Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Datarize is a South Korean AI personalization platform that tracks visitor behaviour with cookies and JavaScript tags to deliver product recommendations, segmentation and conversion attribution. Under GDPR and ePrivacy, prior consent is mandatory before any tracking is loaded.
Datarize is an AI driven personalization and conversion optimization platform headquartered in Seoul, South Korea. It analyses visitor behaviour in real time to deliver product recommendations, dynamic banners, search ranking and email triggers tailored to each user.
The Datarize JavaScript tag drops first party cookies and writes identifiers to local storage to recognize visitors across sessions and devices. It collects clickstream events, product views, cart and purchase data, IP address, user agent, screen size and approximate location.
Datarize is a marketing and personalization tool that goes well beyond what is strictly necessary for site delivery. Both Article 5(3) of the ePrivacy Directive and Article 6(1)(a) GDPR require prior, informed and granular consent before the tag is loaded or any identifier is read or written.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Datarize is a Korean company, so personal data leaves the EEA. South Korea has a partial adequacy decision from the European Commission (December 2021) that covers commercial data, but transfers should still be documented in the records of processing and supported by a Transfer Impact Assessment, especially if US sub processors are involved.
Block the Datarize script and any associated calls until the visitor opts in to the personalization or marketing category in your CMP. On withdrawal, clear all Datarize cookies, revoke local storage identifiers and stop sending events. Document the consent timestamp and scope as proof of consent.
Sign a data processing agreement and SCC where required, restrict the data fields sent to Datarize, set short retention periods, conduct a DPIA, list Datarize transparently in your privacy and cookie policies and audit the cookies actually written from a clean test browser.
Websites using Datarize must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is strongly recommended because Datarize performs systematic monitoring of visitor behaviour, builds individual profiles and powers automated decisions for personalization. Document the data flows, retention periods, and the international transfer to South Korea.
Sample consent text
We use Datarize to personalize products and recommendations. This installs cookies and transfers data to Datarize (South Korea). You can refuse personalization cookies at any time.
Third-party domains contacted
datarize.aistatic.datarize.aicollect.datarize.aiCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _dz_uid | first_party | 1 year | Persistent visitor identifier used to recognize the user across sessions for AI personalization. |
| _dz_sid | first_party | Session | Session identifier used to group events generated by the same visit. |
| _dz_seg | first_party | 6 months | Stores behavioural segments and personalization variants assigned to the visitor. |
| _dz_consent | first_party | 6 months | Records the visitor consent state for Datarize so the script knows whether to send events. |
Datarize places tracking cookies for advertising — comply with GDPR using FlowConsent.
Datarize sets first party cookies and writes identifiers in local storage to recognize visitors across sessions and devices. The exact names vary, but they typically store a visitor ID, session ID and behavioural attributes used for personalization.
Yes. Datarize is a personalization and marketing tracker that goes beyond strictly necessary. Prior, granular and revocable consent is mandatory under Article 5(3) of the ePrivacy Directive and Article 6(1)(a) GDPR before the script may load.
The only valid legal basis for Datarize is consent (Art. 6(1)(a) GDPR). Legitimate interest does not apply because the processing creates behavioural profiles for marketing optimization.
Yes, data is transferred to Datarize servers in South Korea. South Korea benefits from a partial adequacy decision since December 2021, but Standard Contractual Clauses and a Transfer Impact Assessment may still be required if US sub processors are involved.
A DPIA is strongly recommended because Datarize performs systematic monitoring of visitors, builds individual profiles and powers automated personalization decisions, all of which are listed as high risk by EU data protection authorities.
Block the script by default, load it only after consent in the personalization or marketing category, sign a DPA and SCC where needed, document Datarize in your policies, set short retention, restrict the data fields sent and audit cookies regularly.
European personalization vendors include Kameleoon, AB Tasty, Webtrekk and Dynamic Yield (Mastercard). Self hosted approaches like Open CMP based recommendation engines or first party only segmentation reduce data transfers.
Add Datarize to the personalization or marketing category, list each first party cookie name (visitor ID, session ID), provider (Datarize Inc., South Korea), purpose, retention and a link to the Datarize privacy policy. Refresh after every Datarize integration update.