Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Conversio (now part of Campaign Monitor) is a US-based e-commerce email marketing platform that automates transactional and marketing emails for online stores. It integrates with Shopify and other e-commerce platforms to send order confirmations, abandoned cart emails, and product recommendation campaigns. While transactional emails rely on contract performance, marketing emails require explicit consent, and all data is processed in the US via Standard Contractual Clauses.
Conversio is an e-commerce email marketing and automation platform that was acquired by Campaign Monitor in 2019. It allows online stores to send automated transactional emails (order confirmations, shipping notifications, receipts) and marketing campaigns (abandoned cart reminders, product recommendations, win-back campaigns) based on customer purchase behaviour. Conversio integrates natively with Shopify, WooCommerce, and other major e-commerce platforms.
Conversio processes customer email addresses, names, purchase history, order values, product interests, email open and click tracking data, and device information. It builds customer profiles enriched with purchase behaviour data used for personalisation and segmentation.
The key GDPR distinction for Conversio is between transactional and marketing emails. Transactional emails (order confirmations, shipping updates, receipts) can rely on contract performance under Article 6(1)(b) without marketing consent. Marketing emails (abandoned cart, product recommendations, win-back campaigns) require prior explicit consent under both GDPR and the ePrivacy Directive. Mixing marketing content into transactional emails is not permitted without separate consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
For marketing emails, a clear opt-in checkbox (not pre-ticked) must be presented at checkout or registration. The consent must be specific to the marketing purpose. All marketing emails must include an unsubscribe link. Consent records must be maintained. Email tracking pixels in all emails require cookie consent or can be disclosed under legitimate interest for transactional emails only.
Conversio and Campaign Monitor are US companies. All email and customer data is processed on US infrastructure. Standard Contractual Clauses apply. Sign a DPA and document the US transfer in your RoPA.
Obtain explicit opt-in consent for marketing emails at checkout. Keep transactional and marketing email lists separate. Include an unsubscribe link in all emails. Sign a DPA with Campaign Monitor. Update your privacy policy. Document the US transfer in your RoPA. Maintain consent records for all marketing subscribers.
Websites using Conversio must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is not typically required for standard e-commerce email marketing. It becomes advisable when Conversio is used for large-scale profiling-based email personalisation or automated product recommendation systems that build individual customer profiles.
Sample consent text
We use Conversio to send you order updates and, with your permission, marketing emails about products you may like. Conversio processes your email address and purchase history on US servers. Please accept marketing communications to receive personalised product recommendations.
Third-party domains contacted
conversio.comcampaignmonitor.comcreatesend.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _cv_session | session | Session | Session identifier for the Conversio email marketing tracking pixel |
| _cv_track | persistent | 1 year | Customer tracking identifier used to link email engagement to customer purchase profiles |
Conversio places tracking cookies for advertising — comply with GDPR using FlowConsent.
Conversio processes customer email addresses, names, purchase history, order values, product preferences, email open and click tracking data, and device information. It builds individual customer profiles linked to purchase behaviour for email personalisation and segmentation.
Yes for marketing emails. Abandoned cart reminders, product recommendation campaigns, and win-back emails require prior explicit consent. Only transactional emails (order confirmations, shipping updates) can be sent without marketing consent under the contract performance basis.
Contract performance (Art. 6(1)(b)) for order confirmations, shipping notifications, and receipts. Consent (Art. 6(1)(a)) for all marketing emails including abandoned cart, product recommendations, and newsletters. Never mix marketing content into transactional emails without separate consent.
Yes. Conversio and its parent Campaign Monitor are US companies. All customer and email data is processed on US infrastructure. Standard Contractual Clauses apply. Sign Campaign Monitor's DPA and document the US transfer in your RoPA.
Generally not for standard e-commerce email marketing. A DPIA becomes advisable for large-scale automated profiling-based personalisation or when email behaviour data is combined with other data for detailed individual profiling.
Add an unchecked marketing consent checkbox at checkout: "I agree to receive product recommendations and marketing emails." Keep this separate from the terms of service acceptance. Store the consent record with timestamp and source. Provide an easy unsubscribe in every email.
Klaviyo offers EU data residency. Sendlane and Drip have EU processing options. For full EU sovereignty, open-source tools like Mautic self-hosted on EU infrastructure provide comparable e-commerce email automation without US data transfers.
Describe Campaign Monitor/Conversio as an email marketing processor, list data processed (email, purchase history, engagement data), state the legal basis for transactional emails (contract performance) and marketing emails (consent), disclose the US transfer and SCC safeguard, and provide an easy way to unsubscribe from marketing.