Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
econda is a German web analytics and personalisation suite (econda Monitor and Cross Sell) hosted in Germany, used by ecommerce sites for traffic analysis, product recommendations, and conversion optimisation. It positions itself as a privacy friendly EU only alternative to US analytics.
econda is a long established German analytics and personalisation vendor based in Karlsruhe. Its flagship products are econda Monitor for web analytics, Cross Sell for recommendations, and Personalisation for on site experiences. The platform competes with Adobe Analytics, Matomo, and Piwik PRO, and emphasises EU only hosting and German data protection compliance as key differentiators. Many European ecommerce sites and media properties use econda as their primary analytics layer because it keeps data in Germany and integrates closely with shop systems such as Shopware, Hybris, and Magento.
The standard econda Monitor tag sets first party cookies (typically emos_jcsid for the session, emos_jcvisid for the visitor, and a few helper cookies) and records page views, clicks, searches, basket events, order values, and aggregated device data. IP addresses are truncated by default and visitor IDs are pseudonymised. econda also offers a cookieless tracking option that uses short lived in memory identifiers, server side hashing, and IP based session reconstruction without persistent storage on the device.
Even though econda hosts in Germany, ePrivacy Art. 5(3) and the German TDDDG still apply to the writing or reading of cookies. In its standard cookie based mode, econda must be loaded only after consent. The German DSK orientation guide for telemedia accepts a narrow legitimate interest path only when no cookies are written, IP addresses are truncated immediately, no cross site tracking takes place, and users can object easily. GDPR transparency obligations under Arts. 13 and 14 always apply, and a processor agreement under Art. 28 with econda is mandatory.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
If you operate the standard econda Monitor with cookies, the cookie banner must offer accept and refuse with equal prominence, name econda as a recipient, and link to its privacy notice. If you operate the cookieless variant in a strict configuration that the local DPA recognises as consent exempt, you can rely on legitimate interest, but you still need a clear privacy notice, an easy opt out, and documentation showing the configuration meets the DSK criteria. CNIL and AEPD apply similar logic to comparable analytics tools.
econda is one of the few analytics vendors that explicitly markets EU only data processing. Production servers are in Germany, support staff in the EU, and the standard contract excludes transfers to non EEA sub processors. This makes econda an attractive replacement for Google Analytics in jurisdictions where Schrems II concerns are pressing. Buyers should still verify the current sub processor list, any CDN routing, and whether group companies outside the EU receive any technical metadata.
Sign a GDPR Art. 28 DPA with econda, decide between the cookie based and cookieless modes, and document the configuration. Integrate the script with your consent management platform, gate it on consent for the standard mode, and on a clear opt out for the cookieless mode where allowed. Activate IP truncation, set a short retention, mask sensitive form fields, and exclude logged in account identifiers if not needed. Update the privacy policy and the cookie table, and include econda in the records of processing activities under Art. 30.
Websites using econda must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA may not be mandatory because econda hosts in Germany and offers pseudonymisation, but it is good practice when combining web analytics with on site personalisation, recommendations, or A/B testing on large audiences. Document the configuration (IP truncation, cookieless mode, retention), the role distribution, and the basis used. Refer to the German DSK orientation guide for telemedia, BfDI, the Länder DPAs (BayLDA, LfDI BW), and EDPB Guidelines 03/2022 on dark patterns when designing the banner.
Sample consent text
We use econda, a German web analytics and personalisation service, to understand how visitors use our site and to improve our recommendations. With your consent, econda places first party cookies and collects pseudonymised usage data on servers in Germany. You can accept, refuse, or change your choice at any time in our cookie settings.
Third-party domains contacted
econda.deeconda-monitor.deec-ns.sascdn.comssl.econda-monitor.deCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| emos_jcsid | first_party | Session | Identifies the current session in econda Monitor for page view stitching. |
| emos_jcvisid | first_party | 1 year | Recognises returning visitors to compute new vs returning metrics and customer journeys. |
| emos_pi | first_party | Session | Helper cookie used to count page impressions and ensure correct event ordering. |
| econda_optout | first_party | 10 years | Persists the user opt out from econda tracking when offered as an alternative to consent. |
econda collects user analytics data — you legally need a consent banner. Try FlowConsent free.
By default, yes. econda Monitor sets first party cookies such as emos_jcsid and emos_jcvisid to identify sessions and visitors. econda also offers a cookieless mode that relies on short lived in memory identifiers, with no persistent storage on the user device.
For the standard cookie based mode, yes. ePrivacy Art. 5(3) and the German TDDDG require prior consent for any non strictly necessary cookie. In the strict cookieless mode, the German DSK and several Länder DPAs accept a legitimate interest basis if no cookies are written, IPs are truncated, and users can easily object.
Either Art. 6(1)(a) consent for the cookie based mode or Art. 6(1)(f) legitimate interest for a strict cookieless analytics configuration. ePrivacy obligations apply on top of the GDPR layer, and the chosen basis must match the actual technical configuration.
By default, no. econda hosts in Germany and contractually keeps processing within the EEA. You should still verify the current sub processor list, the CDN configuration, and any optional integrations that could route data outside the EU.
Not always. For standard analytics on a small audience and a strict configuration, a DPIA may not be required. For large traffic, sensitive sectors, profiling, or combination with personalisation and A/B testing, a DPIA is recommended. Document the configuration and refer to BfDI and DSK guidance.
Place the econda tag behind your consent management platform, default it to off, and enable it only when consent is captured. For cookieless mode, document the configuration and provide a visible opt out. Activate IP truncation, set retention to the minimum needed, and sign the DPA with econda.
Other EU friendly analytics include Matomo (self hosted or EU cloud), Piwik PRO, etxendu Analytics, AT Internet, and Plausible. They offer comparable analytics and similar compliance posture, but each has its own data model, hosting, and consent requirements.
List econda explicitly with its purpose (web analytics, personalisation), the cookies it sets, their duration, the data categories collected, the hosting location (Germany), and a link to econda privacy notice. Update the policy whenever you change configuration or activate new modules.