Data Privacy Statement

This statement informs you of the types of personal data we obtain when you use our service and how we process them.
When using the platform, AO Kaspersky Lab, located at address: 39A/3 Leningradskoe Shosse, Moscow 125 212, Russian Federation ("Kaspersky", "Kaspersky Lab", "KL" or "we") is the data handler and can act as the data processor e. g. by providing the service to the customers and as the controller e. g. to perform the contract as set out in the Terms and the conditions for the Service or by providing you with information about our services or marketing information. The following information concerns on the one hand the data processing for which Kaspersky acts as the controller. On the other hand, it concerns information on data processing carried out by Kaspersky as a processor. With regard to the latter one, please refer to the specific sections below and, for further information, to the relevant data privacy statement of the according controller. If you have any questions regarding the processing of your personal information by Kaspersky as the data controller, please contact our Kaspersky Lab EU representative via e-mail or phone: Kaspersky Labs GmbH, Despag-Strasse 3, 85 055 Ingolstadt, Germany, info@kaspersky.de, +49 (0) 841 98 18 90
If you have any additional questions about Kaspersky Lab’s privacy practices or if you would like us to update information or preferences you provided to us as the data controller, please contact with our Data Protection Officer — click here.
Personal data relates to a natural person who can be identified from that data. Identification can be by the information alone or in conjunction with any other information. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
We use the personal data as the controller for the following purposes:
  • For the performance of the contract with you as a customer as set out in the Terms and the conditions for the Service.
  • Providing you with marketing and service information:
- Where you have consented to receiving marketing communications from us, we may use your email to send you targeted emails for marketing purposes.
- We send commercial e-mails to individuals at our client or other companies with whom we want to develop or maintain a business relationship in accordance with applicable marketing laws. You can easily withdraw your consent to our marketing messages by clicking the 'unsubscribe' link at the bottom of each marketing email.
  • To fulfill legal obligations according to applicable laws.
As a processor on behalf of your controller, we use the personal data for: providing a service, namely, voting.

We process the following categories of personal data:
We have obtained the personal data from the data subjects directly or – in case of processing as a processor on behalf of your controller - from the controller - service customer.
Our lawful basis for processing your general personal data:
  • Consent of the data subject.
  • Processing necessary for the performance of a contract.
  • Processing necessary for compliance with a legal obligation.
  • Processing for the purposes of the legitimate interests. In these cases, our legitimate interests lie in providing you with a service.
We may disclose your personal data as follows:
  • Private bodies: Private bodies to which we transfer your personal data on the basis of a legal provision or your consent, e.g. to other legal entities within the Kaspersky Group with strict access policy rights, or our partners to provide you marketing and service information (see the Marketing section).
  • Processors: Service providers which we use for the provision of certain services e.g. providers of IT services. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose.
  • Public bodies: Authorities and state institutions, such as public prosecutors' offices, courts or tax authorities, to which we may have to transmit personal data in individual cases.
The personal data will be treated as strictly confidential and will only be shared with Service Providers that provide us with IT and system administration services
The personal data provided by users to Kaspersky Lab can be processed in countries outside the European Union (EU) or the European Economic Area (EEA) which have not been deemed to have an adequate level of data protection by the European Commission, in particular in Russia.
Kaspersky Lab has taken appropriate security measures to protect your personal data in accordance with security and privacy best practices, including, utilizing the European Commission's Standard Contractual Clauses for transfers of personal information between its group companies (you can find these standard contract clauses at the following link), which requires all group companies to protect personal information being processed from the EEA to an equivalent standard to that required under EU data protection law. Where we share your personal data with a third party service provider outside of the European Economic Area and Switzerland (as detailed in the section entitled “Sharing your information”), we contractually oblige the third party service provider to implement adequate safeguards to protect your information.
We store the personal data
We do not use automated decision making at Polys Online Voting System.
Also, we inform that you have certain rights regarding your personal data we process as controller:
  • Right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data, and your rights.
  • Right of access. You have the right to receive information about the personal data pertaining to you that we process. how we use your personal data. In addition, you can request to receive a copy of the Personal Data we process about you.
  • Right to rectification. You have the right to request correction of inaccurate personal data that we process about you. Furthermore, you may demand that incomplete data will be completed.
  • Right to erasure (Right to be forgotten). In certain cases, you are entitled to demand us to delete or remove your personal data.
  • Right of restriction of processing. In certain cases, you are entitled to demand us to suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it.
  • Right to data portability. If you have made the data available to us based on a contract or consent, you are entitled to request the transfer of your personal data. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
  • Right to object.
- Individual right to object
You may object at any time to our processing of your personal data when such processing is based on our legitimate interests for reasons arising from your particular situation. We will then no longer process such personal data for those purposes, unless we can provide compelling protected reasons for such processing that outweigh your interests, rights and freedoms, or the processing is necessary for the assertion of, exercise of, or defence against any legal claims.
- Objection to data processing for the purpose of direct marketing
If we process your personal data for the purpose of direct marketing or if the objection is directed against direct marketing, you have the right to object at any time to the processing of personal data concerning you for these purposes. If you object to the processing for direct marketing purposes your personal data will no longer be processed for these purposes.
  • Right to withdraw your consent. You have the right to withdraw your consent to the processing of your personal data. Your withdrawal of consent shall not affect the validity of any activity processing of your personal data already carried out before the withdrawal of your consent.
  • Right to complain. If you believe that the processing of the personal data concerning you is illegal, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your workplace, or at the location of the alleged breach.
If you wish to exercise these rights, you may at any time directly contact our Data Protection Officer - click here.