Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Synamate is an Israeli adtech vendor that offers a programmatic advertising and retargeting platform for brands, agencies and publishers. The service drops third party cookies and uses pixel tags, mobile advertising identifiers and hashed identifiers to build audience segments, deliver personalised display, native and video ads and measure conversions across the open web. Because Synamate processes personal data for online behavioural advertising and retargeting, deployment on a European website triggers strict consent obligations and a high level of accountability around international data transfers.
Synamate is an Israeli adtech company that operates a programmatic advertising and retargeting platform. It combines a demand side platform, a tag manager and audience tools so that advertisers, agencies and publishers can deliver personalised display, native and video ads across multiple supply side platforms and ad exchanges. Publishers and advertisers integrate Synamate through a JavaScript tag, a server to server connection or a mobile SDK, and the platform builds anonymous looking but personally identifiable audience segments based on browsing behaviour and conversion events.
On a publisher site, Synamate typically drops one or more third party cookies on its own domain to store a unique advertising identifier, a sync identifier shared with partner ad exchanges and a retargeting segment list. The Synamate pixel records the page URL, the referrer, the IP address, the user agent string and any custom parameters declared by the advertiser. On mobile, Synamate also reads the device advertising identifier (IDFA or AAID), and it can hash and onboard first party email lists provided by the advertiser.
Synamate cookies and pixels are non essential and are dedicated to advertising. Under Article 5(3) of the ePrivacy Directive and the national rules transposing it, they cannot be loaded without prior, freely given, specific, informed and unambiguous consent. The publisher and Synamate also share controllership for behavioural advertising activities, which means an Article 26 joint controller arrangement should be in place. National authorities including the CNIL, the AEPD and the Garante have issued multiple decisions against websites loading advertising and retargeting tags before consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block the Synamate tag, the pixel and any third party advertising calls until the visitor has actively opted in. The consent banner must list Synamate by name in the vendor table, describe the retargeting and audience segmentation purposes, indicate transfers to Israel and the United States and offer a Reject button as visible as the Accept button. If you participate in the IAB Transparency and Consent Framework, transmit the proper TC string to Synamate before firing the tag.
Synamate is headquartered in Israel, which benefits from an EU adequacy decision, so transfers to Israel can rely on adequacy. However real time bidding inherently distributes the bid request and the user signal to dozens of demand side platforms and partners located mostly in the United States. These secondary transfers must be covered by Standard Contractual Clauses or by the EU US Data Privacy Framework certification of each recipient, together with a Transfer Impact Assessment for high risk receivers.
Sign a joint controller arrangement and a data processing addendum with Synamate, declare Synamate in your vendor list inside the consent management platform, gate the script using a category labelled Marketing or Advertising and forward the consent signal to Synamate via the documented API or TC string. Limit the retention of bid stream data to what Synamate documents in its retention schedule, suppress retargeting for visitors who withdraw consent and re run the compliance review every time you change campaigns, partners or onboarding lists.
Websites using Synamate must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally required when Synamate is implemented on a European website. Programmatic advertising and retargeting combine large scale visitor profiling, cross site tracking and the use of innovative technologies (DSP, real time bidding), all of which appear on the EDPB and national authorities lists of high risk processing. The DPIA must cover the legitimate interests assessment for any backend processing, the consent capture mechanism, the transfer impact assessment for Israel and the United States and the retention of bid stream data.
Sample consent text
This website uses Synamate to deliver personalised advertising and to retarget visitors on other websites and apps. Synamate sets third party cookies, pixel tags and advertising identifiers, may transfer your personal data to Israel and the United States and combines this data with information from other websites. We only activate Synamate after you click Accept. You can refuse, change your choices or withdraw consent at any time via the cookie settings link in the footer.
Third-party domains contacted
synamate.comsync.synamate.compixel.synamate.comcdn.synamate.comrtb.synamate.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| synamate_uid | Marketing | 12 months | Primary advertising identifier dropped by Synamate to recognise the same browser across sessions and websites in order to deliver retargeting and frequency capping. |
| synamate_sync | Marketing | 30 days | Cookie sync identifier used to align the Synamate user ID with the IDs maintained by partner ad exchanges, demand side platforms and supply side platforms. |
| synamate_seg | Marketing | 90 days | Stores the audience segments that the visitor belongs to (retargeting lists, lookalike segments, conversion clusters) and supports targeted ad delivery. |
| synamate_ses | Marketing | Session | Session cookie used to deduplicate impressions within a single visit and to enforce frequency capping across the open web in real time. |
| synamate_opt | Functional | 5 years | Records the opt out signal of users who have explicitly refused retargeting via the Synamate or industry opt out page so that no further profiling is performed. |
Synamate places tracking cookies for advertising — comply with GDPR using FlowConsent.
Synamate typically sets a primary third party cookie holding a unique advertising identifier, one or more sync cookies that align the Synamate identifier with the IDs of partner ad exchanges and supply side platforms, and a session cookie used to deduplicate impressions. Default lifetimes range from a few minutes for sync cookies up to twelve months for the main identifier. The exact list is available in the Synamate technical documentation provided with your contract.
Yes. All cookies and identifiers deployed by Synamate serve advertising, profiling and retargeting purposes, which never qualify as strictly necessary under Article 5(3) ePrivacy. Consent must be obtained before any tag, pixel or server side call is fired, with a clear description of the retargeting purpose and equally prominent Accept and Reject buttons.
The legal basis is consent under Article 6(1)(a) GDPR for all advertising, profiling and retargeting cookies. Legitimate interest is not acceptable for online behavioural advertising according to the EDPB Guidelines 8/2020 and recent CJEU rulings. Any onboarding of first party email lists relies on consent collected by the advertiser at the time of data collection.
Synamate is based in Israel, which benefits from an EU adequacy decision, so transfers to Israel rely on adequacy. However real time bidding distributes the bid stream to many DSPs and partners, mainly in the United States. These secondary transfers must be covered by Standard Contractual Clauses, by the EU US Data Privacy Framework certification of the recipient or by another valid Chapter V mechanism.
Yes, a DPIA is generally required because Synamate combines large scale visitor profiling, cross site tracking and the use of innovative technologies, all of which trigger Article 35 GDPR. The DPIA must document the categories of data, the joint controller relationship, the consent capture mechanism, the transfer impact assessment and the technical and organisational measures in place to protect the bid stream data.
Block the Synamate tag inside your consent management platform, in the Marketing or Advertising category. Use a server side container or a TC string compatible CMP to forward the consent signal. Sign a joint controllership arrangement and a data processing addendum with Synamate, list it in the privacy notice, document the retention of bid stream data and run quarterly audits of the active partners.
Yes. The retargeting and programmatic market includes Criteo, RTB House, AdRoll, StackAdapt, Equativ and The Trade Desk among others. The compliance posture is similar for all of them, since they all rely on third party cookies, device identifiers and real time bidding. The choice should depend on commercial fit, data minimisation features and transparency of subprocessors rather than on a perceived compliance advantage.
Add Synamate to the cookie policy table with the cookie names, hosts (Synamate domain or sync host), retention durations and a description of the retargeting and audience segmentation purposes. State the joint controllership, list the third country destinations, mention the transfer safeguards and link to the Synamate privacy notice. Refresh the policy whenever the cookie list or the partner network changes.