Data protection by etracker
Data protection-friendly web analytics to protect your privacy
The privacy policy for our customers, business partners, interested parties and other visitors to our online offering and the associated websites, functions and content can be found here.
We do not store any personal data of website visitors or any data that could be used to identify individuals. Interactions are not merged across different websites. No data is passed on to third parties or used for our own purposes. Data processing takes place exclusively on our own servers within the EU. Evaluations provided are based on anonymized data. All requirements of data protection laws such as the EU General Data Protection Regulation (GDPR) and the Telecommunications Digital Services Data Protection Act (TDDDG), which also applies in Germany, are complied with as standard.
The GDPR and TDDDG compliance of etracker analytics has been tested in an independent audit, certified and awarded the ePrivacyseal data protection seal of approval.
The choice between privacy-friendly solutions such as etracker analytics and US web analytics tools that raise data protection concerns shows how seriously companies take the protection of their users’ privacy. Companies that consciously opt for a solution that meets the highest data protection standards and provide the financial means to do so deserve respect and recognition.
With etracker, they rely on transparency and integrity. In contrast to other providers who also use and monetize the collected data for their own purposes, etracker is financed exclusively through fair license fees for the use of its services. This means that companies are not only investing in a first-class analysis solution, but also in the trust of their users.
Data protection-friendly web analytics pays off for companies
Investing in privacy-friendly web analytics pays off for companies as they increase the trust of their users, avoid penalties for data breaches and benefit from more accurate data.
Unlike tools such as Google Analytics, measurement with etracker analytics does not require the prior consent of users.
According to the European Data Protection Authority (EDPB) and the European Court of Justice (C-621/22 of October 4, 2024), prior consent is required if
- the processing is not carried out for the purposes of the legitimate interests pursued by the controller or by a third party;
- there is no need to process personal data for the purpose of pursuing the legitimate interest in the scope and manner;
- the interests or fundamental freedoms and rights of natural persons take precedence over the legitimate interests of the controller or a third party.
These criteria do not apply to etracker analytics by default. Therefore, they can be used on the basis of legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Cookies that are not required are not set by default.
There is also good tracking
Preserving privacy and conducting web analytics are not contradictory. Ultimately, users also benefit from the fact that website operators can recognize which of their content is in demand, but also which content is not or only rarely found and where there are hurdles in usability.
Of course, website operators also need information on the development of the number of visits and other key figures to successfully manage their business. This also includes knowing which marketing measures are successful and how.
For this type of statistical analysis, it does not matter how a specific individual person has behaved on the website. Typical evaluations are, for example
Proportion of visits by device type
Average dwell time per page
Proportion of users who scroll beyond 25% of the page
Web analytics in this form does not threaten the privacy interests of website visitors and does not pose a threat to their privacy. Privacy-friendly web analytics should therefore not be equated with problematic tracking practices.
Privacy-friendly web analysis is called:
Secure data processing and storage in the EU
Our data center as well as the development and system administration are located in Hamburg, Germany. We use the high-quality, highly secure and highly available data center infrastructure of the ISO/IEC 27001:2013-certified IPHH Internet Port Hamburg GmbH for pure server housing. This means that no third party has access to servers, applications or data. All risks in connection with data transfers to the USA are excluded, as is access by US intelligence services to data from US companies.
Effective pseudonymization and anonymization
When storing visitor data, in particular the IP addresses, device and domain data of visitors are only stored in abbreviated form or encrypted so that it is not possible to identify individual visitors. We undertake never to merge collected data with other data sets, for example in order to establish a personal reference.
The IP address is truncated at the earliest possible point in time and is automated by default, without our customers having to make any special adjustments or configurations. We therefore offer the required data protection-friendly default settings (privacy by design and privacy by default). Identifiers for app tracking, session and optional cross-device tracking as well as behavioral data for remarketing are securely pseudonymized and encrypted.
Data is provided exclusively for the respective customer
We process the data exclusively on behalf of the customer in accordance with the concluded order processing agreement. The data belongs to the respective customer and is not merged with other data or passed on to third parties. We do not trade in data, nor do we use our customers’ data for higher-level analyses or profiling.
GDPR-compliant agreement on order processing (AV contract)
In order to implement commissioned data processing in compliance with data protection regulations, a data processing agreement (DPA) must be concluded in accordance with Art. 28 GDPR. With etracker, the contract is concluded as soon as a (test) account is created or a written order is placed, so that the client (customer) and processor (etracker) comply with it. Our IP Treaty corresponds to the template of the European Commission, i.e. the highest European body.
Technical and organizational data protection
The operation of complex technological infrastructures is our core competence and an elementary component of our service. It is therefore our top priority to ensure that our data center is always operated in accordance with the latest security standards. This includes the latest firewall and intrusion detection technologies as well as extensive physical controls and access restrictions. At application level, modern authentication methods for user and administrator authorizations are standard, as are daily backups.
In addition, we subject our entire infrastructure to regular penetration tests for security purposes. Secure Socket Layer (SSL) transmission is always used when collecting data and accessing our application.
Just as important to us as the use of the latest security technologies is the obligation of our employees to comply with the data protection requirements of the GDPR and to maintain confidentiality. These obligations continue to exist even after termination of the employment relationship.
We ensure harmony between privacy and successful digital marketing.
Olaf Brandt, Managing Director Etracker
Do you still have questions? Then get in touch with us.
Whether on technical, functional, commercial or data protection topics.
