Getting Started (Step By Step)
For configuring your cookie-banner, use the Consenter Manager.
1. Create an account in your Consenter Manager and choose the subscription that fits your specific needs. Use our free trial if you're unsure which subscription fits best.
2. Create a “new site” and enter the domain of the website for which you want to configure a cookie banner.
3. Start configuring your banner according to this step-by step guide and our specific configuration guides.
4. Inform about Consenter in your Privacy Policy.
5. Integrate into your website.
6. Integrate (and block) your third party technologies.
7. If necessary, implement contextual consent
Step 1: Choose Your Processing Purposes
Under data protection law, consent must be obtained separately for each specific purpose of processing. The purpose of processing explains why and for what personal data will be used and is therefore the central reference point for an informed decision by data subjects. From the stated purpose you can derive which processing operations are necessary, which risks they pose for the fundamental rights of data subjects, and what benefits the processing provides – both for the website operator and for the data subjects themselves.
Depending on the purposes for which you want to process personal data, you must select one or more corresponding purposes in the Consenter Manager in order to obtain consent from your users. You can only select purposes that actually require consent. Processing that is strictly necessary for the basic functions of the website or for ensuring security does not require your visitors’ consent and only needs to be described in your privacy notice.
Choose one or more of the following purposes:
1. Improve the service
You want to use analytics tools such as Matomo or GA4 to generate statistics on how visitors use your website (for example, pages viewed, clicks, scroll depth, time spent) and where they come from (for example, which other websites referred them or from which approximate region they access your site).
If you want to analyse the effectiveness of ads and marketing campaigns, you should instead select the “Support marketing analytics” purpose, which also covers general website analytics.
2. Unlock additional website features
You may want to embed third‑party features on your website that process personal data from your visitors (e.g. videos, social media buttons, or maps), either to provide the requested service or for the provider’s own purposes.
If third‑party services process personal data for their own purposes (e.g. advertising), you must also obtain consent for this additional purpose. Ensure that the service is blocked from collecting personal data until the user has provided consent. To achieve this, we recommend implementing contextual consent.
3. Personalize the website
You want to adapt the content and appearance of your website to your visitors’ interests and preferences (for example, by displaying individually relevant content, display recommendations, or remember language settings).
4. Support marketing analytics
You want to generate statistics of how visitors use your website to better understand how successful your marketing activities are (for example, which campaigns lead to visits or conversions) and which target groups you are reaching.
If you also engage in personalised advertising, the purpose “Customising online ads” already includes marketing analytics. In this case, you can either obtain consent for both purposes separately or rely solely on consent for personalised advertising. It may be beneficial to request consent separately, as statistical analytics typically achieves higher consent rates due to its lower risk profile for website visitors.
5. Receive marketing offers
You want to occasionally send visitors information about your activities, products, or services via email or other channels.
For this specific purpose, we recommend obtaining consent directly at the point where you collect users’ contact details (e.g. email addresses) on your website, rather than via the consent banner. If you obtain consent in this way for direct communications, you do not need to select this purpose in the consent banner.
6. Receive personalized marketing offers
You want to send visitors offers, product recommendations, or information that are tailored to their individual interests and previous usage behaviour, so that they receive content that is as relevant as possible.
7. Customize online ads (non-TCF)
You want to display ads on your website that are tailored to individual visitors, for example through group- or profile-based personalisation or retargeting based on their previous (shopping) behaviour, and to measure and improve the effectiveness of this advertising at the same time.
This purpose does not enable participation in the Transparency and Consent Framework (TCF), nor does it cover data transmissions to the vendor network defined within the TCF.
Step 2: Choose Your Service Providers
Many websites rely on external tools to provide specific functions, such as web analytics, marketing, embedded videos, maps, or social media content.
These tools are provided by third‑party service providers. Selecting appropriate tools and configuring them to match your needs has a significant impact on your overall data protection footprint.
It is important that you know which tools you use and how you have configured them on your website. Only then can you make these settings transparent to your website visitors by configuring each service provider in the Consenter Manager.
If you are unsure how to configure a tool and how to mirror this configuration in the Consenter Manager, we offer configuration guides that support you in two ways: 1. They help you configure the tool in line with the data minimisation principle (i.e. processing only the personal data necessary for your purposes). 2. They show you how to reflect this configuration in the Consenter Manager so that your website visitors are correctly informed about the processing.
Choose External Service Provider or Disclose Own Processing
In the second column, select the service provider you use for the purpose you have chosen.
If your service provider is not yet listed, add it manually as a new service provider.
If you process data without (or only partly with) external tools, add yourself as a service provider.
Add service provider information
By clicking “edit” you open the context window to submit legally required information about the tool you use.
Legal role
If you only process data on your own servers, select “self hosted”.
If you transmit data to the service provider on the basis of a data processing agreement, which limits the service provider to your own processing purposes, select “processor”.
This is the most likely scenario for services which provide analytics only.
If you transmit data to a service provider, which processes personal data for its own purposes (e.g. advertising), select “controller”, if you process personal data for shared purposes on the basis of a joint controller agreement, select “joint controller”.
This is the most common scenario for external service providers embedded on your website and in the context of personalised advertising. For some services, processing for the provider’s own purposes is enabled by default. Make sure to deactivate this option when configuring the service if you do not require this functionality.
Tracking Method
Select how your website recognises returning visitors. The available tracking methods range from low risk (no tracking or single-session) to high risk (third‑party cross‑device tracking).
Personalization Model
Specify whether, and in what way, data is used for personalisation.
You can save time by applying these settings to all other tools within this purpose by selecting “Apply to all data recipients”.
Step 3: Select the Data Categories
Select all data categories which are processed by each service provider.
If you have selected all data categories, click “edit” in order to specify how long the data is retained for (storage duration) and where the data is processed (storage location).
Storage duration
If the service provider has specified a maximum timeframe, after which any personal data is erased or fully anonymised, indicate this time frame (e.g. 6 months).
If the data is retained as long as necessary for achieving a given purpose (e.g. as long as a contract with the website visitor is active, select “until the purpose is fulfilled”.
If the storage duration is determined by law (e.g. tax‑relevant accounting records and invoices), select “legal storage period” and indicate the specific legislation.
Storage location
Select the countries to which personal data is transmitted. If the country is part of the European Union (EU) or European Economic Area (EEA), it is sufficient to select “EU/EEA”.
If a country lies outside the EU or EEA, you must indicate the legal basis on which this so‑called “third‑country transfer” takes place.
For many industrialised countries, the EU Commission has issued an “adequacy decision” (see list), warranting that the receiving country has a data protection level comparable to this in the EU.
Apply to all data categories
As all data is usually processed in a similar way, tick the box “Apply to all data categories”.
If a particular data category has a different storage duration or storage location, you can adjust that category individually afterwards.
Last updated on