings. We first mark your account as deleted for 30 days in order to be able to help you with any questions you may have. After that the data will be deleted as long as there are no legal obligations to store them. For an immediate deletion you can contact us at any time.

    The provision of your personal data is voluntary, solely on the basis of your consent. Without the provision of your personal data, we can only grant you limited access to our services.

4. Collection of data when creating a survey

  1. If you are logged in with a PollUnit account, no further information about your person is necessary.
  2. Without PollUnit account, you must enter your name and e-mail address. We need this data to carry out your survey. For example, to inform you about the result.
  3. When creating a survey, we need different general information. These data are for example: title, description and location of the survey. We also need the options of your survey. These can be date, time, pictures or other infromations which you indicate during the creation.
  4. You have the option to send invitations to other users. To do this, you can specify a list of email addresses, or import your contacts from Google. PollUnit will only get access to your Google contacts when you are logged in to Google and PollUnit is authorized to read your contacts. We use these contacts exclusively to realize your survey. For example, to send your invitation or notify users about events in your poll.
  5. You can create polls about images or other files. In addition, users can upload their own background images for their surveys. To ensure optimal delivery of these data, this data is stored in Digitalocean (cloud storage) and delivered to the users by Digitalocean.

    Legal Basis: The data entered during registration are processed on the basis of the user's consent (Article 6(1)(a) GDPR).

    Recipients: If applicable, technical service providers (contract processors) receive data that are used for the operation and maintenance of our website. Further information can be found in Appendix 2.

    Storage period: You can delete your PollUnits at any time independently or contact us and instruct us to delete them.

    The provision of your personal data is voluntary, solely on the basis of your consent. Without the provision of your personal data, we can only grant you limited access to our services.

5. Use of the data of your survey

  1. Access to your current, not additionally secured surveys and their contents, have all users that received the memberlink or adminlink from you or a third party. These are links to your survey. With the help of the adminlink, users can also edit your survey. You can also secure your poll with a password.
  2. Users with access to your survey can retrieve content such as title, description, location, and survey options. In addition, your users see the votes and names of you and other participants who have already voted.
  3. As a user with a PollUnit account, you can edit and delete your polls at any time at 'My PollUnits'.

6. Collection, processing and use of your data

  1. If you have provided us with personal data, we only use it to create your surveys, process your orders, answer your queries, for technical administration as well as for our own marketing purposes. When collecting, processing and using your personal data, we adhere strictly to the legal provisions of the EU General Data Protection Regulation (GDPR). Your personal data will only be passed on to third parties if this is necessary for the purpose of the contract processing or for the settlement and you have previously given your consent. For example, Braintree (payment service provider) will receive the necessary data to process your order. The provided data may be used by our service providers only to fulfill their tasks.
  2. Your e-mail address is required, so we can confirm your order and communicate with you. We can also use them for your identification (customer login). In addition, we use your account email address or address provided by the creation in surveys to inform you about events in your survey. These events can be, for example: the result of the survey, information about new options, the participation of participants.
  3. Depending on the type of survey, different information from the participants is recorded and made available to other participants. For example, other participants have access to the following information: your name, your chosen options or ratings, your comments and other information you specify in a survey. The aim of PollUnit is to shorten the communication between its users. Therefore all users who have access to the administration of a survey have the option to export, edit and save the results, votes, and e-mail addresses (if known) of the participants.

7. Provision of services at a charge

  1. For the provision of paid services, additional data are requested by us, such as your payment details. To protect your data during transmission, we use the current state of the art encryption methods (e.g., SSL) over HTTPS.

    Legal Basis: The processing of the data required for the conclusion of the contract is based on Article 6(1)(b) GDPR.

    Recipients: If applicable, technical service providers (contract processors) receive data that are used for the operation and maintenance of our website. Further information can be found in Appendix 2.

    Storage period: These data will be stored in our systems until the legal retention period expire.

    The provision of your personal data is voluntary, solely on the basis of your consent. Without the provision of your personal data, we can only grant you limited access to our services.

8. Contact

  1. When contacting PollUnit (for example via a contact form or e-mail), your data will be stored for the processing of the inquiry as well as for the case of further questions.

    Legal Basis: The processing of the data entered in contact forms or in support requests is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest or to implement pre-contractual measures (Article 6(1)(b) GDPR).

    Recipients: If applicable, technical service providers (contract processors) receive data that are used for the operation and maintenance of our website. Further information can be found in Appendix 2.

    Storage period: The data will be deleted as soon as they are no longer required for our recording purposes.

    The provision of your personal data is voluntary, solely on the basis of your consent. Without providing the necessary information of your request (such as e-mail address, name...) we can not process your request.

9. Posts and Comments

  1. When you create posts, comments or other information, your IP address will be saved. This occurs to the security of the offerer, if someone writes illegal contents (insults, prohibited political propaganda, etc.) in comments and contributions. In this case, the provider itself may be prosecuted for the comment or contribution and is therefore interested in the author's identity.

    Legal Basis: The data entered as comments or contributions will be processed in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest.

    Recipients: If applicable, technical service providers (contract processors) receive data that are used for the operation and maintenance of our website. Further information can be found in Appendix 2.

    Storage period: Comments and posts in PollUnits are automatically deleted when the PollUnit to which the comments and posts belong is deleted. The deletion of contributions in our support forum can be requested by contacting us.

    The provision of your personal data is voluntary, solely on the basis of your consent. Without the provision of your personal data, we can only grant you limited access to our services.

10. Integration of third-party services and content

  1. It may happen that third parties are involved in our application. For the technical delivery of the content to your browser, the providers need and use your IP address. We have no influence on the further processing of your IP address with these providers. As far as we know, we will clarify our users about this. Third party content might be: videos from YouTube, GoogleMaps map material, RSS feeds, Digitalocean graphics, and advertisings
  2. You can share your surveys and our application across different social networks. The buttons are marked accordingly with the logo and name of the network. Clicking on the button will take you to the offer or the website of the respective network. We have no influence on the processing of your data with these providers.
  3. To invite friends or colleagues to a PollUnit, You can find your Google Contacts through the Google Contacts API. Once you've permitted PollUnit to access the Google Contacts API, you can search the email addresses of your contacts and select those to which you want to send the invitation.

11. Secure data transmission

  1. By encrypting, your personal data will be transferred securely. The secure transfer applies to your orders and also to your customer login. We use the encryption system SSL (Secure Socket Layer). Our website is protected by technical and organizational measures against loss, destruction, access, alteration or distribution of your data by unauthorized persons.

12. Claim for information, revocation and correction of your data

  1. According to the EU General Data Protection Regulation (GDPR), you have the right to receive free of charge information about your stored personal data (Article 15 GDPR). Likewise, you have the right to correct (Article 16 GDPR), block (Article 18 GDPR) or delete (Article 17 GDPR) your personal data. Except for this is the prescribed data storage for business processing. Du kannst Widerspruch gegen die You may object to the processing of your data (Article 21 GDPR) and to the transferability of your data, if you have not consented to any data processing or concluded a contract with us (Article 20 GDPR). Excluded from this is the prescribed data storage for business transactions.
  2. In order to ensure that data can be blocked at any time, these data must be kept in a lock file for control purposes. You may also request the deletion of the data if there is no legal obligation to archive. If such an obligation exists, we will lock your data on request.
  3. You may make changes or revoke a consent by means of a corresponding notice to us with effect for the future.
  4. You can complain to a supervisory authority at any time, e.g. to the competent supervisory authority of the federal state in which you live or to the authority responsible for us: supervisory authorities and their addresses.

13. Questions to the Data Protection Supervisor

  1. If you have any questions about the privacy policy, please send your inquiry by e-mail or by mail, clearly identifying your person to the above address.

14. Privacy policy updates

  1. We reserve the right to update our privacy policy if necessary. This is necessary in order to ensure that data protection is always in accordance with current legal requirements and to make changes to our services. When revisiting our website, the new updated privacy policy applies.

15. Google Analytics

  1. This website uses Google Analytics, a web analytics service provided by Google Inc. ('Google'). Google Analytics uses 'cookies', which are text files placed on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to and stored on a Google server in the United States. In case of activation of IP anonymization on this website, Google will, however, truncate your IP address beforehand within Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing the website operator with other services relating to website and Internet use. The IP address transmitted by your browser within the scope of Google Analytics will not be associated with any other data held by Google.
  2. You may refuse the use of cookies by selecting the appropriate settings in your browser; however, please note that if you do so, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google’s collection and use of data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plug-in available at ( http://tools.google.com/dlpage/gaoptout?hl=en).
  3. For further information on terms of use and data protection/privacy, please see www.google.com/analytics/terms/us.html or www.google.com/analytics/learn/index.html.Please note that on this website, Google Analytics has been supplemented by the code 'gat._anonymizeIp();'' in order to ensure anonymized collection of IP addresses ('IP masking').

    Legal Basis: TThe data is processed on the basis of the user's consent (Article 6(1)(a) GDPR).

    Recipients: The recipient of the data is Google as the processor.

    Storage period: The data will be deleted as soon as they are no longer required for our recording purposes.

    The provision of your personal data is voluntary, solely on the basis of your consent.

16. Cookies

  1. A cookie is a text file that we store on the hard disk via the user's web browser. It is possible to configure the settings of the web browser so that the storage of cookies on the computer is no longer possible. This affects the functionality of our website. We use cookies to extend the functionality of our website and to make it easier for our users to use them. We need cookies to identify users and enable them to log on to our website.

    Timezone Cookie: We use this cookie to store your time zone and show you date fields and times in the correct time for you. This cookie is automatically deleted by your browser (unless otherwise configured) when you end your session.

    Session Cookie: We use this cookie to store an identification code. This code does not contain any personal data and is used to link you to your account or settings. This cookie is stored for 2 months.

    IP Set Cookie: We use this cookie to easily find out if we have already stored your IP address. This cookie is stored for one day.

    Google Analytics Cookies: Please see chapter »Google Analytics«.

Version: 10.03.2017

Appendix 1

Technical and organisational measures

1. Privacy

Measures to prevent unauthorised persons from having access to personal data:

Server passwords are only known to selected persons.

The password to the administration interface is assigned by the controller himself.

Encrypted transmission of authentication secrets.

Measures that are suitable to prevent unauthorized person from gaining access to personal data:

Through regular security updates, the Processor ensures that unauthorized access is prevented.

Personal data is processed automatically, so that no data storage in the offices of the Processor is necessary. Exceptions to this is manual processing of the Controller's enquiries and temporary copies for error analysis.

Implementation of access restrictions.

Measures that are suitable for denying unauthorized persons access to data processing systems in which personal data is processed or used:

Digital Ocean's server site is ISO 27001 certified, among others.

Measures designed to ensure that data collected for different purposes can be processed separately:

Data records from different PollUnits are specially marked with a PollUnitID and a UserID.

Test and productive data are stored in independent systems. The PollUnit test and development systems are strictly separated from the production system.

The production system has its own domain and SSL certificates.

The Controller is responsible for the pseudonymisation.

2. Integrity

Measures that are suitable for ensuring that no personal data is passed on to unauthorised persons:

Secure data transmission between server and client.

The Controller can control the access to his PollUnits himself.

All employees and developers are obliged to maintain confidentiality and are subject to a confidentiality obligation.

Measures that are suitable so that personal data can be checked:

Personal data is entered by the Controller himself and can be checked in his user settings.

3. Availability control and resilience of the systems

Measures that are appropriate to protect personal data against accidental destruction or loss:

Digital Ocean's data centres are equipped with appropriate safeguards.

The PollUnit servers are redundant.

Automatic backup copies and backups are made on a regular basis.

Monitoring of critical systems.

Appendix 2

Subcontractors

1. Digital Ocean

Our service runs on the servers of Digital Ocean LLC (New York, USA). The server is located in Frankfurt, Germany and is ISO 27001 certified. All PollUnit data is stored here. The only exception are media data such as images, video and sound, which are stored in Amsterdam, Holland. The Digital Ocean server location in Amsterdam is also ISO 27001 certified.

2. Rollbar

Our service uses Rollbar, a error analysis service of Rollbar Inc. (San Francisco, USA).

PollUnit is using Rollbar exclusively for monitoring system stability and determining and eliminating errors in the code. Only in case of an error IP address, user agent and requested page are transmitted to Rollbar in the USA. Rollbar does not evaluate data for advertising purposes. Further data protection information from Rollbar can be found at https://rollbar.com/privacy.

Rollbar, Inc. is certified according to the „EU/Swiss-US Privacy Shield“.

The legal basis for this is Article 6(1)(f) GDPR.

3. PayPal (Braintree)

Payments can be processed via the Payment Gateway Braintree of PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.

PayPal processes the e-mail address, delivery address and information about the packages purchased from PollUnit. Information provided to Braintree is not under our control and is subject to PayPal's privacy policy. Further privacy information from PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-prev and https://www.braintreepayments.com/en-de/legal/braintree-privacy-policy.

The legal basis for this is Article 6(1)(f) GDPR.

Appendix 3

Individuals authorised to issue instructions

The following individuals are authorised to issue and receive instructions.

Philipp Großelfinger
Co-Founder PollUnit
philipp@pollunit.com

Markus Huber
Co-Founder PollUnit
markus@pollunit.com

Appendix 4

Data protection officer

In our team a data protection officer according to GDPR is not necessary. For information on data protection, we are available at support@pollunit.com.