Analytics Suite 2 Privacy Features

Organisations involved in the processing of personal data must fulfil certain obligations and best practices, specified both at the European level in the General Data Protection Regulation (GDPR) (please see our practical GDPR guide) and at the specific country level.

Within this framework, AT Internet offers a set of features to help you define your processing and strengthen protection of your users' privacy.


List of Privacy features

  1. Customising personal data history
  2. Opt-out mechanisms
  3. CNIL exemption
  4. Reconciliation of data after consent (1st party cookies)
  5. Non-placement of cookies
  6. Excluding "non-cookied" traffic
  7. Anonymising IP addresses
  8. 1st party cookies
  9. Hashing mobile user IDs

 

As data controller, it is your responsibility to adopt the features which address your objectives and obligations, depending on your country's legislation.

Important: In light of the GDPR, the 1. Opt-out page and 2. Customising personal data history features are mandatory.

Please refer to your country's data protection authority to check which cookie management features should be enabled.

Do not hesitate to contact our support centre (via the "Help" button at the bottom right) for any additional guidance on this topic.

 

AT Internet provides the Audience | Overall Traffic | Privacy analysis to view quantitative, excluded and anonymous traffic data from the following mechanisms:   

  • No cookie consent: resulting from the non-placement of cookies via the tagging method provided for this purpose when loading the first page of the first visit before consent  
    Note: this information will be included in the Audience | Overall Traffic | Privacy analysis if the exclusion of non-cookied traffic has been enabled
  • No cookie browser: from browsers that refuse to accept cookies
    Note: this information will be included in the Audience | Overall Traffic | Privacy analysis if the exclusion of non-cookied traffic has been enabled
  • Opt-out: from the opt-out mechanisms present on your platforms
  • Custom exclusion: from IP or Cookies excluded via your Analytics Suite 2 configuration 

privacy__2_.jpg

 

 

Customising personal data history

 

Objective

Meet your GDPR-related obligations by defining the period during which personal data is stored (see "Information for your users" in our practical GDPR guide).

 

Description

Contact our support centre ("Help" button at bottom-right) to discuss the possibility of implementing an automatic purge of personal data on a sliding period that you define (examples: 13, 25, 37 months, ...) for all level 1 sites of a contract.

 

Impact on your data

Implementing such an automatic purge will result in the deletion of data related to the following dimensions...

2019-05-23_10h20_55.png

2019-05-23_10h21_21.png

... namely...:

  • all "detailed" data available by default in Data Query that has not been saved (as it can be combined/segmented by default with the above dimensions)
  • all "detailed" data that can be exported via Custom Export
  • all "precalculated" data or saved data containing at least one of the above dimensions (example: a Data Query template on identified visitors, a Dashboard containing customer IDs, or a Report on identified visitors (text), as well as the linked analyses in Explorer and NX - certification figures included)

 ... for all the sites of a contract.

> go back to the list of Privacy features

 

 

Opt-out mechanisms

 

Objective

Meet your GDPR-related obligations by offering an opt-out mechanism that your users can easily access at any time (see "Your users' preferences" in our practical GDPR guide).

 

Description

Use one of our opt-out solutions for web cookies and/or for managing mobile IDs in the case of mobile apps.

Web:

Mobile apps:


Please note that in the case of 3rd party cookies, you must share the above link with your users  in order to manage opt-outs.

In the case of 1st party cooies and mobile IDs, it's your responsibility to configure associated tagging libraries so that opt-outs function correctly.

 

Impact on your data

Any opted-out traffic is excluded from navigational analyses that can be combined and segmented.
Reports in Explorer is featuring certain indicators enabling you to measure the number of page views associated with this excluded traffic.

Note: when using 1st party cookies, if you don’t want to send any hits when using the opt-out, please use the "Send anonymous hits in Opt-out" plugin in the Tag Composer libraries configuration.  If you use 3rd party cookies, please do not use the .send() and .dispatch() methods of the SmartTag.

 

> go back to the list of Privacy features

 

 

CNIL exemption

 

Objective

Ensure compliance with national laws requiring consent prior to the placement of cookies, with the condition that your national authority is line with and accepts the CNIL's statement as defined in the description below.

Warning: the CNIL updated the conditions. A review is on-going, and this paragraph may change in the upcoming days.

 

Description

The CNIL (French data protection authority) permits a cookie to be placed before user consent is received if the following measures are taken:


Action for
AT Internet

Action for the client

  • No measurements "outside the site" are used (banner impressions, remote video, email opens, iframe, ...) without prior consent
  • Imported 3rd party data is not used in AT Internet's Analytics Suite (AT Connect for import)
  • Personal data (user ID and/or PII) is not used in AT Internet's custom variables
  • Limit cookie and idclient lifetime to 13 set months > by default for AT Internet's 3rd party cookies
  • Geolocation of users no more granular than city-level > for any potential custom usage, by default for AT Internet's geolocation analyses
  • GPS geolocation is not used
  • Make an Opt-Out feature available for web and mobile, as well as an information page which clearly and accessibly explains how cookies are used

Please note that this CNIL exemption regarding the non-placement of cookies before user consent is obtained allows you to avoid the impact related to the non-placement of cookies listed above (loss of traffic sources and loss of statistical data quality).


Contact our support centre ("Help" button at bottom-right) to discuss the possibility of enabling the CNIL Exemption option.

AT Internet can also provide a service to audit all above "Action for the client" points for you.

 

Impact on your data

 

> go back to the list of Privacy features

 

 

Reconciliation of data after consent (1st party cookie)

 

Objective

Comply with national laws requiring prior consent before depositing cookies, without being affected by the impact on your data mentioned in the point "Non-placement of cookies".

Note that this reconciliation can only be configured when using the AT Internet 1st party cookie (idclient).

 

Description

Use the idclient management before consent tagging method while loading the first page of your user's first visit until your user's consent is obtained.

This method will generate a random idclient that will not be cookied on the first page.

If consent is obtained on the first page, this idclient will then be passed as a parameter from the URL to the second page where it can be cookie-ised in full compliance.

In case of refusal of consent, it is your responsibility to use the 1st party cookie opt-out method presented in the section "The Opt-out page" above.

 

Impact on your data

If changing from 3rd party cookies to 1st party to benefit from this feature, see the description and consequences of switching to 1st party cookies in the section "1st party cookies" below.

 

> go back to the list of Privacy features

 

 

Non-placement of cookies

 

Objective

Be compliant with national laws requiring consent prior to the placement of cookies.

Please note that in France, AT Internet benefits from an exemption from the CNIL (France's data protection authority), making it possible to place a cookie prior to obtaining user consent (see CNIL exemption).
AT Internet also have a reconciliation data after consent method when using 1st party cookies.

 

Description

Use the tagging method disableCookie (= true) when loading the first page of your user's first visit until obtaining his/her consent.

 

Impact on your data

 

> go back to the list of Privacy features

 

 

Excluding "non-cookied" traffic

 

Objective

Respect the choice of end users who have expressly refused the placement of cookies and national laws that consider the association of the IP address with the User Agent as a cookie.

 

Description

In cases where cookie placement is refused, our solution will by default employ user recognition via a combination of IP address and User Agent.

This combination is for instance considered as a type of cookie by the CNIL in France and must therefore follow the same logic as opt-outs.

AT Internet therefore offers an option to exclude non-cookied traffic to prevent this traffic from being counted in your analyses. This option can be enabled at the "organisation" level, or for each "site".

Contact our support centre (“Help” button at bottom-right) to enable this option or for more information.

 

Impact on your data

Non-cookied traffic is excluded from navigational analyses that can be combined and segmented.

Reports in Explorer is featuring certain indicators enabling you to measure the number of page views associated with this excluded traffic.

 

> go back to the list of Privacy features

 

 

Anonymising IP addresses

 

Objective

Ensure greater anonymity for your users in terms of geolocation.
Please note that in any case, IP addresses are never available in AT Internet's Analytics Suite.

Anonymising the IP address is not required by the GDPR, but it is mandatory, for example, when processing personal data of citizens residing in Germany.

 

Description

Contact our support centre ("Help" button at bottom-right) to request that the anonymisation option be enabled for the last 3 numbers of the IP address' last full octet (byte).

2018-08-21_10h02_12.png

 

Impact on your data

Potential loss of precision:

  • when geolocating users (especially Cities and "Organisations")
  • when detecting bots
  • when detecting "provider (Internet connection)"

 

> go back to the list of Privacy features

 

 

1st party cookies

 

Objective

Offer your users less-intrusive cookie management, as cookies are managed by domain.

 

Description

See how to migrate from 3rd party cookies to 1st party cookies and consult the complete list of cookies we use.

 

Impact on your data

If 3rd party cookies are changed to 1st party cookies, the following metrics will be reset:

  • Reset of new visitors
  • Potential drop in number of unique visitors

 

> go back to the list of Privacy features

 

 

Hashing mobile user IDs

 

Objective

Ensure better anonymisation of your end users so that the mobile ID you've chosen for your native applications (see for iOS and for Android) is not transparently transmitted.

 

Description

 

Impact on your data

None

 

> go back to the list of Privacy features

Have more questions? Submit a request