GDPR statement

This documentation lists the personal data (any information relating to an identified or identifiable natural person) held and processed by Pebble. It specifies the data that is stored on-chain and off-chain (that is by the Pebble servers) at each phase of the election process, and the period for which it is held. The collected data is stored and processed for the exclusive purpose of the election.
  • Registration server
    • Required only for voters who are not already on the blockchain.
    • In order to proceed to the registration of voters, the Registration server needs to store the eligibility list which contains usernames, emails, public part of the voting credentials (the corresponding private part of the credential being generated by the voters themselves through the voting application are never shared with anyone else and is under the voter’s/participant’s responsibility), and random salts (that are used to anonymise the eligibility list through hashing).
    • This data will be backed up and kept for a period of 5 years. This is for usability purposes, allowing the users to participate in multiple elections without having to register multiple times.
    • Users can request their information be deleted at any time, in which case the record will be permanently deleted within 2 weeks from the date of request.
    • For each election, the registration server can be managed by the eligibility authority itself or by Pebble. In the former case, the voters will need to refer to the GDPR statement of the eligibility authority.
  • Admin server 
    • In order to organize an election the admin server will receive the following information from the election organizer authority: election data (dates and times of the election, title of the election, question of the election, possible options of the election) as well as the anonymised list of eligible public credentials .
    • Note that the link between the public part of the anonymous voter’s credential and the voter’s identity is not shared with the Admin server, it is anonymised.
    • The data held by the Admin server will be published on the Blockchain according to the E-cclesia protocol, and thus will be permanently public and accessible.
  • Voting server and Blockchain
    • Required only for voters who are not already on the blockchain.
    • The Voting server logs timings and IP address access for detecting any malicious activity
    • The Voting server receives anonymised encrypted ballots and forwards them to the Blockchain
    • After the end of the election, the Voting server receives anonymised plaintext ballots along with proofs of decryption from the voters who partake to the tallying, and forwards these to the Blockchain
    • No information on natural persons partaking to an election is ever published on the Blockchain
    • The public parts of voter credentials are published on the Blockchain but cannot be linked with the natural person nor the vote they are associated with, provided the voter does not reveal these links themselves.
    • All data published on the Blockchain can be accessed from outside the EU, but none of this data can be linked to the natural person associated with them.