Piano Audience, Insight and CCE Privacy Policy
Piano and its wholly-owned subsidiaries (“Piano”) is an Amsterdam-headquartered technology company. We help our customers (“Customers”) to transform their own raw data into their most valuable resource. Piano's leading Data Management Platform (“Audience”) with Intelligent Personalization, gives companies unprecedented insight into their individual customers, and enables them to action this insight real-time, in all marketing and sales channels. Piano Conversion Engine (“CCE”) empowers Customers to monetize insight into their audience's behavior and preferences in order to increase subscription revenues.
If you are interested in learning about how we collect, use, and disclose information through the Piano technology services described above (the “Platform”), this platform privacy notice (“Privacy Notice”) should give you all the information you need.
We may update this Privacy Notice by posting an updated version on this page. If you are a Customer of Piano, then you will receive notice when this Privacy Notice is modified. We encourage you to periodically review this Privacy Notice.
What is the purpose of this document?
This document provides information about our Service and describes how we collect, use, share and otherwise process information.
Our goal is to be transparent about our business by describing our technology and services in simple terms so that you can understand our practices. We know this is complicated, so if you have any questions about this information, please contact us.
What is the Piano Audience, Insights, or CCE Platform (or the “Platform”)?
When we refer to the Piano Audience, Insights, or CCE "Platform", we are describing the technology used by our Customers’ websites and mobile apps to increase reader engagement, convert readers to new products, and to re-engage readers when their interest drops.
We provide a number of customer-facing applications to achieve this:
-
Piano Data Management Platform (“Audience”)
-
Piano Conversion Engine (“CCE”)
-
Piano Insight (“Insight”)
-
Piano Content (“Content”)
The applications listed above are used by employees of our customers, and not by our customers’ readers.
The platform also refers to our underlying infrastructure components, which includes, but is not limited to the following:
-
Databases and file storage (“Data Platform”) - not to be confused with Piano Audience
-
APIs (1st party data APIs, Real-Time APIs, Application GUI APIs)
-
Extract Transform & Load (“ETL”)
-
Edge receivers
-
Platform GUI
What do we mean by Platform Data?
The Platform is designed to use certain types of information, that all together we call Platform Data, which includes:
-
Information sent to or uploaded to our Platform by our customers which may include information about you, such as device identifiers and your device location
-
Information sent to or uploaded to our Platform by our clients and partners that ties unique device identifier(s) to perceived interests and behavior (e.g., women, ages 40-59), which may include information about you
See "What Information we collect and use" for more details on the type of information we include in Platform Data.
For EEA Internet Users, the meaning of "Personal Data" under the General Data Protection Regulation and what this means for Platform Data
"Personal Data" is defined as any data relating to a living individual who can be identified directly from that data, or indirectly in conjunction with other information. It can take the form of a name or address and can extend to unique identifiers, IP addresses, and other identifiers which do not tell us who an Internet user is in the "real world" but may, when combined with other information, allow the identification of a living individual.
We do not collect personal data that identifies you as an individual in the "real world." When you (an Internet user) visit a Digital Property that has integrated our technology or that uses technology that integrates with our Platform, we do not know your name or email address, or other information that directly identifies you. We take care to ensure that we do not collect any information that tells us who you are.
Instead, when you first visit a Digital Property that has integrated our technology, this triggers a request to our Platform to collect data for analytical purposes, load recommended content, or measure information about the usage of what is currently viewed. When this occurs, we assign a random unique identifier (a Digital Identifier) a "Cxense ID," to your browser or device, which allows the Platform to automatically recognize your browser or device the next time it visits another Digital Property that has integrated our technology. This type of "pseudonymous data" is defined as "Personal Data" under the GDPR.
This allows our clients and certain third-party provider to sync their own Digital Identifiers against this Cxense ID so that our clients and certain third party provider can use their own data on the Platform that they may have associated with their own Digital Identifiers.
Cookie use by the Platform
Although the specific cookies employed on the Piano Platform may change from time to time, this describes how and why the Piano Audience, Insight and CCE Platform uses cookies. These cookies enable Piano to create a user profile for visitors to our Customers’ sites. For a detailed description of cookies set by the Platform, see here.
-
The Platform generates unique identifiers for web browsers and stores those identifiers via cookies and/or other means, such as “local storage”
-
The Platform on mobile, OTT, and other native applications uses identification standards, when available, provided by the respective platforms, such as IDFA and AAID.
-
The Platform uses unique identifiers to distinguish between unique devices. This is used to store data for analytics, analysis of user audience segments for analytics and advertising, and content recommendations.
-
The Platform uses unique identifiers to store and manage reporting data for clients, such as, for example, the aggregated traffic details for particular URLs, unique user calculations for a given web page, tracking individual device traffic, and for giving back to the device user and a selection of content that is determined to be interesting to them.
-
The Platform can use cookies with non-unique values for server load-balancing and similar technical purposes.
-
The Platform uses non-unique identifiers (stored in cookies or other means on the client) to store users' opt-out choices.
-
Cookies can play a role in Cross-Device linking in that cookies from different browsers or devices might be associated with each other.
-
Some browsers or other software may be configured to block 3rd party cookies, domains, or content by default.
PIANO AUDIENCE, INSIGHT, AND CCE PLATFORM PRIVACY STATEMENT
This privacy statement describes how Piano collects, uses, shares or otherwise processes Platform Data. It may describe how Piano enables or allows clients and third-party providers to use Platform Data, but otherwise does not apply to our clients' or other third parties' practices.
Companies using the Platform own their own data. That's part of what makes it a Platform.
What information does Piano collect and use?
Piano stores the Personal Data it receives from Customers pursuant to a legal contract containing binding obligations on Piano, including limiting its processing of Personal Data only on the instruction of the Customer and assisting the Customer in complying with its own obligations under applicable law. We may set additional rules for our Customers regarding how data is collected and used on the Service, but such data is collected and used subject to the individual privacy notice for each Customer.
The table below lists the data stored by Piano Audience, Insight, and CCE. The way we capture and transmit this data is described here.
|
CATEGORY |
DATA CAPTURED |
EXAMPLE |
|---|---|---|
|
Device |
Browser |
Chrome, Firefox, Safari |
|
Device |
Browser language |
en-us, en, ja-jp, ja, en-gb, no |
|
Device |
Browser version |
Chrome 76, Firefox 67, Safari 12 |
|
Device |
Capability |
Flash, Java |
|
Device |
Color depth |
24, 32 |
|
Device |
Connection speed |
Broadband, Mobile, XDSL |
|
Device |
Device type |
Desktop, Mobile |
|
Device |
IP address* owner |
Telenor norge AS, Orange UK |
|
Device |
Mobile brand |
Apple, Huawei |
|
Device |
Operating system |
Macintosh, Linux, iPhone OS, Android, Windows |
|
Device |
Screen resolution |
2560x1440, 375x667 |
|
Location |
City |
Oslo, Tokyo, Singapore, Bangkok |
|
Location |
Country |
no, jp, sg, be, th |
|
Location |
Metro Code |
Oslo, Kanto, Lorenskog |
|
Location |
Postal Code |
1270, 150-002 |
|
Location |
Province |
uk-gre, no-03, jp-13 |
|
Location |
Region |
Greenwich, Oslo, Akershus, Bruxelles-capitale |
|
Location |
Time zone offset |
-60, -120, -540 |
|
Search query |
Exit link query |
“cake recipes” |
|
Search query |
Query |
“cake recipes” |
|
Search query |
Referrer query |
"cooking dinner" |
|
Source & Destination |
Exit link host |
help.cxense.com, cxense.com |
|
Source & Destination |
Exit link URL |
http://help.cxense.com/docs/contact-us |
|
Source & Destination |
Host |
help.cxense.com |
|
Source & Destination |
Referrer classification |
internal, direct, other, social, search |
|
Source & Destination |
Referrer host |
google.com, yahoo.com, lnkd.in, linkedin.com |
|
Source & Destination |
Referrer search engine |
|
|
Source & Destination |
Referrer social network |
Linkedin, Twitter |
|
Source & Destination |
Referrer URL |
http://help.cxense.com/docs/what-do-we-do |
|
Source & Destination |
Site |
1135174217507879744 |
|
Source & Destination |
URL |
http://help.cxense.com |
|
1st party data |
Age |
25-34, 35-44, 18-24, 45-54 |
|
1st party data |
Gender |
Male, Female |
|
1st party data |
Member |
Yes, No |
|
1st party data |
Subscriber |
Yes, No |
|
1st party data |
Subscription type |
Weekly, Monthly, Annual |
|
Custom parameters |
Site’s own custom data |
Article position, A/B test group, Load delay, IsSubscriber |
|
Event origin |
Origin |
cxd-app |
|
Event type |
Type |
Impression, Click, Newsletter signup, Order successful, Purchase |
|
Performance parameters |
Site’s own custom data events |
Conversion type, visibility event on viewing subscription banner |
|
Site Content |
Acronym |
Major League Baseball |
|
Site Content |
Author |
Ellis Kube |
|
Site Content |
Category |
Sports, World, Science, Entertainment |
|
Site Content |
Classification |
Travel, Careers, Pets |
|
Site Content |
Company |
Bloomberg, Air France |
|
Site Content |
Concept |
Police, Climate change, Gun violence |
|
Site Content |
Entity |
White House |
|
Site Content |
Language |
en |
|
Site Content |
Location |
Chine, Hong Kong, US, London |
|
Site Content |
Page classification |
Article, Front page |
|
Site Content |
Person |
Greta Thunberg |
|
Site Content |
Site |
www.newssite.com |
|
Site Content |
Taxonomy |
articles/politics, articles/sports |
|
User interest |
Categories |
News, Sport, Careers/Jobs, Politics, Lifestyle, Cars, Fashion, Food |
|
Event parameters |
Consent |
Anonymous |
|
Event parameters |
Subnet |
External |
Info
*IP addresses are collected and transmitted to Piano, but we do not store the information on our servers
Mobile Device Identifiers
Piano Audience, Insight, and CCE use mobile device identifiers such as the Android Advertising ID and Apple iOS IDFA in connection with the Service where Customers ask Piano to store this information collected via Customer Sites. Mobile device identifiers enable users to be uniquely identified, thus enabling the Service to store and provide ad targeting data to our Customers.
No Personal Data of Children
In accordance with industry standards and law, we do not knowingly collect, administer, or enable the commercial use of Personal Data relating to children less than 13 years of age (or 16 if the age of consent is higher in a particular country), or permit our Customers to provide us such data. If we become aware that a Customer has provided us with any Personal Data of children that would require compliance with applicable laws such as the Children's Online Privacy Protection Act of 1998 or Article 8 of the General Data Protection Regulation 2016/679 (“GDPR”), then we will delete this data from our databases.
No Sensitive or Special Categories of Data
We do not knowingly (or permit our Customers to use the Platform to) collect, use, or store sensitive or special categories of Personal Data, including the following:
-
Special categories of personal data as defined in Article 9 of the GDPR, including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data uniquely identifying a natural person, or data concerning a person’s sex life or sexual orientation.
-
Sensitive data including Social Security Numbers or other Government-issued identity cards, financial account numbers, information about an individual's health or medical conditions or treatments, including genetic, genomic, and family medical history
How do we collect information?
Piano collects Personal Data submitted to us directly through the Websites or mobile apps. Piano offers the Service to Customers to collect Personal Data of visitors or users of their Customer Sites or mobile apps.
Piano and its Customers use a number of different technologies to collect data and to operate the Platform, including any or all of the following:
Cookies
Piano Audience, Insight, and CCE uses cookies in connection with the Service, including on the Websites and Customer Sites. Cookies are small, often encrypted text files, located in browser directories. When you visit one of the Customer Sites, you are assigned a Cxense user ID that is placed into a cookie which is then placed on your computer or device accessing the Customer Site. There are two types of cookies: “Persistent” and “Session”.
-
Persistent cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie. The cookie expiry time is shown in the table below.
-
Session cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted. Piano Audience, Insight, and CCE cookies can be further categorized as “Performance” or “Targeting”.
-
Performance cookies collect information about how you use a Customer Site and if you experience any errors. These cookies help our Customers: (i) improve how their Customer Sites work; (ii) understand the interests of their users, and (iii) measure the effectiveness of their advertising. We use performance cookies to:
-
Carry out web analytics: Provide statistics to our Customers on how their Customer Sites are used
-
Perform affiliate tracking: Provide feedback to affiliated entities that one of our visitors also visited their site
-
Obtain data on the number of users of a Customer Site that have viewed a product or service
-
Help our Customers improve the Customer Sites by measuring any errors that occur
-
Test different designs for the Service
-
-
Targeting cookies are used to track your visit to a Customer Site, as well other websites, apps, and online services, including the pages you have visited and the links you have followed, which allows our Customers to display targeted ads to you on a Customer Site using the Service. We may use targeting cookies to:
-
Display targeted ads within the Customer Sites.
-
To improve how a Customer delivers personalized ads and content to its users, and to measure the success of ad campaigns on the Customer Sites
-
Browser Local Storage
Web applications can store data locally within the user's browser via what is called “local storage”.
Unlike cookies, the storage limit is far larger and information is not automatically transferred to web servers via browser connections.
Local storage is per origin (per domain and protocol). All pages, from one origin, can store and access the same data.
Information stored in cookies and local storage
This article provides detailed information on the various cookies our platform sets and their purposes, which may help clarify any concerns or questions you have regarding user tracking and data management.
Clear Gifs/Pixel Tags/Web Beacons
We also use clear gifs in connection with the Service, including on the Customer Sites. Clear gifs (also known as pixel tags or web beacons) are small strings of code that provide a method for delivering a graphic image on a web page or other document. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on web pages or in emails and are about the size of the period at the end of this sentence. Clear gifs may be used to obtain information about the computer or device being used to view a particular web page, such as the IP address of the computer or device to which the pixel tag is sent, the time it was sent, the computer or device’s operating system and browser type, and similar information.
Mobile SDKs
Piano Audience, Insight, and CCE provides mobile and OTT SDKs for the Android and iOS operating systems, as well as Smart TVs, AppleTV, etc. These SDKs track similar events to those collected in web browsers and can provide similar services like which is available to web browsers.
Other
Similarly, our Customers may use similar technology provided by other companies on their own Customer Sites. The use of these technologies by our Customers is not covered by this Privacy Notice.
How is information sent to Piano?
Our cx.js script collects various pieces of data, builds up a URL that encodes this information, and sends this back to the Piano Audience, Insight, and CCE platform by making a standard HTTP request to the Piano servers. This HTTP API can also be invoked directly by clients. The URL encodes the following parameters:
|
PARAMETER |
REQUIRED |
SAMPLE VALUE |
DESCRIPTION |
|---|---|---|---|
|
|
Yes |
1 |
To which version of the API is this requested targeted |
|
|
Yes |
pgv |
What type of event is this? The value pgv denotes a page-view event. |
|
|
No |
0 |
The Cxense account identifier. |
|
|
Yes |
1234567890123 |
The Cxense site identifier. |
|
|
Yes |
http://www.yoursite.com/news/1 |
The URL of the page. Must be a syntactically valid URL, or else the event will be dropped. |
|
|
No |
http://www.yoursite.com/ |
The URL of the referring page. |
|
|
No |
The Cxense goal identifier. For future funneling purposes. |
|
|
|
No |
The page name. |
|
|
|
No |
1473837694457 |
The local time on the client. |
|
|
No |
-120 |
The client's timezone. |
|
|
No |
1920x1080 |
The screen resolution. The format is |
|
|
No |
1395x282 |
The initial browser window size: The format is |
|
|
No |
24 |
Device color depth. Typically read from |
|
|
No |
1 |
Device pixel ratio (the ratio between physical and virtual pixels). Typically read from |
|
|
Yes |
it2kwr95mv0uxmh3 |
A random number, for cache-busting purposes and to uniquely identify a page-view request. |
|
|
No |
0 |
Is Java enabled? |
|
|
No |
en-US |
The client's browser language. |
|
|
No |
it2kw3ldnxjc |
The Cxense site-specific session cookie. Must be at least 16 characters long. Allowed characters: A-Z, a-z, 0-9, "_", "-", "+" and ".". |
|
|
No |
cx:pbad80kwtao0l1qyfh5vv7q7:2vaqowu49edjp |
The global id that uniquely identifies the user in relation to other ids (ckp, etc.) |
|
|
No |
UTF-8 |
The document's character set. |
|
|
No |
1 |
Is Flash enabled? |
|
|
No |
Shockwave Flash 22.0 r0 |
Which version of Flash, if relevant? |
|
|
No |
0 |
Hint to indicate if this looks like a new user. Values: 0 or 1, e.g. |
|
|
No |
Set a custom parameter |
|
|
|
No |
Set a user profile parameter |
|
|
|
No |
The value of the first optional external user id, used for linking external user ids to Cxense users. 64 characters max length. |
|
|
|
No |
The type of the first optional external user id, used for linking external user ids to Cxense users. 10 characters max length. |
|
|
|
No |
The value of the second optional external user id (etc..) |
|
|
|
No |
The type of the second optional external user id (etc..) |
|
|
|
No |
Position time. |
|
|
|
No |
Position latitude. |
|
|
|
No |
Position longitude. |
|
|
|
No |
Position accuracy. |
|
|
|
No |
Position altitude. |
|
|
|
No |
Position altitude accuracy. |
|
|
|
No |
Position heading. |
|
|
|
No |
Position speed. |
|
|
|
No |
1473634205 (for 2016-09-11T22:50:05Z) |
If the web page has a |
|
|
No |
y, pv, segment |
Consent. A comma-separated list with the following values: |
For what purposes do we use the collected information?
Piano and its Customers use cookies or similar technologies described below to analyze user trends, administer and improve the Service, track users’ movements around the Customer Sites, and to gather demographic information about Customers’ users and visitors to the Customer Sites.
Our Customers typically use this data and our Service to improve and increase Customer Site usage and deliver targeted advertising campaigns on the Customer Sites and on other third-party sites. For example, a Customer may use the Service to find former subscribers of a Customer Site and to deliver ads or offers that encourage those users to re-subscribe to the Customer Site.
Where our systems can reasonably infer that a particular computer and/or mobile device belong to the same user or household, we store such information in a user profile for use on the Platform. The data stored in a profile on our Platform may be combined with other third-party data in order to better target advertisements, to enable Customers to better understand users across multiple computers and devices, and for ad delivery and reporting purposes.
How do we store information and how long is it kept for?
To facilitate our global operations and improve the performance of the Service, Piano stores Personal Data provided by its Customers in data centers located in the US, Japan, and Germany. As a result, Piano may transfer your Personal Data to or from data centers in these locations.
Piano employs a number of leading hosting providers to securely store Personal Data according to applicable law, including the following:
-
SoftLayer Technologies, Inc., 14001 Dallas Pkwy, Suite M100, Dallas TX 75240
-
Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
-
Google Ireland, Ltd., Gordon House, Barrow St, Dublin 4, Ireland
-
Packet Host, Inc., 30 Vesey St, Floor 9, New York, NY 10007
Full list of Piano sub-processors is maintained and regularly updated here: https://piano.io/gdpr.
CROSS BORDER TRANSFER
Notice to EEA/Switzerland Residents
Personal Data originating from the European Economic Area (“EEA”) or Switzerland that is transferred outside of the region by Piano as described above is performed according to appropriate technical and legal safeguards, including the use of: (1) hosting providers in countries subject to a binding adequacy decision by the European Commission pursuant to Article 45(3) of the General Data Protection Regulation, and (2) binding transfer agreements containing standard contractual clauses based on the Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
Piano stores Personal Data you provide us directly so long as you continue to have a business relationship with us. You may ask us to delete that information by following the instructions above.
When a Customer terminates its relationship with us, Piano removes all Personal Data provided from our systems within a reasonable time not exceeding sixty (60) days following such termination, but subject to our right to retain (i) copies of transactions between the Customer and Piano, (ii) information relating to any dispute or potential fraud, and (iii) any additional information we need to keep to protect our legal rights or the rights of others.
Our cookies and similar tracking technologies expire six (6) months from the last time our systems encounter a particular computer or device. We do not use any cookie data that is more than twelve (12) months old for user profiling or targeting. After 12 months, we remove any unique identifiers and store the data for up to 3 years for analytics purposes. Upon request from some customers, we occasionally agree to extend the long-term storage of data beyond 12 months.
Who do we share information with?
Piano does not share Personal Data provided by a Customer using the Platform with other Customers of the Platform.
From time to time, Piano engages with partners to perform services on behalf of our Customers who use the Platform.
Piano may also disclose Personal Data if such disclosure is required for Piano to comply with valid and binding legal requirements, to protect Piano's rights or property (or that of our Customers), and/or where needed to protect personal safety. For example, Piano may be required to disclose information in response to a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. In the event we are required to disclose information in response to legal process or a government request, we will attempt to notify affected users for which we have contact information and/or the Customer(s) affected to the extent we are legally permitted to do so.
Personal Data Provided by Our Customers
Please note that all Personal Data processed by us through the Service is provided to us by our Customers upon your consent or other legal basis. If you wish to exercise any of the above rights regarding your Personal Data provided to us by our Customers through the Service, please contact that Customer and/or review that Customer’s privacy notice for instructions. Piano will respond in a timely fashion to all such requests received from its Customers regarding your Personal Data processed through the Service.
All users - ability to opt-out
Browser opt-out - Piano offers the ability to opt-out of processing as described above including the web browser opt-out solution for users who wish to opt-out here. If you choose to opt-out, Piano deletes any targeting data it may have for your browser, and we will no longer enable our Customers to target that browser using our Service. You will likely still receive advertisements, but Piano technology will have no input or impact on tailoring those ads to be more relevant to your interests. Please note that if you delete, block, or otherwise restrict cookies, or if you use a different computer, device or Internet browser, you will need to renew your opt-out choice. To the extent that a particular browser and a mobile device are linked via our Service, opting out will sever the link. If you choose to disable cookies, it may limit your use of certain features or functions on the Website and/or Customer Sites.
We also partner with third parties to display advertising on our Websites or to manage our advertising on other sites. Our third-party partners may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt-out of interest-based advertising click here, or if located in the EEA click here.
Mobile app opt-out - Piano honors the mobile device settings for Android and Apple iOS devices. To exercise this opt-out, please visit the privacy settings of your Android or iOS device and select “limit ad tracking” (Apple iOS) or “opt-out of interest-based ads” (Android). On devices where we see that such a selection has been made, we will not target that mobile device via the Service. To the extent that a particular browser and a mobile device are linked via our Service, opting out will sever the link.
Security
While it is impossible to fully guarantee security, Piano will provide appropriate technical and organizational measures to protect Personal Data, including taking commercially reasonable efforts in accordance with industry practices to protect data we collect from loss, alteration, destruction, misuse, and unauthorized access or disclosure. We have policies to help maintain control and physical security of the facilities used to store data and only allow access to authorized personnel, restrict access to data to those employees, contractors, and agents that have a need to know the information in order to provide and support our services. All Piano employees and data subprocessors are bound by confidentiality obligations and may be subject to disciplinary or legal action if they fail to meet these responsibilities.
Data subject rights
You have the right to revoke any consent given to us at any time. The legality of the processing until the time of revocation remains unaffected by this withdrawal. In exceptional cases, another legal basis might apply after the withdrawal of your consent. In such a case, the data controller will provide you with appropriate information. You have the right to access, correction, deletion, or restriction of processing, the right to object to further processing, the right to data transfer, and the right to lodge a complaint with the competent data protection supervisory authority.