The GDPR strengthens the right of data subjects with regard to their personal data and imposes greater transparency on the taking into account of their choices relative to their consent to the collection of such data.
According to the GDPR
The rights of data subjects are covered by the following articles:
- Right of Access (Article 15) and Right to Erasure (Articles 17 & 19)
- Right to Rectification (Articles 16 & 19)
- Right to Restriction (Articles 18 & 19)
- Right to Data Portability (Article 20)
- Right to Object (Article 21)
As Data Controller, it is your duty to respond, within a maximum period of thirty (30) days, to any request to exercise a right. We will assist you in this procedure.
Regarding Piano Analytics
Our DPA specifies the roles and responsibilities relative to the exercising of data subjects’ rights.
The aim of this chapter is to provide you with information regarding our processes and to explain the procedure to follow in the event a web user contacts you in order to exercise their rights.
From an Analytics perspective, the provisions for these rights are as follows:
- Right of access and right to erasure: see table below.
- Right to restriction and right to object: these rights are relative to the options provided to web users to restrict the monitoring of their browsing, in particular via opt-out and the refusal of cookies.
- Right to rectification and right to portability: we consider that these possibilities are not applicable with regard to the service provided.
Management of right to access and right to erasure in the framework of AT Internet:
|
|
Website cookies 1st & 3rd party |
Native app (mobile,TV...) |
|
Web user identification |
To access personal data collected via a website, the web user must be able to provide their cookie ID. 1st party cookie: the web user must be able to access the cookie files of each site on which they wish to exercise these rights and transmit to us the list of corresponding IDs. 3rd party cookie: the web user must recover and transmit to us the AT Internet cookie ID (the procedure will be explained to the user) |
To access personal data collected via a mobile application, the web user must be able to provide their mobile ID. The developer/ project head of the application is responsible for defining the mobile ID to be used. For the web user, only a certain number of these identifiers are available: IDFA for iOS and AndroidID + AdvertisingID for Android. |
|
Base request |
With these identifiers, we can rerun the algorithm which generates their Unique User ID (or visitor ID on Delta). For the right of access, we will provide a .csv file containing their available personal data. For the right to erasure, we will proceed to an irreversible anonymisation of their data. |
|
|
Restrictions |
The data available will thus be restricted to that linked to cookie and mobile IDs that the user can provide to us, in addition to the availability of such data according to the period of raw data retention. |
|
Action
Transmit, within five (5) business days following receipt, the request for access and/or erasure to the following address: dpo@atinternet.com.
Note
The web user must contact you (Data Controller) to exercise their rights on the data collected via our solution.
We request that you provide us with the web user’s Unique User ID or User ID in order to process their request.