GDPR 2018

Our approach is to conform with 2018 EU General Data Protection Regulation as soon as possible.

Please return to this page for GDPR implementation updates.

Until 25 May there are left:

How MARA is getting ready for GDPR:

Under GDPR anticipation, which comes into force on 25th May 2018, we consider the following:

  • We will add personal data processing agreement to our Terms & Conditions.
  • We will allow download of all collected personal information for one user.

    This feature is already added. See details.

  • We will allow users not be tracked on your website. See details
  • We will allow to collect personal data after having explicit user agreement.

    Our email collectors have a required checkbox.

  • We will respect all rules both as a Data Controller and a Data Processor.
  • We have the possibility to delete personal data through the admin dashboard.

In addition, to extra protect our customers and personal data they control, we will add more feature to strengthen compliance with GDPR rules.

More detailed guide of GDPR compliance for ecommerce stores

What is GDPR:

GDPR is an abreviation of General Data Protection Regulation, which refers to the right of personal data for EU citizens.
This regulation allows EU citizens the right to request access, change and/or removal of any personal date from a company.

GDPR defines 3 roles:

  • Data Subject (internet users), owners of personal information
  • Data Controller (companies that controls this data). Online stores, websites. Examples are MARA's clients or website
  • Data Processor (data processors that deliver a service to Data Controllers). This is MARA

For more information, please visit official GDPR website

For internet users (Data Subject)

Internet Users represent your online store visitors, clients, employees

What is MARA

MARA is a marketing automation software that helps online retailers sell more and easier.

To do this, we provide businsesses with email marketing, onsite/email/push retargeting, product recommendations, push notifications or landing pages services.

All MARA services show potentials customers the most relevant products to entince them into buying.
Our services include:

  • Product catalogue analysis for each customer
  • Purchase history analysis
  • Onsite behaviour tracking and analysis

Using these information, MARA computes product recommendations, creates personalized messages for a better shopping experience.

What data are we collecting

When an user visits a store using MARA, the following data is collected:

  • Visited pages
  • Media content given by MARA
  • Content clicks and interactions
  • Purchased products from orders
  • Email address, if shop wants this thing
  • Firstname, Lastname and email address when they become clients
  • Data is kept up to 12 months, depending on visit frequency and duration.

What users can do

For any information shared with MARA by a Data Controller (store/website), users are able to:

  • 1. Obtain a copy of the information
  • 2. Bring changes to this data
  • 3. Request data removal
  • 4. Choose not to be tracked any more

MARA allows Data Controllers (shop/website owners) to make any of these actions. If you are an end user and have questions about these please contact us.

For store/site owners (Data Controller)

Personal Data

MARA will use information that is automatically gathered by our system, or data send by you (store/website). Any client (store/website) has total control on the data being sent to us and is required to ensure that data sent is according to your own Privacy Policy being publicly displayed to your users.

MARA can use information like: email addresses, unique ID's or any other data. MARA can be used without personal data, but that comes with a drop in performance.

As Data Controllers, we ask you not to send sensible data to MARA: credit card numbers, state identification numberes, full home addresses.

How does MARA Marketing Automation Software works:

We take GDPR seriously, the same way we've respected and protected personal information for our users.

Measures already implemented:

  • All data is saved and processed in a safe environment, behind private networks and secure cloud from Amazon, Google and Azure.
  • Personal information are kept separetely and passwords are encrypted.
  • There is a high probability that data processing is outside EU. Suppliers we are using to keep and process our data are also in line with the data protection regulation.
  • We run routine tests to detect vulnerabilities on our platform.
  • Our employees only have access to these personal data to perform their job tasks.

What you need to do as an online business/ecommerce store:

You will need to gain explicit tracking permission from your users. We recommend to check rules that apply to you from a specialized legal office.

You need to allow users not to be tracked, depending on the rules in your country. We recommend to include in your Terms&Conditions/Privacy Policy that you are using MARA, how we help your business and how they can withdraw from tracking.

When receiving a delete request, you will need to remove all personal data from your own system and from MARA to remove the change of reimporting users into MARA. Complete removal of personal data could take up to 30 days based on platform technical details.

You will need to keep all removal/update requests for at least 60 days, in cases like returning to an older backup so we know to remove this data again. In such situations you will be contacted by one of our representatives.

You need to agree that you read, understand and implemented these things, before starting to track users.

For any questions, please contact us or send an email to

Ready to grow your business?


YES, I want more sales