Cookie Policy for the Confirmit SaaS sites

1. Background

We have provided this Cookie Policy in response to the requirements of the “Privacy and Electronic Communications (EC Directive) Regulations 2011”, referred to herein as the “Regulations”. For more information about the Regulations as implemented in the UK, visit http://www.ico.gov.uk/.

2. Introduction

Your privacy is important to us at Confirmit. This policy includes information about the kind of cookies that may be used if you access one of the Confirmit Horizons sites we manage, offered for use as a Software as a Service (SaaS) platform. You may be accessing the SaaS to respond to a survey or view a report. Or, if you are a client of ours and have obtained a license to use the SaaS, you will access the SaaS for purposes such as designing / launching surveys and reports.

Cookies (if any) delivered by our company to those who reach any of the SaaS pages on our SaaS environments, have a low level of privacy intrusiveness. Our clients may however also launch their own cookies, which we may not be aware of. Please contact the company inviting you to access the SaaS for information about their cookies.

If you are visiting our homepage at www.confirmit.com or our extranet at www.extranet.confirmit.com ,  and would like to understand more about what kind of cookies we use on those sites, please refer to the cookie section of our Privacy Policy, www.confirmit.com/privacy-policy.aspx

3. What are cookies?

A cookie is a small file downloaded on to a device (such as a PC or a mobile device) when the user accesses certain websites. Cookies are then sent back to the originating website on each subsequent visit.

The use of cookies and similar technologies has for some time been commonplace and cookies in particular are important in the provision of many online services. Using such technologies is not prohibited by the Regulations, but the Regulations require that people are informed about cookies and given the choice as to which of their online activities are managed this way.

4. Can I prevent the use of cookies?

You can, should you choose, disable the cookies from your browser and delete all cookies currently stored on your computer. You can find out how to do this for your particular browser by clicking "help" on your browser's menu. Also, all browser vendors will provide guidelines about how to disable cookies, as for example Microsoft does at http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies.

Please do however keep in mind that should you choose to disable cookies from your browser, this action may prevent you from taking full advantage of the SaaS service, and some aspects of it may fail to work.

You will see in the "Use of Cookies on Horizons SaaS" section below that all of the cookies used by the Horizons SaaS are aimed at providing you with a better and more efficient user experience, and that they entail a low degree of privacy intrusiveness.

5. Use of Cookies on Horizons SaaS

Cookies are used on the SaaS environment to provide you with a better user experience. We do not collect or store personal data via cookies delivered by us.

Our clients are the parties that create and distribute surveys, reports, portals etc., and are therefore the “data controllers” as defined in the EU Data Protection Directive. They may use cookies additional to those provided by the standard Horizons SaaS. We on our end are the “data processor” under the EU Directive, and will not know if or what is being used by our clients and users, so you will need to request clarifications directly from the data collector about this.

If you are a client of our company with a license to use the Horizons Software, more detailed documents about use of cookies are available from http://extranet.confirmit.com/library/user-manuals.aspx, see Fact Sheets.

Below is a summary of the cookies user on the Horizons SaaS, divided into different user scenarios.

a) Surveys

For web-based surveys to which you are invited via e-mail and which you access by clicking on a unique link (URL), or which are presented to you via a pop-up (except polls), we do not post any cookies. If you are taking a pop-up survey, the site where the survey is hosted will normally use a cookie to avoid showing you the survey on every visit or change of page. In that case, the cookie will have been delivered by the site you were visiting, and not by us.

Here are two additional exceptions, related to specific data collection channels:

 

Type of cookie

What is it, and what does it do

Privacy Intrusiveness Level

Inline/Poll surveys

Used to determine whether the survey has already been shown to the user. Used in two cases: 1) To prevent the survey being shown repeatedly to returning visitors; and 2) To allow the respondent to continue the survey from the last answered question re-entry.
Contains the information necessary to identify a respondent (primarily a respondent-ID which is a number, and a unique key which is a random sequence of letters).
For inline surveys only, turned off by default,  can help remember and prevent repeat responses from same machine. Expiration configurable, default 90 days.

In its “preventing” mode it expires after a configurable number of days (configured by our client on a project by project basis). No expiry for “continue” mode.
Low privacy impact.

Sample Only (data collection outside Horizons when sample is generated by Horizons panel)

Provides the ability to continue a survey where left off after visiting a 3rd-party survey in between, when this 3rd-party survey does not support the conventional ways of redirecting (sending parameters in the URL back to the Horizons interview).
Stores the information necessary to identify a respondent, the project-ID and how far in that survey the respondent has reached.

Browser-session-cookie (dies when browser closes).
Low privacy impact.

Limited survey with login page

Used to maintain the user session after login.

Cookie is removed when its value is read on the server. Low privacy impact.

None of the cookies deployed by the Confirmit Horizons platform send information to third parties.

 

b) Reportal Access

If you have been provided a Reportal UserID and password by one of our clients, you will be able to log into Reportal and access reports and data. By logging in, you accept that we use the following cookies (as applicable):

 

Type of cookie

What is it, and what does it do

Privacy Intrusiveness Level

 

Login/Session Cookie

Used to maintain the user session after login.

Cookie is set when user logs in and is removed when user logs out. Low privacy impact.

Login/Message cookie

Used as a data carrier to pass error messages to the login screen when the user session times out or login fails.

Cookie is removed when its value is read on the server. Low privacy impact.

 

Login/authentication

The container for the forms authentication ticket. The ticket is used by forms authentication on the server to identify an authenticated user.

Cookie will be set when user logs in, and removed when user logs out. Low privacy impact.

Login/Set user language

Used to keep information about the user’s preferred language.

Cookie will be set when user logs in, and removed when user logs out. Low privacy impact.

Duplicate login prevention

Cookie is set when user is logged in, and is used to prevent users from logging in again in another browser window.

Cookie will be set when user logs in, and removed when user logs out. Low privacy impact.

Single Sign On

Provides SSO capabilities. Only enabled if you access Reportal via your company’s SSO solution (where offered).

Low privacy impact.

Session timeout

When the session times out, the user is taken back to the login screen. This cookie is used for communicating to the login screen that a session timeout occurred, and will cause the username to be automatically filled out

Low privacy impact.

Login

Keeps information about the users portal id after first login

Low privacy impact.

None of the cookies deployed by the Confirmit Horizons platform send information to third parties.

 

c) Designer Modes: Author, Reportal Designer, Dashboard, Translator/Questionnaire Reviewer, and Panel Management

If you have been provided a UserID and password by us or by one of our clients, you will be able to log into the Horizons Software. By logging in, you accept that we use the following cookies (as applicable):

 

Type of cookie

What is it, and what does it do

Privacy Intrusiveness Level

Authentication, Cookie Name: confirmitnet [+ potentially configurable sitespecific suffix], ConfirmitAuthoring, ConfirmitAuthoring_SessionId

Keep track of current session and single sign-on from Authoring environment to Reportal environment

Browser session-cookie (dies when browser closes).

Low privacy impact.

Single Sign-On, Cookie Names: [Application Name] + SSO, [Application Name] + SSOLogOut

Single sign-on from domain-login to Horizons-login (only applicable with specific addon enabled)

Browser session-cookie (dies when browser closes).

Low privacy impact.

Two factor authentication, Cookie Name: 
ConfirmitTwoStepVerificationCookieName_[identifier]

Used to transfer username in login-process during two factor authentication

Low privacy impact, short lifetime (5 minutes)

Two factor authentication, Cookie Name: 
ConfirmitTwoStepVerificationTrust_[identifier]

Enables trust of a specific device to prevent two factor authentication to be required on every login

Low privacy impact but long lifetime

Messaging, Cookie Name: ConfirmitMessageCookieName

Pass message to login screen in the case of Logout (when all other cookies get expired/cleared)

Browser session-cookie (dies when browser closes).
Low privacy impact.

Data Edit, Cookie Name: GridViewCookie

Remember columns selected to be visible when editing Respondent Data and Response Data (for both surveys and panels)

Browser session-cookie (dies when browser closes).

Low privacy impact.

Word Export, Cookie Name: FileToken

Used to synchronize download of Word Export file through browser

Browser session-cookie (dies when browser closes).
Low privacy impact.

Dashboard Login, Cookie Names: ConfirmitAuthoring_Dashboard

Ability to stay logged in authenticated (explicit option offered the user)

Persistent, expires by default after 48 hours.

Low privacy impact.

Testinterview, Cookie Names: ConfirmitTestInterView_[identifier], ConfirmitQuickTestRespondent_[identifier]

Used to move around in a test interview without losing the context of which response the tester is associated with

Browser session-cookie (dies when browser closes).

Low privacy impact.

 

Usersettings, Cookie Name: DashboardSettings_[Username]

Specify default language to be used within dashboard

Browser session-cookie (dies when browser closes).
Low privacy impact.

NewRelic cookie, ref http://docs.newrelic.com/docs/subscriptions/new-relic-cookies

NewRelic tracking (and most web tracking software) uses cookies in order to provide meaningful reports about a site’s visitors. It allows us to obtain aggregate data across our user base relating to which browsers are being used, how many unique visitors, country of origin, etc.

Low privacy impact.

NewRelic cookies do not collect personal data about the website visitors.

 

Except for the NewRelic cookie, none of the cookies deployed by the Confirmit Horizons platform send information to third parties.

 

d) Community Portal

If you have been provided a UserID and password by us or by one of our clients, you will be able to log into Community Portal. By logging in, you accept that we use the following cookies (as applicable):

 

Type of cookie

What is it, and what does it do

Privacy Intrusiveness Level

Forms authentication cookie

Used to determine whether a panelist is logged in or not, and to authenticate the panelist after the initial logon. This is .Net Forms authentication cookie. Contains the information necessary to identify a panelist (primarily an auto-generated key, and the panel id: Encrypted values).

Browser session-cookie (dies when browser closes).

Low privacy impact.

Forms authentication cookie 

Ability to stay logged in authenticated (explicit option offered to the user)

Persistent, expires by default after 14 days.

Low privacy impact

None of the cookies deployed by the Confirmit Horizons platform are sent to third parties.

 

e) Action Management and Active Dashboards

 

Type of cookie

What is it, and what does it do

Privacy Intrusiveness Level

Action Management  - PRT
         

Port on the host machine where current AM session is being serviced.

No privacy impact

Action Management - HST

Name of Server that is servicing the session

Low privacy impact

Active Dashboard/Action Management   -  csat-ltm

BigIp: Session persistence

Low privacy impact

Action Management - CAI

To support security token with each posting  - internal

Low privacy impact

Action Management - ASP.NET_SessionId

Created by ASP.Net to manage session information

Low privacy impact

Action Management  - .CSATAuth

User to authenticate session in AM

Low privacy impact

Active Dashboard   -   PRT

Port of Tomcat instance to which session is communicating. Expires at end of session

No privacy impact

Active Dashboard   -   HST

Name of server that is servicing the session

No privacy impact

Active Dashboard   -   JSessionID

Internal to Java sessions

Low privacy impact

Active Dashboard - CAI

To support security token with each posting  - internal

Low privacy impact

6. Links to non-Confirmit Web sites

This policy, or any web page displayed via the SaaS environment, may contain links to other Web sites. Confirmit is not responsible for the privacy practices or for the content of those other Web sites.

7. Changes to this policy

This policy may be amended without prior notice by updates on this site.

8. Questions about Privacy or the use of Cookies

If you have any questions about this policy, if you would like more details about how cookies are used in Horizons, or if you would like to file a complaint in relation to our use of cookies, you are welcome to send an email to privacy@confirmit.com.

Subscribe to Our Newsletter