Do I need an opt-in to use Trackboxx?
The use of an Opt-In is not necessary from our perspective.
We are aware that one or the other privacy expert disagrees and argues that Trackboxx stores and processes the IP address of the visitor.
Here is a brief statement from our data protection officers:
"The storage of personal data does not necessarily require consent. This is also not derived from the TTDSG. The TTDSG addresses cookies and the like in Section 25 TTDSG. Art. 6 GDPR provides the legal basis. Legitimate interest should be applicable to Trackboxx.
The IP address is processed by Trackboxx "only", namely to anonymize it or pseudonymize it for the duration of the hash validity."
Nevertheless, we would like to act as data protection-friendly as possible and have therefore also provided an option to "opt-out".
This can already be found in the section for your privacy statement HERE. Additionally, it is described HERE how you can also completely manually integrate the opt-out.
Trackboxx web analysis works 100% without the use of cookies and storage of personal data.
We use the visitor's IP address and some other parameters (not personal data) once and generate a "hash" to "track" the visitor while on the site. This hash is stored for a maximum of 24 hours and then automatically deleted. Therefore a subsequent recognition is impossible.
It is not possible to see a visitor's history, nor is it possible to decrypt an IP from the hash.
Furthermore, we only store the most necessary data such as number of visitors, page views, origin, bounce rate and end device.
Hash & decryption in detail:
We create 2 hash values. One for the visitor and one for the page that is called.
User Hash: Signature Hash + IP + User Agent + SiteID + Current Day
Page hash: Signature Hash + IP + User Agent + SiteID + Hostname + Path + Current Day
The signature hash is renewed every day, which means that the data cannot be decrypted afterwards.
Since there are still uncertainties here.
The term "cookie box" or "consent banner" is basically the same as an opt-in.
In the first step, a cookie box / consent banner provides information about relevant data protection issues and in the second step it "actively" requests consent in order to subsequently block or execute "services".
