Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Marketo Engage is Adobe's enterprise B2B marketing automation platform, used by mid market and enterprise companies for lead capture, scoring, nurturing and account based marketing. Marketo tracks visitor behaviour through the Munchkin JavaScript and the _mkto_trk cookie (2 years) and connects to CRM platforms like Salesforce and Microsoft Dynamics.
Marketo Engage is Adobe''s enterprise B2B marketing automation suite. Originally founded in 2006 as Marketo Inc., it was acquired by Adobe in 2018 for 4.75 billion US dollars and is now part of the Adobe Experience Cloud. Marketo Engage is used by mid market and enterprise companies for lead capture, behavioural scoring, drip nurturing, email campaigns and account based marketing, with native integrations to Salesforce, Microsoft Dynamics, Workday and Adobe Analytics. It is the de facto standard for large B2B marketing teams in Europe and North America.
The Munchkin JavaScript tracker sets the first party cookie _mkto_trk (2 years) which contains a unique visitor ID and the Marketo tenant identifier. Marketo collects pageviews, time on page, form submissions, email opens and clicks and combines them with CRM data via Salesforce or Microsoft Dynamics integration. The session cookie BIGipServer is used by the F5 load balancer. Marketo can also enrich visitor profiles with reverse IP company lookup, IP geolocation and integrations like LeadLander, Bombora or 6sense.
The Munchkin tracker and _mkto_trk cookie store visitor behavioural data and require prior consent under Article 5(3) ePrivacy Directive and Article 6(1)(a) GDPR. Lead scoring based on individual behaviour is profiling under Article 4(4) and Article 22 GDPR, which means the data subject must be informed and the controller must offer a meaningful opt out. Marketo offers a Munchkin Privacy Mode that anonymises IPs and disables behaviour tracking until consent is obtained, which is the recommended configuration for EU traffic.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Standard Marketo Engage tenants are hosted on Adobe US infrastructure (AWS US East and US West). The optional EU pod, available on AWS Ireland and Frankfurt for an extra fee, keeps the production data inside the European Economic Area, but Adobe US support and engineering teams may still access EU data under the EU Standard Contractual Clauses (2021/914) and the EU US Data Privacy Framework. The Adobe Marketo Engage DPA must be signed and the transfer documented in the record of processing activities.
Load the Munchkin script through a CMP that blocks the tracker until the marketing or analytics consent is given, activate the Munchkin Privacy Mode for EU visitors, anonymise IP, configure subscription management with double opt in for newsletters, set up a retention policy for inactive contacts (typically 24 to 36 months), and document the lead scoring logic in your privacy notice. For sensitive B2B sectors (finance, healthcare, public sector), prefer the EU pod and review the DPA terms with your DPO.
Websites using Adobe Marketo Engage must obtain user consent under GDPR regulations.
DPIA considerations
Marketo is a high risk processing activity: large scale behavioural profiling for B2B marketing, cross border transfer to the United States, automatic lead scoring that can affect prospects. A DPIA is required when used for cold outreach or significant decisions. Document the consent flow, the EU residency option if applicable, the Adobe DPA and SCC, and the retention period of the Marketo database (typically 24 to 36 months for inactive contacts).
Sample consent text
We use Adobe Marketo Engage to recognise you between visits, score your interest in our content and personalise our marketing follow up. The _mkto_trk cookie (2 years) and the Munchkin script run only after you click accept on the marketing category. Data is processed by Adobe Inc. (United States) under EU Standard Contractual Clauses.
Third-party domains contacted
munchkin.marketo.netapp-***.marketo.commktoresp.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _mkto_trk | first_party | 2 years | Munchkin lead tracking cookie containing the unique visitor identifier and Marketo tenant ID. Used to recognise the visitor across visits, link form submissions to a Marketo lead and feed the lead scoring model. |
| BIGipServer | first_party | session | F5 load balancer affinity cookie used by Marketo to route requests to the same backend within a session. |
| MARKETO | first_party | session | Stores UTM parameters and the originating campaign so the source can be attributed to the Marketo lead when a form is submitted. |
Adobe Marketo Engage places tracking cookies for advertising — comply with GDPR using FlowConsent.
The Munchkin tracker sets _mkto_trk (first party, 2 years) with a unique visitor ID and tenant ID. Session cookies BIGipServer and MARKETO are also set for load balancing and UTM attribution. Marketo does not set advertising or cross site cookies by itself.
Yes. The Munchkin tracker and _mkto_trk cookie are not strictly necessary under Article 5(3) ePrivacy: they exist to track behaviour for marketing purposes. Prior consent (Article 6(1)(a) GDPR) is required, with a meaningful reject option of equal visual weight.
Consent for the Munchkin tracker and cookies (Article 6(1)(a) GDPR), contract performance for forms submitted in an existing service relationship (6(1)(b)) and legitimate interest for B2B prospect outreach (6(1)(f)) subject to a balancing test and an LIA.
Yes, by default. Standard Marketo tenants run on Adobe US infrastructure. An EU residency pod is available on AWS Ireland and Frankfurt, but Adobe US support and engineering teams may still access EU data under the EU SCCs (2021/914) and the EU US Data Privacy Framework.
Yes. Marketo is high risk processing (large scale behavioural profiling, cross border transfer, automated lead scoring). A DPIA is required when used for cold outreach or significant decisions. Document the consent flow, EU residency option, Adobe DPA and SCC, and the database retention period.
Block Munchkin in a CMP, enable Munchkin Privacy Mode for EU traffic, anonymise IPs, configure subscription management with double opt in, set a retention policy for inactive contacts (24 to 36 months) and document lead scoring logic in the privacy notice.
EU based B2B marketing automation alternatives include Brevo (France, formerly Sendinblue), Plezi (France), Webmecanik (France, open source), Selligent (Belgium), SAP Emarsys (Germany), Saleslab (Spain). Lighter alternatives: HubSpot, ActiveCampaign, Mailchimp Marketing.
List Marketo (Adobe Inc.) as a B2B marketing automation processor, link to https://www.adobe.com/privacy, declare the _mkto_trk cookie 2 year duration, document the US transfer and the DPA, and review the cookie list whenever Adobe updates Marketo Engage.