Til hovedindhold

Privacy and cookies

What we do with your data, what data we use, why and where we use it. And how to opt out.

Confrere (the responsible body) lets you make video calls through a web browser on any modern web-enabled device. Confrere is best suited for video calls between a professional (such as a doctor or a lawyer) and a client.

We are building Confrere to make it easy for professionals and their clients to meet over video. In such meetings, confidential information is often exchanged and we are adamant about safeguarding you and your data. Confrere is both GDPR (EU/EEA) and HIPAA (USA) compliant, as well as in accordance with the privacy and security requirements of regulations such as the Norwegian health sector regulation Normen. It is in accordance with NEN 7510 (NL) and German regulations for video consultations.

This privacy policy applies to you, whether you are just browsing on our website, visiting a professional’s Confrere, joining a call as a visitor, or offering video calls through your Confrere account. We collect data about you at several times: when you visit our website, ask a question or contact us, participate in a call or sign up for an account. If you believe we ask for more data than we need or in some other way act unethically or in a way that is not transparent, please contact us with your concerns.

What types of data we collect and why

We do not have access to the video calls made via Confrere: no one has access except for participants in the call. Thus it follows that we do not record or store the video calls. Read more about end-to-end encryption.

Joining a video call as a visitor

When you join a video call as a visitor, you do not go through a sign-up process nor create a Confrere account. We do not collect health information about you or other sensitive data.

When you show up for your call, you fill out a form where you might enter your:

  • Name
  • Phone number
  • Payment details if you pay by card
  • Personal identification number (if you are located in Scandinavia)

This data is displayed on the professional’s dashboard (with the exception of complete payment details), along with information about the date and length of the call. In addition, we store some technical information about the network quality and which actions were made in the call (screen sharing, muting, and camera permissions), for troubleshooting reasons.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a.

No one can access this information other than the professional, any third party integrations that the professional has connected to Confrere (most commonly an electronic health record system), or Confrere engineers with security clearance. Their access to this data is secure and logged. We store this information in our database in AWS. Data is automatically deleted after a period of time determined by each individual Confrere organization. Our provider for BankID and NemID (Scandinavia only) is Criipto.

We retain this data for 3 months unless otherwise specified by the professional organization. Data retention can be set to as little as 1 day by the individual Confrere organization.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a.

Though we know that the calls you have joined have happened and with whom, we do not structure and save sets of data about visitors and their calls.

Payment details are handled by Stripe. In order to provide support, some Confrere employees have access to partial information about credit card transactions, and their access to this data is secure and logged. Transaction data is stored for 5 years.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a. The legal basis for the retention of transaction data is legal requirement, cf. GDPR art. 6 (1) item c.

In case you require technical support in connection with your call, we enable the chat tool Intercom. The information we collect about you for this purpose is not tied to your personal information given to the professional, so Confrere support personnel do not see your name nor your telephone number. Scandinavian residents may be prompted to give their PIN to the professional, in which case the customer support personnel cannot see your PIN either.

They do, however, have access to your:

  • Media test results
  • Browser, browser version, and browser language
  • Country/city level location (or the location of your IP address)
  • URL you are currently on
  • Operating system
  • Support chat history if you have had previous support chat conversations with us

If you have previously given us your phone number, name, or email address in such a support chat, this might be contained within the support chat history.

The legal basis for the processing of all of the above is the performance of a contract, cf. GDPR art. 6 (1) item b.

Metadata such as this is automatically deleted after 9 months. We can also manually delete it at your request. Contact us to request deletion.

Signing up and using Confrere

If you create a trial account or sign up for one of our plans in order to offer video calls through Confrere, we collect and store data about you in various systems in order to deliver the service and help you use it.

For the system to function we need your:

  • Name
  • Organization or place of work
  • Email address

To alert you of new visitors, you may provide us with your phone number (optional).

For our contract, we need your:

  • Payment details
  • Industry
  • Signature

To be able to help you with technical issues, we need your:

  • Browser, browser version, and language
  • Location
  • Operating system and device
  • Media test results
  • In-call events (screen sharing, muting, camera and microphone permissions)
  • Call and invitation history in Confrere
  • Support chat conversation history (in Intercom)

The legal basis for the processing of all of the above is the performance of a contract, cf. GDPR art. 6 (1) item b.

As a signed up user, we couple the personal information we have about you with the technical information above (unlike what we do with your visitors’ data). When you are logged in, our chat tool, Intercom, will let the support personnel know your name, your contact info, and which organization you belong to.

The legal basis for this processing is the performance of a contract, cf. GDPR art. 6 (1) item b.

As for payment details and information about your call history, this is restricted information that requires a Confrere engineer with database access to log into our database to see. This access is secure and logged. We store payment details in Stripe, and financial info pertaining to your paid Confrere plan in our accounting system, 24SevenOffice.

The legal basis for this processing is the performance of a contract, cf. GDPR art. 6 (1) item b.

We also use Intercom to help you get started with Confrere by sending you messages about features and functionality, and updates when we launch new features.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a.

Criipto is our provider for BankID and NemID (Scandinavia only).

The legal basis for this processing is the performance of a contract, cf. GDPR art. 6 (1) item b.

Asking a question

If you interact directly with us through the chat on our site (“Intercom”), you will be given a silly alias like “Yellow Camera” or “Indigo Bird” instead of a name (unless you already have a Confrere account). We will then start saving your conversation history. Intercom will ask you for a way to reach you if you message us at a time when support is not attended, and answering is optional. On some pages, you can also book a demo by leaving your email address in the chat box. If you leave a phone number or email address at this point, that data will be associated with your conversation and confrere.com browsing history.

This lets us better help you by making us aware of what problems you have run into in the past, and what questions you have. If you request a demo, we use the information to get in touch with you to set up a time and date and nothing else.

The legal basis for this processing is the performance of a contract, cf. GDPR art. 6 (1) item b.

Just browsing

When you are a visitor to confrere.com we use Google Analytics and Intercom (the chat tool on our site) to track your browsing and encourage you to ask us questions about our product, plans, or features. This places some cookies in your browser, and besides knowing which confrere.com pages you have visited, we also know:

  • The operating system you are using
  • The browser you are using to visit confrere.com
  • The page that linked to Confrere if you clicked a link
  • Where you are located in the world (or the location of your IP address)
  • Which language your browser is set to

We do not know who you are or have any personal information about you besides the above.
We use this data to give you better support should you run into technical issues, and give better advice about how Confrere will work for you.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a.

If you fill out a form to order a guide or white paper, or if you attend a webinar or event, we receive an email with the info you gave us in the form. This may include your:

  • Name
  • Address
  • Place of work
  • Email address
  • Phone number

We use Google Docs and Typeform to collect signups and orders.
This information is not stored anywhere tied to your browsing or behavior mentioned above and is deleted after your order is sent or the event is over.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a.

Cookies and how to disable them

We use cookies to better understand those who visit our website, join a video call, and/or have a Confrere account so we may offer them a more tailored service. Cookies do things like remember your camera settings, prefill form fields and let you remain logged in.

Cookies are small files saved to your computer’s hard drive that track information about how you use and interact with a website. Some cookies are “session” cookies, which delete automatically when you leave Confrere. Others are “persistent” cookies which do not delete themselves and track your use of Confrere over time.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a.

We also use third party service providers who set cookies.
See “third parties” for an overview of cookies set by Confrere.

Most cookies can be disabled in your browser settings.

Third Parties: Who else has access to your data?

In order to make the tools we use for support, billing, and similar work as well as intended, it is often necessary to share some of your data with our third party providers. We only share data when it is necessary, and we share as little as possible.
We have strict data processing agreements with all our providers and control how they handle data. So if you tell us to change or delete information, those changes will also be reflected in data they can access if these overlap.
If data location is outside of the EU, our provider is Privacy Shield certified.

Payment and billing

ServiceInformationWhy we use itWhere data is storedLegal basis
Stripe- Contact information
- Financial info
We handle payments to Confrere through StripeEU and USGDPR 6.1.b
24SevenOffice- Contact information
- Place of work
- Organization number (in Norway)
We do invoicing through 24SevenOfficeEUGDPR 6.1.b

Support, communication, and marketing

ServiceInformationWhy we use itWhere data is storedLegal basis
IntercomCookies
- Contact information
- How you use Confrere
- Technical information
We use Intercom to onboard new users by highlighting functionality and sending emails with tips and suggestions. We also receive support requests through Intercom. Finally, we send feature announcement emails to our users.USGDPR 6.1.a and 6.1.b

Video calls

ServiceInformationWhy we use itWhere data is storedLegal basis
AWSEUGDPR 6.1.b
Twilio- Contact informationIf you choose to send text messages through the Confrere.USGDPR 6.1.b

Statistics

ServiceInformationWhy we use itWhere data is storedLegal basis
Google AnalyticsCookies
- How you use Confrere
To see how you move around our website confrere.com (but not the video calling platform). Stores no identifying data, and your IP address is not collected.USGDPR 6.1.b

Changing and Deleting Data: You have the right to change and delete your information

We have firmly established that we do collect data about you. However, your personal data remains your own and under your control, so you have the right to tell us how to handle it. Contact us to request any changes in how we handle your data.

  • You have the right to know exactly what data we have collected about you.
    If requested, we will provide a full overview within four weeks.
  • You have the right to know who can access and alter your data.
  • You have the right to change and update your information if what we have is incorrect.
  • You have the right to move your data to another provider.
    If requested, we will provide you with all your information in a file format readable by other web services.
  • You have the right to be deleted and forgotten, with a small exception for billing and payment data, which we are lawfully required to keep. See our terms of service for more information on billing.
  • You have the right to complain to a government instance about how we use data.
    This complaint should be lodged with Datatilsynet in Norway. We would also appreciate it if you would contact our customer service if you find our use of data unethical or unlawful so we can correct it.

We retain your contact data as long as we have an active customer relationship with you. If the customer relationship ends, we keep your contact data for another 90 days before we delete it from our systems, with the exception of invoices and transactions, that we are required to keep for 5 years.

The legal basis for the retention of transaction data is legal requirement, cf. GDPR art. 6 (1) item c.

Looking for the DPA (data processing agreement) or BAA (business associate agreement)?

Head on over to the Terms of service, where this is covered in greater depth.

Data Protection Officer: Nikolai Norman Andersen
Confrere AS, Dovresvingen 6b, N-1184 OSLO
Email: nikolai@confrere.com

You made it!

We know this was long.

We hope you enjoy using Confrere! Since you actually read all this way, you can send us a message over Intercom, tweet us at @confrere_video, or send an email to hello@confrere.com saying “dinosaur”, and somebody from our team will draw you a dinosaur!