We’ve migrated our documentation to a new site, which means some URLs have changed.
Subscriptions

Cookies - FAQ

Q: Why does Piano use both local storage and cookies to store data, isn't it redundant?

A: The usage of both local storage and cookies to store data stems from historical practices. The decision to store data in this manner may have been made in order to overcome limitations in cookie length and avoid blockages. The use of local storage allows Piano to persist identifiers for longer periods of time and helps to ensure that the identifiers survive even if cookies are deleted. Piano is continually working to optimize and improve its data storage practices through ongoing analysis and benchmarking.


Q: What does "Across all sites" stand for in reference to the cX_G & gckp items?

A: The "Across all sites" term refers to the consistency of the values for cX_G across multiple customer sites. If cx.js is implemented on multiple linked sites, the cX_G will remain the same for a single user regardless of which site they visit. On the other hand, gckp was a redundant third-party cookie that was discontinued as it no longer served a technical purpose.


Q: What products are currently connected through the cookies _pctx, _pctx und _pcid?

A: Currently, these cookies integrate the following Products: Composer, Management + Billing, ID, DMP, and PA. Additionally, there are plans to integrate ESP and other Piano products into this system in the near future. The ultimate goal is to have all Piano products using cookies to sync on common data points and to ensure compatibility between different Piano scripts. These cookies are essential for seamless communication and data exchange between the integrated products.


Q: Can you explain what Privacy mode is and provide more information about the pa_privacy cookie?

A: The privacy mode is a feature within Piano Analytics that enables clients to understand the legal basis for collecting information for each event. Specifically, it makes use of the ePrivacy consent exemption to determine which legal basis was used to gather information.


Q: Not consenting to pa_user means no persistence of user information in events. What does that mean in detail?

A: This means that, in case of opt-out, visitor recognition can no longer happen on the Analytics side. Traffic is collected in a completely anonymous way to provide volume information. The pa_privacy cookie is a key component in this process, as it helps to identify and track the privacy mode status for each event. This information is critical for ensuring compliance with privacy laws and regulations.


Q: Can you explain the information contained in the aggregated user profiles and provide information about the data storage and deletion process?

A: The aggregated user profiles contain a combination of information about the user's interactions and behaviors on various Piano product platforms. This information is used to create a comprehensive profile of the user for the purpose of providing targeted and personalized experiences. The length of time that this data is stored may vary depending on the specific platform and the regulations in place.

For more detailed information about the data contained in the aggregated user profiles, please visit this link here.


Q: Does Piano consider itself to be responsible for obtaining user consent?

A: No, Piano views itself as a Data Processor, not a joint responsible party for obtaining user consent. This means that Piano provides technology and services to help organizations collect and process data, but the ultimate responsibility for obtaining consent from users lies with the organizations themselves. Organizations must ensure that they have the necessary legal basis for collecting and processing data and that they have obtained the necessary consents from their users.


Q: Can you provide a list of all subcontractors used by Piano?

A: For a complete and up-to-date list of all subcontractors used by Piano, please refer to the Sub-processors and Affiliates tables.


Q: Can you explain the legal basis for Piano processing data for its own purposes?

A: Piano does not process data for its own purposes. However, it does gather anonymous data for the purpose of generating benchmark reports (for customers that have included this option in their contractual agreement with Piano). End users have the option to opt out of this data collection if they prefer. The legal basis for this data collection is based on the provision of these benchmark reports as a service to customers. By collecting anonymous data, Piano is able to provide valuable insights and comparisons to help customers improve their performance and achieve their goals. The data collected for this purpose is not used for any other purposes and is anonymized to protect the privacy of users.


Q: Does Piano process data for purposes beyond what is defined by the client?

A: No, Piano acts as a Data Processor and does not use data for purposes beyond what is defined by the client. The client remains the full owner of their data and has control over how it is used. Piano is responsible for providing technology and support for the processing of the data, but it does not use the data for its own purposes or pursue any additional purposes beyond what is defined by the client. This ensures that the client has full control over their data and how it is used, and it protects the privacy and security of the data.


Q: How is the legal security of processing data in third countries ensured?

A: Piano ensures the legal security of processing data in third countries through the use of Binding Corporate Rules (BCR). Piano's BCRs were approved by the European Data Protection Board (EDPB) and you can view further details here.


Q: Can you provide more information about Piano's use of third-country processing, including when it occurs and if it is necessary for the use of the platform?

A: Yes, Piano does use third-country processing for some of its supporting services. In specific cases, such as troubleshooting, some processing may occur outside of the European Union (EU) in a third country. However, Piano takes steps to ensure that the privacy and security of data are protected even when it is processed in third countries. The relationships between Piano and its affiliated companies located outside of the EU are governed by Binding Corporate Rules (BCR) which have been approved by the Data Protection Authority and are recognized as a valid transfer mechanism by the European Data Protection Board  EDPB). More information can be found on our platform's Privacy policy page here.


Q: Is it possible to limit the functionality of the cookies used by Piano and will there be plans to use separate cookies for each function in the future?

A:  Yes, it is possible to limit the functionality of the cookies used by Piano. Our platform provides information on how to restrict the writing of cookies based on purposes and consent. This means that you can control which cookies are used and for what purpose, providing greater transparency and control over data collection. More information about this is available here.


Q: In regards to the _cx_cintSet cookie. What does CINT stand for?

A: CINT is a survey platform provider that serves online surveys to users and collects the responses into their database. The cookie sync to the Piano DMP allows DMP customers to ingest CINT survey data and use that for age modelling (and other types of sociodemographic modelling).


Q: How does the linking process between the Composer and DMP work, and how are users matched to the relevant data in the DMP?

A: The answer lies in the fact that the anonymous user IDs are the same for both Composer and DMP (when C1x scripts are deployed). These scripts ensure that the same ID is used across both platforms, allowing for a seamless connection between the two.


Q: Can the gckp cookie be affected by the "Consent Management for Client Storage" options as well?

A: Yes. Actually, it's HTTPOnly cookie, so instead of removing the cookie when we don't have consent, we send the request to the server to don't set the cookie the next time.


Q: The DMP relies on two cookies, cX_G and gckp, to help identify users across multiple websites within the same network. But what happens to the data that is collected through these cookies? Is it stored in a single profile within the DMP?

A: While the data is technically stored in separate profiles for each website, all events that are associated with one browser have the same anonymous user ID across multiple websites. This makes it possible to aggregate all of the data from a particular user into a single profile when needed.


Q: In total, the DMP sets up to 20 cookies and local storage entries. Can't this be combined?

A: While there is some potential for combining or reducing the number of cookies and local storage entries, there are a few factors that make this challenging. For one, some of the cookies are set only in certain browsers, meaning that they are necessary to ensure that the DMP can function properly across a variety of platforms and devices.

In addition, some of the cookies are only set if the customer manually enables certain features. This means that they are not always necessary, but can be useful in certain circumstances and for certain types of data collection.


Q: The cX_G and gckp cookies play a key role in the DMP by allowing users to be identified across multiple websites within the same network. But what happens if these cookies are excluded from being set using the "Consent Management for Client Storage" options? What would be the drawbacks?

A: One major drawback is that if these cookies are excluded, it would not be possible to pass identifiers to third-party services. Both cookies are essential for tracking and analyzing user behavior across multiple websites within the same network. By excluding these cookies, it would not be possible to accurately identify users and track their behavior.


Q: The usage of a high number of cookies is often considered questionable by Data Processing Authorities. Is Piano working towards reducing the number of cookies used?

A: Piano understands the importance of responsible cookie usage and provides clients with the capability to set specific cookies as needed. For more information on this, please refer to our resources here. While Piano does have plans to consolidate the number of cookies used, there is currently no set timeline for its implementation.

Last updated: