Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Headless enterprise commerce platform operated by ABOUT YOU / SCAYLE (Hamburg, Germany), used by mid to large fashion and lifestyle retailers to run storefronts, checkout, customer accounts and product search.
ABOUT YOU Commerce Suite, today better known under the SCAYLE brand, is a headless enterprise e commerce platform built and operated by ABOUT YOU SE & Co. KGaA in Hamburg, Germany. It powers storefronts, product catalogues, search, cart, checkout, customer accounts and order management for mid market and enterprise fashion and lifestyle retailers, mostly in the European Union.
As a commerce backbone the platform processes identification data (account, email, billing and shipping address), transactional data (orders, returns, payments), session data (cart, login state, CSRF tokens) and, when activated, behavioural and recommendation data. It sets first party cookies on the merchant domain for session, cart and authentication. Marketing, personalisation or analytics modules can add additional cookies that fall under ePrivacy consent rules.
Strictly necessary cookies (session, cart, security) can be relied on under Article 5(3) of the ePrivacy Directive without prior consent. Any cookie or tracker used for personalisation, marketing, audience analytics or A B testing is non essential and requires prior, informed and freely given consent. The merchant remains the controller of customer data, while ABOUT YOU / SCAYLE acts as processor under a Data Processing Agreement.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
You do not need consent to operate the shop, but you must block recommendation, personalisation and analytics modules until the visitor has given a positive opt in via a compliant consent banner. The banner must list ABOUT YOU / SCAYLE and its non essential cookies, allow rejection as easily as acceptance and store proof of consent.
The core platform is hosted in EU AWS regions (mainly Frankfurt). Customer support, monitoring and connected third parties such as Stripe, PayPal, Klarna, e mail providers or analytics vendors may operate from outside the EU; those transfers must be covered by Standard Contractual Clauses, the EU US Data Privacy Framework or equivalent safeguards in the DPA.
Sign a DPA with ABOUT YOU / SCAYLE, list the suite in your record of processing activities (ROPA) and privacy notice, deploy a consent banner that blocks optional modules by default, document retention periods for orders and abandoned carts, restrict employee access through role based permissions in the admin and run a DPIA if you add behavioural analytics, AI personalisation or large scale customer profiling.
Websites using ABOUT YOU Commerce Suite must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not mandatory for a standard headless storefront, but is recommended when the suite is combined with behavioural analytics, AI personalisation, profiling of customers across sessions or large scale processing of payment, address and order history data.
Sample consent text
We use the ABOUT YOU Commerce Suite (SCAYLE) to operate this online shop. Strictly necessary cookies enable cart, checkout and account features. With your consent we also use product recommendations, personalisation and analytics that may set additional cookies and process your interactions for marketing purposes.
Third-party domains contacted
scayle.cloudscayle.comaboutyou.cloudcdn.aboutstatic.comimages.aboutstatic.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| aboutyou_session | http | Session | Identifies the user session, keeps the cart and the login state. |
| aboutyou_cart | http | 30 days | Persists the cart ID across visits. |
| csrftoken | http | Session | CSRF protection for forms and checkout actions. |
| aboutyou_locale | http | 1 year | Stores the user language and country preference. |
| aboutyou_ab | http | 90 days | Stores the A/B test variant assigned to the user, requires consent. |
| scayle_reco | http | 6 months | Used by the recommendation engine to personalise product suggestions, requires consent. |
ABOUT YOU Commerce Suite uses cookies for user preferences — inform visitors with a consent banner.
The platform sets first party cookies on your shop domain for the session, the cart, the language and CSRF protection. When you enable recommendations, personalisation or A/B testing it adds further cookies that require consent under ePrivacy.
Not for the strictly necessary shop functions (cart, checkout, login, security). Yes for the optional recommendation, personalisation, marketing and analytics modules, which must be blocked by default and only loaded after an explicit opt in.
Article 6(1)(b) GDPR (contract performance) covers orders, payments, account and delivery. Article 6(1)(a) GDPR (consent) covers marketing personalisation, behavioural analytics and recommendation profiling. Article 6(1)(f) (legitimate interest) can cover fraud prevention and IT security.
The core platform is hosted in EU AWS regions, mainly Frankfurt. Optional integrations (payment, e mail, analytics) or international support staff may transfer data outside the EU; these transfers must be covered by Standard Contractual Clauses, the EU US Data Privacy Framework or equivalent safeguards listed in the DPA.
A DPIA is not mandatory for a standard headless storefront. It becomes recommended (and sometimes mandatory under Article 35 GDPR) when you combine the suite with behavioural analytics, AI personalisation, large scale customer profiling or processing of sensitive product categories.
Sign the DPA, list the suite in your ROPA and privacy notice, block optional modules until consent is given, restrict admin access by role, set retention periods for orders and abandoned carts, and document every integrated subprocessor (payment, search, recommendations, analytics).
Comparable headless and enterprise commerce platforms include commercetools, Shopify Plus, Adobe Commerce (Magento), Salesforce Commerce Cloud, Spryker, BigCommerce Enterprise and Shopware. Each has its own data residency, hosting and consent profile that must be evaluated separately.
Run a cookie scan of your live shop, identify every cookie set by the suite and its optional modules, document the purpose, duration and legal basis for each, list ABOUT YOU / SCAYLE as a processor in the privacy notice and refresh both the cookie banner categories and the policy text any time you enable a new module.