Rosa Cookie Policy
V1.9 - 29 August 2024
Purpose of this document
This page explains what cookies and other similar technologies Rosa uses to improve your online experience and to help us to monitor and improve our websites, applications and services for future visitors.
“Rosa” (or “we”) is Rosa ASBL, a non-profit organization established at Cantersteen 10, 1000 Brussels, with enterprise number 0745.832.604.
This document is part of the privacy policy of Rosa.
To communicate with Rosa about cookies and similar technologies used on Rosa’s websites, please email gdpr@rosa.be.
What is a Cookie?
A cookie is a small text file that is placed on your device when you visit a website or use a (web or mobile) application. Cookies and similar technologies can collect personal data about you and your browsing habits, such as your IP address, the URLs of sites you have visited before or after accessing the website and how long you have spent on a particular page or website.
There are two main categories of cookies:
- Strictly necessary and functional (preferences) cookies (e.g. authenticating the user or remembering the user’s language preference). We call these cookies ‘Essential’. These cookies may be placed without the user’s consent as they enable a service or functionality that the user requests to be provided. We also recommend that you do not disable these cookies to not lose basic website functionality or access to certain parts of the website or application.
- All other cookies such as analytics cookies (e.g. how many visitors have been on a website) and marketing cookies (e.g. to show relevant advertisements to users). We call these cookies ‘Optional’. Rosa asks for the user’s consent before using such cookies.
We also distinguish first-party cookies (ie: cookies that are set by us) and third-party cookies (ie: cookies that are set by an external service provider to enable a service provided by that third-party). We cannot fully control the use of third-party cookies through our applications. Any references below to third-party cookies are indicative only. For more information, please consult the privacy policy or cookie policy of the respective third-party service provider listed below.
What cookies do we use and where?
Rosa installs cookies whenever you visit one of our applications. Rosa has three (3) sets of applications:
- Patient applications: the registry on rosa.be, the hospital registries (e.g. registry.hospitalname.rosa.be), or the applications Rosa builds to help patients manage their appointments and their health in general.
- Professional applications: the applications that Rosa offers to health professionals: hp-calendar.rosa.be, signup-process.rosa.be, attest.rosa.be, etc.
- Marketing website: the website accessible on pro.rosa.be.
The three sets of applications have a different purpose and address different needs. For each set of applications, Rosa uses different cookies but within a given set of applications, Rosa uses the same cookies. For that reason, the information about cookies (below) is organized per set of applications and, where your consent is required, your choice (to give or not to give your consent) will be valid for that specific set of applications only and it will be valid for all the applications within that set.
Cookies on the patient applications
The table below shows the different service providers that may install cookies when you visit one of Rosa’s patient-facing applications. Essential cookies are always installed. With your consent, we will also install the Optional cookies.
|
Provider |
Category |
|---|---|
| Rosa | Essential |
| Amazon Cognito | Essential |
| Hotjar | Optional (analytics) |
| Mixpanel | Optional (analytics) |
What are your choices?
On your first visit to a patient application, you can accept or refuse that optional cookies are being placed. Your choice will be kept for six (6) months or until our cookie policy is updated (whichever occurs first); and will be valid across all patient applications (when authenticated and when using the same browser).
How can I change my choices (revoke consent)?
If, during that period, you change your mind and would like to either revoke your consent (or give your consent), you can always do so from the footer of one of rosa.be pages.
What if I also visit a professional application or the pro.rosa.be website?
Your choice is only valid on the patient applications. If you also visit a professional application or the pro.rosa.be website, we will provide you with the relevant information on the cookies used (via this Cookie Policy) and, where necessary, we shall ask you for a separate consent.
The use of Google Maps
We would like to draw your attention to the fact that Rosa uses Google Maps on its patient applications. Rosa and Google Cloud EMEA Limited act as separate and independent data controllers with respect to processing operations in relation to Google Maps, in accordance with the Google Controller-Controller Data Protection Terms. The use of Google Maps is subject to the Google Maps Platform Terms of Service, the Google Maps/Google Earth Additional Terms of Service, as well as Google's privacy policy.
Cookies on our professional applications
Whenever you visit a professional application, we install the following Essential cookies and, with your consent, we will also install the following Optional cookies:
|
Provider |
Category |
|---|---|
| Rosa | Essential |
| Amazon Cognito | Essential |
| Hotjar | Optional (analytics) |
| Mixpanel | Optional (analytics) |
What are your choices?
On your first visit to one of our professional applications, you can accept or refuse that optional cookies are being placed. Your choice will be kept for six (6) months or until our cookie policy is updated (whichever occurs first). Your choice is linked to your professional account and is applied across our professional applications.
How can I change my choices (revoke consent)?
You can change your preferences (and revoke your consent) at any time from the settings linked to your professional account.
What if I also visit a patient application or the pro.rosa.be website?
Your choice is only valid on our professional applications. If you also visit a patient application or the pro.rosa.be website, we will provide you with the relevant information on the cookies used (via this Cookie Policy) and, where necessary, we shall ask you for a separate consent.
Cookies on our marketing website (pro.rosa.be)
Whenever you visit our marketing website on pro.rosa.be, we install the following Essential cookies and, with your consent, we will also install the following Optional cookies:
|
Provider |
Category |
|---|---|
| Rosa | Essential |
| Amazon Cognito | Essential / Optional (analytics) |
| Hotjar | Optional (marketing and analytics) |
| Mixpanel | Optional (analytics) |
What are your choices?
On your first visit to our marketing website, you can accept or refuse that Optional cookies are being placed. Your choice will be kept for six (6) months or until our cookie policy is updated (whichever occurs first).
How can I change my choices (revoke consent)?
If, during that period, you change your mind and would like to either revoke your consent or give your consent, you can always do so at any time by opening the cookie-banner in the footer of any page and updating your choice.
What if I also visit a patient application or a professional application?
Your choice is only valid on the marketing website. If you also visit a patient application or a professional application, we will provide you with the relevant information on the cookies used (via this Cookie Policy) and, where necessary, we shall ask you for a separate consent.
Cookies on our knowledge base for patients and professionals
As part of our services, we have developed an online Knowledge Base which gives you access to answers to the most frequently asked questions. It also gives you access to the PDFs versions of our legal terms. Our Knowledge Base is hosted on Confluence (an Atlassian product) and you can find more information on Cookies set on these pages on: https://www.atlassian.com/legal/cookies.
What is the purpose of each cookie and how long is the cookie kept for?
Our own Rosa cookies
Those cookies are Essential. We do not rely on your consent to place these cookies.
|
Name |
Category |
Purpose |
Retention |
|---|---|---|---|
| rosa_language | Essential | It is used to store user preferences for language. | 1 year |
| e_health_access_token | Essential | It is used in case of eHealth authentication only; it contains the eHealth access token during the validity of the session. | Session duration |
| e_health_profile_data | Essential | It is used in case of eHealth authentication only; it is used to securely pass profile data from eHealth to Rosa. | Session duration |
| rosa-cookiepolicy-patientprod | Essential | Used to store whether consent was given or not, for which version of the cookie policy, and when. | 6 months or until a new version of our Cookie Policy is released |
Cookies from third-party providers
Amazon Cognito cookies (AWS)
We use Amazon Cognito as our identity provider to authenticate our users securely. Those cookies are Essential. You can find more information on AWS’s privacy commitments at: https://aws.amazon.com/compliance/data-privacy-faq/.
|
Name |
Category |
Purpose |
Retention |
|---|---|---|---|
| CognitoIdent ityServiceProvider.[session].[user].idToken | Essential | Enables authentication of users | 1 hour |
| CognitoIdent ityServiceProvider.[session].LastAuthUser | Essential | Stores the username of the last authenticated user with Amazon Cognito. | Until session is over / user logs out / clears data in browser |
| CognitoIdent ityServiceProvider.[session].[user].accessToken | Essential | Stores the access token for the currently authenticated user granting temporary access to authorized resources. | 1 hour |
| CognitoIdent ityServiceProvider.[session].[user].refreshToken | Essential | Stores the refresh token for a specific user in a web application using Amazon Cognito, which is used to obtain new access and ID tokens without requiring the user to authenticate again. | 24 hours |
| CognitoIdent ityServiceProvider.[session].[user].clockDrift | Essential | Stores the difference in seconds between the client's and Amazon Cognito server's clocks, adjusting for time discrepancies in token validation. | Until session is over / user logs out / clears data in browser |
| CognitoIdent ityServiceProvider.[session].[user].userData | Essential | Stores authenticated user's details fetched from Amazon Cognito, including attributes and context for application use. | Aligned with the session expiration or when the user's authentication tokens expire, requiring re-authentication or token refresh |
| amplify-signin-with-hostedUI | Essential | If set to true, directs the user to sign in via Amazon Cognito's Hosted UI, simplifying authentication by using a pre-built, fully managed sign-in interface. We use our own login screen so we set this to false. | Until session is over / user logs out / clears data in browser |
Hotjar cookies
We use Hotjar to better understand how our users use our tools through heatmaps, random & anonymized screen recordings and surveys. These cookies are Optional. The list of cookies set by Hotjar, their purpose and their retention period is available at: https://help.hotjar.com/hc/en-us/articles/6952777582999-Cookies-Set-by-the-Hotjar-Tracking -Code#list-of-cookies-set-by-the-hotjar-tracking-code.
Google analytics cookies
Google analytics is only used on our marketing website. Google analytics cookies are Optional. We use them to better understand the performance of our marketing campaigns towards health professionals and the origin of the traffic towards Rosa.
|
Name |
Category |
Purpose |
Retention |
|---|---|---|---|
| _gcl_au | Optional (analytics) | It experiments advertisement efficiency of websites using their services. | 90 days |
| _ga | Optional (analytics) | It calculates visitor, session, and campaign data and keeps track of site usage for the analytics report. | 2 years |
| _gid | Optional (analytics) | It stores information on how visitors use Rosa’s website, while also creating an analytics report of the website's performance. | 24 hours |
| gat_UA-185699771- 1 | Optional (analytics) | It allows Rosa to track visitor behaviour and measure site performance. | 1 minute |
| ga_651JKZVX2Q | Optional (analytics) | It is used to persist session state. | 2 years |
| _ga_Z8H5B6JCE9 | Optional (analytics) | It is used to persist session state. | 2 years |
Google Doubleclick cookies
Google Doubleclick cookies are only used on our marketing website and inside the professional applications. These cookies are Optional. We use them to better understand the performance of our marketing campaigns towards health professionals and for example not serve them ads if they already use Rosa services.
|
Name |
Category |
Purpose |
Retention |
|---|---|---|---|
| DSID | Optional (marketing) | It is used to identify a logged in user on non-Google sites and to store user preferences regarding ad personalization. |
2 weeks |
| IDE | Optional (marketing) | It is used to provide ad delivery or retargeting. |
13 months |
| ar_debug | Optional (marketing) | It is used to store and track conversions. | 2 weeks |
Hubspot cookies
Hubspot cookies are only used on our marketing website.
|
Name |
Category |
Purpose |
Retention |
|---|---|---|---|
| __hs_opt_out | Essential | It is used to store user preferences for cookies. |
6 months |
| __hs_do_not_track | Essential | It is used to prevent sending information to Husbpot. |
6 months |
| __hs_initial_opt_in | Essential | It is used to store user preferences for cookies, when using strict mode. | 7 days |
| __hs_cookie_cat_pref | Essential | It is used to record the cookie categories a user consented to. | 6 months |
| __hs_gpc_banner_dis miss | Essential | It is used when the Global Privacy Control banner is dismissed. | 180 days |
| hs_ab_test | Essential | It is used to consistently serve visitors the same version of an A/B test page they’ve seen before. | At the end of the session |
| hs_langswitcher_choice | Essential | It is used to save a visitor’s selected language choice when viewing pages in multiple languages. | 2 years |
| __hssrc | Optional (analytics) | It is used to store a unique session ID. | At the end of the session |
| __hssc | Optional (analytics) | It is used to keep track of session, and is linked to the __hstc cookie. | 30 minutes |
| __hstc | Optional (analytics) | It is used to track website visitors and includes time of first visit, time of last visit, current timestamp and session number. | 6 months |
| hubspotutk | Optional (analytics) | It is used to store and track a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts. | 6 months |
| __cfruid | Essential | It is used to deal with rate-limiting policies of Hubspot’s content delivery network provider. | At the end of the session |
| __cf_bm | Essential | It is used for bot protection. | 30 minutes |
Mixpanel cookies
We use Mixpanel cookies across all our applications and websites to collect analytics on how people use our applications. Mixpanel.com
|
Name |
Category |
Purpose |
Retention |
|---|---|---|---|
| mp_rosa-pa tient | Optional (analytics) | It identifies (returning) visitors and helps us understand how they interact with our application and website. |
365 days |
| mp_rosa-hp | Optional (analytics) | It identifies health professionals users in our professional applications and helps us understand how they interact with our applications. |
365 days |
How can you manage or turn off cookies?
If you would like to limit the use of cookies, you can do so by changing your internet browsing settings before you start browsing the internet. You can also delete cookies once you have finished visiting a website.
You can find more information on how to manage cookies on popular browsers, by visiting the following third-party links:
To find information relating to other browsers, please visit the browser’s developer website.
Modification of the cookie policy
This is version 1.9 of our Cookie Policy and it is current as of 29 August 2024. We keep this cookie policy under regular review to ensure it is current and we may change this cookie policy over time to reflect the changes in our services and data processing activities. If we do so, we will post the updated cookie policy on this webpage. Please refer back to this cookie policy to review any amendments.