Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Elromco is a US based marketing and CRM platform built for moving companies. It provides lead capture forms, call tracking, online quote calculators and a dedicated CRM that consolidates phone, web and chat leads. The tracker integrates with Google Ads and Meta Pixel for retargeting and conversion attribution. Because Elromco relies on third party tracking cookies and transfers data to the United States, European operators must obtain explicit consent and document the transfer chain.
Elromco is a marketing and CRM platform built specifically for moving companies, founded in California. It supplies a dedicated CRM, automated quote calculators, lead capture forms, call tracking numbers, SMS reminders, and integrations with Google Ads and Meta Pixel to attribute conversions. Local movers and regional brands in the United States and increasingly in Europe use Elromco to consolidate phone, web and chat enquiries in a single pipeline.
Elromco collects lead contact details (name, email, phone, origin and destination address), moving date, inventory descriptions, call recordings, IP addresses, user agents, referrers, UTM parameters, click identifiers, behavioural signals on the quote calculator (steps reached, durations) and conversion events sent to Google Ads and Meta Pixel for attribution.
Elromco is a third party processor that combines marketing tracking with personal data of moving prospects. The tracking cookies are not strictly necessary and trigger Art. 5(3) of the ePrivacy Directive. Call tracking and call recording add specific obligations under Art. 5 GDPR (information, lawful basis, retention) and require explicit notice to both parties of the call.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block Elromco''s tracking and call tracking scripts behind a Consent Management Platform. For phone calls, play a recording disclosure message before connecting the call. Provide a clear privacy notice on the quote form mentioning Elromco, the US transfer and the link to your customer rights workflow.
Elromco Inc. is based in the United States. European customers rely on the EU US Data Privacy Framework, complemented by Standard Contractual Clauses with the controller and a Transfer Impact Assessment. Storage location and sub processor list must be documented in your Article 30 register.
Sign the Elromco DPA and SCCs, configure your CMP to gate the Elromco tag and Google Ads / Meta Pixel integrations, deploy a call recording disclosure, define retention rules for moving leads, document Elromco in your Article 30 register, and provide a self service privacy portal so customers can exercise their GDPR rights.
Websites using Elromco must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Elromco is used at scale to score moving leads, combine call tracking with web browsing, or run retargeting on Google and Meta from the same customer base. The CJEU Schrems II ruling requires a Transfer Impact Assessment for the US transfer.
Sample consent text
We use Elromco, a US based moving company marketing platform, to track your interaction with our quote forms and call tracking numbers, follow up on your moving request and run targeted advertising. This involves transferring your personal data to the United States.
Third-party domains contacted
elromco.comelromco.comapp.elromco.comapp.elromco.comtracking.elromco.comapi.elromco.comforms.elromco.comjs.stripe.commaps.googleapis.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| elromco_session | first_party | Session | Authentication session identifier for the Elromco SaaS application. Required to keep users logged in to the CRM, dispatch board, and crew portal. Strictly necessary, no consent required. |
| elr_uid | Marketing | 1 year | Unique Elromco visitor identifier used to attribute leads and conversions across pages and sessions. |
| elr_call | Marketing | 30 days | Associates a dynamic phone number displayed on the website with a specific marketing source for call tracking. |
| elromco_csrf | first_party | Session | CSRF protection token for the Elromco application and the embedded quote widget. Prevents cross site request forgery on form submissions. Strictly necessary, no consent required. |
| elr_form | Marketing | 30 days | Stores partially completed quote form data so the visitor can resume their request and so Elromco can detect drop offs. |
| elromco_quote | first_party | 30 days | Persists the in progress online quote on the public widget so the visitor can resume completing the form. Stores form state and a quote identifier. Functional, may require consent depending on national interpretation. |
| elr_session | Strictly Necessary | Session | Maintains the session for staff users logged in to the Elromco CRM. |
| elromco_attribution | first_party | 90 days | Captures and persists lead source attribution data such as UTM parameters, referrer, and landing page so the moving company can measure marketing performance. Non essential, requires prior consent. |
| elromco_uid | first_party | 12 months | Visitor identifier used by Elromco analytics to deduplicate leads, measure quote widget conversion, and feed lead scoring. Non essential, requires prior consent. |
Elromco places tracking cookies for advertising — comply with GDPR using FlowConsent.
Inside the Elromco SaaS application, the platform sets first party functional cookies for authentication (session ID), CSRF protection, and UI preferences (language, last visited screen). On the public quote widget embedded in a moving company website, Elromco can set first party or partitioned cookies to keep an in progress quote, attribute the lead to a marketing source (UTM, referrer), and resume a session if the visitor comes back. Optional analytics or marketing cookies depend on the integrations the moving company enables, such as Google Maps, Stripe, Google Analytics, or remarketing pixels.
Elromco sets first party tracking cookies for visitor identification, call tracking attribution, form progress, and session management. The marketing cookies are not strictly necessary and require prior consent. The session cookie used by staff in the Elromco admin is strictly necessary.
Yes for the parts that go beyond strict necessity. Strictly necessary processing to deliver the quote, contract, dispatch, payment, and invoice can rely on contract performance and does not require cookie consent. Non essential cookies on the public quote widget (analytics, attribution, marketing), marketing emails and SMS sent through Elromco to past customers or unconverted leads, and any third party tracker or chat tool the moving company embeds along with Elromco all require prior, informed, opt in consent under Article 5(3) ePrivacy and Articles 6 and 7 GDPR.
Yes. The marketing tracking cookies and the Google Ads / Meta Pixel integrations require consent under Art. 5(3) of the ePrivacy Directive. Call tracking and call recording also require clear notice to both parties of the call.
Contract performance (Art. 6(1)(b) GDPR) covers everything needed to deliver the requested move: quoting, booking, dispatch, payment, invoicing, and post move communication. Legitimate interests (Art. 6(1)(f) GDPR) covers fraud prevention, lead deduplication, internal analytics, and security logging, with a documented balancing test. Consent (Art. 6(1)(a) GDPR) is required for non essential cookies, marketing communications, and profiling that goes beyond reasonable expectations. Legal obligation (Art. 6(1)(c) GDPR) can apply to accounting and tax record retention.
Consent (Art. 6(1)(a) GDPR) for marketing tracking, call tracking and advertising. Performance of a contract (Art. 6(1)(b)) once a moving request is converted into a booking. Legitimate interest (Art. 6(1)(f)) for fraud prevention and dispute management, with a documented balancing test.
Yes. Elromco Inc. is a US company and hosts its SaaS infrastructure in the United States. Personal data of EU customers and movers, including contact details, addresses, inventories, and payment metadata, is systematically transferred to the US. Transfers rely on Standard Contractual Clauses (Module 2, controller to processor) inside the Data Processing Addendum, on the EU US Data Privacy Framework where Elromco or its sub processors are certified, and on supplementary measures such as encryption in transit, encryption at rest, and access controls. A Transfer Impact Assessment must be documented.
Yes. Elromco Inc. is based in the United States and processes data there. The transfer relies on the EU US Data Privacy Framework and on Standard Contractual Clauses. A Transfer Impact Assessment is required since the Schrems II ruling.
A DPIA is strongly recommended whenever Elromco is used as the core CRM for an EU moving company. The platform processes large volumes of customer contact data, home addresses, detailed inventories (which can reveal economic situation), payment metadata, and behavioural analytics from the embedded widget. It includes profiling via lead scoring and follow up automation, relies on a long sub processor chain, and transfers data to the US. These combined factors are likely to trigger Article 35 GDPR thresholds, in particular criteria from the Article 29 Working Party WP 248 guidance.
A DPIA is recommended when Elromco is used at scale, combines call tracking with online behaviour, or feeds Google Ads and Meta Pixel from the same lead database. The combined risk to data subjects often meets the threshold of Art. 35 GDPR.
Sign the Data Processing Addendum with Standard Contractual Clauses and obtain the up to date list of sub processors. Configure data retention rules for leads, customers, and employees. Enforce two factor authentication and least privilege roles for staff. Add Elromco to the record of processing activities and to the privacy notice. On every site embedding the quote widget, deploy a compliant consent banner that blocks non essential cookies before consent, and surface the international transfer information. Define an internal procedure to honour access, rectification, erasure, restriction, and portability requests across CRM, dispatch, and invoicing.
Gate Elromco tags behind a Consent Management Platform, sign the Elromco DPA and SCCs, document the US transfer in your Article 30 register, deploy a call recording disclosure, configure retention rules for leads and recordings, and update your privacy notice.
Yes. Moving company specific CRMs and call tracking products from European vendors include MovingCRM (UK), Boomerang (France, more general), and broader CRMs such as Pipedrive (Estonia) or Teamleader (Belgium) configured for moving. These keep data inside the EU by default.
European movers can compare Elromco with EU based vertical CRMs (when available), generic CRMs such as HubSpot, Pipedrive, or Zoho combined with a separate dispatch tool, and self hosted solutions where data residency in the EU is critical. Alternative all in one moving platforms include MoveitPro, SmartMoving, MoversTech, and Vonigo. The relevant criteria are: hosting region, sub processor list, native EU data residency, support for SCCs and the EU US Data Privacy Framework, granular consent management on the public widget, retention controls, and audit logs.
Add a dedicated entry for Elromco in the cookie register attached to your policy. Name the controller (your moving company) and the processor (Elromco Inc.). List the cookies the embedded quote widget can set, with name, purpose, duration, and whether they are essential or require consent. Explain that personal data is transferred to the United States under SCCs and, where applicable, the EU US Data Privacy Framework. Link to Elromco's privacy notice. Reflect the consent state of Elromco in your consent management platform so that non essential cookies only load after explicit consent.
Add an Elromco section to your cookie table listing each cookie name, purpose, duration and provider. Disclose Elromco Inc. as a sub processor based in the United States and mention the call tracking and call recording functions. Re trigger the consent banner.