How we protect customer data
AT Internet and data: transparency and security
Data is the core of our work and our passion. For more than 20 years, we’ve provided our customers in-depth, reliable data while meticulously respecting user privacy. With two decades of experience, we have established the perfect balance between these two fully compatible goals.
We provide a Software as a Service (SaaS) allowing our customers to measure the audience of their web and mobile sites, intranets, and mobile applications. Our solution collects audience data on digital platforms using our service. This data is then analysed, calculated and enriched. The processed data is made available in an online interface, accessible only to AT Internet customers. This data enables our customers to improve the usability of their sites and apps, and optimise the range and quality of their product and service offerings.
How we measure our customers’ audience on sites and apps
AT Internet provides tags to its customers in order to measure audience on digital platforms. Customers implement these tags on the websites, mobile sites and mobile apps they wish to analyse.
These tags enable audience measurement cookies to be placed (on web and mobile sites) and mobile IDs to be generated (on mobile apps). This operation is necessary in order for data to be collected. To learn more about cookies and mobile IDs, please visit the Resources page.
AT Internet tags comply with European Union data privacy laws, whose standards are among the highest in the world. By adhering to stringent regulations, we offer our customers a reliable, transparent and secure alternative to many other digital analytics providers based outside of Europe.
What data do we collect?
To measure audience on digital properties, we collect different types of information.
- ID-type information: cookie ID, mobile ID, IP address.
After being collected, this data is used for real-time processing in order to generate a visitor ID (hashing is applied on source data) and to calculate geolocation information (which is never more granular than the city- or region-level, depending on the country). The raw data collected and used for this processing is not conserved in databases for customer use and is therefore not available to customers.
Please note that AT Internet offers customers the option of anonymising their visitors’ IP addresses by truncating the last 3 digits (last octet) of the IP address before geolocation takes place. This anonymisation and truncation is automatically applied by default for our German customers via our German subsidiary Applied Technologies Internet GmbH, as well as for our customers who have subscribed to the CNIL “cookie consent exemption” option (exemption from the requirement to obtain consent when filing an AT Internet audience measurement cookie – exclusively reserved for France).
- Digital analytics information: data related to Internet users’ navigation:
- the type of browser used
- the number of page views
- the exact navigational path a visitor takes on the site
- the amount of time spent on a page, or the entire site
- shopping cart activity (items placed in cart, abandons, etc.)
- other types of navigational data
- Information specific to our customers’ activities: Should their business needs require it, our customers are technically able to retrieve data other than the information our tag collects by default.
- GPS data on mobile: This data is used for heatmap-type analysis of geolocation that is never more granular than the city- or region-level, depending on the country. Collected GPS data is only used for geolocation calculation and is never made available in databases. Additionally, an Internet user must have enabled GPS services for our customers’ mobile apps in order for us to be able to collect this information.
- Identified visitors: This refers to visitor IDs or logins specific to customers.
- Data collected from online forms
- Other types of information
In light of the definitions provided in article 4 of the General Data Protection Regulation, we consider that all data we collect is “personal data”, and we therefore apply the required considerations and protective measures accordingly.
What is the legal basis for the processing of audience measurement data?
Among the six conditions of lawfulness of processing given by Article 6 of the GDPR, it is the notion of consent that applies in priority to audience measurement processing operations. It represents the free, specific, informed and unambiguous will of the person concerned. Our customers as data controllers must obtain this consent from visitors to their sites and applications. In its role as a subcontractor, AT Internet provides the methods to ensure that audience measurement data is processed only after it has been obtained.
However, some European legislation allows an exemption in certain cases from the requirement to obtain consent for audience measurement processing operations by referring to the condition of legitimate interest.
In France, for example, this must be accompanied by the implementation of and compliance with conditions defined by the CNIL.
In other countries, such as Germany, legislation and control authorities do not establish specifications allowing the legitimate interest to be used as the legal basis for processing, without excluding that this is possible. In this case, it is therefore up to the controller to study each processing operation on a case-by-case basis and, if necessary, to seek the opinion of the competent supervisory authority to ensure that the processing operation envisaged can be based on the legitimate interest.
Finally, some countries, such as the United Kingdom, exclude this possibility of using the legitimate interest.
In all cases, the legal teams of data controllers must ensure that the legal basis of the processing operation is in place, taking into account the room for manoeuvre allowed by the legislation of their country.
How long do we keep the data collected for customers?
We maintain two types of data storage:
- Storage of raw data: Before it is used in our processing, we store all collected raw data for a duration of 6 months. This raw data is not available in our solution interfaces and is not accessible to customers. Raw data is conserved in log files in case analyses must be regenerated.
- Storage of processed data made available to customers: Each customer is free to set the storage period they want according to their business needs. In the absence of specific instructions from the customer, by default, we keep these data in the database for the duration of the business relationship with the customer, plus an additional 6 months.
Where is customer audience data processed and stored?
All audience data is processed and stored in the European Union. Our customers have the option of using a Content Delivery Network (CDN) to improve the performance of data collection time.
Who owns the collected data?
In accordance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679), we act as a subcontractor for our customers. Our customers act as data controllers. They always retain full ownership of the data that we collect and process on their behalf, as well as control of all data we collect on their properties. We commit to never sharing this data with a third party, unless the customer has explicitly requested it, notably in the case of technological partnerships.
As an Internet user, what are your rights?
- The right to access, rectification, erasure and portability
You have the right to access, rectify and erase your personal data collected within the framework of our audience measurement services.
You also have the right to limit processing of your personal data, and the right to portability of your personal data collected within the framework of our audience measurement services.
You may also contact the website publisher directly to exercise these rights.
To exercise these rights, please contact us:
- via email at dpo(a)atinternet.com
- or by sending a letter to AT Internet to the following address:
For all requests except for Germany, the letter should be sent to the attention of Mr Nicolas Boudillon, Group DPO
For all German requests, the letter should be sent to the attention of Mr Louis-Marie Guérif, DPO Germany
- The right to oppose and withdraw consent
At any time, you may oppose or withdraw your consent to the collection and processing of personal data by AT Internet within the framework of our audience measurement services.
To do so, please opt out on this page.
You may also manage or delete cookies present on your computer and mobile devices from within your browser(s). For more information please consult the “How can I manage or delete cookies?” section in our FAQ.
- The right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, should you consider that the processing of your personal data infringes the GDPR.
Contact our Data Protection Officer (DPO)
- By mail: AT Internet, DPO, 85 avenue JF Kennedy 33700 Mérignac, France
- By email: dpo(at)atinternet.com
- Via the contact form available here.
Get your analytics GDPR-ready
Learn how to fully respect users’ privacy and rights while still making the most of your audience data.
Here’s your all-inclusive rundown of the main aspects of the GDPR at the one-year mark – make sure your web analytics is compliant!
Get more in-depth information about how AT Internet’s digital analytics solution is GDPR-compliant.
We'll give you a call
Our digital analytics experts will be happy to give you a call and answer all your questions. Just give us a few details about yourself below.