How data are handled on Belenios?

Last update: October 17th, 2018 (version française)

On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect in the European Union. This regulation strengthens and unifies data protection for European citizens.

According to the GDPR, the Belenios platform and its developers are subcontractors of the election administrator, who is herself responsible for the data processing.

The Belenios platform processes the following personal data:

  • cookies. We use cookies to store your language preference (if you chose a different language than the default one), to store your consent w.r.t. cookies, and for session management. The purpose of the latter is to link the different requests of the voter during the voting phase. Once you have voted, all identifying information is discarded. In particular, we do not track voters or use cookies for statistical or marketing purposes.
  • email address. The email address (provided by the election administrator) is used only to send the voting material and the voting confirmation.
  • encrypted ballots. Encrypted ballots are public, any voter can see them. The Belenios voting system guarantees that it is not possible to link an encrypted ballot with the vote it contains, even after tally, provided that decryption key is never revealed. Depending on the election administrator choice, the decryption key may be stored on the Belenios server (degraded mode), or the decryption key is built in a distributed way among several authorities and is never reconstructed.
  • connection info and date of the vote. The voter list (voter email and date of the vote) is not public but is stored on the Belenios server.

The detailed description on the management of personal data on Belenios can be found in this document.

To exercise your rights related to the GDPR, please contact us.