Data protection by etracker
The privacy policy for our customers, business partners, interested parties and other visitors to our online offering and the associated websites, functions and content can be found here.
Find out below how etracker enables companies to conduct data protection-compliant web analytics in accordance with all legal requirements and with respect for user privacy. Because this ensures future-proof data-driven marketing, legal certainty and customer trust.
Data protection is our top priority
The etracker DNA includes a very high standard of correct and confidential handling of visitor and customer data. In 2006, etracker was the first web analysis provider ever to be certified as compliant with data protection law following an extensive review process by the Hamburg Commissioner for Data Protection and Freedom of Information.
We know the data protection regulations inside out and are in continuous dialog with the supervisory authorities. We implemented the requirements of the General Data Protection Regulation (GDPR) at an early stage through privacy-by-design.
GDPR compliance without the need for consent
It is a matter of course for us to react immediately to the latest legal rulings and to provide our customers with a data protection-compliant web analysis solution as standard.
Compliance with the provisions of the General Data Protection Regulation (GDPR) and the Telecommunications Digital Services Data Protection Act (TDDDG) was checked in an independent audit, certified and awarded the ePrivacyseal data protection seal of approval.
The test result certifies that etracker analytics is consent-free:“[…] Based on our detailed examination, we consider it justified to justify the data processing at etracker Analytics and etracker Optimiser also with regard to the DSK paper from December 2021 and the ECJ ruling of 01.10.2019 by the legal basis of Art. 6 para.1 lit.f) GDPR (legitimate interest). In cookie-less mode (standard mode), the use of etracker Analytics is lawful in accordance with the GDPR and TTDSG [jetzt TDDDG] without any consent requirement.”
“In cookie-less mode (standard mode), the use of etracker analytics is lawful in accordance with the GDPR and TDDDG without any consent requirement.”
ePrivacyseal
In contrast to tools such as Google Analytics, etracker analytics meets all the criteria of the European Court of Justice for exemption from the obligation to obtain consent:
- No milder comparable solution: Among other things, there is no assignment of interactions to a user beyond the respective day without the user’s consent.
- No further processing beyond the purpose: The data is processed exclusively on behalf of the customer and is not used for the provider’s own purposes.
- No violation of the reasonable expectations of the data subjects: The data is not linked to personal account data of the data subjects – as is the case with Google. It is not possible to draw conclusions about natural persons or to re-identify users.
- It must be possible to prove compliance with the legal criteria: etracker can do this through the independent ePrivacy Opinion.
In addition, etracker analytics only sets cookies for analytical purposes with consent and does not read any data from the end device, as is the case, for example. is the case with Google Analytics with the screen resolution.
Secure data processing and storage in the EU
Our data center as well as the development and system administration are located in Hamburg, Germany. We use the high-quality, highly secure and highly available data center infrastructure of the ISO/IEC 27001:2013-certified IPHH Internet Port Hamburg GmbH for pure server housing. This means that no third party has access to servers, applications or data. This eliminates all risks associated with data transfers to the USA and access by US intelligence services to the data of US companies.
Effective pseudonymization and anonymization
When storing visitor data, in particular the IP addresses, device and domain data of visitors are only stored in abbreviated form or encrypted so that it is not possible to identify individual visitors. We undertake never to merge collected data with other data sets, for example in order to establish a personal reference.
The IP address is truncated at the earliest possible point in time and is automated by default, without our customers having to make any special adjustments or configurations. We therefore offer the required data protection-friendly default settings (privacy by design and privacy by default). Identifiers for app tracking, session and optional cross-device tracking as well as behavioral data for remarketing are securely pseudonymized and encrypted.
Data is provided exclusively for the respective customer
We process the data exclusively on behalf of the customer in accordance with the concluded order processing agreement. The data belongs to the respective customer and is not merged with other data or passed on to third parties. We do not trade in data, nor do we use our customers’ data for higher-level analyses or profiling.
GDPR-compliant agreement on order processing (AV contract)
In order to implement commissioned data processing in compliance with data protection regulations, a data processing agreement (DPA) must be concluded in accordance with Art. 28 GDPR. With etracker, the contract is concluded as soon as a (test) account is created or a written order is placed, so that the client (customer) and processor (etracker) comply with it. Our IP Treaty corresponds to the template of the European Commission, i.e. the highest European body.
Technical and organizational data protection
The operation of complex technological infrastructures is our core competence and an elementary component of our service. It is therefore our top priority to ensure that our data center is always operated in accordance with the latest security standards. This includes the latest firewall and intrusion detection technologies as well as extensive physical controls and access restrictions. At application level, modern authentication methods for user and administrator authorizations are standard, as are daily backups.
In addition, we subject our entire infrastructure to regular penetration tests for security purposes. Secure Socket Layer (SSL) transmission is always used when collecting data and accessing our application.
Just as important to us as the use of the latest security technologies is the obligation of our employees to comply with the data protection requirements of the GDPR and to maintain confidentiality. These obligations continue to exist even after termination of the employment relationship.
Wir versorgen euch sicher Consent- & Cookie-unabhängig mit allen Daten, um eure Nutzer besser zu verstehen und erfolgreiches Marketing zu gestalten.
Olaf Brandt, Managing Director Etracker
Do you still have questions? Then get in touch with us.
Whether on technical, functional, commercial or data protection topics.