How ELIGO Respects Privacy

GDPR compliance in ELIGO's electronic and online voting.

What DPO says about Privacy in electronic and online voting


ISO Certification Logo

Quality of service

UNI EN ISO 9001:2015 (TÜV SÜD No. 50 100 16349)

ISO Certification Logo

Quality of cloud solution

ISO/IEC 27018:2019, ISO/IEC 27001:2013, ISO/IEC 27017:2015

CISPE Certification Logo

Ethicality about data management

We use data responsibly, consciously and ethically
ISO Certification Logo

Quality of information management

ISO 27001 certification attests to the robustness of the system with regard to information security

Data ownership

The client always remains the rightful owner of the data.

ELIGO eVoting, a brand of ID Technology ltd, takes on the task of external data processing manager through appropriate communication. The processing will take place only and exclusively for the contractually provided period and for the sole purpose of the activities regarding online voting.

In any case:

  • data will never be exposed in the clear
  • data will never be duplicated or transferred to third parties
  • data will never be transferred out of Italy


You can request further information from our Data Protection Officer at to receive the relevant documentation.

Appointment and disclosures

Signing up for any ELIGO plan requires an appropriate act of appointment as a Data Processor.

We follow a standard format compliance with new European directives following the Shrems II ruling.

The ELIGO system provides its own privacy policy, general conditions of use and cookie policy on all systems.

We give free advice on drafting specific disclosures and in general on all privacy issues.

What data we handle

For online voting service delivery, the ELIGO system works with a centralized voter registry.
The principle of minimization in Art.5 of Regulation 2016/679 is respected , using only the data that are indispensable for the proper functioning of the system.
The data in it usually consists of First Name, Last Name, Email, Mobile Phone (SMS Sending for Strong Authentication) but may also include Tax Code, or unique codes associated with individual voters.

How the data are used

The data is managed in ELIGO only and exclusively for the electronic voting needs of the entity itself and the proper functioning of the platform (secure user identification or technical cookies). In any case, the data will never be used for any other purpose.

How the data are sent

For fulloutsourcing services, the sending of data usually takes place via PEC to keep track of each operation. Voter and voter registration records are sent after validation of the client, by the Electoral Commission or whoever.

In the case of using the service in self-use, the data are uploaded, via simple excel file, directly by the customer himself within the system in the area reserved for him.

How the data is protected

Internal procedures, which are secure and tracked throughout the system, ensure that data is processed only by designated personnel. 256-bit encryption systems are implemented when the system is loaded. Dual-key encryption functionality can be implemented with delivery of one of the keys to the client for an additional level of security.

Data deletion

The data remain on our systems for a period of 30 days from the end of voting. A longer period of stay can be requested if necessary, but always in accordance with applicable laws. At the end of this period the data are permanently deleted from all our systems and the customer is notified of the deletion.