Cookie Policy for the Forsta Plus SaaS Sites
1. Background
We provide this Cookie Policy in response to requirements of law and regulations applicable to Forsta.
2. Introduction
Your privacy is important to Forsta. This policy includes information about the kind of cookies that may be used if you access one of the Forsta Plus Software as a Service (“SaaS”) platforms. You may be accessing the SaaS to respond to a survey or view a report. Or, if you are a client of ours and have obtained a license to use the Forsta Plus Software on our SaaS, you will access the SaaS for purposes such as designing / launching surveys and reports.
Cookies (if any) delivered by Forsta to those who reach any of the SaaS pages on our SaaS environments, have a low level of privacy intrusiveness. Our clients using the SaaS may however also launch their own cookies, which we may not be aware of. Please contact the company inviting you to access the surveys or reports delivered via the SaaS for information about their cookies.
If you are visiting our Forsta homepage, or our Extranet, rather than the SaaS, and you would like to understand more about what kind of cookies we use on those sites, please refer to Section 5 I (“Cookies and Tracking Technologies”) of our Privacy Notice.
3. What are cookies?
A cookie is a small file downloaded on to a device (such as a PC or a mobile device) when the user accesses certain websites. Cookies are then sent back to the originating website on each subsequent visit.
The use of cookies and similar technologies has for some time been commonplace and cookies in particular are important in the provision of many online services. Using such technologies is not prohibited by the Regulations, but the Regulations require that people are informed about cookies and given the choice as to which of their online activities are managed this way.
4. Can I prevent the use of cookies?
You can, should you choose, disable the cookies from your browser and delete all cookies currently stored on your computer. You can find out how to do this for your particular browser by clicking “help” on your browser’s menu. Also, browser vendors will provide guidelines about how to disable cookies, as for example http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies and https://www.google.com/policies/technologies/managing/.
Please do however keep in mind that should you choose to disable cookies from your browser, this action may prevent you from taking full advantage of the SaaS service, and some aspects of it may fail to work.
You will see in the “Use of Cookies on Forsta Plus SaaS” section below that all the cookies used by the Forsta Plus SaaS are aimed at providing you with a better and more efficient user experience, and that they entail a low degree of privacy intrusiveness.
5. Use of Cookies on Forsta Plus SaaS
Cookies are used on the SaaS environment to provide you with a better user experience.
Our clients are the parties that create and distribute surveys, reports, portals etc., and are therefore the “data controllers” as defined in the EU Data Protection Directive and in the General Data Protection Regulation (GDPR). Our clients may use cookies additional to those provided by the standard Forsta Plus SaaS. We on our end are the “data processor” under the EU Directive / GDPR, and will not know if or what is being used by our clients and users, so you will need to request clarifications directly from the data collector about this.
If you are a client of Forsta with a license to use the Forsta Plus Software, more detailed documents about use of cookies are available here, see User Guides / Documentation (client login required).
Below is a summary of the cookies user on the Forsta Plus SaaS, divided into different user scenarios.
A) Cookies in Forsta Plus Surveys
For web-based surveys to which you are invited via e-mail and which you access by clicking on a unique link (URL), or which are presented to you via a pop-up (except polls), Forsta does not post any cookies by default. If you are taking a pop-up survey, the site where the survey is hosted will however normally use a cookie to avoid showing you the survey on every visit or change of page. In that case, the cookie will have been delivered by the site you were visiting, and not by Forsta.
| Type of cookie | What is it, and what does it do | Privacy Intrusiveness Level |
| Inline/Poll surveys | Used to determine whether the survey has already been shown to the user. Used in two cases: 1) To prevent the survey being shown repeatedly to returning visitors; and 2) To allow the respondent to continue the survey from the last answered question re-entry. Contains the information necessary to identify a respondent (primarily a respondent-ID which is a number, and a unique key which is a random sequence of letters). For inline surveys only, turned off by default, can help remember and prevent repeat responses from same machine. Expiration configurable, default 90 days. | In its “preventing” mode it expires after a configurable number of days (configured by our client on a project-by-project basis). No expiry for “continue” mode. Low privacy impact. |
| Sample Only (data collection outside Forsta Plus when sample is generated by Forsta Plus panel) | Provides the ability to continue a survey where left off after visiting a 3rd-party survey in between, when this 3rd-party survey does not support the conventional ways of redirecting (sending parameters in the URL back to the Forsta Plus interview). Stores the information necessary to identify a respondent, the project-ID and how far in that survey the respondent has reached. | Browser-session-cookie (dies when browser closes). Low privacy impact. |
| Limited survey with login page | Used to maintain the user session after login. | Cookie is removed when its value is read on the server. Low privacy impact. |
Here are three additional exceptions, related to specific data collection channels:
None of the cookies deployed by the Forsta Plus SaaS platform in relation to Forsta Plus Surveys, send information to third parties.
B) Login and authentication with Identity server
From 2018 all users of the Forsta Plus SaaS have been experiencing a more efficient login handled by our “Identity Server”.
By logging in you accept that the following cookies may be used (as applicable). In addition, you may also use other cookies relevant to other areas as explained further in this document.
| Type of cookie | What is it, and what does it do | Privacy Intrusiveness Level |
| Authentication process, Cookie name: idsrv | Cookie used in the authentication process | Browser session-cookie (dies when browser closes). Low privacy impact |
| Authentication/session identifier, Cookie name: idsrv.session | Session identifier in the identity service | Browser session-cookie (dies when browser closes). Low privacy impact |
| Authentication security, Cookie name: idsrv.xsrf | Cross site request forgery prevention in the authentication process. | Browser session-cookie (dies when browser closes). Low privacy impact |
| Authentication process, Cookie name: idsrv.clients | A list of clients the user is authenticated to in the current session. | Browser session-cookie (dies when browser closes). Low privacy impact |
| Authentication process, Cookie name: idsrv.username | Holding the last used username in the current browser to present at login. | Valid for one year. Low privacy impact |
| Authentication process, Cookie name: idsrv.trust2fa | Cookie for enabling trusted device for 2 factor authentication. | Valid for 30 days. Low privacy impact |
| Authentication process, Cookie name: idsrv.defportal | Holding the last used portalId used to present at login. | Valid for one year. Low privacy impact |
| Authentication process, Cookie name: idsrv.partial | Cookie holding partial login information. | Browser session-cookie (dies when browser closes). Low privacy impact |
| Authentication process, Cookie name: idsrv.external | Cookie for single sign on login. Only enabled when accessing with your company’s SSO solution (where offered) | Browser session-cookie (dies when browser closes). Low privacy impact |
| Authentication process, Cookie name: SignInMessage.<key> | Cookie used in the authentication process | Browser session-cookie (dies when browser closes). Low privacy impact |
| Authentication process, Cookie name: SignOutMessage.<key> | Cookie used in the authentication and logout process | Browser session-cookie (dies when browser closes). Low privacy impact |
| Authentication process, Cookie name: idsrv.aalc.<key> | Cookie used to identify users in a browser. Used to know when to send alerts for logins to new devices. | Valid one year. Low privacy impact |
| Authentication process, Cookie name: idsrv.sso | Cookie used for preserving configuration for Single Sign On. Not set for others. | Valid three years. Low privacy impact |
| Authentication process, Cookie name: idsrv.ssoClient | Cookie used during logout of Single Sign On users. Not set for others. | Valid one minute. Low privacy impact |
| Authentication process, Cookie name: idsrv.ssoLogout | Cookie used for logout redirects of Single Sign On users. Not set for others. | Valid three years. Low privacy impact |
| Authentication process, Cookie name: Saml2.<key> | Cookie used in the authentication process when Single Sign On using Saml2 in requested | Browser session-cookie (dies when browser closes). Low privacy impact |
| Authentication process with Single Sign On, Identity providers may set other cookies | When authentication is handled by a configured Identity Provider outside Forsta it may set one or more cookies during the Single Sign On process. | Refer to Identity provider |
None of the cookies deployed by the Forsta Plus SaaS platform in relation to login via Identity Server, send information to third parties.
C) Cookies when accessing Reportal reports
You may have been provided with a UserID and password by one of our clients in order for you to access a Forsta Plus on-line report or dashboard.
By logging in you accept that the following cookies may be used (as applicable):
| Type of cookie | What is it, and what does it do | Privacy Intrusiveness Level |
| Login/Session Cookie | Used to maintain the user session after login. | Cookie is set when user logs in and is removed when user logs out. Low privacy impact. |
| Login/Message cookie | Used as a data carrier to pass error messages to the login screen when the user session times out, or login fails. | Cookie is removed when its value is read on the server. Low privacy impact. |
| Login/authentication | The container for the forms authentication ticket. The ticket is used by forms authentication on the server to identify an authenticated user. | Cookie will be set when user logs in and removed when user logs out. Low privacy impact. |
| Login/Set user language | Used to keep information about the user’s preferred language. | Cookie will be set when user logs in and removed when user logs out. Low privacy impact. |
| Duplicate login prevention | Cookie is set when user is logged in and is used to prevent users from logging in again in another browser window. | Cookie will be set when user logs in and removed when user logs out. Low privacy impact. |
| Login/authentication cookies | Three cookies used to maintain state during login and session | Cookies will be set before redirecting to login page. Some are removed after successful login, some after logout. Low privacy impact. |
| Single Sign On | Provides SSO capabilities. Only enabled if you access Reportal via your company’s SSO solution (where offered). | Low privacy impact. |
| Session timeout | When the session times out, the user is taken back to the login screen. This cookie is used for communicating to the login screen that a session timeout occurred, and will cause the username to be automatically filled out | Low privacy impact. |
| Login | Keeps information about the users portal id after first login | Low privacy impact. |
| Reportal_Oidc<key> cookies | Cookies used in relation to login, session and logout. | Valid through login process or session. Low privacy impact. |
None of the cookies deployed by the Forsta Plus SaaS platform in relation to Reportal access, send information to third parties.
D) Cookies when accessing Action Management and Active Dashboards
You may have been provided with a UserID and password by us or by one of our clients, to log into Action Management and Active Dashboards.
By logging in you accept that the following cookies may be used (as applicable):
| Type of cookie | What is it, and what does it do | Privacy Intrusiveness Level |
| Action Management – PRT | Port on the host machine where current AM session is being serviced. | No privacy impact |
| Action Management – HST | Name of Server that is servicing the session | Low privacy impact |
| Active Dashboard/Action Management – csat-ltm | BigIp: Session persistence | Low privacy impact |
| Action Management – CAI | To support security token with each posting – internal | Low privacy impact |
| Action Management – ASP.NET_SessionId | Created by ASP.Net to manage session information | Low privacy impact |
| Action Management – .CSATAuth | User to authenticate session in AM | Low privacy impact |
| Active Dashboard – PRT | Port of Tomcat instance to which session is communicating. Expires at end of session | No privacy impact |
| Active Dashboard – HST | Name of server that is servicing the session | No privacy impact |
| Active Dashboard – JsessionID | Internal to Java sessions | Low privacy impact |
| Active Dashboard – CAI | To support security token with each posting – internal | Low privacy impact |
None of the cookies deployed by the Forsta Plus SaaS platform in relation to Action Management and Active Dashboards, send information to third parties.
E) Cookies when creating Surveys and Reports
Professional Authoring, Reportal Designer, Dashboard, Survey Designer, Translator/Questionnaire Reviewer, Hierarchy Management and Panel Management
You may have been provided with a UserID and password to log into the Forsta Plus Software for purpose of creating surveys or reports.
By logging in you accept that the following cookies may be used (as applicable):
| Type of cookie | What is it, and what does it do | Privacy Intrusiveness Level |
| Authentication, Cookie Name: Forstanet [+ potentially configurable sitespecific suffix], ForstaAuthoring, ForstaAuthoring_SessionId | Keep track of current session and single sign-on from Authoring environment to Reportal environment | Browser session-cookie (dies when browser closes). Low privacy impact. |
| Single Sign-On, Cookie Names: [Application Name] + SSO, [Application Name] + SSOLogOut | Single sign-on from domain-login to Forsta Plus-login (only applicable with specific addon enabled) | Browser session-cookie (dies when browser closes). Low privacy impact. |
| Two factor authentication, Cookie Name: ForstaTwoStepVerificationCookieName_[identifier] | Used to transfer username in login-process during two factor authentication | Low privacy impact, short lifetime (5 minutes) |
| Two factor authentication, Cookie Name: ForstaTwoStepVerificationTrust_[identifier] | Enables trust of a specific device to prevent two factor authentication to be required on every login | Low privacy impact but long lifetime |
| Login/logout/authentication, Cookie names: [Application Name]_Oidc<.key> | Three cookies used to maintain state during login, session and logout | Valid through login process or session. Low privacy impact |
| Messaging, Cookie Name: ForstaMessageCookieName | Pass message to login screen in the case of Logout (when all other cookies get expired/cleared) | Browser session-cookie (dies when browser closes). Low privacy impact. |
| Data Edit, Cookie Name: GridViewCookie | Remember columns selected to be visible when editing Respondent Data and Response Data (for both surveys and panels) | Browser session-cookie (dies when browser closes). Low privacy impact. |
| Word Export, Cookie Name: FileToken | Used to synchronize download of Word Export file through browser | Browser session-cookie (dies when browser closes). Low privacy impact. |
| Dashboard Login, Cookie Names: ForstaAuthoring_Dashboard | Ability to stay logged in authenticated (explicit option offered the user) | Persistent, expires by default after 48 hours. Low privacy impact. |
| Testinterview, Cookie Names: ForstaTestInterView_[identifier], ForstaQuickTestRespondent_[identifier] | Used to move around in a test interview without losing the context of which response the tester is associated with | Browser session-cookie (dies when browser closes). Low privacy impact. |
| Usersettings, Cookie Name: DashboardSettings_[Username] | Specify default language to be used within dashboard | Browser session-cookie (dies when browser closes). Low privacy impact. |
| Security, Cookie Names:_csrf | Cookie accompanying anti cross site request forgery token. Used to protect users from performing unwanted actions in web applications due to a certain type of attack. | Browser session-cookie (dies when browser closes). No privacy impact. |
| Marketo Munchkin | Records last visit and activity in relation to use of help-pages of the Forsta Plus software. Allows us to improve help areas and communicate to users based on their needs. | Expires after 24 months |
| Authentication, Cookie name: Forstaidp[+ potentially configurable site-specific suffix], | Keep track of current session and single sign-on between applications in the transition between old and new login systems. | Low privacy impact |
With one exception, no cookies deployed by the Forsta Plus SaaS platform when creating surveys and reports send information to third parties. Should you access the help pages of the Forsta Plus SaaS software, Marketo cookies will be used and information may be shared with Marketo as stated in the above table.
F) Cookies when accessing Community Portal
You may have been provided with a UserID and password by us or by one of our clients, to log into Community Portal.
By logging in you accept that the following cookies may be used (as applicable):
| Type of cookie | What is it, and what does it do | Privacy Intrusiveness Level |
| Forms authentication cookie | Used to determine whether a panelist is logged in or not, and to authenticate the panelist after the initial logon. This is .Net Forms authentication cookie. Contains the information necessary to identify a panelist (primarily an auto-generated key, and the panel id: Encrypted values). | Browser session-cookie (dies when browser closes). Low privacy impact. |
| Forms authentication cookie | Ability to stay logged in authenticated (explicit option offered to the user) | Persistent, expires by default after 14 days. Low privacy impact |
None of the cookies deployed by the Forsta Plus SaaS platform in relation to Community Portal, send information to third parties.
G) Salesforce connector
If you use the Forsta Plus – Salesforce connector, you accept that we use the following cookies (as applicable):
| Type of cookie | What is it, and what does it do | Privacy Intrusiveness Level |
| Session state, Cookie name: sfdcstate | Keeps the state related to Salesforce for the CRM Connector for Salesforce application. Encrypted. Includes a Salesforce access token along with other parameters. | Browser session-cookie (dies when browser closes). Low privacy impact |
| Salesforce domain, Cookie name: sfdomain | It keeps the Salesforce domain name. Used for enabling Iframe usage for the CRM Connector for Salesforce application. Encrypted. | Browser session-cookie (dies when browser closes). No privacy impact |
The cookies deployed by the Forsta Plus SaaS platform in relation to Salesforce connector will send information to SalesForce as stated in the above table.
6. Links to non-Forsta Web sites
This policy, or any web page displayed via the SaaS environment, may contain links to other Web sites. Forsta is not responsible for the privacy practices or for the content of those other Web sites.
7. Changes to this policy
This policy may be amended by updates on this site.
8. Questions about Privacy or the use of Cookies
If you have any questions about this policy, if you would like more details about how cookies are used in Forsta Plus, or if you would like to file a complaint in relation to our use of cookies, you are welcome to send an email to privacy@Forsta.com.