etracker Analytics and Data Protection – What Website Operators Need to Know

If a website operator uses etracker Analytics, depending on the configuration they can process website visit data without consent or on the basis of consent. etracker is a German analysis tool with a particular focus on GDPR compliance: data storage exclusively in Germany, IP anonymisation possible, optionally a cookieless tracking variant. According to the provider's information, GDPR and TDDDG compliance has been demonstrated by independent audit and certified with the ePrivacy seal. This information is based on provider statements and publicly accessible sources.

A. Purpose and Function of etracker Analytics

etracker Analytics is a web analysis tool (website tracking solution) – a cloud-based platform for collecting and analysing website visitor data. The operator uses it to understand user behaviour on their website, measure conversion rates, and optimise website performance.

Integration function: The operator embeds a JavaScript tracking code into their website. This code records on visit:

• Pages visited
• Dwell time
• Clicks on links and buttons
• Conversion events (e.g. shopping cart, purchase, enquiry)
• Device information, browser

Special feature: etracker offers different configuration variants:

1. Cookieless variant (Counting Pixel): Anonymised tracking without cookies, consent-free under GDPR + TDDDG
2. Standard variant with cookies: With cookies for website measurement; consent recommended
3. Opt-out option: Users can refuse tracking (https://www.etracker.com/de/datenschutz/)

B. Mandatory Disclosures in the Privacy Policy on etracker

Under the GDPR, the operator must disclose the following information on etracker:

• Purpose (Art. 13(1)(c)): Website analysis, visitor measurement, conversion tracking, optimisation
• Legal basis (Art. 13(1)(a)/(f)):
  • With Counting Pixel (cookieless variant): Legitimate interests Art. 6(1)(f)
  • With standard cookies: Consent Art. 6(1)(a) in conjunction with § 25(1) TDDDG
• Recipient (Art. 13(1)(e)): etracker GmbH as processor
• Third-country transfer (Art. 13(1)(f)): No; data storage exclusively in Germany
• Retention period (Art. 13(2)(a)): By default 13 months; configurable
• Opt-out (important): https://www.etracker.com/de/datenschutz/

Note: Tool-specific text templates are problematic. Better: a topic-oriented structure (chapter "Website analysis and tracking") with an explanation of the configuration (cookieless vs. cookie variant).

C. Provider of etracker: etracker GmbH

• Legal name: etracker GmbH
• Registered office: Erste Brunnenstraße 1, 20459 Hamburg, Germany
• Country of seat: Germany (European Economic Area)
• Privacy Policy: https://www.etracker.com/datenschutz/ and https://www.etracker.com/datenschutzerklaerung/
• DPF status: Not required (seat in the EEA)
• DPA: Available; automatically included in the account
• Certifications: ePrivacy seal (independent data protection certification), GDPR + TDDDG compliance demonstrated
• Data storage: Exclusively in Germany (own servers in Hamburg)
• Opt-out link: https://www.etracker.com/privacy/

D. Data Processing by etracker Analytics – Procedure

E. Data Collected When Using etracker Analytics

etracker records different types of visitor data depending on the configuration:

• Web server log data: IP address (immediately anonymised), date/time/time zone, request URL, HTTP referrer, query string (query parameters)
• Click paths: Pages visited, sequence of pages, dwell times per page, clicked external links
• Device data: Device type (desktop/tablet/mobile), operating system, operating system version, browser name, browser version
• Browser information: User agent string, JavaScript activation, cookie activation, plug-in information (Flash, Java, etc.)
• Coarse location data: IP-based location at city/municipality level (NOT exact geo-localisation)
• Conversion events: Shopping cart creation, purchase completed, contact request, registration, download, video view, custom events
• Interaction data: Clicks on buttons/links, form inputs (ONLY where explicitly tracked), scroll depth (optional), mouse movements (optional)
• Technical telemetry data: JavaScript errors, page load times, resource load times

Note: etracker does NOT automatically record inputs in password fields or sensitive forms – this can be configured by the operator.

F. Purposes of Use When Using etracker Analytics

The data is processed for the following purposes:

• Provision of functionality: Provision of the web analytics service (reporting, dashboards)
• General product improvement: Optimisation of frequently visited content, identification of page performance issues
• General marketing: Reach analysis, traffic source attribution, campaign performance measurement
• User-individual product improvement: Personalisation based on user segments, A/B testing
• Security and abuse protection: Detection of suspicious traffic patterns, bot detection, DDoS mitigation
• Business planning and management: Data basis for business decisions (e.g. focus markets, page restructuring)

G. Legal Bases for etracker Analytics

Step 1 – Categorisation: etracker Analytics is a web analysis tool – functionality for optimising the website.

Step 2 – Legal Bases (depending on the configuration):

Variant 1: Counting Pixel (cookieless anonymisation)

• Legal basis: Legitimate interests under Art. 6(1)(f) GDPR
• Consent: Not required (GDPR-compliant, TDDDG-compliant)
• Condition: IP must be anonymised immediately (etracker does this)
• Opt-out offer should be listed in the privacy policy

Variant 2: Standard tracking with cookies

• Legal basis: Consent under Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG
• Consent: Yes, required before setting cookies
• Tool: Usercentrics CMP or similar cookie banner
• Or: Legitimate interests (controversial, not all supervisory authorities accept this for analytics cookies)

Recommendation for the operator:

• Use the cookieless variant → no consent required
• Or: obtain consent via a CMP banner → standard cookies are then possible

H. Special Features and Notes on etracker

• IP anonymisation as standard: etracker anonymises IP addresses immediately after collection (in the server cache). This is a major compliance advantage.
• Servers in Germany: Data storage in Hamburg (Germany) – no third-country transfer to the USA. This is a major advantage compared with Google Analytics.
• GDPR compliance possible without consent: With the Counting Pixel variant, the operator can use etracker without consent, provided that they document legitimate interests.
• Processing relationship required: The operator should conclude a DPA with etracker (this is automatically included in the account).
• Opt-out offer: The operator SHOULD offer a link to the etracker opt-out in their privacy policy: https://www.etracker.com/privacy/
• Retention period configurable: By default 13 months; can be adjusted by the operator.
• ePrivacy seal: etracker has received the ePrivacy seal from an independent body.
• Documentation required: The operator should document whether they use the Counting Pixel variant (consent-free) or the standard variant with cookies.

I. FAQ on etracker Analytics

J. Conclusion and Recommendation on etracker Analytics

Summary: etracker Analytics is a Germany-friendly, data-protection-oriented web analytics solution. The major advantage: data storage in Germany (no third-country transfer to the USA) and a consent-free tracking option via Counting Pixel.

Common error: Operators use etracker like Google Analytics and forget that the cookieless variant can be used without consent. Many unnecessarily deploy a CMP banner, although the Counting Pixel variant permits legitimate interests.

Best practice:

1. Use the Counting Pixel variant (consent-free) → no CMP required (provided that no other cookies are present on the website)
2. Or: CMP banner + standard cookies (where you also use other cookies)
3. Opt-out link in the privacy policy: https://www.etracker.com/privacy/
4. Conclude and maintain a DPA with etracker (this is automatically included in the account)
5. Transparent documentation: Which variant do you use?