This Online Tracking Policy:
explains how Piano Software Inc., Philadelphia, US and affiliated companies belonging to Piano group (collectively, “Piano”, “us”, “our”, or “we”) use cookies, pixels and similar tracking tools at Piano when using and operating our websites, social media profiles, applications, when we send out direct marketing communication or newsletters or generally when we communicate with our online audience;
mainly concerns websites related to the domain www.piano.io but also any other websites, channels, profiles or online tracking tools operated by us;
supplements and applies jointly with the Corporate Privacy Policy;
does not apply to provisions of our services (please see or Platform Privacy Policy) where we act as data processors for our clients and/or customers.
The primary controller is Piano Software, Inc., located at 111 S Independence Mall East, Suite 950, Philadelphia, PA 19106, US as the main Piano group entity. Piano group entity consists of other subsidiaries and affiliates listed in our Corporate or Platform Privacy Policy that operate their own websites or undertake their own online tracking. Generally, Piano group entities act as joint controllers when doing so (details can be found in our Binding Corporate Rules – Controller purposes). Therefore, this Online Tracking Policy covers any online tracking undertaken by any Piano group entity. Our group-wide DPO can be provided by email at: privacy@piano.io or by post at 111 S Independence Mall, Philadelphia, PA 19106, US. .
Generally, we distinguish between online tracking tools that are necessary for provision of the information society service that the user requested (such as our websites, online profiles, newsletters) and those online tracking tools that are not necessary for provision of such service. Those necessary tools might be understood as “necessary or functional tools” and those other tools might be understood as “analytical or advertisement tools”.
We do not apply this Online Tracking Policy just to cookies but to any technology that might fall under Article 5 (3) of the ePrivacy Directive. EDPB explains in its Guidelines 2/2023 that such regulation might cover: URL and pixel tracking; local processing; tracking based on IP only; intermittent and mediated Internet of Things (IoT) reporting; using unique identifiers.
In accordance with Article 5 (3) of the ePrivacy Directive, we rely on prior consent when using analytical or advertisement tools, unless the local law allow an exemption from this rule. You have the right to withdraw your consent at any time. With the necessary or functional tools, we do not rely on consent and generally rely on contract performance or our legitimate interests when processing your personal data.
We use online tracking use for the following purposes and based on the following legal grounds:
Please read privacy policies of our vendors carefully. Our vendors provide services to as processors, however, some like Google, Meta/Facebook and Microsoft also declare controllership over your personal data. These vendors via their cookies or other online tracking tools, will collect and use your browsing data for their own purposes, in accordance with their privacy policy.
How to manage your consent?
Through the interaction with the "Manage cookies" or “Privacy Center” on our websites, you can change your consent preferences with online tracking tools at any time. By default, your consent preferences are turned off, i.e. your consent is not automatically granted or ticked. Only by changing this default settings, you grant us valid consent. If you allow cookies or grant us cookie-related consent anywhere on our website, these consents are granted for direct marketing & PR purposes, as explained above including Personalized advertising & Audience measurement.
The setting changes take effect immediately. You can also revoke your consent by making a request sent to privacy@piano.io, but this process is not immediate and automatic. We therefore recommend that you change the settings directly on the website as described above.
How to prevent cookies from being stored on your device?
If you do not give your consent through our cookie pop-up (in terms of applicable types of cookies), these cookies will not be stored on your device. Disabled analytics and advertisement cookies have no impact on the functionality of the website. You can delete all types of cookies at any time through the settings of your internet browser, but if you delete even the necessary cookies, some settings and functions of our website may not work optimally.
In relation to specific analytics and advertisement cookies of third parties, it is also possible to use the so-called opt-out mechanisms by which you prevent the use of specific third-party cookies not only in relation to our website, but in general to the use of any other websites, or in relation to specific social networks that you use and have set up your own user account.
Google and many other third parties involved in displaying personalized behavioral advertising on the Internet
If you do not want to display personalized ads, you can use the initiative www.youronlinechoices.com. By controlling preferences, you can disable multiple cookies to display these ads in relation to the participating companies that use cookies. Turning them off does not mean that your ad will no longer be shown to you but will not be based on your behavior.
Facebook (Meta)
If you have your own Facebook account, you can also use the cookie management controls integrated directly into this social network, which are available here: https://www.facebook.com/settings/cookie
At the same time, through the settings of your internet browser, it is possible to delete those cookies that are stored in your browser. Follow the information below, depending on which browser you're using:
If you want to increase your protection against unauthorized monitoring of your device and behavior on the Internet through cookies (especially third parties), use the "Do Not Track" function (or Blocking third party cookies), which you can turn on according to the type of browser used according to the following instructions:
Do we transfer your data to third countries outside the EU / EEA?
Yes, but only to the minimal extent necessary for operation of our business or provision of services. Some of our suppliers, which we use when using cookies, have their registered office or their other group companies are established in the United States of America, which is generally considered to be a third country which does not guarantee an adequate level of the personal data protection. In many cases, the data may not physically leave servers located in the EU, but processing due to the supplier's location may be subject to the law of a third country. We therefore carry out these cross-border transfers only in strict accordance with the law (in particular the GDPR) and local data protection legislation and only if, in our conclusions and findings, sufficient risk mitigation measures and safeguards are taken for the protection of fundamental rights and freedoms of the data subjects, as required by the Court of Justice in Case C-311/18 (Schrems II).
With external vendors, we generally prefer to rely on the EU standard contractual clauses (the “EU SCC”) or vendor’s BCRs instead of EU-US Data Privacy Framework. Before the EU-US Data Privacy Framework, EU SCC were concluded practically with all our US-based sub-contractors or recipients (such as Google, Meta/Facebook, Amazon or Microsoft). Currently, many of these US-based vendors are on the “Data Privacy Framework List” with active certifications but with EU SCC still validly concluded with us. We refer to these concluded and valid EU SCC below.
We can also transfer personal data to our processors operating from Canada based on European Commission´s adequacy decision and we also rely on the European Commission's decision on adequacy in relation to Japan and Commission´s decision on adequacy in relation to UK
Use of online tracking tool is not a legal requirement. However, the use of necessary and functional tracking tools can be considered necessary for the provision of the information society services (for example this website) applicable to you during your visit and usage of our website. If we did not use such tools this would have certain negative effects on your experience and the proper working of website functionalities and third-party add-ons or plug-ins integrated to our website. Basic website functionalities will always work but as a consequence may be worse or sub-optimal as a result of the configuration of settings stemmed from your cookie preferences and choices made. In the case of analytics or advertisement tracking tools, their provision is exclusively voluntary and is governed by the granting or non-granting of your consent. Failure to give this consent has no negative consequences for you.
Yes. Please read relevant privacy policies to better understand processing of your personal data by providers of social media platforms. We only have standard admin control over the personal data processed by us via our own company profile. We assume that by using these social media platforms, you understand that your personal data might be processed for other purposes and that your personal data might by transferred to other third countries and third parties by providers of social media platforms.
In connection with the processing of statistical data on the use of our Facebook profile, we have the status of a joint controller with Meta Platforms, Inc., while basic information on the agreement of joint controllers pursuant Art. 26 (1) and (2) can be found here: https://www.facebook.com/legal/terms/page_controller_addendum
Our social media add-ons are integrated on our website. You will recognize them by the Meta logo on the website. When you visit our website, Meta receives information that you have visited our website with your IP address. If you click on the Meta icon available on our website while you are signed in and / or registered to your Meta account, the content of the website is redirected to your Meta profile. Consequently, Meta may associate your visit to your website with your user account. Data is transferred regardless of whether you have a Meta account or not. Please note that when using our website, we have no influence on the data collected and the data processing processes, and we also do not know the overall scope of the data being collected, the purpose of the processing or the data processing of such data. Meta stores your information about you as user profiles and uses it for your own advertising, market research, and / or customizing services and tools to registered users. Such evaluation is performed in order to inform other Meta users of your activities on our website. You are entitled to object against the creation of such user profiles, and you must contact Meta to lodge an objection against that processing. We always recommend you sign out of your Meta account, especially to avoid associating your online activity with your profile. For more information about the purpose and scope of your data discovery and processing by Meta, please visit the Meta Privacy Statement at: https://www.facebook.com/policy.php
We would also like to inform you that we can use the services provided by Facebook Ireland Limited, which are labelled as “data file custom audiences” – the management of the audience for advertising campaigns, and may combine the data we process with personal data processed in Facebook and “measurement and analytics”, in which Facebook processes personal data on our behalf to measure the performance and reach of our advertising campaigns and provide us with user reports that have seen and responded to our advertising content. Therefore, this processing of your personal data may occur if you interact with our advertising content or our websites as you use your Facebook-based user profile. In such cases, we use Facebook as the processor, using the following legal safeguards to process your personal data: https://www.facebook.com/legal/terms/businesstools, https://www.facebook.com/legal/terms/dataprocessing.
If the above-described processing of personal data interferes with you, you can object to it or you can also use the available self-regulatory tools developed for the online marketing sector, available here: http://www.aboutads.info/choices or www.youronlinechoices.eu. These online tools allow you to automatically identify and delete third-party digital identifiers (including those from Facebook) in your browser, thereby preventing your personal data from being processed.
Our website also has an integrated plug-in of the LinkedIn social network, which is operated by LinkedIn Company, Inc., 1000 W Maude Sunnyvale, CA 94085, USA. Vestberry has no influence on the processing of your personal data by LinkedIn as controller of this social network nor control except common administration of our profile available here: https://www.linkedin.com/company/piano-io. For more information on the processing of your personal data, you can use the link: https://www.linkedin.com/legal/privacy-policy
We can use LinkedIn also as our processor during support the sales, recruiting, marketing, educational or other business practices aimed on increasing awareness of Piano Software in online environment towards relevant professional audience based on this Data Processing Addendum: https://www.linkedin.com/legal/l/dpa
Our website also has an integrated plug-in of the platform “X” (formerly known as Twitter) - social network, which is operated by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. Piano has no influence on the processing of your personal data by X as controller of this social network nor control except common administration of our profile available here: https://twitter.com/piano_io. For more information on the processing of your personal data, you can use the link: https://twitter.com/privacy.
You have the right to withdraw your consent at any time and the withdrawal of the consent does not affect the lawfulness of the consent processing prior to its withdrawal.
You also have a right to object to any direct marketing processing of your personal data including profiling. You have right to object to any processing that is based on legitimate interest including to profiling based on such legitimate interest pursuant to the Article 21 GDPR.
In case of exercising the right, we will gladly demonstrate to you how we have evaluated these legitimate interests as compelling over the rights and freedoms of data subjects.
The GDPR lays down general conditions for the exercise of your individual rights. However, their existence does not automatically mean that they will be accepted by us because in a particular case exception may apply. Some rights are linked to specific conditions that do not have to be met in every case. Your request for an enforcing specific right will always be dealt with and examined in terms of legal regulations and applicable exemptions. Among others, you have:
Right to request access to your personal data according to Article 15 of the GDPR. This right includes the right to confirm whether we process personal data about you, the right to access to personal data and the right to obtain a copy of the personal data we process about you if it is technically feasible.
Right to rectification according to Article 16 of the GDPR, if we process incomplete or inaccurate personal data about you.
Right to erasure of personal data according to Article of the 17 GDPR, if one of the conditions for erasure is fulfilled and no exception applies.
Right to restriction of processing according to Article 18 GDPR, if one of the conditions for restriction is fulfilled.
The right to data portability according to Article 20 of the GDPR, if the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) GDPR. Your California Privacy Rights: California residents under 18 years old, in certain circumstances, may request and obtain removal of personal information or content that they have posted on our website. Please be mindful that this would not ensure complete removal of the content posted by you on our website. To make any request pursuant to California privacy law, please contact us using the information provided below. You have a right to lodge a complaint related to personal data to the relevant data protection supervisory authority or apply for judicial remedy. Please note that our competent (leading) data protection authority is the Office for Protection of Personal Data of the Slovak Republic. In any case we advise to primarily consult us with your questions or requests.
We may change this online tracking policy on time to time by posting the most current privacy policy and its effective date on our website. In case we change this cookie policy substantially, we may bring such changes to your attention by explicit notice, on our websites or by email.
April 2024
Piano Software, Inc.