Who we are?
Valimisrakendus is a voting application for Estonian elections. Valimisrakendus is developed by Cybernetica AS under the contract with Estonian Information System Authority (RIA) and Estonian State Electoral Office (RVT). You can reach Cybernetica AS via e-mail: info[a]cyber.ee. You can reach Estonian Information System Authority Office via e-mail: ria[a]ria.ee. You can reach Estonian State Electoral Office via e-mail: info[a]valimised.ee.
This Privacy Notice describes the types of information RVT collect or receive when you use Valimisrakendus, and how RVT use that information.
We also tell you how you can reach us to ask us to (i) access, change or not use the personal information you have provided to us, (ii) withdraw any consent you previously provided to us, and (iii) answer any questions you may have about our privacy practices.
What personal data do we process?
Valimisrakendus application is designed to cast a vote in Estonian state elections by voters. The application is part of a larger online voting platform which is designed to make it possible to hold elections and find out the voting result in the context of ballot secrecy.
The Valimisrakendus processes the personal data that is essential for voting in elections with electronic voting.
Following data is processed for all users who attempt to vote with the application:
- Personal code of the user - entered by the user and transferred to the back-end for authentication;
- Phone number of the user - entered by the user and transferred to the back-end for authentication;
- The corresponding name for the personal code - retrieved from the back-end as a result of the authentication;
- The fact whether the voter is eligible, or not - retrieved from the back-end as a result of the authentication;
- The IP-address of the voter's device.
Following data is processed for users who after successful authentication turn out to be eligible voters:
- The electoral district where the voter is eligible - retrieved from the back-end as a result of the authentication;
- Voter's plain-text choice from the candidate list - entered by the user and encrypted/digitally signed by the application;
- Encrypted and digitally signed ballot - created in the application and transferred to the back-end in vote-casting process.
In the context of ballot secrecy, the following is emphasised: although the Valimisrakendus has access to personal code of the voter and the plain-text choice, this information is not transferred outside the user's device. Voter's choice is transferred to the back-end in the form of encrypted and digitally signed ballot that can be processed in the voter privacy preserving manner.
How do we store and disclose the data?
Valimisrakendus respects voter privacy. For this reason, we only process the information required to cast your vote. We store your i-vote in encrypted way in the online voting system. We do not disclose the data that we process to any third parties. With the technical solutions the platform data is secure against unauthorised access, change, disclosure, removal and corruption.
How do we secure the data?
- All data is considered as confidential;
- Using only encrypted connection TLS;
- Using cryptographic electronic voting protocol for secure vote confidentiality;
- Restricting access to personal data, giving access only for people who needs the info to process the data and who are subject to contractual confidentiality obligations;
- Personal data is secured with necessary IT technical and organisational protective measures.
How can the user opt-out?
Valimisrakendus is one of the possible applications to cast an online vote. Voters can choose to use other online voting applications to participate in the online voting. Other online voting applications are available on desktop/laptop platforms. Voter can also go to the polling station to cast a paper vote.
What are your rights?
You as data subject have the following rights:
- Right to access – you can ask information, whether you personal data is processed. If your personal data is processed, you can ask further information;
- Right to rectification - you have the right to rectification and/or completion of your personal data if the processed personal data concerning you is not correct or complete;
- Right to erasure – in specific cases, you have the right to erasure of your personal data. According to the personal data legislation, that right may be restricted;
- Right to restriction of processing - you may request that the processing of your personal data will be restricted;
- Right to portability - you have the right to receive the personal data that you have provided;
- Right to object automated decision making – if automated decisions are made, you have the right to object automated decision regarding you.
If you have any complaints regarding processing of your personal data, please contact Estonian State Electoral Office.
In case you find that the processing of your personal data violates your rights, you can submit complaint to the supervisory authority (Estonian Data Protection Inspectorate (39 Tatari St., 10134 Tallinn, telephone (from abroad add +372) 627 4135, e-mail info[a]aki.ee)) or submit claim to the administrative court.
In case of questions please contact Estonian State Electoral Office via e-mail: info[a]valimised.ee.
Address: Mäealuse 2/1, 12618 Tallinn, Estonia
Estonian Information System Authority (RIA)
Address: Pärnu maantee 139a, 15169 Tallinn, Estonia
Estonian State Electoral Office (RVT)
Address: Lossi plats 1a, 15165 Tallinn, Estonia
- November 2022