Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Visualsoft is a UK based e-commerce platform that hosts and operates online stores for direct to consumer retailers. It bundles a configurable storefront, a built in checkout, order management and a marketing suite under a SaaS model. The platform sets functional cookies for cart and session management plus optional analytics and marketing pixels. Hosting takes place in UK data centres, currently under the UK adequacy decision, which is up for renewal in 2025/2026.
Visualsoft is a UK headquartered e-commerce platform that provides an end to end SaaS solution for direct to consumer retailers. It combines a configurable storefront, a hosted checkout, product, stock and order management, a CRM and reporting layer, and an in-house marketing services arm covering SEO, paid media and conversion rate optimisation. Retailers contract with Visualsoft as their data processor for the online store: customer browsing data, account details, order data and payment session metadata are stored and processed by Visualsoft on behalf of the retailer, while the retailer remains the controller in its relationship with shoppers.
A typical Visualsoft storefront sets strictly necessary first-party cookies for the shopping cart, the user session, CSRF protection and login state. These are required for the checkout to function and fall under the Article 5(3) ePrivacy exemption. On top of that, retailers can enable analytics cookies (often Google Analytics or a server-side equivalent), marketing pixels (Google Ads, Meta, TikTok, Bing) and personalisation cookies for product recommendations. Personal data processed includes contact details, addresses, order history, IP address, device fingerprint elements and behavioural events such as add to cart and checkout step completions.
Strictly necessary cookies do not require consent, but every other category does. Retailers must implement a compliant consent banner that blocks analytics scripts and marketing pixels until consent is given, with a Reject all option as visible as Accept all and a granular choice screen. The retailer must sign a data processing agreement with Visualsoft covering Article 28 GDPR, maintain a record of processing activities listing Visualsoft as processor, and publish a privacy notice explaining the purposes, retention periods, and customer rights.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Visualsoft operates from UK data centres. For EEA based controllers, the UK adequacy decision adopted by the European Commission in June 2021 currently allows free flow of personal data without additional safeguards. However, this decision is subject to monitoring and renewal, and any divergence in UK surveillance law or data protection enforcement could lead the Commission to amend or revoke it. Retailers should monitor the renewal process expected in 2025 and 2026 and prepare contingency Standard Contractual Clauses and a transfer impact assessment in case the adequacy lapses.
A DPIA is recommended whenever the store enables behavioural advertising, retargeting, lookalike audiences or AI-driven personalisation. Even when Visualsoft handles only the storefront, the cumulative effect of marketing pixels (Meta, TikTok, Google Ads) often pushes the processing into systematic monitoring or large scale profiling territory. The DPIA should map cookies and tags by category, document the legal basis, evaluate third country transfers triggered by pixels, and define mitigations such as server-side tagging, consent mode and shorter retention.
Configure your Visualsoft store to block all non-essential tags through a CMP integrated in the theme; restrict marketing pixels to consenting visitors; minimise the customer data passed to ad networks by hashing emails; review retention rules for order data; keep the data processing agreement and sub-processor list from Visualsoft up to date; and document the legal basis for each cookie in your cookie policy. Refresh the cookie policy at every material change and at least once a year.
Websites using Visualsoft must obtain user consent under GDPR regulations.
DPIA considerations
A full DPIA is not always mandatory for a standard e-commerce deployment on Visualsoft, but is recommended when the merchant collects sensitive product categories (e.g. health, adult, financial), uses behavioural advertising, profiles customers based on purchase history or runs personalised recommendations powered by third party AI services. The DPIA should review cart and checkout flows, the use of analytics and marketing pixels, the legal basis for each category of cookies, the retention of order data, and the impact of any change to the UK adequacy decision on transfers from the EEA.
Sample consent text
We use Visualsoft, our e-commerce platform, to run this store. Visualsoft sets strictly necessary cookies for your shopping cart, login and secure checkout, with no consent required. Analytics and marketing cookies, including possible third party pixels for Google Ads or Meta, are only set if you click Accept. Order data is processed by Visualsoft in the United Kingdom, currently covered by an EU adequacy decision.
Third-party domains contacted
visualsoft.co.ukstatic.visualsoft-services.comcdn.visualsoft.cloudCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| vs_cart | functional | Session | Stores the contents of the shopping cart for the current session. |
| vs_session | functional | Session | Maintains the authenticated session and links requests to the customer account during the visit. |
| vs_csrf | functional | Session | Provides CSRF token protection on form submissions in checkout and account areas. |
| vs_visitor | analytics | 1 year | First-party visitor identifier used by the built-in analytics dashboard to recognise returning customers. |
| vs_marketing | marketing | 6 months | Stores marketing attribution data, including referring campaign and channel, for retargeting and reporting when consent is granted. |
Visualsoft uses cookies for user preferences — inform visitors with a consent banner.
A standard Visualsoft store sets first-party functional cookies for the shopping cart, the visitor session, CSRF protection and the login state, all required for checkout. Retailers can also enable analytics cookies linked to the built-in dashboard, marketing attribution cookies and third party advertising pixels (Google Ads, Meta, TikTok, Bing). Only the functional cookies are strictly necessary; everything else requires consent.
Consent is required for every cookie or pixel that is not strictly necessary, including analytics, marketing attribution, retargeting, ad network pixels, A/B testing and personalisation tools. The functional cart and session cookies are exempt under Article 5(3) ePrivacy and can run without consent. The consent banner must let visitors refuse just as easily as accept.
Order and account data are processed on the basis of contract performance under Article 6(1)(b) GDPR. Strictly necessary cookies use the Article 5(3) ePrivacy exemption. Analytics, marketing and personalisation rely on consent under Article 6(1)(a) GDPR and Article 5(3) ePrivacy. Fraud prevention, security logs and accounting retention may also rely on legal obligations (Article 6(1)(c)) and legitimate interest (Article 6(1)(f)).
Yes, in the sense that Visualsoft hosts data in the United Kingdom. The UK currently benefits from an EU adequacy decision adopted in June 2021, so transfers from the EEA do not require additional safeguards today. The decision is up for periodic review, with renewal expected in 2025/2026; if it lapses, EEA controllers will need Standard Contractual Clauses, a transfer impact assessment and possibly supplementary measures.
A DPIA is not automatically required, but is strongly advised whenever the store enables behavioural advertising, retargeting, lookalike audiences, sensitive product categories, or AI-driven personalisation. The combination of marketing pixels and Visualsoft analytics often constitutes systematic monitoring or large scale profiling, two criteria from the EDPB DPIA list that justify a documented assessment.
Integrate a consent management platform in the Visualsoft theme that blocks all non-essential scripts until consent is given, with a Reject all option as visible as Accept all. Sign Visualsoft's data processing agreement and add it to your record of processing activities. Document the legal basis for each cookie. Enable consent mode for ad pixels and prefer server-side tagging. Set sensible retention periods for analytics and marketing data and review the sub-processor list at least yearly.
EU based alternatives include PrestaShop and Sylius for self-hosted setups, Lengow or Akeneo for catalogue and channel management, plus hosted platforms like Shopify Plus with EU data residency add-ons or BigCommerce with EU regional hosting. WooCommerce on EU hosting is another flexible option. Each alternative has its own GDPR profile, so review hosting, sub-processors and pixel integrations before switching.
List every cookie set on the storefront, grouped by category (strictly necessary, analytics, marketing, personalisation), with names, purposes, durations, controller and processor identities. Add a dedicated paragraph stating that data is hosted by Visualsoft in the United Kingdom under the EU adequacy decision. Re-prompt for consent if you add a new marketing pixel or change the analytics setup, and review the policy at least once a year.