Information for users

According to the GDPR

Article 5 specifies that:

‘Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.’

Article 13 and 14 specify information to be provided, including, in particular, explanations relative to the purpose of processing and the length of data storage, etc.

This information must be easily accessible and expressed in explicit terms.

Regarding Piano Analytics

Our Data Processing Agreement (DPA) specifies the obligations relative to information, in accordance with the provisions of Article 13 and 14 of the GDPR.
The information you may provide to your web users concerning your use of Piano Analytics as an audience measurement solution, and via an information page (e.g. ‘Privacy policy’) is notably as follows.

The legal ground for processing: consent

With the exclusion of exceptions authorised by law, the legal ground for processing is based on the consent of your platform users. The purposes of trackers must be presented to the user prior to the user’s consent. No trackers shall be placed on the user’s terminal without the latter’s prior and explicit consent.

The terms of collection and consent in the framework of our Digital Analytics solution are specified in the Consent Management section.

Furthermore, the web user must also be free to withdraw their consent at any time.

Regarding Analytics, the main options for the withdrawal of consent are:

• Opt-out (ensures the user is no longer traced) Piano Analytics opt-out procedures.
• Location sharing (enables the disabling of GPS data collection on a mobile application)
  If your application enables GPS data collection, you must inform your users and provide the means to disable this service.

For more information on this subject:

• Our compliance guide specifies the practical terms for consent management in the framework of our solution (inclusion of opt-out)
• Your users' Preferences section provides an overview of the various options available to users to specify their preferences (including opt-out and share location)

Processing purpose

As a Data Controller, you must be able to explain to your users the end purpose of the use of your audience measurement solution.

The aim of our audience measurement solution is to produce statistical audience data and analysis, digital intelligence and data recovery via a secure web interface or via the export of this data.

In addition to this main purpose, you may wish to use the digital analytics solution for accessory purposes, related notably to your business sector and/or strategic digital aims.

Type of personal data

The types of personal data are presented in the following article.

Data transfer

If the processing procedure you use includes data transfer outside of the European Union, you must inform your web users thereof and ensure an adequate level of security (see Articles 13 , 14 and Chapter 5 of the GDPR). 

See ‘data protection around the world’ on the CNIL website.

Regarding Piano Analytics, and as is specified in our DPA, we undertake to ensure all your analytic data is processed and stored within the European Union.

Duration of storage

Article 5 of the GDPR requires the Data Controller to define a personal data storage duration, thus ensuring such data is stored only for the time necessary to achieve the stated purposes.

For more details on the storage duration of your analytic data, please see our ‘Data Retention’ article.

The right of data subjects

With regard to all the personal data you collect, you must be able to provide a response to web users relative to the exercising of their rights.

The terms of application of these rights relative to data collected via our solution are set out in the article ‘Your Users’ Rights’.

Regarding the information to provide on these rights, their existence is to be specified, in addition to a reminder of the legal context and your contact points to exercise such rights.