Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Datatrics is a Dutch customer data platform and AI driven marketing automation suite that unifies customer profiles, predicts purchase intent and triggers personalised campaigns across email, web and ads.
Datatrics is a Dutch customer data platform and AI driven marketing automation suite, founded in 2014 in Eindhoven and acquired by Pondres in 2020 while continuing as an independent product. Retailers and B2C ecommerce sites use Datatrics to unify customer profiles, predict purchase intent, segment audiences and trigger personalised email, web and ad campaigns. The platform combines a CDP, a marketing automation engine, a recommendation engine and predictive AI models, with a JavaScript profile tracker as the core data collection mechanism on customer sites.
On a configured website Datatrics drops first party cookies such as datatrics_visitor, datatrics_session and datatrics_token to identify devices and persist a visitor profile across sessions. It collects page views, clicks, scroll behaviour, search terms, basket events, order values, product attributes and email and account identifiers when a user logs in or submits a form. Customer systems can additionally push CRM, transactional and offline data into Datatrics via API ingest, which the platform joins to the online profile.
Because Datatrics writes persistent identifiers to the user device and reads them on subsequent visits, Art. 5(3) of the ePrivacy Directive applies and prior consent is needed before any tracking script executes. The resulting processing also falls under the GDPR: profiles are personal data, predictive scoring is automated profiling within the meaning of Art. 4(4), and German TDDDG and Dutch UAVG add national specifications. Controllers must publish a clear privacy notice, sign a data processing agreement with Datatrics and honour data subject rights including access, erasure and objection.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
The appropriate legal basis is consent under Art. 6(1)(a) GDPR combined with Art. 5(3) ePrivacy. Legitimate interest is not suitable, given the intrusive profiling, cross channel personalisation and predictive scoring that Datatrics performs. Consent must be specific, informed, freely given and as easy to withdraw as to grant. In practice the Datatrics JavaScript and any API ingest of behavioural data should be gated behind a marketing or personalisation category in the consent management platform, and the tracker must remain blocked until the user actively opts in.
Datatrics processes primary data inside the European Union, with infrastructure in the Netherlands and on AWS Frankfurt, which simplifies residency for EU controllers. Some subprocessors such as Google Cloud services and monitoring tools may be based in the United States, in which case transfers rely on Standard Contractual Clauses, transfer impact assessments and supplementary measures. To deploy compliantly, conduct a DPIA, sign the DPA, configure consent gating, document subprocessors, set retention limits on profiles and provide users with a clear opt out and deletion path from your privacy centre.
Websites using Datatrics must obtain user consent under GDPR regulations.
DPIA considerations
Datatrics builds extensive behavioural and predictive profiles of identified visitors and customers, including purchase intent scoring and audience segmentation. A Data Protection Impact Assessment under Art. 35 GDPR is strongly recommended because the processing is systematic, large scale and uses automated decision support that may significantly influence which offers, prices or messages individuals receive.
Sample consent text
We use Datatrics to recognise you across visits, build a marketing profile and personalise emails, ads and recommendations. We only do this if you consent. You can withdraw consent at any time in cookie settings.
Third-party domains contacted
datatrics.comcdn.datatrics.comapi.datatrics.comtracking.datatrics.comapp.datatrics.comstatic.datatrics.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| datatrics_visitor | first_party | 1 year | Persistent visitor identifier used to recognise the device across sessions and build a unified customer profile. |
| datatrics_session | first_party | Session | Session level identifier that ties page views, clicks and events to a single browsing session. |
| datatrics_token | first_party | 30 days | Authentication or synchronisation token used by the Datatrics tracker and API to link known users to their profile. |
| dtr_consent | first_party | 1 year | Optional cookie storing the user choice for Datatrics tracking when integrated with the consent management platform. Exact name depends on configuration. |
| dtr_uid | first_party | 1 year | Optional pseudonymous user identifier used by Datatrics personalisation features. Exact name depends on configuration. |
Datatrics collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Datatrics writes first party cookies such as datatrics_visitor (persistent visitor ID), datatrics_session (per session) and datatrics_token (authentication or sync token). Exact names and lifetimes depend on configuration. Email addresses or customer IDs may be hashed and joined when a user logs in.
Yes. Art. 5(3) ePrivacy requires prior consent for storing and reading identifiers, and Art. 6(1)(a) GDPR is the appropriate basis for the profiling and marketing automation that follow. The script and any behavioural API ingest must stay blocked until the user opts in.
Consent under Art. 6(1)(a) GDPR, combined with Art. 5(3) ePrivacy for the cookies and identifiers. Legitimate interest is not appropriate given the intrusive cross channel profiling, predictive scoring and audience activation.
Primary processing is in the EU (Netherlands and AWS Frankfurt). Some subprocessors, such as Google Cloud services and monitoring providers, may be US based; in that case transfers rely on Standard Contractual Clauses, transfer impact assessments and supplementary technical measures.
Strongly recommended. Datatrics performs systematic, large scale profiling with predictive scoring and automated targeting, which falls within the criteria of Art. 35 GDPR. A DPIA documents the risks, mitigations and data subject safeguards before deployment.
Gate the JavaScript behind a marketing or personalisation category in your CMP, sign the Datatrics DPA, list it in your privacy notice and subprocessor register, set retention limits on profiles, restrict access via role based controls and offer users a clear opt out and deletion route.
Yes. EU based alternatives include BlueConic (Dutch) and Squeezely (Dutch CDP). Other options are Tealium AudienceStream, Twilio Segment and mParticle, though most have US headquarters and transfer mechanisms differ. Choose based on data residency, AI features and CMP integration.
List datatrics_visitor, datatrics_session and datatrics_token with their purpose, duration and the domains used (cdn.datatrics.com, api.datatrics.com, tracking.datatrics.com). State the legal basis (consent), retention periods, subprocessor names and how users can withdraw consent at any time.