Privacy Policy

Elections to the 39th World Zionist Congress (United Kingdom – 2025)

Version 1.0 – Effective April 2025

  1. Introduction
    This Privacy Policy outlines how personal data is collected, processed, stored, and deleted during the voter registration and online voting process for the 2025 United Kingdom Election to the 39th World Zionist Congress (WZC). This election is conducted under the auspices of the Zionist Federation UK (ZF UK), which acts as the data controller in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.

  2. Data Controller
  • Controller: Zionists UK Ltd (operating under the working name Zionist Federation UK)
  • Company Number 16362332,
  • Registered address: C/O Smb Llp, 87-91 Newman Street, London W1T 3EY,
  • Email: chair@zionist.org.uk
  • www.zionist-federation.uk

    Data Protection Officer (DPO):
    Mr. Shlomi Ashkenazi, appointed by the Executive Director Chair of the ZF UK, serves as the Data Protection Officer.

  • Function: Ensures lawful and ethical processing of personal data, handles complaints and requests, and serves as the contact for supervisory authorities.

    Role and Responsibilities of the DPO:
    The DPO plays a crucial role in ensuring that the organization processes personal data in compliance with applicable data protection laws. The responsibilities include:
  • Monitoring Compliance: Regularly reviewing and assessing the organization's data processing activities to ensure adherence to GDPR and other relevant data protection laws.
  • Advisory Role: Providing guidance on data protection obligations, including data protection impact assessments (DPIAs) and other compliance measures.
  • Training and Awareness: Conducting training sessions and awareness programs for staff involved in data processing activities.
  • Point of Contact: Serving as the liaison between the organization, data subjects, and supervisory authorities on matters related to data processing.
  • Risk Management: Identifying and mitigating risks associated with data processing activities.


  3. Purpose and Scope of Data Processing

  • All personal data is collected and processed strictly for purposes related to voter eligibility verification, registration, secure authentication, and vote casting within the scope of the WZC election.


Purposes include:

  • Verification of Voter Identity and Eligibility: Ensuring that only eligible individuals participate in the election by verifying identity documents and eligibility criteria.
  • Provision of Secure Access to the Voting System: Facilitating secure and authenticated access to the online voting platform.
  • Enabling Electoral Communication and Updates: Communicating essential information related to the election process, including updates and notifications.
  • Election Integrity and Audit Support: Maintaining records necessary for auditing and ensuring the integrity of the election process.


Scope of Processing:

The processing activities encompass the collection, storage, use, and deletion of personal data necessary for the purposes. The data will not be used for any purposes beyond those explicitly stated in this policy.


  4. Legal Basis for Processing Personal Data

Data is processed on the following legal grounds as outlined in Article 6 of the UK GDPR:

  • Consent (Article 6(1)(a)): The data subject has given clear consent for the processing of their personal data for specific purposes related to the election.
  • Legal Obligation (Article 6(1)(c)): Processing is necessary to comply with legal obligations, such as election regulations and tribunal requirements.
  • Legitimate Interests (Article 6(1)(f)): Processing is necessary for the legitimate interests pursued by the controller to ensure a secure, transparent, and inclusive democratic process, provided that such interests are not overridden by the data subject's rights and freedoms.


  5. Categories of Personal Data Collected

The following categories of personal data are collected and processed:

  • Identification Data: Full name, date of birth, residential address.
  • Contact Information: Email address, mobile phone number.
  • Verification Documents: Scanned copies of government-issued identification documents (e.g., passport, driver's license).
  • Eligibility Declarations: Affirmations regarding UK residency, adherence to the Jerusalem Program, and non-participation in other WZC or Israeli Knesset elections.
  • Technical Data: IP address, device and browser metadata, CAPTCHA validation data.
  • Activity Logs: Timestamps of registration and voting actions.

  6. Data Processing Agreement (DPA)

All data is securely stored on servers located in Germany (EU) through:

  • Hosting Provider: Hetzner Online GmbH
  • Location: Gunzenhausen, Germany


A Data Processing Agreement (DPA) in line with Article 28 of the GDPR ensures secure data handling by Hetzner. Key clauses include:

  • Data Processing Instructions: Hetzner processes personal data only on documented instructions from ZF UK.
  • Confidentiality: Personnel authorized to process personal data are committed to confidentiality.
  • Security Measures: Implementation of appropriate technical and organizational measures to ensure data security.
  • Sub-Processors: Hetzner shall not engage another processor without prior specific or general written authorization from EventMagix.
  • Data Subject Rights: Assistance in responding to requests for exercising data subject rights.
  • Data Breach Notification: Prompt notification of any personal data breaches.
  • Data Deletion or Return: At the choice of ZF UK, deletion or return of all personal data after the end of the provision of services.
  • Audits: Making available all information necessary to demonstrate compliance and allowing for audits.


  7. Data Retention and Deletion Policies

All data will be stored only for the duration of the election and deleted as follows:

  • End of Voting Period: 12 June 2025
  • Final Deletion Deadline: 30 June 2025


Deletion Process:

  • Personal Data: All personal data collected for the election will be permanently deleted from the servers.
  • Backups: Any backups containing personal data will be securely destroyed.
  • Pseudonymized Data: Data may be retained in pseudonymized form if required for tribunal auditing, ensuring that individuals cannot be identified.


   8. Data Subject Rights Under GDPR

Under the UK General Data Protection Regulation (UK GDPR), you have the following rights regarding your personal data:


   8.1 Right of Access (Article 15 GDPR) You have the right to obtain confirmation from the data controller as to whether or not personal data concerning you are being processed. Where that is the case, you can access the personal data and receive information about:

  • The purposes of the processing.
  • The categories of personal data concerned.
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed.
  • The envisaged period for which the personal data will be stored.
  • The existence of the right to request rectification or erasure of personal data or restriction of processing.
  • The right to lodge a complaint with a supervisory authority.
  • Where the personal data are not collected from you, any available information as to their source.
  • The existence of automated decision-making, including profiling, and meaningful information about the logic involved.


  8.2 Right to Rectification (Article 16 GDPR) You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Considering the purposes of the processing, you also have the right to have incomplete personal data completed, including by providing a supplementary statement.


  8.3 Right to Erasure (‘Right to be Forgotten’) (Article 17 GDPR) You have the right to obtain from the controller the erasure of personal data concerning you without undue delay, and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • You withdraw consent on which the processing is based, and there is no other legal ground for the processing.
  • You object to the processing, and there are no overriding legitimate grounds for the processing.
  • The personal data have been unlawfully processed.
  • The personal data must be erased for compliance with a legal obligation.


  8.4 Right to Restriction of Processing (Article 18 GDPR) You have the right to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defence of legal claims.
  • You have objected to processing pending the verification of whether the legitimate grounds of the controller override yours.


  8.5 Right to Data Portability (Article 20 GDPR) You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  • The processing is based on consent or on a contract; and
  • The processing is carried out by automated means.


  8.6 Right to Object (Article 21 GDPR) You have the right to object, on grounds relating to your situation, at any time to processing of personal data concerning you, which is based on:

  • Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • Processing necessary for the purposes of the legitimate interests pursued by the controller or a third party.


The controller shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.


  8.7 Right to Withdraw Consent (Article 7 GDPR) You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, you shall be informed thereof. It shall be as easy to withdraw as to give consent.


  9. Data Sharing and Third-Party Processors

Your personal data will not be shared with third-party commercial entities. Data processing is conducted solely for the purposes outlined in this policy.


  9.1 Sub-Processors The following sub-processors are engaged:

  • Hetzner Online GmbH: Provides infrastructure hosting services.
  • EventMagix: Operates the election application platform.


Both sub-processors are bound by Data Processing Agreements (DPAs) in accordance with Article 28 of the GDPR, ensuring:

  • Processing only on documented instructions from the controller.
  • Confidentiality obligations for personnel.
  • Implementation of appropriate technical and organisational measures.
  • Assistance in fulfilling data subject rights.
  • Deletion or return of personal data after the end of the provision of services.
  • Availability for audits and inspections.


10. Automated Decision-Making and Profiling

No automated decision-making or profiling is performed using your personal data.


11. Payment Processing Details

All payments related to the 2025 United Kingdom Election to the 39th World Zionist Congress are securely processed through Stripe, a globally recognized and PCI-compliant payment processing platform.

  • Payment Processor: Stripe
  • Account Holder: Zionist Federation UK, operating under the working name Zionists UK Ltd (operating under the working name Zionist Federation UK), Company Number 16362332Documentation


When you make a payment, Stripe collects and processes your payment information, which may include your name, email address, billing address, payment method details (such as credit or debit card information), and transaction details. Stripe uses this information to process payments, prevent fraud, and comply with legal obligations.


Stripe's processing of your personal data is governed by its own Privacy Policy, which outlines how your data is collected, used, and protected. For more information, please refer to Stripe's Privacy Policy: https://stripe.com/privacy.

Please note that the Zionist Federation UK does not store or have access to your full payment details; all payment information is handled directly by Stripe


12. Data Retention and Deletion Policies

All data will be stored only for the duration of the election and deleted as follows:

  • End of Voting Period: 12 June 2025
  • Final Deletion Deadline: 30 June 2025


Deletion Process:

  • Personal Data: All personal data collected for the election will be permanently deleted from the servers.
  • Backups: Any backups containing personal data will be securely destroyed.
  • Pseudonymized Data: Data may be retained in pseudonymized form if required for tribunal auditing, ensuring that individuals cannot be identified.


13. Contact Information and Complaints Procedure

To exercise your rights or report a concern, please contact:


Data Protection Officer (DPO):
Mr. Shlomi Ashkenazi
Secure Data Protection Inquiry Form


For more information, contact us directly or refer to our official site:

https://uk.eventmagix.com