For EU:

ePrivacy GmbH, represented by Prof. Dr. Christoph Bauer
Große Bleichen 21
20354 Hamburg

Opinary’s Privacy Policy in English

Opinary Datenschutzrichtlinie

Berliner Beauftragter für Datenschutz und Informationsfreiheit

(Berlin Commissioner for Data Protection and Freedom of Information)

Friedrichstr. 219
10969 Berlin

Opinary currently operates two service domains:

• pressekompass.net

• opinary.com

• JavaScript
• API

Interested in how we deal with cookies? Please read our Cookie Policy here.

Yes. Persistent cookies can remain on the user’s device for between 60-90 days; session cookies only last for one browser session. 

The cookies stored allow us to summarize voting results in a statistically meaningful way and to optimize our service and the information presented in the interests of the user.

For more information on how we use cookies, please see our Cookie Policy.

The Cookies will collect and/or hold the following categories of data:

• IP address

• User-provided data

• Users’ profiles

• Device characteristics

• Privacy choices

• Device identifiers

• Browsing and interaction data

For more information on how we use cookies, please see our Cookie Policy.

The Opinary tool gathers the following user data:

• Cookie IDs

• IP address

• “Privacy by design” and “Privacy by default” is ensured at Affinity Global GmbH (Opinary) through processes and procedures at the first design level. This means that before the actual implementation of new features, the impact on the user is measured using the seven principles of the “Privacy by design” concept and, in case of doubt, the DPO is consulted. In addition, no new feature may conflict with the technical and organisational measures in place here, nor may it have a negative impact on them. Responsible for compliance here are: CTO/CIO, development team and, in the case of far-reaching decisions, the management.

• Only user data that is operationally necessary for the execution of the Affinity Global GmbH service is collected and stored. This service includes the analysis and measurement of user click behavior to ensure the improvement and relevance of our offer, as well as the need to ensure the accuracy of aggregates and projections of our user surveys.

When a poll is accessed for the first time, the following steps occur:

• (In EU only) We verify compliance with the TCF v2.0 standard to ensure adequate consent.

• A unique cookie ID is generated and stored in the LocalStorage.

This randomly generated cookie ID remains valid exclusively for this specific user on this specific publisher.

Domain: Home
Key: u
Example: v1-5fda11ab-8e5df56211766e20

During the voting process, the following steps are taken:

• The vote of the user is stored in the LocalStorage.

This action is essential for presenting the user with their previous voting choice when they revisit the poll, enabling them to modify their selection if needed.

From a technical perspective, the process appears as follows:
Domain: Home
Key: /compasses/[CLIENT]/[POLLID]-_opinary_vote
Example: {“x”:0.43,”y”:-0.30,”slice”:7,”customer”:”[CLIENT]”}

• Additionally, we transmit the vote to our servers.

This step is essential for the accurate counting of votes and the presentation of aggregated statistics.

Furthermore, the user ID mentioned earlier is also transmitted. As customary with every HTTP request, the IP address is included.

Both pieces of information are indispensable for maintaining the accuracy of our polls’ aggregations and projections.

The typical duration for retaining personal data spans 90 days, with automated processes in place to ensure automatic deletion and minimize the retention of unused data.

Opinary ensures the protection of personal data with technical and organizational measures (TOM). These include access control, access control, separation control and pseudonymization.

In addition, technical measures are implemented to render information unrecognizable, i.e. IP addresses are shortened (for ipv4 addresses, the last character block is removed. For ipv6 addresses, the last 3 blocks are removed) and user agents are extracted so that only browser and OS versions remain. Cookie IDs are pseudonomized by distinguishing between internal and external IDs, which are only connected by an internal random mapping. Upon deletion and blocking, the internal mapping is deleted, making the connection between IDs unrecognizable and unreproducible.

Opinary holds the ePrivacyseal* data protection seal of approval, which is awarded by ePrivacy GmbH following an in-depth technical and legal audit of a company’s online and mobile offerings. The certification covers the requirements of the Datenschutz-Grundverordnung (DSGVO /GDPR) for digital products. 

*It is not an accredited certification procedure in the sense of Art. 42 DSGVO, but a recognized data protection law firm. More at eprivacy.eu.

ePrivacy GmbH is not (yet) an approved certification body within the meaning of Article 42 (5) of the GDPR, as official approval as a certification body is currently not possible (the relevant procedures on the part of the authorities are not available).

(More information here.)

Currently, we utilize Google Cloud Platform and Xandr Inc. as our sub-services.

All personal data passing through Google Cloud Platform is processed via servers in the EU (Frankfurt). 

(A detailed overview can be found here.)

​

Yes, EU Model Contract Clauses are routinely established with all subcontractors. You can read more about this on Google here.

Personal data routed through Google is processed within the EU.

Xandr Inc. may handle data outside the EU, but does so in accordance with GDPR regulations.

Yes. Opinary’s Data at rest is encrypted by default.

Our cloud provider handles encryption at the infrastructure level, while data encryption at the storage level is implemented using AES256.

The encryption keys are managed by Google Cloud Platform and only Opinary has access to them.

Vote coordinates describe the position of a vote on a poll.

Here are example values:

{“x”:0.028755399078248516,”y”:-0.5413648733508446},

Vote coordinates are part of our vote cookie ([poll-url]-_opinary_vote). However, they do not describe personal data.

No, Opinary does not share tracking insights with third parties.

Yes.

Yes, all employees are trained to be aware of possible security issues.

Opinary has a SDLC policy and we perform SAST testing.

DAST testing is not performed by us.

Our third-party vendors do not have access to crucial data. Due to this, they are not required to sign an NDA.

Examples for 3rd party vendors are Xandr and Google Cloud.

Yes. We assess all our vendors thoroughly.

Vendors do not have any network access to our organization.

Yes. We use cookies to track activity within polls.

For more information on how we use cookies, please see our Cookie Policy.

SAST testing is conducted whenever code is checked in or during a code release. This process is integrated with our CI/CD environment.

All events (votes, impressions, etc.) are processed and stored in the EU (via Google Cloud).

Non-personalized data (settings, poll questions, images, etc) are available globally to speed up response times.

No. All data remains with Opinary.

Technology Usage Information

• Advertisement Interaction Data: Advertising is disabled for NBCU, therefore clickdata is not collected.

• IP Address for Geolocation: We process the IP address for technical reasons, but anonymize it before storing.

• Unique identifiers and cookies (E.g., MAID): Unique identifiers and cookies:

• Usage data (e.g. Browsing or Search history, clickstream, browsing time, gameplay): We solely retain users’ votes. Usage data beyond our polls is not gathered by our platform.

We do not process user account information for distributing our product. This includes:

• Account credentials (username, password, security questions)

• Marketing preferences

• Membership information

• Unique customer/user ID

• Unique device identifiers

No. We do not combine data retrieved from polls with any other data.