Cookie Policy for the Confirmit SaaS sites

V3 - Updated November 2017

1. Background

We provide this Cookie Policy in response to the requirements of the “Privacy and Electronic Communications (EC Directive) Regulations 2011”, referred to herein as the “Regulations”.

2. Introduction

Your privacy is important to Confirmit. This policy includes information about the kind of cookies that may be used if you access one of the Horizons Software as a Service (SaaS) platforms we manage. You may be accessing the SaaS to respond to a survey or view a report. Or, if you are a client of ours and have obtained a license to use the Horizons Software on our SaaS, you will access the SaaS for purposes such as designing / launching surveys and reports.

Cookies (if any) delivered by Confirmit to those who reach any of the SaaS pages on our SaaS environments, have a low level of privacy intrusiveness. Our clients using the SaaS may however also launch their own cookies, which we may not be aware of. Please contact the company inviting you to access the surveys or reports delivered via the SaaS for information about their cookies.

If you are visiting our Confirmit homepage, or our Extranet, and would like to understand more about what kind of cookies we use on those sites, please refer to the Cookie Policy available within our Privacy Policy.

3. What are cookies?

A cookie is a small file downloaded on to a device (such as a PC or a mobile device) when the user accesses certain websites. Cookies are then sent back to the originating website on each subsequent visit.

The use of cookies and similar technologies has for some time been commonplace and cookies in particular are important in the provision of many online services. Using such technologies is not prohibited by the Regulations, but the Regulations require that people are informed about cookies and given the choice as to which of their online activities are managed this way.

4. Can I prevent the use of cookies?

You can, should you choose, disable the cookies from your browser and delete all cookies currently stored on your computer. You can find out how to do this for your particular browser by clicking "help" on your browser's menu. Also, browser vendors will provide guidelines about how to disable cookies, as for example Internet Explorer and Chrome.

Please do however keep in mind that should you choose to disable cookies from your browser, this action may prevent you from taking full advantage of the SaaS service, and some aspects of it may fail to work.

You will see in the "Use of Cookies on Horizons SaaS" section below that all of the cookies used by the Horizons SaaS are aimed at providing you with a better and more efficient user experience, and that they entail a low degree of privacy intrusiveness.

5. Use of Cookies on Horizons SaaS

Cookies are used on the SaaS environment to provide you with a better user experience.

Our clients are the parties that create and distribute surveys, reports, portals etc., and are therefore the “data controllers” as defined in the EU Data Protection Directive and in the General Data Protection Regulation (GDPR). Our clients may use cookies additional to those provided by the standard Horizons SaaS. We on our end are the “data processor” under the EU Directive / GDPR, and will not know if or what is being used by our clients and users, so you will need to request clarifications directly from the data collector about this.

If you are a client of Confirmit with a license to use the Horizons Software, more detailed documents about use of cookies are available here, see User Guides / Documentation (client login required).

Below is a summary of the cookies user on the Horizons SaaS, divided into different user scenarios.

A) Cookies in Horizons Surveys

For web-based surveys to which you are invited via e-mail and which you access by clicking on a unique link (URL), or which are presented to you via a pop-up (except polls), Confirmit does not post any cookies by default. If you are taking a pop-up survey, the site where the survey is hosted will however normally use a cookie to avoid showing you the survey on every visit or change of page. In that case, the cookie will have been delivered by the site you were visiting, and not by Confirmit.

Here are three additional exceptions, related to specific data collection channels:

 

Type of cookie

What is it, and what does it do

Privacy Intrusiveness Level

Inline/Poll surveys

Used to determine whether the survey has already been shown to the user. Used in two cases: 1) To prevent the survey being shown repeatedly to returning visitors; and 2) To allow the respondent to continue the survey from the last answered question re-entry.
Contains the information necessary to identify a respondent (primarily a respondent-ID which is a number, and a unique key which is a random sequence of letters).
For inline surveys only, turned off by default, can help remember and prevent repeat responses from same machine. Expiration configurable, default 90 days.

In its “preventing” mode it expires after a configurable number of days (configured by our client on a project by project basis). No expiry for “continue” mode.
Low privacy impact.

Sample Only (data collection outside Horizons when sample is generated by Horizons panel)

Provides the ability to continue a survey where left off after visiting a 3rd-party survey in between, when this 3rd-party survey does not support the conventional ways of redirecting (sending parameters in the URL back to the Horizons interview).
Stores the information necessary to identify a respondent, the project-ID and how far in that survey the respondent has reached.

Browser-session-cookie (dies when browser closes).
Low privacy impact.

Limited survey with login page

Used to maintain the user session after login.

Cookie is removed when its value is read on the server.
Low privacy impact.

None of the cookies deployed by the Confirmit Horizons platform send information to third parties.

B) New Horizons login model in 2018: Identity server

From 2018 all users of the Horizons SaaS will benefit from more efficient login handled by our “Identity Server”.

By logging in you accept that the following cookies may be used (as applicable). In addition, you may also use other cookies relevant to other areas as explained further in this document.

Type of cookie

What is it, and what does it do

Privacy Intrusiveness Level

 

Authentication process, Cookie name: idsrv

Cookie used in the authentication process

Browser session-cookie (dies when browser closes).
Low privacy impact

Authentication/session identifier, Cookie name: idsrv.session

Session identifier in the identity service

Browser session-cookie (dies when browser closes). Low privacy impact

 

Authentication security, Cookie name: idsrv.xsrf

Cross site request forgery prevention in the authentication process.

Browser session-cookie (dies when browser closes).
Low privacy impact

Authentication process, Cookie name: idsrv.clients

A list of clients the user is authenticated to in the current session.

Browser session-cookie (dies when browser closes).
Low privacy impact

Authentication process, Cookie name: idsrv.username

Holding the last used username in the current browser to present at login.

Valid for one year.
Low privacy impact

Authentication process, Cookie name: idsrv.trust2fa

Cookie for enabling trusted device for 2 factor authentication.

Valid for 30 days.
Low privacy impact

Authentication process, Cookie name: idsrv.defportal

Holding the last used portalId used to present at login.

Valid for one year.
Low privacy impact

Authentication process, Cookie name: idsrv.partial

Cookie holding partial login information.

Browser session-cookie (dies when browser closes).
Low privacy impact

Authentication process, Cookie name: idsrv.external

Cookie for single sign on login. Only enabled when accessing with your company’s SSO solution (where offered)

Browser session-cookie (dies when browser closes).
Low privacy impact

Authentication process, Cookie name: SignInMessage.

Cookie used in the authentication process

Browser session-cookie (dies when browser closes).
Low privacy impact

Authentication process, Cookie name: SignOutMessage.

Cookie used in the authentication and logout process

Browser session-cookie (dies when browser closes).
Low privacy impact

C) Cookies when accessing Reportal reports

You may have been provided with a UserID and password by one of our clients to access a Horizons on-line report or dashboard.

By logging in you accept that the following cookies may be used (as applicable):

 

Type of cookie

What is it, and what does it do

Privacy Intrusiveness Level

Login/Session Cookie

Used to maintain the user session after login.

Cookie is set when user logs in and is removed when user logs out.
Low privacy impact.

Login/Message Cookie

Used as a data carrier to pass error messages to the login screen when the user session times out or login fails.

Cookie is removed when its value is read on the server. Low privacy impact.

Login/authentication

The container for the forms authentication ticket. The ticket is used by forms authentication on the server to identify an authenticated user.

Cookie will be set when user logs in, and removed when user logs out. Low privacy impact.

Login/Set user language

Used to keep information about the user’s preferred language.

Cookie will be set when user logs in, and removed when user logs out. Low privacy impact.

Duplicate login prevention

Cookie is set when user is logged in, and is used to prevent users from logging in again in another browser window.

Cookie will be set when user logs in, and removed when user logs out.
Low privacy impact.

Single Sign On

Provides SSO capabilities. Only enabled if you access Reportal via your company’s SSO solution (where offered).

Low privacy impact.

Session timeout

When the session times out, the user is taken back to the login screen. This cookie is used for communicating to the login screen that a session timeout occurred, and will cause the username to be automatically filled out

Low privacy impact.

Login

Keeps information about the users portal id after first login

Low privacy impact.

None of the cookies deployed by the Confirmit Horizons SaaS send information to third parties.

D) Cookies when accessing Action Management and Active Dashboards

You may have been provided with a UserID and password by us or by one of our clients, to log into Action Management and Active Dashboards.

By logging in you accept that the following cookies may be used (as applicable):

 

Type of cookie

What is it, and what does it do

Privacy Intrusiveness Level

Action Management - PRT

Port on the host machine where current AM session is being serviced.

No privacy impact

Action Management - HST

Name of Server that is servicing the session

Low privacy impact

Active Dashboard/Action Management - csat-ltm

BigIp: Session persistence

Low privacy impact

Action Management - CAI

To support security token with each posting - internal

Low privacy impact

Action Management - ASP.NET_SessionId

Created by ASP.Net to manage session information

Low privacy impact

Action Management - .CSATAuth

User to authenticate session in AM

Low privacy impact

Active Dashboard - PRT

Port of Tomcat instance to which session is communicating. Expires at end of session

No privacy impact

Active Dashboard - HST

Name of server that is servicing the session

No privacy impact

Active Dashboard - JSessionID

Internal to Java sessions

Low privacy impact

Active Dashboard - CAI

To support security token with each posting - internal

Low privacy impact

E) Cookies when creating Surveys and Reports

Professional Authoring, Reportal Designer, Dashboard, Survey Designer, Translator/Questionnaire Reviewer, Hierarchy Management and Panel Management

You may have been provided with a UserID and password to log into the Horizons Software for purpose of creating surveys or reports.

By logging in you accept that the following cookies may be used (as applicable):

 

Type of cookie

What is it, and what does it do

Privacy Intrusiveness Level

Authentication, Cookie Name: confirmitnet [+ potentially configurable sitespecific suffix], ConfirmitAuthoring, ConfirmitAuthoring_SessionId

Keep track of current session and single sign-on from Authoring environment to Reportal environment

Browser session-cookie (dies when browser closes).
Low privacy impact.

Single Sign-On, Cookie Names:
[Application Name] + SSO, [Application Name] + SSOLogOut

Single sign-on from domain-login to Horizons-login (only applicable with specific addon enabled)

Browser session-cookie (dies when browser closes).
Low privacy impact.

Two factor authentication, Cookie Name:
ConfirmitTwoStepVerificationCookieName_[identifier]

Used to transfer username in login-process during two factor authentication

Low privacy impact, short lifetime (5 minutes)

Two factor authentication, Cookie Name:
ConfirmitTwoStepVerificationTrust_[identifier]

Enables trust of a specific device to prevent two factor authentication to be required on every login

Low privacy impact but long lifetime

Messaging, Cookie Name:
ConfirmitMessageCookieName

Pass message to login screen in the case of Logout (when all other cookies get expired/cleared)

Browser session-cookie (dies when browser closes).
Low privacy impact.

Data Edit, Cookie Name:
GridViewCookie

Remember columns selected to be visible when editing Respondent Data and Response Data (for both surveys and panels)

Browser session-cookie (dies when browser closes).
Low privacy impact.

Word Export, Cookie Name:
FileToken

Used to synchronize download of Word Export file through browser

Browser session-cookie (dies when browser closes).
Low privacy impact.

Dashboard Login, Cookie Names: ConfirmitAuthoring_Dashboard

Ability to stay logged in authenticated (explicit option offered the user)

Persistent, expires by default after 48 hours.
Low privacy impact.

Testinterview, Cookie Names: ConfirmitTestInterView_[identifier], ConfirmitQuickTestRespondent_[identifier]

Used to move around in a test interview without losing the context of which response the tester is associated with

Browser session-cookie (dies when browser closes).
Low privacy impact.

Usersettings, Cookie Name:
DashboardSettings_[Username]

Specify default language to be used within dashboard

Browser session-cookie (dies when browser closes).
Low privacy impact.

Security, Cookie Names:
_csrf

Cookie accompanying anti cross site request forgery token. Used to protect users from performing unwanted actions in web applications due to a certain type of attack.

Browser session-cookie (dies when browser closes).
No privacy impact.

Marketo Munchkin

Records last visit and activity in relation to use of help-pages of the Horizons software. Allows us to improve help areas and communicate to users based on their needs.

Expires after 24 months

Authentication, Cookie name:
confirmitidp[+ potentially configurable sitespecific suffix],

Keep track of current session and single sign-on between applications in the transition between old and new login systems.

Low privacy impact

None of the cookies deployed by the Confirmit Horizons platform send information to third parties.

F) Cookies when accessing Community Portal

You may have been provided with a UserID and password by us or by one of our clients, to log into Community Portal.

By logging in you accept that the following cookies may be used (as applicable):

 

Type of cookie

What is it, and what does it do

Privacy Intrusiveness Level

Forms authentication cookie

Used to determine whether a panelist is logged in or not, and to authenticate the panelist after the initial logon. This is .Net Forms authentication cookie. Contains the information necessary to identify a panelist (primarily an auto-generated key, and the panel id: Encrypted values).

Browser session-cookie (dies when browser closes).
Low privacy impact.

Forms authentication cookie

Ability to stay logged in authenticated (explicit option offered to the user)

Persistent, expires by default after 14 days.
Low privacy impact

None of the cookies deployed by the Confirmit Horizons platform are sent to third parties.

G) Salesforce connector

If you use the Horizons - Salesforce connector, you accept that we use the following cookies (as applicable):

 

Type of cookie

What is it, and what does it do

Privacy Intrusiveness Level

Session state, Cookie name:
sfdcstate

Keeps the state related to Salesforce for the CRM Connector for Salesforce application. Encrypted. Includes a Salesforce access token along with other parameters.

Browser session-cookie (dies when browser closes).
Low privacy impact

Salesforce domain, Cookie name: sfdomain

It keeps the Salesforce domain name. Used for enabling Iframe usage for the CRM Connector for Salesforce application. Encrypted.

Browser session-cookie (dies when browser closes). No privacy impact

6. Links to non-Confirmit Web sites

This policy, or any web page displayed via the SaaS environment, may contain links to other Web sites. Confirmit is not responsible for the privacy practices or for the content of those other Web sites.

7. Changes to this policy

This policy may be amended without prior notice by updates on this site.

8. Questions about Privacy or the use of Cookies

If you have any questions about this policy, if you would like more details about how cookies are used in Horizons, or if you would like to file a complaint in relation to our use of cookies, you are welcome to send an email to privacy@confirmit.com.

Subscribe to Our Newsletter