Who is processing your data?
There are two entities involved in controlling data processing described in this policy:
- Confido Institute (full legal name “Confido Institute, z.ú.”, registered office Přecechtělova 2428/37, Stodůlky, 155 00 Praha 5, Czech Republic) is a nonprofit institute registered in the Czech Republic.
- The Workspace Owner, by which we mean the legal entity (organization or individual) owning and managing the workspace.
The role of each of these will be clerified below.
Confido is a web-based application for collecting, aggregating and evaluating probabilistic predictions and estimates. Each instance of the Confido app is called a workspace. Data in each workspace is self-contained and completely separate from other workspaces.
Confido Institute offers cloud hosting of Confido workspaces as a service. It is also possible to run a self-hosted version of Confido on your own infrastructure or have it hosted by a 3rd party.
<workspace-name>.confido.tools domain. It does not cover self-hosted workspaces or workspaces hosted by 3rd parties.
It covers data processing done by the Confido Institute. If the Workspace Owner does any further data processing, they should inform the users about it (for example as part of a room description).
Our handling of personal data is governed by the GDPR (General Data Protection Regulation, EU Regulation 2016/679).
Data we collect and store and how we use it
Data processed within the Confido app
This section summarizes data collection, storage and processing done by the Confido app itself. Data is processed only to the extent necessary for the functioning of the app as designed. This data processing is done by the Confido open-source code, as published on [Github][https://github.com/confidoinstitute/confido1]. Its exact nature and extent can be verified by examining the code. It is exactly the same as would have been done in a self-hosted Confido workspace, with the only difference being that it is running on our infrastructure.
- User account data. This includes:
- This may or may not be a real name.
- Visible to all members of the workspace, including guests.
- E-mail address
- Visible to all members of the workspace, except for guests.
- Used to send automatically generated login emails, invitations and other notifications for important activity in the workspace.
- Can be used by room moderators, owners and workspace admins to contact users with important updates regarding the workspace.
- Workspace members (exluding guests) can see the list of members (with names and emails) of people in a given room.
- User data. This includes:
- All room members can see question text and other accompanying information.
- Room names, question lists and member lists are accessible to all room members and workspace administrators.
- Room members can see text and author name for all comments. If the comment author chose to attach their prediction, this is also visible to all room members.
- Predictions and prediction history
Predictions are always internally stored as individualized (tied to a specific user). This is necessary in order to allow the user to update their prediction later.
Every prediction update is recorded, including the user who made it, the new prediction (probability distribution) and a timestamp.
By default, room owners and moderators and workspace administrators can access individual predictions and prediction history (i.e., see specifically which users made what predictions). They can also export this data for processing outside of Confido. This processing is controlled by the Workspace Owner.
Aggregated predictions, including their history, are always available to room owners and moderators and can be made available to all room users by moderator choice.
Data retention and deletion
User Data and User Account Data are retained indefinitely, until one of the following:
- They are deleted using the user interface of the Confido app.
- Their deletion is requested by the data subject (see below).
- The whole workspace is deleted.
When a user account is deleted:
- their User Account Data (name and email) is deleted
- their answers to questions marked sensitive are deleted, including history
- their other User Data (such as questions created or predictions made) can be, at the discretion of the user:
- either deleted completely,
- or kept on the platform in an anonymized form (not tied to the user’s identity)
- When chosing anonymization, you can request an Anonymization Key, which will allow you to later request complete deletion of the data.
Whenever some data is deleted, copies of it may be kept of up to 14 days internally within the workspace (for example, to allow a user to undo an accidental deletion) and up to 30 days as part of backups. After that, all copies are destroyed.
- Login session cookie. This cookie is used to remember user’s identity while they are logged in to a Confido workspace (specific to a given workspace). It is created after login and deleted after logout.
The legal basis for these cookies is our legitimate interest, as they are technically necessary for the service to function.
We do not use any third-party, tracking, marketing or analytics cookies. Unless you log in to a Confido workspace, no cookies are stored in your browser.
Purposes & legal basis for processing
Confido Institute is a Data Processor and processes User Data and User Account Data data based on instructions from the Workspace Owner (usually made in the form of configuration options in the Confido user interface but the Workspace Owner may also give us written instructions e.g. via email).
The Workspace Owner as the Data Controller should provide information about about their purposes and legal basis for processing upon request.
When can Confido Institute employees access your data
All processing of User Data is fully automatic and driven by the Confido open source code.
Human employees never access this data directly without prior express consent from the Workspace Owner. (Which may be obtained for example for purposes of troubleshooting an issue.) Such consent must be given in writing (including e-mail) and is always limited in scope and duration.
Note on in principle data access
Please note that the Confido Institute has, by virtue of administering our servers, in principle access to all User Data and User Account Data stored on our servers (and so do our hosting providers in the role of subprocessors). This is technically inevitable and is true for every cloud service out there, except for end-to-end encrypted ones.
However, the Confido team will never use or access this data except for ways described above, without prior consent of a workspace administrator as the Data Controller.
If even this hypothetical option constitutes a problem for you, you can always run a self-hosted instance on infrastructure you physically own (running it on a VPS, AWS or similar poses exactly the same problem).
Additional data collection and processing by the Confido Institute, outside of Confido app proper
This section describes additional data collection, processing and storage done by Confido Institute as part of hosting your Confido workspace in our cloud infrastructure, above and beyond processing done within the Confido app itself.
For this processing, Confido Institute is the Data Controller.
- When you send us a workspace request, the information entered in the form is retained for as long as the workspace exists. If we for some reason refuse the request, the information will be kept for at most 30 days.
Administrator Contacts. Confido Institute collects contact information (names and e-mail addresses) of workspace administrators – both the initial administrator from workspace request form and any additional administrators created via the Confido user interface. We may use this information to contact the administrators with important information regarding the service. We can also forward data subject requests to these addresses.
- When accessing Confido services over a network, we can collect metadata such as IP addresses, used browsers and operating systems.
- We use this metadata only for troubleshooting, improving our service and preventing abuse (such as excessive traffic).
Network Metadata is kept for at most 14 days, except for cases of abuse of our service (such as excessive traffic), in which case offending IP addresses can be stored for up to 1 year for the purpose of blocking the offending traffic (this can be lengtened for as long as the offence continues).
Statistics. We may collect aggregate statistics about the usage of your workspace, namely:
- The number of questions created
- The number of existing users
- The number of active users (who logged in at least once during a given period)
- The total number of predictions made
- The total number of unique predictions (counting each user only once for each question)
- The total number of network requests
- The total number of comments
This list is exhaustive. If we add more statistics to collect, we will notify you beforehand. We will never collect any information about individual objects (users, questions, etc.) in your workspace, not even anonymized. It will always be only very broad aggregate statistics.
While the statistics are based on personal data about your workspace usage, they do not themselves constitute personal data. These statistics will be updated continuously and the results can be kept indefinitely (even after your workspace is deleted). However, if your workspace is deleted, we will remove any identification of the workspace from the statistics (so we will keep the information that we had e.g. a workspace with 20 users and 1000 questions but not what it was called or who it belonged to).
We may use these statistics internally to understand how our services and to inform our future plans.
We may also use them to create overall statistics across all our workspaces (such us the total number of questions asked on our platform) and we may publish such statistics (but of course never statistics about a single particular workspace).
Legal basis of this processing is our legitimate interest, as it is necessary in order to provide and improve our service. We deliberately keep this colleted data to a minimum.
Additional data processing outside of the Confido app by the Workspace Owner and their subprocessors
The Workspace Owner may export data from their Confido workspace, including individual predictions, for further processing outside of the Confido app. The Workspace Owner assumes Data Controller role for any such processing. The Workspace Owner should provide information about such processing (its scope, purposes and legal basis) upon request.
Summary of Data Controller & Processor roles
- With respect to User Data and User Account Data processing within the Confido app, Workspace Owner acts as a Data Controller and Confido Institute as a Data Processor
- With respect to aditional metadata and metrics processing in our cloud infrastructure, Confido Institute acts as a Data Controller
Our only subprocessors are our hosting providers. Currently these are:
- ovh.ie, Unit 12 The Courtyard Building, Carmanhall Road, Sandyford, Dublin 18, Republic of Ireland
- Hukot.net, legally SecurityNet.cz s.r.o., U Velorexu 1301, 564 01 Žamberk, Czech Republic
- Alwyzon, a trading name of Hohl IT e.U., Hackhofergasse 1, 1190 Vienna, Austria
If you wish to know which subprocessors are involved in handling your workspace specifically, you can ask us.
Where is your data hosted?
Your data is stored and processed in the EU. Currently, we have servers in Czech Republic, France and Austria. If you need to inquire where specifically your data is hosted, you can contact us.
Your rights and how to exercise them
According to the GDPR, you as the data subject have certain rights. These include the right to request (with certain exceptions):
- to delete your data
- to access your data (e.g. get a copy of it)
- to update or correct your data
As most data processing is controlled by the Workspace Owner, you need to exercise your rights under the GDPR with them. If you are not sure how to contact the Workspace Owner, you can write to us at
firstname.lastname@example.org and we will pass on the message. You can use that contact also to exercise your rights regarding data processing controlled by the Confido Institute, as noted above.