There are two entities involved in controlling data processing described in this policy:
The role of each of these will be clerified below.
Confido is a web-based application for collecting, aggregating and evaluating probabilistic predictions and estimates. Each instance of the Confido app is called a workspace. Data in each workspace is self-contained and completely separate from other workspaces.
Confido Institute offers cloud hosting of Confido workspaces as a service. It is also possible to run a self-hosted version of Confido on your own infrastructure or have it hosted by a 3rd party.
<workspace-name>.confido.tools domain. It does not cover self-hosted workspaces or workspaces hosted by 3rd parties.
It covers data processing done by the Confido Institute. If the Workspace Owner does any further data processing, they should inform the users about it (for example as part of a room description).
Our handling of personal data is governed by the GDPR (General Data Protection Regulation, EU Regulation 2016/679).
This section summarizes data collection, storage and processing done by the Confido app itself. Data is processed only to the extent necessary for the functioning of the app as designed. This data processing is done by the Confido open-source code, as published on [Github][https://github.com/confidoinstitute/confido1]. Its exact nature and extent can be verified by examining the code. It is exactly the same as would have been done in a self-hosted Confido workspace, with the only difference being that it is running on our infrastructure.
Predictions are always internally stored as individualized (tied to a specific user). This is necessary in order to allow the user to update their prediction later.
Every prediction update is recorded, including the user who made it, the new prediction (probability distribution) and a timestamp.
By default, room owners and moderators and workspace administrators can access individual predictions and prediction history (i.e., see specifically which users made what predictions). They can also export this data for processing outside of Confido. This processing is controlled by the Workspace Owner.
Aggregated predictions, including their history, are always available to room owners and moderators and can be made available to all room users by moderator choice.
User Data and User Account Data are retained indefinitely, until one of the following:
When a user account is deleted:
Whenever some data is deleted, copies of it may be kept of up to 14 days internally within the workspace (for example, to allow a user to undo an accidental deletion) and up to 30 days as part of backups. After that, all copies are destroyed.
The legal basis for these cookies is our legitimate interest, as they are technically necessary for the service to function.
We do not use any third-party, tracking, marketing or analytics cookies. Unless you log in to a Confido workspace, no cookies are stored in your browser.
Confido Institute is a Data Processor and processes User Data and User Account Data data based on instructions from the Workspace Owner (usually made in the form of configuration options in the Confido user interface but the Workspace Owner may also give us written instructions e.g. via email).
The Workspace Owner as the Data Controller should provide information about about their purposes and legal basis for processing upon request.
All processing of User Data is fully automatic and driven by the Confido open source code.
Human employees never access this data directly without prior express consent from the Workspace Owner. (Which may be obtained for example for purposes of troubleshooting an issue.) Such consent must be given in writing (including e-mail) and is always limited in scope and duration.
Please note that the Confido Institute has, by virtue of administering our servers, in principle access to all User Data and User Account Data stored on our servers (and so do our hosting providers in the role of subprocessors). This is technically inevitable and is true for every cloud service out there, except for end-to-end encrypted ones.
However, the Confido team will never use or access this data except for ways described above, without prior consent of a workspace administrator as the Data Controller.
If even this hypothetical option constitutes a problem for you, you can always run a self-hosted instance on infrastructure you physically own (running it on a VPS, AWS or similar poses exactly the same problem).
This section describes additional data collection, processing and storage done by Confido Institute as part of hosting your Confido workspace in our cloud infrastructure, above and beyond processing done within the Confido app itself.
For this processing, Confido Institute is the Data Controller.
Administrator Contacts. Confido Institute collects contact information (names and e-mail addresses) of workspace administrators – both the initial administrator from workspace request form and any additional administrators created via the Confido user interface. We may use this information to contact the administrators with important information regarding the service. We can also forward data subject requests to these addresses.
Network Metadata is kept for at most 14 days, except for cases of abuse of our service (such as excessive traffic), in which case offending IP addresses can be stored for up to 1 year for the purpose of blocking the offending traffic (this can be lengtened for as long as the offence continues).
Statistics. We may collect aggregate statistics about the usage of your workspace, namely:
This list is exhaustive. If we add more statistics to collect, we will notify you beforehand. We will never collect any information about individual objects (users, questions, etc.) in your workspace, not even anonymized. It will always be only very broad aggregate statistics.
While the statistics are based on personal data about your workspace usage, they do not themselves constitute personal data. These statistics will be updated continuously and the results can be kept indefinitely (even after your workspace is deleted). However, if your workspace is deleted, we will remove any identification of the workspace from the statistics (so we will keep the information that we had e.g. a workspace with 20 users and 1000 questions but not what it was called or who it belonged to).
We may use these statistics internally to understand how our services and to inform our future plans.
We may also use them to create overall statistics across all our workspaces (such us the total number of questions asked on our platform) and we may publish such statistics (but of course never statistics about a single particular workspace).
Legal basis of this processing is our legitimate interest, as it is necessary in order to provide and improve our service. We deliberately keep this colleted data to a minimum.
The Workspace Owner may export data from their Confido workspace, including individual predictions, for further processing outside of the Confido app. The Workspace Owner assumes Data Controller role for any such processing. The Workspace Owner should provide information about such processing (its scope, purposes and legal basis) upon request.
Our only subprocessors are our hosting providers. Currently these are:
If you wish to know which subprocessors are involved in handling your workspace specifically, you can ask us.
Your data is stored and processed in the EU. Currently, we have servers in Czech Republic, France and Austria. If you need to inquire where specifically your data is hosted, you can contact us.
According to the GDPR, you as the data subject have certain rights. These include the right to request (with certain exceptions):
As most data processing is controlled by the Workspace Owner, you need to exercise your rights under the GDPR with them. If you are not sure how to contact the Workspace Owner, you can write to us at
firstname.lastname@example.org and we will pass on the message. You can use that contact also to exercise your rights regarding data processing controlled by the Confido Institute, as noted above.
Get to meet the Confido team and discuss how our tools or interactive workshops can benefit your organization. We will be also happy to talk about research collaboration or the educational aspects of spreading awareness of uncertainty.Book a call