GDPR

Electobox processes personal data in connection with voter lists, authentication, and election administration. This page outlines how privacy-by-design in the product relates to EU data protection law. It is not legal advice; confirm obligations with your Data Protection Officer or counsel.

Lawful basis and data minimisation

Controllers must identify an appropriate lawful basis for processing and limit collection to what is necessary to run the election. Ballot contents should be encrypted at the earliest point practicable; after anonymisation, ballot data should no longer be linkable to identifiable voters.

Rights and retention

Plan how you will respond to data subject rights requests and how long you retain logs, voter metadata, and exports. Retention should be driven by statutory requirements and your documented policy, not by default indefinite storage.

Sub-processors and transfers

If Electobox or related infrastructure acts as a processor, ensure contracts and transfer mechanisms (e.g. Standard Contractual Clauses) match your deployment and jurisdiction.

Lawful basis and data minimisation​

Rights and retention​

Sub-processors and transfers​

Lawful basis and data minimisation

Rights and retention

Sub-processors and transfers