Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Felmat is a Japanese affiliate marketing network operated by Interspace Co., Ltd. It connects advertisers with publishers using click tracking redirect URLs, conversion postbacks and persistent cookies to attribute sales. Because it is a third party advertising tracker, GDPR consent and ePrivacy compliance are required for European visitors. Data is processed in Japan, which benefits from an EU adequacy decision easing the transfer angle.
Felmat (operated by Interspace Co., Ltd.) is a Japanese affiliate marketing network primarily serving Japanese advertisers and publishers. Affiliates promote merchant offers through Felmat tracking URLs that redirect through felmat.net before reaching the merchant site. The platform handles attribution, commission calculation and reporting for affiliate partners.
Felmat sets persistent third party cookies (fmcid, fm_session) on felmat.net during the click redirect, plus a first party cookie inside merchant cookie space when the conversion pixel fires. Recorded data includes referring URL, IP address, user agent, click identifiers, transaction IDs and order amount when posted back. The cookie remains for several months to support post view and post click attribution windows.
Affiliate cookies are non essential third party cookies. They require prior consent under Article 5(3) ePrivacy and Article 6(1)(a) GDPR. Even though affiliate marketing serves a contractual purpose between merchant and affiliate, the rights of the data subject prevail and consent remains the only valid basis when the cookie is dropped via the visitor browser.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block any Felmat redirect or pixel until consent is granted. If a visitor refuses, do not place the affiliate cookie and rely on alternative server side or first party tracking that is properly justified. Provide clear information that an affiliate partner is in scope of advertising cookies.
Felmat infrastructure runs in Japan. The European Commission adopted an adequacy decision for Japan in January 2019, complemented by Supplementary Rules. Transfers to Felmat servers are therefore covered without requiring SCCs, although the controller should still document the transfer in the privacy notice and rely on the SPI (Supplementary Provisions on the Handling of Personal Information) safeguards.
Sign the Felmat data processing terms, integrate the redirect tracker behind your CMP, document the service in the record of processing, mention Japan and the adequacy decision in the privacy notice, set sensible cookie retention (e.g. 30 to 90 days) and disclose the affiliate relationship to comply with consumer protection rules.
Websites using Felmat must obtain user consent under GDPR regulations.
DPIA considerations
A targeted DPIA is recommended when Felmat is integrated alongside other ad networks. The risk lies in cross site identifiers, sales attribution and re identification through click ID parameters in landing URLs.
Sample consent text
We work with affiliate partners through the Felmat network to track which referring website led to your purchase. With your consent, this places third party affiliate cookies on your device. You can manage your advertising preferences in the cookie settings.
Third-party domains contacted
felmat.netadmin.felmat.netcv.felmat.netclick.felmat.netCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| fmcid | persistent | 90 days | Persistent third party cookie set on felmat.net storing the affiliate click identifier used to attribute conversions to the originating publisher. |
| fm_session | session | Session | Session cookie tracking the redirect chain and ensuring postback consistency between click and conversion events. |
| fm_uid | persistent | 180 days | Stable identifier of the visitor inside the Felmat affiliate network used for fraud detection and de duplication of conversions. |
Felmat places tracking cookies for advertising — comply with GDPR using FlowConsent.
Felmat sets persistent third party cookies (fmcid, fm_session) on felmat.net during the redirect, plus a first party affiliate cookie inside the merchant cookie space when the conversion pixel fires.
Yes. Affiliate cookies and click ID parameters are non essential third party trackers requiring prior consent under Article 5(3) ePrivacy and Article 6(1)(a) GDPR.
Consent is the only valid basis for browser based affiliate tracking. Legitimate interest cannot be used because the cookie is dropped by a third party network across multiple sites.
Yes. Felmat infrastructure is based in Japan. Transfers benefit from the EU Japan adequacy decision (2019), so SCCs are not required, but the privacy notice must mention the international transfer.
A targeted DPIA is recommended when Felmat is combined with other affiliate or advertising networks, since aggregated cross site identifiers can support large scale profiling.
Block the redirect tracker until consent, sign the Felmat data processing terms, document the service in the record of processing, configure cookie retention to 30 to 90 days and disclose the affiliate relationship in line with consumer law.
EU alternatives include Awin (DE), TradeTracker (NL), Effiliation (FR), Affilae (FR) and Daisycon (NL). Each is bound by GDPR by establishment, simplifying transfer questions.
List Felmat as an affiliate marketing processor, name cookies fmcid and fm_session, retention period, purposes (sales attribution), Interspace Co. Ltd. as data importer, Japan as destination country, EU adequacy decision and link to the Felmat privacy policy.