Privacy Policy

Effective Date: January 2026

1. General Information

Thank you for your interest in Smarketer GmbH and our associated services, including Smarketer.shopping and the WaveMetrics.ai platform (encompassing tools such as SEA Insights and CSS MAX). The protection of your personal data is our highest priority. Below, we inform you how we collect, use, store, transmit, and protect your data in accordance with the General Data Protection Regulation (GDPR), the EU AI Act, and other national data protection laws.

1.1 Name and Address of the Data Controller

The person responsible within the meaning of the GDPR is:
Smarketer GmbH Salzufer 8 10587 Berlin – Germany Phone: +49 (0) 30 577 008 120 E-mail: info@smarketer.de
Privacy Contact: For all inquiries regarding data protection, please contact us at: datenschutz@smarketer.de

2. Scope and Purpose of Processing

2.1 General Website Visitors (Informational Use)

When you visit our websites for informational purposes only, our system automatically collects data that your browser transmits to our server (Server Log Files). This includes:

• Browser types and versions
• Operating system used
• Referrer URL (the previously visited page)
• Date and time of access
• IP address (anonymized)
• Internet Service Provider

Legal Basis: Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is to ensure the stability, security, and functionality of our website.

2.2 Registered Users (WaveMetrics.ai & Client Services)

If you use our services as a registered user (e.g., via the WaveMetrics.ai tool), either self-enrolled or enrolled by an employer/corporate client, we process personal data necessary to provide the service. This includes:

• Name and Email address
• Organization / Company details
• Username and Password
• Google Login credentials (OAuth tokens)
• IP Address
• App usage data

Legal Basis:

• Contract Performance (Art. 6 Para. 1 lit. b GDPR): To fulfill our contractual obligations to you or our corporate clients.
• Legitimate Interest (Art. 6 Para. 1 lit. f GDPR): To improve tool functionality, security, and user experience.

2.3 Children

Our offer is not aimed at children under the age of 13. We do not knowingly collect data from children.

2.4 AI Transparency & Automated Processing (EU AI Act)

Our service WaveMetrics.ai utilizes artificial intelligence and machine learning algorithms to provide optimization insights and content generation.

• Transparency: In accordance with the EU AI Act, we inform you that insights, optimizations, and content (e.g., product titles) generated by our tool are machine-generated based on the data provided.
• Human Oversight: Critical decisions affecting your ad spend, strategy, or published content (including AI-generated product titles) ultimately remain under your control. You retain the ability to review, edit, or reject these AI-generated suggestions before they are implemented. We do not engage in fully automated decision-making that produces legal effects concerning you (Profiling) without human intervention, pursuant to Art. 22 GDPR.
  

3. Data Security and Encryption

We use SSL/TLS encryption to protect the transmission of confidential content. We store data in secure, encrypted hosting environments and ensure all transfers between your browser and our servers are encrypted.

4. Cookies and Consent Mode

4.1 General Use of Cookies

We use cookies to make our website user-friendly. You can manage your cookie preferences via the “Cookie Settings” banner.

4.2 Google Consent Mode v2

We have implemented Google Consent Mode v2. This ensures that Google tags (Analytics, Ads) will not read or write cookies unless you have explicitly granted consent via our cookie banner. If you decline consent, we pass “ping” signals (without personal identifiers) to Google to model conversion data without tracking you individually.

4.3 Microsoft Clarity

We use Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay.

• Storage Period: Data is stored for up to 12 months.
• Provider: Microsoft Corporation, USA.
• Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent).

5. Google Services and Advertising

5.1 Google Analytics & Tag Manager

We use Google Analytics to analyze website usage. IP anonymization is activated.

5.2 Google Ads (AdWords) & Remarketing

We use Google Ads and Remarketing functions.

• Conversion Tracking: Tracks the success of ads.
• Remarketing: Displays personalized ads on other sites. You can opt-out here: https://www.google.com/settings/ads/onweb/

5.3 WaveMetrics.ai: Google API Services User Data Policy

Specific to the WaveMetrics Tool: Our application utilizes Google APIs to gather data related to customer accounts for reporting purposes.

• Limited Use: Use of the app and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
• Data Usage: Data obtained from Google Ads is used solely for generating reports, analytics, and as input data for AI-generated content (e.g., optimization suggestions or product titles) for the user. It is not shared with third parties for commercial or advertising purposes.

6. Communication

If you contact us via email or contact form, the data is stored for processing the request. Transactional emails, marketing communication, and newsletters are managed via Mailchimp, Microsoft Dynamics, and Sendgrid (Twilio).

• Consent: We use the Double Opt-In procedure for newsletters.
• Opt-out: You can unsubscribe at any time via the link included in every email or by contacting us.

7. Data Recipients and International Transfers

We share data with service providers (Processors) strictly necessary to deliver our services:

• Hosting & Infrastructure: Amazon Web Services (AWS), Vercel, Akamai (Content Delivery Network).
• Security & Spam Protection: Google Recaptcha.
• Payment Processing: Stripe.
• Advertising & Analytics: Google (Ads, Analytics, Marketing Platform), Microsoft (Clarity), Adform, Xandr, Media.net, Amazon Ad Server (Sizmek), RudderStack.
• Communication & CRM: Mailchimp, Microsoft Dynamics, Sendgrid (Twilio).
• Consent Management: Consentmanager.net.

International Data Transfers (USA): Many of our providers (Google, Microsoft, AWS, Mailchimp, Twilio, Vercel, Akamai) are based in the USA. We transfer data based on the EU-US Data Privacy Framework (DPF). Where a provider is not certified under the DPF, we utilize Standard Contractual Clauses (SCCs) to ensure an adequate level of protection.

8. Retention of Data

We delete your data as soon as the purpose of storage no longer applies. WaveMetrics users may request erasure, which is performed within 30 days unless legal retention periods apply.

9. Your Rights as a Data Subject

You have the right to Information, Rectification, Erasure, Restriction, Data Portability, Objection, and the Right to Revoke Consent. To exercise these rights, please contact us at: datenschutz@smarketer.de