Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
GetResponse is a Polish marketing platform combining email newsletters, marketing automation, landing pages, webinars and web push. It can install a website tracking script that drops the gr_recover, mtuid and ga_visitor cookies on your domain to attribute newsletter clicks and trigger automation flows. As a marketing tool, the website tracking and the web push opt in require prior consent under the GDPR and ePrivacy Directive.
GetResponse is a marketing platform headquartered in Gdansk, Poland. It combines email newsletters, marketing automation, landing pages, sign up forms, webinars, web push, paid ads and an AI website builder. SMBs across Europe use it as an all in one tool, often integrated with Shopify, WooCommerce, Magento or PrestaShop.
When the website tracking script is installed, GetResponse writes the gr_recover, mtuid (visitor identifier) and ga_visitor first party cookies on the publisher domain. Email opens use a 1x1 pixel, and link clicks go through getresponse.com redirects. The web push subscription stores a service worker registration in the browser.
The site tracking cookies are not strictly necessary, so Article 5(3) ePrivacy requires prior consent. Web push notifications need a separate explicit opt in. Marketing emails follow national ePrivacy laws: consent for prospects, possible soft opt in for existing customers under PECR or LCEN provided the opt out is offered at the point of collection.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block the GetResponse site tracking script through your CMP until consent. Configure the GetResponse popup forms to fire only after acceptance and to respect the consent state. Use double opt in for email subscriptions and capture the timestamp, source and consent text in GetResponse to satisfy the proof of consent requirement.
GetResponse Sp. z o.o. operates its primary infrastructure in Poland with disaster recovery and CDN edges in the United States. Sub processors include AWS and Cloudflare. The transfer to US sub processors relies on the EU U.S. Data Privacy Framework or Standard Contractual Clauses, listed in the GetResponse DPA.
Sign the GetResponse DPA, gate the tracking script on consent, use double opt in plus consent capture for email lists, set retention periods for inactive contacts, document GetResponse Sp. z o.o. as a processor and update the privacy policy to mention the cookies, the email pixel and the EU hosting.
Websites using GetResponse must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA can be relevant when GetResponse is used for behavioural lead scoring, predictive segmentation or large scale email campaigns to children or sensitive audiences. EU based hosting reduces the transfer risk significantly.
Sample consent text
We use GetResponse for our newsletters and on site automation. With your consent, GetResponse will set tracking cookies on your device, attribute your activity to your contact record and send you marketing emails. You can refuse or withdraw your consent at any time from the cookie settings or via the unsubscribe link.
Third-party domains contacted
app.getresponse.comcdn.getresponse.comgr-wcm.azureedge.netgetresponse.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| gr_recover | first_party | 1 year | Stores a recovery identifier on the publisher domain to recognise returning visitors who have submitted a GetResponse form. |
| mtuid | first_party | 1 year | Visitor identifier used by GetResponse to attribute on site activity and form submissions to the right contact record. |
| ga_visitor | first_party | 1 year | Tracks the visitor across newsletter campaigns and on site automations to fire the correct workflow steps. |
GetResponse places tracking cookies for advertising — comply with GDPR using FlowConsent.
The website tracking script sets the gr_recover, mtuid (visitor identifier) and ga_visitor first party cookies. Email opens are tracked via a 1x1 pixel and link clicks pass through getresponse.com redirects.
Yes. The website tracker is a marketing technology and writes non essential cookies, so prior consent is required under Article 5(3) ePrivacy. Web push opt in needs an additional explicit consent.
Consent for site tracking, push notifications and marketing emails to prospects. For existing customers, soft opt in based on legitimate interests can apply for similar product emails under PECR or LCEN. Transactional emails rely on contract performance.
Personal data is primarily processed in Poland. US sub processors (AWS, Cloudflare) may handle CDN, push delivery and disaster recovery, under the EU U.S. Data Privacy Framework or Standard Contractual Clauses listed in the DPA.
A DPIA is typically not mandatory for standard newsletter use cases. It becomes appropriate when GetResponse is used for behavioural lead scoring, predictive segmentation or large scale outreach to sensitive audiences.
Sign the GetResponse DPA, gate the tracking script on consent, use double opt in with captured consent text and timestamp, define retention for inactive contacts, and update the privacy policy to mention the EU hosting and cookies.
Other EU based marketing platforms include Brevo (formerly Sendinblue, France), MailerLite (Lithuania), ActiveCampaign EU, or fully self hosted Mautic. Each has its own EU data residency setup.
Add a section that names GetResponse, lists the cookies (gr_recover, mtuid, ga_visitor) with purpose and duration, mentions the email open pixel, web push and the EU hosting plus US sub processors.