1. Data Controller
The data controller of your personal data is poll4all.org.
Contact for privacy matters: contact@poll4all.org
2. Categories of Data Collected
2.1 Account Registration
When you create an account, we collect: first name, last name (optional), email address, username (required for commenting and participating in polls), and registration date and time.
2.2 Form Submissions (Contact Forms)
When you submit a contact form, we collect: first name and last name (optional), email address, message content, and submission timestamp.
2.3 Poll Votes
When you vote in a poll, we collect: user’s IP address (hashed for duplicate prevention) OR unique session identifier (cookie-based), poll ID and selected answer(s), timestamp of vote, and user agent (browser/device information).
2.4 Comments
When you post a comment, we collect: comment content, date and time of publication, user’s IP address, and username (if logged in).
2.5 Cookies and Similar Technologies
We use: session identifiers, language preferences, poll voting tokens (to prevent duplicate votes), security tokens (CSRF protection), and analytics cookies (with user consent).
3. Purposes and Legal Bases for Processing
User account management, voting, commenting: We process this data to provide our services based on performance of a contract for electronic services under Article 6(1)(b) GDPR.
Handling contact form inquiries: We process this data to comply with legal obligations under Article 6(1)(c) GDPR.
Preventing duplicate votes in polls: We process this data based on our legitimate interests in maintaining poll integrity under Article 6(1)(f) GDPR.
Site security, abuse detection, spam prevention: We process this data based on our legitimate interests under Article 6(1)(f) GDPR.
Traffic analytics (Google Analytics with anonymized IP): We process this data based on your consent under Article 6(1)(a) GDPR.
Aggregated poll statistics and reporting: We process this data based on our legitimate interests under Article 6(1)(f) GDPR.
4. Poll Voting Mechanism & Duplicate Prevention
To ensure poll integrity and prevent multiple votes from the same user, we employ the following methods:
IP address hashing: Your IP address is hashed (one-way encryption) and stored temporarily to detect duplicate votes. The original IP is not stored permanently.
Persistent voting cookies: A cookie is placed in your browser containing a unique identifier and a list of poll IDs you have voted in. This cookie is valid for 30 days from the vote.
Logged-in user tracking: If you are logged in, your votes are associated with your account to prevent duplicates.
Data collected for this purpose: Hashed IP address OR cookie-based session identifier, poll ID(s) you have voted in, and vote timestamp.
This data is used solely to maintain poll integrity and is not shared with third parties.
5. Public Display of Poll Results
Poll results (vote counts, percentages, charts) are publicly visible to all visitors. Individual votes are NOT publicly displayed – only aggregated statistics. Results may be included in reports, blog posts, or shared on social media. No personally identifiable information (name, email, IP) is shown in poll results.
6. Data Retention Periods
Account data and comments: We retain this data until you delete your account OR we remove it for Terms of Service violations.
Form submissions (contact inquiries): We retain this data for up to 2 years after last contact, unless you request earlier deletion.
Poll votes (aggregated): We retain aggregated vote data indefinitely for statistical purposes.
IP addresses/identifiers for duplicate prevention: We retain this data for 30 days after your vote, then it is anonymized.
Session cookies: These expire when your browser session ends.
Persistent cookies (voting, preferences): These are valid for up to 1 year from placement.
Analytics data (Google Analytics): Google retains this data for 26 months (Google’s default retention period).
After retention periods expire, IP addresses and identifiers are permanently deleted, making votes fully anonymous.
7. Data Sharing
7.1 Service Providers (Subprocessors)
We share data with trusted third-party providers only to the extent necessary to deliver the service: hosting providers (server infrastructure), email services (for account notifications, contact form responses), CDNs (content delivery networks for faster page loading), and analytics providers (Google Analytics – only with user consent).
All subprocessors are required to comply with GDPR and process data only according to our instructions.
7.2 Law Enforcement
We may disclose data upon receipt of a valid legal request (court order, subpoena) as required by law.
7.3 International Data Transfers
We do not transfer data to countries outside the EU/EEA unless the provider ensures adequate protection (e.g., EU-U.S. Data Privacy Framework, Standard Contractual Clauses).
7.4 No Sale of Data
We do NOT sell, rent, or trade your personal data to third parties for marketing purposes.
8. User Rights Under GDPR
You have the right to:
Access your data: Request a copy of all personal data we hold about you.
Rectify your data: Correct inaccurate or incomplete information.
Erase your data (“right to be forgotten”): Request deletion of your account and associated data. Please note: Individual poll votes cannot be deleted after submission as they become part of aggregated, anonymous statistics. However, your IP address/identifier will be removed after the 30-day retention period.
Restrict processing: Limit how we use your data in certain circumstances.
Data portability: Receive your data in a machine-readable format (JSON/CSV). Poll votes can be provided as: poll_id, answer, timestamp without identifiers.
Object to processing: Object to data processing based on legitimate interests (e.g., analytics).
Withdraw consent: Withdraw consent for analytics cookies at any time without affecting processing lawfully carried out before withdrawal.
How to Exercise Your Rights:
Contact us at: privacy@poll4all.org
We will respond within 30 days as required by GDPR (Article 12).
Right to Lodge a Complaint:
If you believe we have violated your data protection rights, you may lodge a complaint with your national data protection authority (in Poland: UODO at uodo.gov.pl).
9. Cookies and Similar Technologies
This site uses the following types of cookies:
9.1 Essential Cookies (No Consent Required)
Session cookies are used for login, session management, and security (CSRF protection). Poll voting cookies are used to prevent duplicate votes and contain a unique identifier and poll IDs voted in, valid for 30 days. These cookies are strictly necessary for the site to function and cannot be disabled.
9.2 Functional Cookies (No Consent Required)
Language preference cookies remember your selected language and are valid for 1 year.
9.3 Analytics Cookies (Consent Required)
Google Analytics (with anonymized IP) tracks page views, bounce rate, and traffic sources. Data collected includes: anonymized IP, pages visited, time on site, and device type. These cookies are valid for 26 months. You can opt out via our cookie banner or browser settings.
Cookie Management:
You can manage or delete cookies in your browser settings:
Chrome: Settings > Privacy and security > Cookies
Firefox: Settings > Privacy & Security > Cookies
Safari: Preferences > Privacy > Cookies
Please note: Disabling essential cookies may prevent you from voting in polls or commenting.
10. Poll Analytics (Aggregated Data)
We collect anonymous, aggregated statistics about poll performance: number of views per poll, vote completion rates, time spent on poll pages, and geographic distribution of voters (country-level only, via IP geolocation).
This data cannot identify individual users and is used to improve poll quality and user experience.
11. Security Measures
We implement industry-standard security measures to protect your data:
HTTPS encryption (SSL/TLS) for all data transmissions, password hashing (bcrypt/Argon2) – we never store plain-text passwords, CSRF protection for forms, rate limiting to prevent brute-force attacks, and regular security updates and vulnerability scanning.
However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
12. Children’s Privacy
This site is not intended for children under 16 (or under 13 in some jurisdictions). We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us immediately at contact@poll4all.org, and we will delete it.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with a new “Last updated” date. We encourage you to review this policy periodically.
For material changes (e.g., new data uses, third-party sharing), we will notify registered users via email.
