SimpleVote

Legal

Data Processing Agreement

SIMPLEVOTE LTD (Company No. 17251484), registered in England and Wales · Last updated 2026-06-04 · admin@simplevote.org

This Data Processing Agreement ("DPA") forms part of the agreement between your organisation ("Controller") and SIMPLEVOTE LTD (Company No. 17251484), registered in England and Wales ("Processor", "SimpleVote") when you use SimpleVote to process personal data on behalf of your organisation.

1. Scope and roles

The Controller determines the purposes and means of processing voter and election personal data. SimpleVote processes that data only on documented instructions from the Controller, including via the dashboard, API actions, and these terms.

2. Subject matter and duration

  • Subject matter: hosting and operating electronic elections, including voter invitations, anonymous voting, and results publication.
  • Duration: for the term of the Controller's use of SimpleVote and until deletion or return of data as described in sections 6 and 7.

3. Categories of data, data subjects, and special category data

  • Data subjects: voters, candidates, and nominated individuals named in election configuration.
  • Personal data: names, email addresses, candidate bios and photos where provided, and operational metadata necessary to run the election.

Special category data (Article 9 UK GDPR): The platform does not require special category data. However, elections run by political parties, trade unions, or similar bodies may involve processing that reveals political opinions, trade union membership, or other special category information in invite lists, candidate materials, or ballot content. The Controller warrants that it has identified a valid Article 9 condition (and related transparency obligations) before uploading or configuring such data. SimpleVote processes it only on the Controller's instructions and does not use it for its own purposes. See also the Privacy Policy (special category section).

4. Processor obligations

SimpleVote shall:

  • Process personal data only on documented Controller instructions
  • Ensure personnel with access are bound by confidentiality obligations
  • Implement appropriate technical and organisational security measures
  • Assist the Controller with data subject rights as set out in section 5
  • Notify the Controller without undue delay after becoming aware of a personal data breach
  • Delete or return personal data as set out in sections 6 and 7
  • Make available information necessary to demonstrate compliance with this DPA, including audit records described in section 7

5. Data subject rights and subject access requests (SARs)

The Controller is responsible for responding to requests from data subjects (access, rectification, erasure, restriction, objection, and portability) relating to election and voter data. SimpleVote will assist the Controller where feasible and as required by UK GDPR Article 28(3)(e).

How to request assistance

  • Email admin@simplevote.org with the data subject's request (or a redacted copy), the election title or ID, and the action required (e.g. export, correct invitee details, confirm deletion).
  • Organisation Admins may use Download organisation data on the Account page to obtain JSON metadata about the organisation, members, and elections (not voter rankings tied to identity).

Timelines

SimpleVote will respond to documented Controller instructions within 30 days of receipt, unless a longer period is agreed or UK law requires otherwise. Urgent requests relating to an active election should be marked as such in the subject line.

Limits of assistance

  • After a ballot is cast, SimpleVote does not store rankings linked to a voter's email or name. We cannot retrieve "how person X voted" for the Controller or a data subject.
  • We can assist with invitee list corrections or deletions before or after voting, subject to election integrity rules (e.g. no deletion that would deanonymise cast ballots).
  • Published Scottish STV results and anonymised vote records may be retained for mathematical and audit integrity even after invitee contact details are deleted.

6. Deletion, return, and retention

Scheduled deletion (voter invitees)

  • Voter invitee contact details (names and emails) are deleted 30 days after results are published, automatically where the platform scheduler is enabled.
  • Anonymised voting records and Scottish STV results may be retained for audit and mathematical integrity.

Controller-initiated deletion

The Controller may delete draft elections, remove voters before voting opens, and request early deletion of invitee data by contacting admin@simplevote.org. We will confirm what was deleted and what anonymised records remain.

End of service

  • Before account or organisation closure, the Controller should export available data from the dashboard or request an export from SimpleVote.
  • On termination, SimpleVote will delete or return personal data within 30 days of confirmed instructions, except where law requires retention or anonymised integrity records must remain.

ERO account deletion

Individual users may delete their own SimpleVote login via Account settings. That process is separate from voter list deletion and is described in the Privacy Policy.

7. Audit records and demonstrability

SimpleVote maintains records to help Controllers demonstrate who did what on the platform, and to support security investigations. These records are operational; they are not cryptographic proof of Scottish STV arithmetic (results are also stored as published round-by-round snapshots).

Election audit log

  • Append-only election audit logs record ERO and Admin actions (for example: voters registered, voting opened, results calculated, results published). EROs can view these in the election dashboard.
  • Application and database controls aim to prevent alteration or deletion of audit rows by org users.
  • Audit entries identify the actor by account email where applicable; they do not log individual voter rankings or choices.

Security audit log

  • Separate security audit logs record authentication events (for example login success and failure, password change, account deletion) for platform security.

Secret ballot integrity

Cast ballots are stored without voter email or name on the vote row (anonymous voting in practice). This underpins both voter privacy and the limits in section 5 on vote-level subject access.

Information on request

The Controller may request a summary of processing activities relevant to its organisation, subprocessor use, and retention by contacting admin@simplevote.org. Formal audits or questionnaires may be supported on a reasonable-efforts basis for Pro and Enterprise customers.

8. Subprocessors

The Controller authorises SimpleVote to use subprocessors listed at /legal/subprocessors. We will provide at least 30 days' notice of material subprocessor changes by email to organisation Admins where practicable.

9. International transfers

Core platform processing uses UK and EU regions (London and Ireland) as listed at /legal/subprocessors. Where subprocessors process data outside the UK, appropriate safeguards (including Standard Contractual Clauses and, where applicable, the UK–US Data Bridge) apply as described on that list.

10. Controller obligations

The Controller warrants that:

  • It has a lawful basis (and, where relevant, a valid Article 9 condition) to upload and process voter and candidate personal data, including any special category data
  • Instructions to SimpleVote comply with applicable data protection law
  • It has authority to accept this DPA on behalf of the organisation
  • It will inform data subjects appropriately (privacy notices, union rules, or membership terms) before processing

11. Contact

Processor contact for DPA, SAR assistance, and deletion requests: admin@simplevote.org