V

Vote.Deals

Swiss Platform

Data Protection Policy

Last Updated: September 2025

Quick Summary

We are committed to protecting your personal data in compliance with GDPR and other applicable data protection laws. You have comprehensive rights over your data, and we implement strong security measures to protect it.

1. Data Controller Information

  • Controller: Vote.Deals
  • Data Protection Officer: privacy@votedeals.com
  • Address: [Your Business Address]
  • Phone: [Your Contact Number]

2. Legal Basis for Processing

Consent

We process personal data based on your explicit consent for:

  • • Marketing communications
  • • Analytics and tracking
  • • Non-essential cookies
  • • Third-party data sharing

Contract Performance

We process personal data to fulfill our contractual obligations:

  • • Account creation and management
  • • Service delivery
  • • Payment processing
  • • Customer support

Legitimate Interest

We process personal data based on legitimate interests:

  • • Platform security and fraud prevention
  • • Service improvement and analytics
  • • Legal compliance
  • • Business operations

Legal Obligation

We process personal data to comply with legal requirements:

  • • Tax and financial reporting
  • • Law enforcement requests
  • • Regulatory compliance
  • • Legal proceedings

3. Your Rights (GDPR)

Right of Access (Article 15)

You have the right to:

  • • Obtain confirmation of data processing
  • • Access your personal data
  • • Receive information about processing purposes
  • • Know data retention periods
  • • Understand data sharing practices

How to Exercise: Contact privacy@votedeals.com

Right to Rectification (Article 16)

You have the right to:

  • • Correct inaccurate personal data
  • • Complete incomplete personal data
  • • Update outdated information

How to Exercise: Update your account settings or contact us

Right to Erasure (Article 17)

You have the right to request deletion when:

  • • Data is no longer necessary
  • • Consent is withdrawn
  • • Data was unlawfully processed
  • • Legal obligations are fulfilled

Note: We may retain data for legal compliance or legitimate interests

Right to Data Portability (Article 20)

You have the right to:

  • • Receive your data in a structured format
  • • Transfer data to another controller
  • • Have data transmitted directly

Format: JSON or CSV format

Right to Object (Article 21)

You have the right to object to processing based on:

  • • Legitimate interests
  • • Public interest
  • • Direct marketing
  • • Profiling

Right to Restrict Processing (Article 18)

You have the right to restrict processing when:

  • • Data accuracy is contested
  • • Processing is unlawful
  • • Data is no longer needed
  • • You object to processing

4. Data Security Measures

Technical Safeguards

  • • Encryption: All data encrypted in transit and at rest
  • • Access Controls: Role-based access with least privilege
  • • Network Security: Firewalls, intrusion detection, monitoring
  • • Regular Updates: Security patches and system updates

Organizational Safeguards

  • • Staff Training: Regular data protection training
  • • Access Policies: Strict access control policies
  • • Incident Response: Data breach response procedures
  • • Regular Audits: Security and compliance audits

Physical Safeguards

  • • Secure Facilities: Access-controlled data centers
  • • Device Security: Encrypted devices and secure disposal
  • • Document Security: Secure storage and destruction
  • • Visitor Controls: Restricted access to sensitive areas

5. Data Breach Response

Detection and Assessment

  • • Monitoring: Continuous security monitoring
  • • Incident Response: 24/7 incident response team
  • • Assessment: Risk assessment within 24 hours
  • • Documentation: Detailed incident documentation

Notification Requirements

  • • Supervisory Authority: Within 72 hours of discovery
  • • Data Subjects: Without undue delay if high risk
  • • Internal: Immediate notification to management
  • • External: As required by law

Response Actions

  • • Containment: Immediate threat containment
  • • Investigation: Thorough incident investigation
  • • Remediation: Fix vulnerabilities and improve security
  • • Recovery: Restore normal operations securely

6. Data Retention and Deletion

Retention Principles

  • • Purpose Limitation: Data kept only as long as necessary
  • • Storage Limitation: Minimal retention periods
  • • Regular Reviews: Annual retention reviews
  • • Secure Deletion: Permanent data destruction

Retention Periods

  • • Account Data: 3 years after account closure
  • • Transaction Data: 7 years for legal compliance
  • • Analytics Data: 2 years in anonymized form
  • • Marketing Data: Until consent withdrawn

7. Contact Information

Data Protection Officer

Email: privacy@vote.deals

Supervisory Authority

Name: Swiss Federal Data Protection and Information Commissioner (FDPIC)

Website: https://www.edoeb.admin.ch

This Data Protection Policy is effective as of September 2025 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.