Privacy policy

How we protect customer data

AT Internet and data: transparency and security

Data is the core of our work and our passion. For more than 20 years, we’ve provided our customers in-depth, reliable data while meticulously respecting user privacy. With more than two decades of experience, we have established the perfect balance between these two fully compatible goals.

We provide a Software as a Service (SaaS) allowing our customers to measure the audience of their web and mobile sites, intranets, and mobile applications. Our solution collects audience data on digital platforms using our service. This data is then analysed, calculated and enriched. The processed data is made available in an online interface, accessible only to AT Internet customers. This data enables our customers to improve the usability of their sites and apps, and optimise the range and quality of their product and service offerings.

 

What is the legal basis for the processing of audience measurement data?

Among the six conditions of lawfulness of processing given by Article 6 of the GDPR, it is the notion of consent that applies in priority to audience measurement processing operations. It represents the free, specific, informed and unambiguous will of the person concerned. Our customers as data controllers must obtain this consent from visitors to their sites and applications. In its role as a subcontractor, AT Internet provides the methods to ensure that audience measurement data is processed only after it has been obtained.

However, some European legislation allows an exemption in certain cases from the requirement to obtain consent for audience measurement processing operations by referring to the condition of legitimate interest. In France, for example, this must be accompanied by the implementation of and compliance with conditions defined by the CNIL. In other countries, such as Germany, legislation and control authorities do not establish specifications allowing the legitimate interest to be used as the legal basis for processing, without excluding that this is possible. In this case, it is therefore up to the controller to study each processing operation on a case-by-case basis and, if necessary, to seek the opinion of the competent supervisory authority to ensure that the processing operation envisaged can be based on the legitimate interest. Finally, some countries, such as the United Kingdom, exclude this possibility of using the legitimate interest. In all cases, the legal teams of data controllers must ensure that the legal basis of the processing operation is in place, taking into account the room for manoeuvre allowed by the legislation of their country.

 

How we measure our customers’ audience on sites and apps

AT Internet provides tags to its customers in order to measure audience on digital platforms. Customers implement these tags on the websites, mobile sites and mobile apps they wish to analyse.

These tags enable audience measurement cookies to be placed (on web and mobile sites) and mobile IDs to be generated (on mobile apps). This operation is necessary in order for data to be collected. To learn more about cookies and mobile IDs, please visit the Resources page.

AT Internet tags comply with European Union data privacy laws, whose standards are among the highest in the world. By adhering to stringent regulations, we offer our customers a reliable, transparent and secure alternative to many other digital analytics providers based outside of Europe.  

 

What data do we collect?

To measure audience on digital properties, we collect different types of information.

  • ID-type information: cookie ID, mobile ID, IP address.

After being collected, this data is used for real-time processing in order to generate a visitor ID (hashing is applied on source data) and to calculate geolocation information (which is never more granular than the city- or region-level, depending on the country). The raw data collected and used for this processing is not conserved in databases for customer use and is therefore not available to customers.

Please note that AT Internet offers customers the option of anonymising their visitors’ IP addresses by truncating the last 3 digits (last octet) of the IP address before geolocation takes place. This anonymisation is applied by default for our German customers via our subsidiary Applied Technologies Internet GmbH.

 

  • Digital analytics information: data related to Internet users’ navigation:
    • the type of browser used
    • the number of page views
    • the exact navigational path a visitor takes on the site
    • the amount of time spent on a page, or the entire site
    • shopping cart activity (items placed in cart, abandons, etc.)
    • other types of navigational data

 

  • Information specific to our customers’ activities: Should their business needs require it, our customers are technically able to retrieve data other than the information our tag collects by default.
    • GPS data on mobile: This data is used for heatmap-type analysis of geolocation that is never more granular than the city- or region-level, depending on the country. Collected GPS data is only used for geolocation calculation and is never made available in databases. Additionally, an Internet user must have enabled GPS services for our customers’ mobile apps in order for us to be able to collect this information.
    • Identified visitors: This refers to visitor IDs or logins specific to customers.
    • Data collected from online forms
    • Other types of information

In light of the definitions provided in article 4 of the General Data Protection Regulation,  we consider that all data we collect is “personal data”, and we therefore apply the required considerations and protective measures accordingly.

 

How long do we keep the data collected for customers?

By default, all data collected and processed is kept for 25 months from the date of collection.  However, our customers can choose a shorter (free of charge) or longer (subject to a charge) storage period.

 

Where is customer audience data processed and stored?

All audience data is processed and stored in the European Union. We’re using a Content Delivery Network (CDN) to improve the performance of data collection time.

 

Who owns the collected data?

In accordance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679), we act as a subcontractor for our customers. Our customers act as data controllers. They always retain full ownership of the data that we collect and process on their behalf, as well as control of all data we collect on their properties. We commit to never sharing this data with a third party, unless the customer has explicitly requested it, notably in the case of technological partnerships.

 

As an Internet user, what are your rights?

  • The right to access, rectification, erasure and portability

You have the right to access, rectify and erase your personal data collected within the framework of our audience measurement services.

You also have the right to limit processing of your personal data, and the right to portability of your personal data collected within the framework of our audience measurement services.

To make use of these rights, please contact the publisher of the site concerned directly.

 

  • The right to oppose and withdraw consent

At any time, you may oppose or withdraw your consent to the collection and processing of personal data by AT Internet within the framework of our audience measurement services.

To do this, you must activate the opt-out from this page.

Warning: a third-party cookie will be placed and this can be deleted by the browser.

You may also manage or delete cookies present on your computer and mobile devices from within your browser(s). For more information please consult the “How can I manage or delete cookies?” section in our FAQ.

 

  • The right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, should you consider that the processing of your personal data infringes the GDPR.

 

Contact our Data Protection Officer (DPO)

For all questions related to our privacy policy and how AT Internet collects, processes and stores data, please feel free to contact us:

  • By mail: AT Internet, DPO, 85 avenue JF Kennedy 33700 Mérignac, France
  • By email: dpo(at)atinternet.com
  • Via the contact form available here.

 

 

RESOURCES

Get your analytics GDPR-ready

Quiz
15 questions to test your GDPR knowledge

Test your knowledge on the topic of the general data protection regulation with 15 questions.

Guide
Privacy-driven analytics to boost business value

Look at how AT Internet enables companies to eliminate the risks of non-compliance and turn data privacy into a key value driver.

Further reading
10 Privacy features to check when choosing your analytics solution

To survive and thrive in today’s post-GDPR world, companies need to be able to clearly demonstrate to end users that they operate in an accountable…

Let's talk!

We'll give you a call

Our digital analytics experts will be happy to give you a call and answer all your questions. Just give us a few details about yourself below.

 

Top