DPA - Annex 1
Categories of Personal Data, Data Subjects, and Retention Periods
Last updated: February 18, 2026
Purpose of processing:
Provision of Easy Poll as Software-as-a-Service (SaaS).
1. Type of personal data processed:
The Provider processes the following personal data on behalf of the Customer and in accordance with the Customer's instructions:
- Content and user data: (a) User's name, (b) E-Mail address, (c) Company name, (d) Poll data including information in free text fields provided by the user, (e) User Vote including information in free text fields provided by the user.
Personal data processed by the Provider as a controller (e.g. for authentication, security, billing or contract management) is not subject to this DPA and is described separately in the Privacy Policy.
2. Categories of data subjects:
- Employees of the client organizations who use the software
- Clients or Contractors of the controller (organizations using the software)
- Third parties whose data is processed within the software, on behalf of the controller
3. Retention periods:
- Content and user data: are deleted in accordance with the default retention periods, or earlier upon the customer's request, unless legal retention obligations require otherwise. The default retention periods are:
a. Unused Poll Drafts. Poll drafts that have not been modified or published within six (6) months from their last edit date will be automatically and permanently deleted from our systems.
b. Old Polls. Polls that have not been used or modified within twenty-four (24) months from their creation or last edit date (whichever is later) will be automatically and permanently deleted from our systems.
c. Old Templates. Templates that have not been used or modified within twenty-four (24) months from their creation or last use date (whichever is later) will be automatically and permanently deleted from our systems.
d. User Accounts. User accounts that have been inactive for sixty (60) months will be automatically and permanently deleted from our systems. Inactive accounts are those that have not logged in or performed any actions within the software during this period.
- Residual data fragments that may remain in system databases or backups are automatically overwritten or deleted in the ordinary course of business after last read access, as defined in the terms and conditions. The Controller remains solely responsible for deleting any remaining references or links to the Personal Data within its own systems.